libvirt/qemud/qemud.c
Jim Meyering 37abbb387e qemud.c: fix error in yesterday's change: s/X_OK/R_OK/
* qemud/qemud.c (main): Fix error s/X_OK/R_OK/ reported by
Daniel Berrange.
2009-01-13 12:22:24 +00:00

2466 lines
72 KiB
C

/*
* qemud.c: daemon start of day, guest process & i/o management
*
* Copyright (C) 2006, 2007, 2008, 2009 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* Author: Daniel P. Berrange <berrange@redhat.com>
*/
#include <config.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <unistd.h>
#include <fcntl.h>
#include <limits.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/poll.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <netdb.h>
#include <stdlib.h>
#include <pwd.h>
#include <stdio.h>
#include <stdarg.h>
#include <syslog.h>
#include <string.h>
#include <errno.h>
#include <getopt.h>
#include <fnmatch.h>
#include <grp.h>
#include <signal.h>
#include <netdb.h>
#include "libvirt_internal.h"
#include "qemud.h"
#include "util.h"
#include "remote_internal.h"
#include "conf.h"
#include "event.h"
#include "memory.h"
#ifdef HAVE_AVAHI
#include "mdns.h"
#endif
#ifdef WITH_DRIVER_MODULES
#include "driver.h"
#else
#ifdef WITH_QEMU
#include "qemu_driver.h"
#endif
#ifdef WITH_LXC
#include "lxc_driver.h"
#endif
#ifdef WITH_UML
#include "uml_driver.h"
#endif
#ifdef WITH_NETWORK
#include "network_driver.h"
#endif
#ifdef WITH_STORAGE_DIR
#include "storage_driver.h"
#endif
#ifdef WITH_NODE_DEVICES
#include "node_device.h"
#endif
#endif
static int godaemon = 0; /* -d: Be a daemon */
static int verbose = 0; /* -v: Verbose mode */
static int timeout = -1; /* -t: Shutdown timeout */
static int sigwrite = -1; /* Signal handler pipe */
static int ipsock = 0; /* -l Listen for TCP/IP */
/* Defaults for logging */
static int log_level = 3;
static char *log_filters = NULL;
static char *log_outputs = NULL;
/* Defaults for configuration file elements */
static int listen_tls = 1;
static int listen_tcp = 0;
static char *listen_addr = (char *) LIBVIRTD_LISTEN_ADDR;
static char *tls_port = (char *) LIBVIRTD_TLS_PORT;
static char *tcp_port = (char *) LIBVIRTD_TCP_PORT;
static gid_t unix_sock_gid = 0; /* Only root by default */
static int unix_sock_rw_mask = 0700; /* Allow user only */
static int unix_sock_ro_mask = 0777; /* Allow world */
#if HAVE_POLKIT
static int auth_unix_rw = REMOTE_AUTH_POLKIT;
static int auth_unix_ro = REMOTE_AUTH_POLKIT;
#else
static int auth_unix_rw = REMOTE_AUTH_NONE;
static int auth_unix_ro = REMOTE_AUTH_NONE;
#endif /* HAVE_POLKIT */
#if HAVE_SASL
static int auth_tcp = REMOTE_AUTH_SASL;
#else
static int auth_tcp = REMOTE_AUTH_NONE;
#endif
static int auth_tls = REMOTE_AUTH_NONE;
static int mdns_adv = 1;
static char *mdns_name = NULL;
static int tls_no_verify_certificate = 0;
static char **tls_allowed_dn_list = NULL;
static char *key_file = (char *) LIBVIRT_SERVERKEY;
static char *cert_file = (char *) LIBVIRT_SERVERCERT;
static char *ca_file = (char *) LIBVIRT_CACERT;
static char *crl_file = (char *) "";
static gnutls_certificate_credentials_t x509_cred;
static gnutls_dh_params_t dh_params;
static int min_workers = 5;
static int max_workers = 20;
static int max_clients = 20;
#define DH_BITS 1024
static sig_atomic_t sig_errors = 0;
static int sig_lasterrno = 0;
static void sig_handler(int sig, siginfo_t * siginfo,
void* context ATTRIBUTE_UNUSED) {
int origerrno;
int r;
/* set the sig num in the struct */
siginfo->si_signo = sig;
origerrno = errno;
r = safewrite(sigwrite, siginfo, sizeof(*siginfo));
if (r == -1) {
sig_errors++;
sig_lasterrno = errno;
}
errno = origerrno;
}
static void qemudDispatchClientEvent(int watch, int fd, int events, void *opaque);
static void qemudDispatchServerEvent(int watch, int fd, int events, void *opaque);
static int qemudRegisterClientEvent(struct qemud_server *server,
struct qemud_client *client,
int removeFirst);
static int
remoteCheckCertFile(const char *type, const char *file)
{
struct stat sb;
if (stat(file, &sb) < 0) {
VIR_ERROR(_("Cannot access %s '%s': %s (%d)"),
type, file, strerror(errno), errno);
return -1;
}
return 0;
}
static int
remoteInitializeGnuTLS (void)
{
int err;
/* Initialise GnuTLS. */
gnutls_global_init ();
err = gnutls_certificate_allocate_credentials (&x509_cred);
if (err) {
VIR_ERROR(_("gnutls_certificate_allocate_credentials: %s"),
gnutls_strerror (err));
return -1;
}
if (ca_file && ca_file[0] != '\0') {
if (remoteCheckCertFile("CA certificate", ca_file) < 0)
return -1;
qemudDebug ("loading CA cert from %s", ca_file);
err = gnutls_certificate_set_x509_trust_file (x509_cred, ca_file,
GNUTLS_X509_FMT_PEM);
if (err < 0) {
VIR_ERROR(_("gnutls_certificate_set_x509_trust_file: %s"),
gnutls_strerror (err));
return -1;
}
}
if (crl_file && crl_file[0] != '\0') {
if (remoteCheckCertFile("CA revocation list", crl_file) < 0)
return -1;
DEBUG("loading CRL from %s", crl_file);
err = gnutls_certificate_set_x509_crl_file (x509_cred, crl_file,
GNUTLS_X509_FMT_PEM);
if (err < 0) {
VIR_ERROR(_("gnutls_certificate_set_x509_crl_file: %s"),
gnutls_strerror (err));
return -1;
}
}
if (cert_file && cert_file[0] != '\0' && key_file && key_file[0] != '\0') {
if (remoteCheckCertFile("server certificate", cert_file) < 0)
return -1;
if (remoteCheckCertFile("server key", key_file) < 0)
return -1;
DEBUG("loading cert and key from %s and %s", cert_file, key_file);
err =
gnutls_certificate_set_x509_key_file (x509_cred,
cert_file, key_file,
GNUTLS_X509_FMT_PEM);
if (err < 0) {
VIR_ERROR(_("gnutls_certificate_set_x509_key_file: %s"),
gnutls_strerror (err));
return -1;
}
}
/* Generate Diffie Hellman parameters - for use with DHE
* kx algorithms. These should be discarded and regenerated
* once a day, once a week or once a month. Depending on the
* security requirements.
*/
err = gnutls_dh_params_init (&dh_params);
if (err < 0) {
VIR_ERROR(_("gnutls_dh_params_init: %s"), gnutls_strerror (err));
return -1;
}
err = gnutls_dh_params_generate2 (dh_params, DH_BITS);
if (err < 0) {
VIR_ERROR(_("gnutls_dh_params_generate2: %s"), gnutls_strerror (err));
return -1;
}
gnutls_certificate_set_dh_params (x509_cred, dh_params);
return 0;
}
static void
qemudDispatchSignalEvent(int watch ATTRIBUTE_UNUSED,
int fd ATTRIBUTE_UNUSED,
int events ATTRIBUTE_UNUSED,
void *opaque) {
struct qemud_server *server = (struct qemud_server *)opaque;
siginfo_t siginfo;
int ret;
pthread_mutex_lock(&server->lock);
if (saferead(server->sigread, &siginfo, sizeof(siginfo)) != sizeof(siginfo)) {
VIR_ERROR(_("Failed to read from signal pipe: %s"), strerror(errno));
pthread_mutex_unlock(&server->lock);
return;
}
ret = 0;
switch (siginfo.si_signo) {
case SIGHUP:
VIR_INFO0(_("Reloading configuration on SIGHUP"));
if (virStateReload() < 0)
VIR_WARN0(_("Error while reloading drivers"));
break;
case SIGINT:
case SIGQUIT:
case SIGTERM:
VIR_WARN(_("Shutting down on signal %d"), siginfo.si_signo);
server->shutdown = 1;
break;
default:
VIR_INFO(_("Received unexpected signal %d"), siginfo.si_signo);
break;
}
if (ret != 0)
server->shutdown = 1;
pthread_mutex_unlock(&server->lock);
}
int qemudSetCloseExec(int fd) {
int flags;
if ((flags = fcntl(fd, F_GETFD)) < 0)
goto error;
flags |= FD_CLOEXEC;
if ((fcntl(fd, F_SETFD, flags)) < 0)
goto error;
return 0;
error:
VIR_ERROR0(_("Failed to set close-on-exec file descriptor flag"));
return -1;
}
int qemudSetNonBlock(int fd) {
int flags;
if ((flags = fcntl(fd, F_GETFL)) < 0)
goto error;
flags |= O_NONBLOCK;
if ((fcntl(fd, F_SETFL, flags)) < 0)
goto error;
return 0;
error:
VIR_ERROR0(_("Failed to set non-blocking file descriptor flag"));
return -1;
}
static int qemudGoDaemon(void) {
int pid = fork();
switch (pid) {
case 0:
{
int stdinfd = -1;
int stdoutfd = -1;
int nextpid;
if ((stdinfd = open("/dev/null", O_RDONLY)) < 0)
goto cleanup;
if ((stdoutfd = open("/dev/null", O_WRONLY)) < 0)
goto cleanup;
if (dup2(stdinfd, STDIN_FILENO) != STDIN_FILENO)
goto cleanup;
if (dup2(stdoutfd, STDOUT_FILENO) != STDOUT_FILENO)
goto cleanup;
if (dup2(stdoutfd, STDERR_FILENO) != STDERR_FILENO)
goto cleanup;
if (close(stdinfd) < 0)
goto cleanup;
stdinfd = -1;
if (close(stdoutfd) < 0)
goto cleanup;
stdoutfd = -1;
if (setsid() < 0)
goto cleanup;
nextpid = fork();
switch (nextpid) {
case 0:
return 0;
case -1:
return -1;
default:
_exit(0);
}
cleanup:
if (stdoutfd != -1)
close(stdoutfd);
if (stdinfd != -1)
close(stdinfd);
return -1;
}
case -1:
return -1;
default:
{
int got, status = 0;
/* We wait to make sure the next child forked
successfully */
if ((got = waitpid(pid, &status, 0)) < 0 ||
got != pid ||
status != 0) {
return -1;
}
_exit(0);
}
}
}
static int qemudWritePidFile(const char *pidFile) {
int fd;
FILE *fh;
if (pidFile[0] == '\0')
return 0;
if ((fd = open(pidFile, O_WRONLY|O_CREAT|O_EXCL, 0644)) < 0) {
VIR_ERROR(_("Failed to open pid file '%s' : %s"),
pidFile, strerror(errno));
return -1;
}
if (!(fh = fdopen(fd, "w"))) {
VIR_ERROR(_("Failed to fdopen pid file '%s' : %s"),
pidFile, strerror(errno));
close(fd);
return -1;
}
if (fprintf(fh, "%lu\n", (unsigned long)getpid()) < 0) {
VIR_ERROR(_("Failed to write to pid file '%s' : %s"),
pidFile, strerror(errno));
close(fd);
return -1;
}
if (fclose(fh) == EOF) {
VIR_ERROR(_("Failed to close pid file '%s' : %s"),
pidFile, strerror(errno));
return -1;
}
return 0;
}
static int qemudListenUnix(struct qemud_server *server,
const char *path, int readonly, int auth) {
struct qemud_socket *sock;
struct sockaddr_un addr;
mode_t oldmask;
gid_t oldgrp;
if (VIR_ALLOC(sock) < 0) {
VIR_ERROR("%s", _("Failed to allocate memory for struct qemud_socket"));
return -1;
}
sock->readonly = readonly;
sock->port = -1;
sock->type = QEMUD_SOCK_TYPE_UNIX;
sock->auth = auth;
if ((sock->fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
VIR_ERROR(_("Failed to create socket: %s"),
strerror(errno));
goto cleanup;
}
if (qemudSetCloseExec(sock->fd) < 0 ||
qemudSetNonBlock(sock->fd) < 0)
goto cleanup;
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, path, sizeof(addr.sun_path)-1);
if (addr.sun_path[0] == '@')
addr.sun_path[0] = '\0';
oldgrp = getgid();
oldmask = umask(readonly ? ~unix_sock_ro_mask : ~unix_sock_rw_mask);
if (getuid() == 0)
setgid(unix_sock_gid);
if (bind(sock->fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
VIR_ERROR(_("Failed to bind socket to '%s': %s"),
path, strerror(errno));
goto cleanup;
}
umask(oldmask);
if (getuid() == 0)
setgid(oldgrp);
if (listen(sock->fd, 30) < 0) {
VIR_ERROR(_("Failed to listen for connections on '%s': %s"),
path, strerror(errno));
goto cleanup;
}
if ((sock->watch = virEventAddHandleImpl(sock->fd,
VIR_EVENT_HANDLE_READABLE |
VIR_EVENT_HANDLE_ERROR |
VIR_EVENT_HANDLE_HANGUP,
qemudDispatchServerEvent,
server, NULL)) < 0) {
VIR_ERROR0(_("Failed to add server event callback"));
goto cleanup;
}
sock->next = server->sockets;
server->sockets = sock;
server->nsockets++;
return 0;
cleanup:
if (sock->fd)
close(sock->fd);
free(sock);
return -1;
}
// See: http://people.redhat.com/drepper/userapi-ipv6.html
static int
remoteMakeSockets (int *fds, int max_fds, int *nfds_r, const char *node, const char *service)
{
struct addrinfo *ai;
struct addrinfo hints;
memset (&hints, 0, sizeof hints);
hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
hints.ai_socktype = SOCK_STREAM;
int e = getaddrinfo (node, service, &hints, &ai);
if (e != 0) {
VIR_ERROR(_("getaddrinfo: %s\n"), gai_strerror (e));
return -1;
}
struct addrinfo *runp = ai;
while (runp && *nfds_r < max_fds) {
fds[*nfds_r] = socket (runp->ai_family, runp->ai_socktype,
runp->ai_protocol);
if (fds[*nfds_r] == -1) {
VIR_ERROR(_("socket: %s"), strerror (errno));
return -1;
}
int opt = 1;
setsockopt (fds[*nfds_r], SOL_SOCKET, SO_REUSEADDR, &opt, sizeof opt);
if (bind (fds[*nfds_r], runp->ai_addr, runp->ai_addrlen) == -1) {
if (errno != EADDRINUSE) {
VIR_ERROR(_("bind: %s"), strerror (errno));
return -1;
}
close (fds[*nfds_r]);
}
else {
if (listen (fds[*nfds_r], SOMAXCONN) == -1) {
VIR_ERROR(_("listen: %s"), strerror (errno));
return -1;
}
++*nfds_r;
}
runp = runp->ai_next;
}
freeaddrinfo (ai);
return 0;
}
/* Listen on the named/numbered TCP port. On a machine with IPv4 and
* IPv6 interfaces this may generate several sockets.
*/
static int
remoteListenTCP (struct qemud_server *server,
const char *addr,
const char *port,
int type,
int auth)
{
int fds[2];
int nfds = 0;
int i;
struct qemud_socket *sock;
if (remoteMakeSockets (fds, 2, &nfds, addr, port) == -1)
return -1;
for (i = 0; i < nfds; ++i) {
struct sockaddr_storage sa;
socklen_t salen = sizeof(sa);
if (VIR_ALLOC(sock) < 0) {
VIR_ERROR(_("remoteListenTCP: calloc: %s"), strerror (errno));
goto cleanup;
}
sock->readonly = 0;
sock->next = server->sockets;
server->sockets = sock;
server->nsockets++;
sock->fd = fds[i];
sock->type = type;
sock->auth = auth;
if (getsockname(sock->fd, (struct sockaddr *)(&sa), &salen) < 0)
goto cleanup;
if (sa.ss_family == AF_INET)
sock->port = htons(((struct sockaddr_in*)&sa)->sin_port);
#ifdef AF_INET6
else if (sa.ss_family == AF_INET6)
sock->port = htons(((struct sockaddr_in6*)&sa)->sin6_port);
#endif
else
sock->port = -1;
if (qemudSetCloseExec(sock->fd) < 0 ||
qemudSetNonBlock(sock->fd) < 0)
goto cleanup;
if (listen (sock->fd, 30) < 0) {
VIR_ERROR(_("remoteListenTCP: listen: %s"), strerror (errno));
goto cleanup;
}
if ((sock->watch = virEventAddHandleImpl(sock->fd,
VIR_EVENT_HANDLE_READABLE |
VIR_EVENT_HANDLE_ERROR |
VIR_EVENT_HANDLE_HANGUP,
qemudDispatchServerEvent,
server, NULL)) < 0) {
VIR_ERROR0(_("Failed to add server event callback"));
goto cleanup;
}
}
return 0;
cleanup:
for (i = 0; i < nfds; ++i)
close(fds[0]);
return -1;
}
static int qemudInitPaths(struct qemud_server *server,
char *sockname,
char *roSockname,
int maxlen) {
uid_t uid = geteuid();
if (!uid) {
if (snprintf (sockname, maxlen, "%s/run/libvirt/libvirt-sock",
LOCAL_STATE_DIR) >= maxlen)
goto snprintf_error;
unlink(sockname);
if (snprintf (roSockname, maxlen, "%s/run/libvirt/libvirt-sock-ro",
LOCAL_STATE_DIR) >= maxlen)
goto snprintf_error;
unlink(roSockname);
if (snprintf(server->logDir, PATH_MAX, "%s/log/libvirt/", LOCAL_STATE_DIR) >= PATH_MAX)
goto snprintf_error;
} else {
struct passwd *pw;
if (!(pw = getpwuid(uid))) {
VIR_ERROR(_("Failed to find user record for uid '%d': %s"),
uid, strerror(errno));
return -1;
}
if (snprintf(sockname, maxlen, "@%s/.libvirt/libvirt-sock", pw->pw_dir) >= maxlen)
goto snprintf_error;
if (snprintf(server->logDir, PATH_MAX, "%s/.libvirt/log", pw->pw_dir) >= PATH_MAX)
goto snprintf_error;
} /* !remote */
return 0;
snprintf_error:
VIR_ERROR("%s", _("Resulting path too long for buffer in qemudInitPaths()"));
return -1;
}
static struct qemud_server *qemudInitialize(int sigread) {
struct qemud_server *server;
if (VIR_ALLOC(server) < 0) {
VIR_ERROR0(_("Failed to allocate struct qemud_server"));
return NULL;
}
if (pthread_mutex_init(&server->lock, NULL) != 0) {
VIR_FREE(server);
return NULL;
}
server->sigread = sigread;
if (virEventInit() < 0) {
VIR_ERROR0(_("Failed to initialize event system"));
VIR_FREE(server);
return NULL;
}
virInitialize();
/*
* Note that the order is important: the first ones have a higher
* priority when calling virStateInitialize. We must register
* the network, storage and nodedev drivers before any domain
* drivers, since their resources must be auto-started before
* any domains can be auto-started.
*/
#ifdef WITH_DRIVER_MODULES
/* We don't care if any of these fail, because the whole point
* is to allow users to only install modules they want to use.
* If they try to use a open a connection for a module that
* is not loaded they'll get a suitable error at that point
*/
virDriverLoadModule("network");
virDriverLoadModule("storage");
virDriverLoadModule("nodedev");
virDriverLoadModule("qemu");
virDriverLoadModule("lxc");
virDriverLoadModule("uml");
#else
#ifdef WITH_NETWORK
networkRegister();
#endif
#ifdef WITH_STORAGE_DIR
storageRegister();
#endif
#if defined(WITH_NODE_DEVICES) && \
(defined(HAVE_HAL) || defined(HAVE_DEVKIT))
nodedevRegister();
#endif
#ifdef WITH_QEMU
qemuRegister();
#endif
#ifdef WITH_LXC
lxcRegister();
#endif
#ifdef WITH_UML
umlRegister();
#endif
#endif
virEventRegisterImpl(virEventAddHandleImpl,
virEventUpdateHandleImpl,
virEventRemoveHandleImpl,
virEventAddTimeoutImpl,
virEventUpdateTimeoutImpl,
virEventRemoveTimeoutImpl);
virStateInitialize();
return server;
}
static struct qemud_server *qemudNetworkInit(struct qemud_server *server) {
struct qemud_socket *sock;
char sockname[PATH_MAX];
char roSockname[PATH_MAX];
#if HAVE_SASL
int err;
#endif /* HAVE_SASL */
roSockname[0] = '\0';
if (qemudInitPaths(server, sockname, roSockname, PATH_MAX) < 0)
goto cleanup;
if (qemudListenUnix(server, sockname, 0, auth_unix_rw) < 0)
goto cleanup;
if (roSockname[0] != '\0' && qemudListenUnix(server, roSockname, 1, auth_unix_ro) < 0)
goto cleanup;
#if HAVE_SASL
if (auth_unix_rw == REMOTE_AUTH_SASL ||
auth_unix_ro == REMOTE_AUTH_SASL ||
auth_tcp == REMOTE_AUTH_SASL ||
auth_tls == REMOTE_AUTH_SASL) {
if ((err = sasl_server_init(NULL, "libvirt")) != SASL_OK) {
VIR_ERROR(_("Failed to initialize SASL authentication %s"),
sasl_errstring(err, NULL, NULL));
goto cleanup;
}
}
#endif
#ifdef HAVE_POLKIT
if (auth_unix_rw == REMOTE_AUTH_POLKIT ||
auth_unix_ro == REMOTE_AUTH_POLKIT) {
DBusError derr;
dbus_error_init(&derr);
server->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr);
if (!(server->sysbus)) {
VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"),
derr.message);
dbus_error_free(&derr);
goto cleanup;
}
}
#endif
if (ipsock) {
if (listen_tcp && remoteListenTCP (server, listen_addr, tcp_port, QEMUD_SOCK_TYPE_TCP, auth_tcp) < 0)
goto cleanup;
if (listen_tls) {
if (remoteInitializeGnuTLS () < 0)
goto cleanup;
if (remoteListenTCP (server, listen_addr, tls_port, QEMUD_SOCK_TYPE_TLS, auth_tls) < 0)
goto cleanup;
}
}
#ifdef HAVE_AVAHI
if (getuid() == 0 && mdns_adv) {
struct libvirtd_mdns_group *group;
int port = 0;
server->mdns = libvirtd_mdns_new();
if (!mdns_name) {
char groupname[64], localhost[HOST_NAME_MAX+1], *tmp;
/* Extract the host part of the potentially FQDN */
gethostname(localhost, HOST_NAME_MAX);
localhost[HOST_NAME_MAX] = '\0';
if ((tmp = strchr(localhost, '.')))
*tmp = '\0';
snprintf(groupname, sizeof(groupname)-1, "Virtualization Host %s", localhost);
groupname[sizeof(groupname)-1] = '\0';
group = libvirtd_mdns_add_group(server->mdns, groupname);
} else {
group = libvirtd_mdns_add_group(server->mdns, mdns_name);
}
/*
* See if there's a TLS enabled port we can advertise. Cowardly
* don't bother to advertise TCP since we don't want people using
* them for real world apps
*/
sock = server->sockets;
while (sock) {
if (sock->port != -1 && sock->type == QEMUD_SOCK_TYPE_TLS) {
port = sock->port;
break;
}
sock = sock->next;
}
/*
* Add the primary entry - we choose SSH because its most likely to always
* be available
*/
libvirtd_mdns_add_entry(group, "_libvirt._tcp", port);
libvirtd_mdns_start(server->mdns);
}
#endif
return server;
cleanup:
if (server) {
sock = server->sockets;
while (sock) {
close(sock->fd);
sock = sock->next;
}
#ifdef HAVE_POLKIT
if (server->sysbus)
dbus_connection_unref(server->sysbus);
#endif
free(server);
}
return NULL;
}
static gnutls_session_t
remoteInitializeTLSSession (void)
{
gnutls_session_t session;
int err;
err = gnutls_init (&session, GNUTLS_SERVER);
if (err != 0) goto failed;
/* avoid calling all the priority functions, since the defaults
* are adequate.
*/
err = gnutls_set_default_priority (session);
if (err != 0) goto failed;
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
if (err != 0) goto failed;
/* request client certificate if any.
*/
gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
gnutls_dh_set_prime_bits (session, DH_BITS);
return session;
failed:
VIR_ERROR(_("remoteInitializeTLSSession: %s"),
gnutls_strerror (err));
return NULL;
}
/* Check DN is on tls_allowed_dn_list. */
static int
remoteCheckDN (gnutls_x509_crt_t cert)
{
char name[256];
size_t namesize = sizeof name;
char **wildcards;
int err;
err = gnutls_x509_crt_get_dn (cert, name, &namesize);
if (err != 0) {
VIR_ERROR(_("remoteCheckDN: gnutls_x509_cert_get_dn: %s"),
gnutls_strerror (err));
return 0;
}
/* If the list is not set, allow any DN. */
wildcards = tls_allowed_dn_list;
if (!wildcards)
return 1;
while (*wildcards) {
if (fnmatch (*wildcards, name, 0) == 0)
return 1;
wildcards++;
}
/* Print the client's DN. */
DEBUG(_("remoteCheckDN: failed: client DN is %s"), name);
return 0; // Not found.
}
static int
remoteCheckCertificate (gnutls_session_t session)
{
int ret;
unsigned int status;
const gnutls_datum_t *certs;
unsigned int nCerts, i;
time_t now;
if ((ret = gnutls_certificate_verify_peers2 (session, &status)) < 0){
VIR_ERROR(_("remoteCheckCertificate: verify failed: %s"),
gnutls_strerror (ret));
return -1;
}
if (status != 0) {
if (status & GNUTLS_CERT_INVALID)
VIR_ERROR0(_("remoteCheckCertificate: "
"the client certificate is not trusted."));
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
VIR_ERROR0(_("remoteCheckCertificate: the client "
"certificate has unknown issuer."));
if (status & GNUTLS_CERT_REVOKED)
VIR_ERROR0(_("remoteCheckCertificate: "
"the client certificate has been revoked."));
#ifndef GNUTLS_1_0_COMPAT
if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
VIR_ERROR0(_("remoteCheckCertificate: the client certificate"
" uses an insecure algorithm."));
#endif
return -1;
}
if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) {
VIR_ERROR0(_("remoteCheckCertificate: certificate is not X.509"));
return -1;
}
if (!(certs = gnutls_certificate_get_peers(session, &nCerts))) {
VIR_ERROR0(_("remoteCheckCertificate: no peers"));
return -1;
}
now = time (NULL);
for (i = 0; i < nCerts; i++) {
gnutls_x509_crt_t cert;
if (gnutls_x509_crt_init (&cert) < 0) {
VIR_ERROR0(_("remoteCheckCertificate: gnutls_x509_crt_init failed"));
return -1;
}
if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
gnutls_x509_crt_deinit (cert);
return -1;
}
if (gnutls_x509_crt_get_expiration_time (cert) < now) {
VIR_ERROR0(_("remoteCheckCertificate: "
"the client certificate has expired"));
gnutls_x509_crt_deinit (cert);
return -1;
}
if (gnutls_x509_crt_get_activation_time (cert) > now) {
VIR_ERROR0(_("remoteCheckCertificate: the client "
"certificate is not yet activated"));
gnutls_x509_crt_deinit (cert);
return -1;
}
if (i == 0) {
if (!remoteCheckDN (cert)) {
/* This is the most common error: make it informative. */
VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list). Use 'openssl x509 -in clientcert.pem -text' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option."));
gnutls_x509_crt_deinit (cert);
return -1;
}
}
}
return 0;
}
/* Check the client's access. */
static int
remoteCheckAccess (struct qemud_client *client)
{
/* Verify client certificate. */
if (remoteCheckCertificate (client->tlssession) == -1) {
VIR_ERROR0(_("remoteCheckCertificate: "
"failed to verify client's certificate"));
if (!tls_no_verify_certificate) return -1;
else VIR_INFO0(_("remoteCheckCertificate: tls_no_verify_certificate "
"is set so the bad certificate is ignored"));
}
/* Checks have succeeded. Write a '\1' byte back to the client to
* indicate this (otherwise the socket is abruptly closed).
* (NB. The '\1' byte is sent in an encrypted record).
*/
client->bufferLength = 1;
client->bufferOffset = 0;
client->buffer[0] = '\1';
client->mode = QEMUD_MODE_TX_PACKET;
return 0;
}
#if HAVE_POLKIT
int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid) {
#ifdef SO_PEERCRED
struct ucred cr;
unsigned int cr_len = sizeof (cr);
if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
VIR_ERROR(_("Failed to verify client credentials: %s"),
strerror(errno));
return -1;
}
*pid = cr.pid;
*uid = cr.uid;
#else
/* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
#error "UNIX socket credentials not supported/implemented on this platform yet..."
#endif
return 0;
}
#endif
static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket *sock) {
int fd;
struct sockaddr_storage addr;
socklen_t addrlen = (socklen_t) (sizeof addr);
struct qemud_client *client;
int no_slow_start = 1;
if ((fd = accept(sock->fd, (struct sockaddr *)&addr, &addrlen)) < 0) {
if (errno == EAGAIN)
return 0;
VIR_ERROR(_("Failed to accept connection: %s"), strerror(errno));
return -1;
}
if (server->nclients >= max_clients) {
VIR_ERROR0(_("Too many active clients, dropping connection"));
close(fd);
return -1;
}
if (VIR_REALLOC_N(server->clients, server->nclients+1) < 0) {
VIR_ERROR0(_("Out of memory allocating clients"));
close(fd);
return -1;
}
/* Disable Nagle. Unix sockets will ignore this. */
setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (void *)&no_slow_start,
sizeof no_slow_start);
if (qemudSetCloseExec(fd) < 0 ||
qemudSetNonBlock(fd) < 0) {
close(fd);
return -1;
}
if (VIR_ALLOC(client) < 0)
goto cleanup;
if (pthread_mutex_init(&client->lock, NULL) != 0)
goto cleanup;
client->magic = QEMUD_CLIENT_MAGIC;
client->fd = fd;
client->readonly = sock->readonly;
client->type = sock->type;
client->auth = sock->auth;
memcpy (&client->addr, &addr, sizeof addr);
client->addrlen = addrlen;
client->server = server;
#if HAVE_POLKIT
/* Only do policy checks for non-root - allow root user
through with no checks, as a fail-safe - root can easily
change policykit policy anyway, so its pointless trying
to restrict root */
if (client->auth == REMOTE_AUTH_POLKIT) {
uid_t uid;
pid_t pid;
if (qemudGetSocketIdentity(client->fd, &uid, &pid) < 0)
goto cleanup;
/* Client is running as root, so disable auth */
if (uid == 0) {
VIR_INFO(_("Turn off polkit auth for privileged client %d"), pid);
client->auth = REMOTE_AUTH_NONE;
}
}
#endif
if (client->type != QEMUD_SOCK_TYPE_TLS) {
client->mode = QEMUD_MODE_RX_HEADER;
client->bufferLength = REMOTE_MESSAGE_HEADER_XDR_LEN;
if (qemudRegisterClientEvent (server, client, 0) < 0)
goto cleanup;
} else {
int ret;
client->tlssession = remoteInitializeTLSSession ();
if (client->tlssession == NULL)
goto cleanup;
gnutls_transport_set_ptr (client->tlssession,
(gnutls_transport_ptr_t) (long) fd);
/* Begin the TLS handshake. */
ret = gnutls_handshake (client->tlssession);
if (ret == 0) {
/* Unlikely, but ... Next step is to check the certificate. */
if (remoteCheckAccess (client) == -1)
goto cleanup;
if (qemudRegisterClientEvent(server, client, 0) < 0)
goto cleanup;
} else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
/* Most likely. */
client->mode = QEMUD_MODE_TLS_HANDSHAKE;
client->bufferLength = -1;
if (qemudRegisterClientEvent (server, client, 0) < 0)
goto cleanup;
} else {
VIR_ERROR(_("TLS handshake failed: %s"),
gnutls_strerror (ret));
goto cleanup;
}
}
server->clients[server->nclients++] = client;
return 0;
cleanup:
if (client &&
client->tlssession) gnutls_deinit (client->tlssession);
close (fd);
free (client);
return -1;
}
/*
* You must hold lock for at least the client
* We don't free stuff here, merely disconnect the client's
* network socket & resources.
* We keep the libvirt connection open until any async
* jobs have finished, then clean it up elsehwere
*/
static void qemudDispatchClientFailure(struct qemud_server *server ATTRIBUTE_UNUSED,
struct qemud_client *client) {
virEventRemoveHandleImpl(client->watch);
/* Deregister event delivery callback */
if(client->conn) {
DEBUG0("Deregistering to relay remote events");
virConnectDomainEventDeregister(client->conn, remoteRelayDomainEvent);
}
#if HAVE_SASL
if (client->saslconn) sasl_dispose(&client->saslconn);
free(client->saslUsername);
#endif
if (client->tlssession) gnutls_deinit (client->tlssession);
close(client->fd);
client->fd = -1;
}
/* Caller must hold server lock */
static struct qemud_client *qemudPendingJob(struct qemud_server *server)
{
int i;
for (i = 0 ; i < server->nclients ; i++) {
pthread_mutex_lock(&server->clients[i]->lock);
if (server->clients[i]->mode == QEMUD_MODE_WAIT_DISPATCH) {
/* Delibrately don't unlock client - caller wants the lock */
return server->clients[i];
}
pthread_mutex_unlock(&server->clients[i]->lock);
}
return NULL;
}
static void *qemudWorker(void *data)
{
struct qemud_server *server = data;
while (1) {
struct qemud_client *client;
int len;
pthread_mutex_lock(&server->lock);
while ((client = qemudPendingJob(server)) == NULL)
pthread_cond_wait(&server->job, &server->lock);
pthread_mutex_unlock(&server->lock);
/* We own a locked client now... */
client->mode = QEMUD_MODE_IN_DISPATCH;
client->refs++;
if ((len = remoteDispatchClientRequest (server, client)) == 0)
qemudDispatchClientFailure(server, client);
/* Set up the output buffer. */
client->mode = QEMUD_MODE_TX_PACKET;
client->bufferLength = len;
client->bufferOffset = 0;
if (qemudRegisterClientEvent(server, client, 1) < 0)
qemudDispatchClientFailure(server, client);
client->refs--;
pthread_mutex_unlock(&client->lock);
pthread_mutex_unlock(&server->lock);
}
}
static int qemudClientReadBuf(struct qemud_server *server,
struct qemud_client *client,
char *data, unsigned len) {
int ret;
/*qemudDebug ("qemudClientRead: len = %d", len);*/
if (!client->tlssession) {
if ((ret = read (client->fd, data, len)) <= 0) {
if (ret == 0 || errno != EAGAIN) {
if (ret != 0)
VIR_ERROR(_("read: %s"), strerror (errno));
qemudDispatchClientFailure(server, client);
}
return -1;
}
} else {
ret = gnutls_record_recv (client->tlssession, data, len);
if (qemudRegisterClientEvent (server, client, 1) < 0)
qemudDispatchClientFailure (server, client);
else if (ret <= 0) {
if (ret == 0 || (ret != GNUTLS_E_AGAIN &&
ret != GNUTLS_E_INTERRUPTED)) {
if (ret != 0)
VIR_ERROR(_("gnutls_record_recv: %s"),
gnutls_strerror (ret));
qemudDispatchClientFailure (server, client);
}
return -1;
}
}
return ret;
}
static int qemudClientReadPlain(struct qemud_server *server,
struct qemud_client *client) {
int ret;
ret = qemudClientReadBuf(server, client,
client->buffer + client->bufferOffset,
client->bufferLength - client->bufferOffset);
if (ret < 0)
return ret;
client->bufferOffset += ret;
return 0;
}
#if HAVE_SASL
static int qemudClientReadSASL(struct qemud_server *server,
struct qemud_client *client) {
int got, want;
/* We're doing a SSF data read, so now its times to ensure
* future writes are under SSF too.
*
* cf remoteSASLCheckSSF in remote.c
*/
client->saslSSF |= QEMUD_SASL_SSF_WRITE;
/* Need to read some more data off the wire */
if (client->saslDecoded == NULL) {
char encoded[8192];
int encodedLen = sizeof(encoded);
encodedLen = qemudClientReadBuf(server, client, encoded, encodedLen);
if (encodedLen < 0)
return -1;
sasl_decode(client->saslconn, encoded, encodedLen,
&client->saslDecoded, &client->saslDecodedLength);
client->saslDecodedOffset = 0;
}
/* Some buffered decoded data to return now */
got = client->saslDecodedLength - client->saslDecodedOffset;
want = client->bufferLength - client->bufferOffset;
if (want > got)
want = got;
memcpy(client->buffer + client->bufferOffset,
client->saslDecoded + client->saslDecodedOffset, want);
client->saslDecodedOffset += want;
client->bufferOffset += want;
if (client->saslDecodedOffset == client->saslDecodedLength) {
client->saslDecoded = NULL;
client->saslDecodedOffset = client->saslDecodedLength = 0;
}
return 0;
}
#endif
static int qemudClientRead(struct qemud_server *server,
struct qemud_client *client) {
#if HAVE_SASL
if (client->saslSSF & QEMUD_SASL_SSF_READ)
return qemudClientReadSASL(server, client);
else
#endif
return qemudClientReadPlain(server, client);
}
static void qemudDispatchClientRead(struct qemud_server *server, struct qemud_client *client) {
unsigned int len;
/*qemudDebug ("qemudDispatchClientRead: mode = %d", client->mode);*/
switch (client->mode) {
case QEMUD_MODE_RX_HEADER: {
XDR x;
if (qemudClientRead(server, client) < 0)
return; /* Error, or blocking */
if (client->bufferOffset < client->bufferLength)
return; /* Not read enough */
xdrmem_create(&x, client->buffer, client->bufferLength, XDR_DECODE);
if (!xdr_u_int(&x, &len)) {
xdr_destroy (&x);
DEBUG0("Failed to decode packet length");
qemudDispatchClientFailure(server, client);
return;
}
xdr_destroy (&x);
if (len > REMOTE_MESSAGE_MAX) {
DEBUG("Packet length %u too large", len);
qemudDispatchClientFailure(server, client);
return;
}
/* Length include length of the length field itself, so
* check minimum size requirements */
if (len <= REMOTE_MESSAGE_HEADER_XDR_LEN) {
DEBUG("Packet length %u too small", len);
qemudDispatchClientFailure(server, client);
return;
}
client->mode = QEMUD_MODE_RX_PAYLOAD;
client->bufferLength = len - REMOTE_MESSAGE_HEADER_XDR_LEN;
client->bufferOffset = 0;
if (qemudRegisterClientEvent(server, client, 1) < 0) {
qemudDispatchClientFailure(server, client);
return;
}
/* Fall through */
}
case QEMUD_MODE_RX_PAYLOAD: {
if (qemudClientRead(server, client) < 0)
return; /* Error, or blocking */
if (client->bufferOffset < client->bufferLength)
return; /* Not read enough */
client->mode = QEMUD_MODE_WAIT_DISPATCH;
if (qemudRegisterClientEvent(server, client, 1) < 0)
qemudDispatchClientFailure(server, client);
pthread_cond_signal(&server->job);
break;
}
case QEMUD_MODE_TLS_HANDSHAKE: {
int ret;
/* Continue the handshake. */
ret = gnutls_handshake (client->tlssession);
if (ret == 0) {
/* Finished. Next step is to check the certificate. */
if (remoteCheckAccess (client) == -1)
qemudDispatchClientFailure (server, client);
else if (qemudRegisterClientEvent (server, client, 1) < 0)
qemudDispatchClientFailure (server, client);
} else if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED) {
VIR_ERROR(_("TLS handshake failed: %s"),
gnutls_strerror (ret));
qemudDispatchClientFailure (server, client);
} else {
if (qemudRegisterClientEvent (server ,client, 1) < 0)
qemudDispatchClientFailure (server, client);
}
break;
}
default:
DEBUG("Got unexpected data read while in %d mode", client->mode);
qemudDispatchClientFailure(server, client);
}
}
static int qemudClientWriteBuf(struct qemud_server *server,
struct qemud_client *client,
const char *data, int len) {
int ret;
if (!client->tlssession) {
if ((ret = safewrite(client->fd, data, len)) == -1) {
VIR_ERROR(_("write: %s"), strerror (errno));
qemudDispatchClientFailure(server, client);
return -1;
}
} else {
ret = gnutls_record_send (client->tlssession, data, len);
if (qemudRegisterClientEvent (server, client, 1) < 0)
qemudDispatchClientFailure (server, client);
else if (ret < 0) {
if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN) {
VIR_ERROR(_("gnutls_record_send: %s"), gnutls_strerror (ret));
qemudDispatchClientFailure (server, client);
}
return -1;
}
}
return ret;
}
static int qemudClientWritePlain(struct qemud_server *server,
struct qemud_client *client) {
int ret = qemudClientWriteBuf(server, client,
client->buffer + client->bufferOffset,
client->bufferLength - client->bufferOffset);
if (ret < 0)
return -1;
client->bufferOffset += ret;
return 0;
}
#if HAVE_SASL
static int qemudClientWriteSASL(struct qemud_server *server,
struct qemud_client *client) {
int ret;
/* Not got any pending encoded data, so we need to encode raw stuff */
if (client->saslEncoded == NULL) {
int err;
err = sasl_encode(client->saslconn,
client->buffer + client->bufferOffset,
client->bufferLength - client->bufferOffset,
&client->saslEncoded,
&client->saslEncodedLength);
client->saslEncodedOffset = 0;
}
/* Send some of the encoded stuff out on the wire */
ret = qemudClientWriteBuf(server, client,
client->saslEncoded + client->saslEncodedOffset,
client->saslEncodedLength - client->saslEncodedOffset);
if (ret < 0)
return -1;
/* Note how much we sent */
client->saslEncodedOffset += ret;
/* Sent all encoded, so update raw buffer to indicate completion */
if (client->saslEncodedOffset == client->saslEncodedLength) {
client->saslEncoded = NULL;
client->saslEncodedOffset = client->saslEncodedLength = 0;
client->bufferOffset = client->bufferLength;
}
return 0;
}
#endif
static int qemudClientWrite(struct qemud_server *server,
struct qemud_client *client) {
#if HAVE_SASL
if (client->saslSSF & QEMUD_SASL_SSF_WRITE)
return qemudClientWriteSASL(server, client);
else
#endif
return qemudClientWritePlain(server, client);
}
void
qemudDispatchClientWrite(struct qemud_server *server,
struct qemud_client *client) {
switch (client->mode) {
case QEMUD_MODE_TX_PACKET: {
if (qemudClientWrite(server, client) < 0)
return;
if (client->bufferOffset == client->bufferLength) {
if (client->closing) {
qemudDispatchClientFailure (server, client);
} else {
/* Done writing, switch back to receive */
client->mode = QEMUD_MODE_RX_HEADER;
client->bufferLength = REMOTE_MESSAGE_HEADER_XDR_LEN;
client->bufferOffset = 0;
if (qemudRegisterClientEvent (server, client, 1) < 0)
qemudDispatchClientFailure (server, client);
}
}
/* Still writing */
break;
}
case QEMUD_MODE_TLS_HANDSHAKE: {
int ret;
/* Continue the handshake. */
ret = gnutls_handshake (client->tlssession);
if (ret == 0) {
/* Finished. Next step is to check the certificate. */
if (remoteCheckAccess (client) == -1)
qemudDispatchClientFailure (server, client);
else if (qemudRegisterClientEvent (server, client, 1))
qemudDispatchClientFailure (server, client);
} else if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED) {
VIR_ERROR(_("TLS handshake failed: %s"), gnutls_strerror (ret));
qemudDispatchClientFailure (server, client);
} else {
if (qemudRegisterClientEvent (server, client, 1))
qemudDispatchClientFailure (server, client);
}
break;
}
default:
DEBUG("Got unexpected data write while in %d mode", client->mode);
qemudDispatchClientFailure(server, client);
}
}
static void
qemudDispatchClientEvent(int watch, int fd, int events, void *opaque) {
struct qemud_server *server = (struct qemud_server *)opaque;
struct qemud_client *client = NULL;
int i;
pthread_mutex_lock(&server->lock);
for (i = 0 ; i < server->nclients ; i++) {
if (server->clients[i]->watch == watch) {
client = server->clients[i];
break;
}
}
if (!client) {
pthread_mutex_unlock(&server->lock);
return;
}
pthread_mutex_lock(&client->lock);
pthread_mutex_unlock(&server->lock);
if (client->fd != fd)
return;
if (events == VIR_EVENT_HANDLE_WRITABLE)
qemudDispatchClientWrite(server, client);
else if (events == VIR_EVENT_HANDLE_READABLE)
qemudDispatchClientRead(server, client);
else
qemudDispatchClientFailure(server, client);
pthread_mutex_unlock(&client->lock);
}
static int qemudRegisterClientEvent(struct qemud_server *server,
struct qemud_client *client,
int update) {
int mode;
switch (client->mode) {
case QEMUD_MODE_TLS_HANDSHAKE:
if (gnutls_record_get_direction (client->tlssession) == 0)
mode = VIR_EVENT_HANDLE_READABLE;
else
mode = VIR_EVENT_HANDLE_WRITABLE;
break;
case QEMUD_MODE_RX_HEADER:
case QEMUD_MODE_RX_PAYLOAD:
mode = VIR_EVENT_HANDLE_READABLE;
break;
case QEMUD_MODE_TX_PACKET:
mode = VIR_EVENT_HANDLE_WRITABLE;
break;
case QEMUD_MODE_WAIT_DISPATCH:
mode = 0;
break;
default:
return -1;
}
if (update) {
virEventUpdateHandleImpl(client->watch, mode);
} else {
if ((client->watch = virEventAddHandleImpl(client->fd,
mode,
qemudDispatchClientEvent,
server, NULL)) < 0)
return -1;
}
return 0;
}
static void
qemudDispatchServerEvent(int watch, int fd, int events, void *opaque) {
struct qemud_server *server = (struct qemud_server *)opaque;
struct qemud_socket *sock;
pthread_mutex_lock(&server->lock);
sock = server->sockets;
while (sock) {
if (sock->watch == watch)
break;
sock = sock->next;
}
if (sock && sock->fd == fd && events)
qemudDispatchServer(server, sock);
pthread_mutex_unlock(&server->lock);
}
static int qemudOneLoop(void) {
sig_atomic_t errors;
if (virEventRunOnce() < 0)
return -1;
/* Check for any signal handling errors and log them. */
errors = sig_errors;
if (errors) {
sig_errors -= errors;
VIR_ERROR(_("Signal handler reported %d errors: last error: %s"),
errors, strerror (sig_lasterrno));
return -1;
}
return 0;
}
static void qemudInactiveTimer(int timer ATTRIBUTE_UNUSED, void *data) {
struct qemud_server *server = (struct qemud_server *)data;
DEBUG0("Got inactive timer expiry");
if (!virStateActive()) {
DEBUG0("No state active, shutting down");
server->shutdown = 1;
}
}
static int qemudRunLoop(struct qemud_server *server) {
int timerid = -1;
int ret = -1, i;
pthread_mutex_lock(&server->lock);
server->nworkers = min_workers;
if (VIR_ALLOC_N(server->workers, server->nworkers) < 0) {
VIR_ERROR0(_("Failed to allocate workers"));
return -1;
}
for (i = 0 ; i < server->nworkers ; i++) {
pthread_attr_t attr;
pthread_attr_init(&attr);
pthread_attr_setdetachstate(&attr, 1);
pthread_create(&server->workers[i],
&attr,
qemudWorker,
server);
}
for (;;) {
/* A shutdown timeout is specified, so check
* if any drivers have active state, if not
* shutdown after timeout seconds
*/
if (timeout > 0 && !virStateActive() && !server->clients) {
timerid = virEventAddTimeoutImpl(timeout*1000,
qemudInactiveTimer,
server, NULL);
DEBUG("Scheduling shutdown timer %d", timerid);
}
pthread_mutex_unlock(&server->lock);
if (qemudOneLoop() < 0)
break;
pthread_mutex_lock(&server->lock);
reprocess:
for (i = 0 ; i < server->nclients ; i++) {
int inactive;
pthread_mutex_lock(&server->clients[i]->lock);
inactive = server->clients[i]->fd == -1
&& server->clients[i]->refs == 0;
pthread_mutex_unlock(&server->clients[i]->lock);
if (inactive) {
if (server->clients[i]->conn)
virConnectClose(server->clients[i]->conn);
VIR_FREE(server->clients[i]);
server->nclients--;
if (i < server->nclients) {
memmove(server->clients + i,
server->clients + i + 1,
server->nclients - i);
goto reprocess;
}
}
}
/* Unregister any timeout that's active, since we
* just had an event processed
*/
if (timerid != -1) {
DEBUG("Removing shutdown timer %d", timerid);
virEventRemoveTimeoutImpl(timerid);
timerid = -1;
}
if (server->shutdown) {
ret = 0;
break;
}
}
for (i = 0 ; i < server->nworkers ; i++) {
pthread_t thread = server->workers[i];
pthread_mutex_unlock(&server->lock);
pthread_join(thread, NULL);
pthread_mutex_lock(&server->lock);
}
free(server->workers);
pthread_mutex_unlock(&server->lock);
return ret;
}
static void qemudCleanup(struct qemud_server *server) {
struct qemud_socket *sock;
close(server->sigread);
sock = server->sockets;
while (sock) {
struct qemud_socket *next = sock->next;
close(sock->fd);
free(sock);
sock = next;
}
#ifdef HAVE_SASL
if (server->saslUsernameWhitelist) {
char **list = server->saslUsernameWhitelist;
while (*list) {
free(*list);
list++;
}
free(server->saslUsernameWhitelist);
}
#endif
virStateCleanup();
free(server);
}
/* Allocate an array of malloc'd strings from the config file, filename
* (used only in diagnostics), using handle "conf". Upon error, return -1
* and free any allocated memory. Otherwise, save the array in *list_arg
* and return 0.
*/
static int
remoteConfigGetStringList(virConfPtr conf, const char *key, char ***list_arg,
const char *filename)
{
char **list;
virConfValuePtr p = virConfGetValue (conf, key);
if (!p)
return 0;
switch (p->type) {
case VIR_CONF_STRING:
if (VIR_ALLOC_N(list, 2) < 0) {
VIR_ERROR(_("failed to allocate memory for %s config list"), key);
return -1;
}
list[0] = strdup (p->str);
list[1] = NULL;
if (list[0] == NULL) {
VIR_ERROR(_("failed to allocate memory for %s config list value"),
key);
VIR_FREE(list);
return -1;
}
break;
case VIR_CONF_LIST: {
int i, len = 0;
virConfValuePtr pp;
for (pp = p->list; pp; pp = pp->next)
len++;
if (VIR_ALLOC_N(list, 1+len) < 0) {
VIR_ERROR(_("failed to allocate memory for %s config list"), key);
return -1;
}
for (i = 0, pp = p->list; pp; ++i, pp = pp->next) {
if (pp->type != VIR_CONF_STRING) {
VIR_ERROR(_("remoteReadConfigFile: %s: %s:"
" must be a string or list of strings\n"),
filename, key);
VIR_FREE(list);
return -1;
}
list[i] = strdup (pp->str);
if (list[i] == NULL) {
int j;
for (j = 0 ; j < i ; j++)
VIR_FREE(list[j]);
VIR_FREE(list);
VIR_ERROR(_("failed to allocate memory for %s config list value"),
key);
return -1;
}
}
list[i] = NULL;
break;
}
default:
VIR_ERROR(_("remoteReadConfigFile: %s: %s:"
" must be a string or list of strings\n"),
filename, key);
return -1;
}
*list_arg = list;
return 0;
}
/* A helper function used by each of the following macros. */
static int
checkType (virConfValuePtr p, const char *filename,
const char *key, virConfType required_type)
{
if (p->type != required_type) {
VIR_ERROR(_("remoteReadConfigFile: %s: %s: invalid type:"
" got %s; expected %s\n"), filename, key,
virConfTypeName (p->type),
virConfTypeName (required_type));
return -1;
}
return 0;
}
/* If there is no config data for the key, #var_name, then do nothing.
If there is valid data of type VIR_CONF_STRING, and strdup succeeds,
store the result in var_name. Otherwise, (i.e. invalid type, or strdup
failure), give a diagnostic and "goto" the cleanup-and-fail label. */
#define GET_CONF_STR(conf, filename, var_name) \
do { \
virConfValuePtr p = virConfGetValue (conf, #var_name); \
if (p) { \
if (checkType (p, filename, #var_name, VIR_CONF_STRING) < 0) \
goto free_and_fail; \
(var_name) = strdup (p->str); \
if ((var_name) == NULL) { \
VIR_ERROR(_("remoteReadConfigFile: %s\n"),strerror (errno)); \
goto free_and_fail; \
} \
} \
} while (0)
/* Like GET_CONF_STR, but for integral values. */
#define GET_CONF_INT(conf, filename, var_name) \
do { \
virConfValuePtr p = virConfGetValue (conf, #var_name); \
if (p) { \
if (checkType (p, filename, #var_name, VIR_CONF_LONG) < 0) \
goto free_and_fail; \
(var_name) = p->l; \
} \
} while (0)
static int remoteConfigGetAuth(virConfPtr conf, const char *key, int *auth, const char *filename) {
virConfValuePtr p;
p = virConfGetValue (conf, key);
if (!p)
return 0;
if (checkType (p, filename, key, VIR_CONF_STRING) < 0)
return -1;
if (!p->str)
return 0;
if (STREQ(p->str, "none")) {
*auth = REMOTE_AUTH_NONE;
#if HAVE_SASL
} else if (STREQ(p->str, "sasl")) {
*auth = REMOTE_AUTH_SASL;
#endif
#if HAVE_POLKIT
} else if (STREQ(p->str, "polkit")) {
*auth = REMOTE_AUTH_POLKIT;
#endif
} else {
VIR_ERROR(_("remoteReadConfigFile: %s: %s: unsupported auth %s\n"),
filename, key, p->str);
return -1;
}
return 0;
}
#ifdef HAVE_SASL
static inline int
remoteReadSaslAllowedUsernameList (virConfPtr conf,
struct qemud_server *server,
const char *filename)
{
return
remoteConfigGetStringList (conf, "sasl_allowed_username_list",
&server->saslUsernameWhitelist, filename);
}
#else
static inline int
remoteReadSaslAllowedUsernameList (virConfPtr conf ATTRIBUTE_UNUSED,
struct qemud_server *server ATTRIBUTE_UNUSED,
const char *filename ATTRIBUTE_UNUSED)
{
return 0;
}
#endif
/*
* Set up the logging environment
* By default if daemonized all errors go to syslog and the logging
* is also saved onto the logfile libvird.log, but if verbose or error
* debugging is asked for then output informations or debug.
*/
static int
qemudSetLogging(virConfPtr conf, const char *filename) {
char *debugEnv;
int ret = -1;
virLogReset();
/*
* look for default logging level first from config file,
* then from environment variable and finally from command
* line options
*/
GET_CONF_INT (conf, filename, log_level);
debugEnv = getenv("LIBVIRT_DEBUG");
if (debugEnv && *debugEnv && *debugEnv != '0') {
if (STREQ(debugEnv, "2") || STREQ(debugEnv, "info"))
log_level = VIR_LOG_INFO;
else if (STREQ(debugEnv, "3") || STREQ(debugEnv, "warning"))
log_level = VIR_LOG_WARN;
else if (STREQ(debugEnv, "4") || STREQ(debugEnv, "error"))
log_level = VIR_LOG_ERROR;
else
log_level = VIR_LOG_DEBUG;
}
if ((verbose) && (log_level >= VIR_LOG_WARN))
log_level = VIR_LOG_INFO;
virLogSetDefaultPriority(log_level);
/* there is no default filters */
GET_CONF_STR (conf, filename, log_filters);
virLogParseFilters(log_filters);
/*
* by default save all warning and errors to syslog or
* all logs to stderr if not running as daemon
*/
GET_CONF_STR (conf, filename, log_outputs);
if (log_outputs == NULL) {
if (godaemon)
virLogParseOutputs("3:syslog:libvirtd");
else
virLogParseOutputs("0:stderr:libvirtd");
} else
virLogParseOutputs(log_outputs);
ret = 0;
free_and_fail:
VIR_FREE(log_filters);
VIR_FREE(log_outputs);
return(ret);
}
/* Read the config file if it exists.
* Only used in the remote case, hence the name.
*/
static int
remoteReadConfigFile (struct qemud_server *server, const char *filename)
{
virConfPtr conf;
/* The following variable names must match the corresponding
configuration strings. */
char *unix_sock_ro_perms = NULL;
char *unix_sock_rw_perms = NULL;
char *unix_sock_group = NULL;
#if HAVE_POLKIT
/* Change the default back to no auth for non-root */
if (getuid() != 0 && auth_unix_rw == REMOTE_AUTH_POLKIT)
auth_unix_rw = REMOTE_AUTH_NONE;
if (getuid() != 0 && auth_unix_ro == REMOTE_AUTH_POLKIT)
auth_unix_ro = REMOTE_AUTH_NONE;
#endif
conf = virConfReadFile (filename);
if (!conf) return -1;
/*
* First get all the logging settings and activate them
*/
if (qemudSetLogging(conf, filename) < 0)
goto free_and_fail;
GET_CONF_INT (conf, filename, listen_tcp);
GET_CONF_INT (conf, filename, listen_tls);
GET_CONF_STR (conf, filename, tls_port);
GET_CONF_STR (conf, filename, tcp_port);
GET_CONF_STR (conf, filename, listen_addr);
if (remoteConfigGetAuth(conf, "auth_unix_rw", &auth_unix_rw, filename) < 0)
goto free_and_fail;
#if HAVE_POLKIT
/* Change default perms to be wide-open if PolicyKit is enabled.
* Admin can always override in config file
*/
if (auth_unix_rw == REMOTE_AUTH_POLKIT)
unix_sock_rw_mask = 0777;
#endif
if (remoteConfigGetAuth(conf, "auth_unix_ro", &auth_unix_ro, filename) < 0)
goto free_and_fail;
if (remoteConfigGetAuth(conf, "auth_tcp", &auth_tcp, filename) < 0)
goto free_and_fail;
if (remoteConfigGetAuth(conf, "auth_tls", &auth_tls, filename) < 0)
goto free_and_fail;
GET_CONF_STR (conf, filename, unix_sock_group);
if (unix_sock_group) {
if (getuid() != 0) {
VIR_WARN0(_("Cannot set group when not running as root"));
} else {
struct group *grp = getgrnam(unix_sock_group);
if (!grp) {
VIR_ERROR(_("Failed to lookup group '%s'"), unix_sock_group);
goto free_and_fail;
}
unix_sock_gid = grp->gr_gid;
}
free (unix_sock_group);
unix_sock_group = NULL;
}
GET_CONF_STR (conf, filename, unix_sock_ro_perms);
if (unix_sock_ro_perms) {
if (virStrToLong_i (unix_sock_ro_perms, NULL, 8, &unix_sock_ro_mask) != 0) {
VIR_ERROR(_("Failed to parse mode '%s'"), unix_sock_ro_perms);
goto free_and_fail;
}
free (unix_sock_ro_perms);
unix_sock_ro_perms = NULL;
}
GET_CONF_STR (conf, filename, unix_sock_rw_perms);
if (unix_sock_rw_perms) {
if (virStrToLong_i (unix_sock_rw_perms, NULL, 8, &unix_sock_rw_mask) != 0) {
VIR_ERROR(_("Failed to parse mode '%s'"), unix_sock_rw_perms);
goto free_and_fail;
}
free (unix_sock_rw_perms);
unix_sock_rw_perms = NULL;
}
GET_CONF_INT (conf, filename, mdns_adv);
GET_CONF_STR (conf, filename, mdns_name);
GET_CONF_INT (conf, filename, tls_no_verify_certificate);
GET_CONF_STR (conf, filename, key_file);
GET_CONF_STR (conf, filename, cert_file);
GET_CONF_STR (conf, filename, ca_file);
GET_CONF_STR (conf, filename, crl_file);
if (remoteConfigGetStringList (conf, "tls_allowed_dn_list",
&tls_allowed_dn_list, filename) < 0)
goto free_and_fail;
if (remoteReadSaslAllowedUsernameList (conf, server, filename) < 0)
goto free_and_fail;
GET_CONF_INT (conf, filename, min_workers);
GET_CONF_INT (conf, filename, max_workers);
GET_CONF_INT (conf, filename, max_clients);
virConfFree (conf);
return 0;
free_and_fail:
virConfFree (conf);
free (mdns_name);
mdns_name = NULL;
free (unix_sock_ro_perms);
free (unix_sock_rw_perms);
free (unix_sock_group);
/* Don't bother trying to free listen_addr, tcp_port, tls_port, key_file,
cert_file, ca_file, or crl_file, since they are initialized to
non-malloc'd strings. Besides, these are static variables, and callers
are unlikely to call this function more than once, so there wouldn't
even be a real leak. */
if (tls_allowed_dn_list) {
int i;
for (i = 0; tls_allowed_dn_list[i]; i++)
free (tls_allowed_dn_list[i]);
free (tls_allowed_dn_list);
tls_allowed_dn_list = NULL;
}
return -1;
}
/* Display version information. */
static void
version (const char *argv0)
{
printf ("%s (%s) %s\n", argv0, PACKAGE_NAME, PACKAGE_VERSION);
}
/* Print command-line usage. */
static void
usage (const char *argv0)
{
fprintf (stderr,
"\n\
Usage:\n\
%s [options]\n\
\n\
Options:\n\
-v | --verbose Verbose messages.\n\
-d | --daemon Run as a daemon & write PID file.\n\
-l | --listen Listen for TCP/IP connections.\n\
-t | --timeout <secs> Exit after timeout period.\n\
-f | --config <file> Configuration file.\n\
| --version Display version information.\n\
-p | --pid-file <file> Change name of PID file.\n\
\n\
libvirt management daemon:\n\
\n\
Default paths:\n\
\n\
Configuration file (unless overridden by -c):\n\
" SYSCONF_DIR "/libvirt/libvirtd.conf\n\
\n\
Sockets (as root):\n\
" LOCAL_STATE_DIR "/run/libvirt/libvirt-sock\n\
" LOCAL_STATE_DIR "/run/libvirt/libvirt-sock-ro\n\
\n\
Sockets (as non-root):\n\
$HOME/.libvirt/libvirt-sock (in UNIX abstract namespace)\n\
\n\
TLS:\n\
CA certificate: " LIBVIRT_CACERT "\n\
Server certificate: " LIBVIRT_SERVERCERT "\n\
Server private key: " LIBVIRT_SERVERKEY "\n\
\n\
PID file (unless overridden by --pid-file):\n\
%s\n\
\n",
argv0,
REMOTE_PID_FILE[0] != '\0'
? REMOTE_PID_FILE
: "(disabled in ./configure)");
}
enum {
OPT_VERSION = 129
};
#define MAX_LISTEN 5
int main(int argc, char **argv) {
struct qemud_server *server = NULL;
struct sigaction sig_action;
int sigpipe[2];
const char *pid_file = NULL;
const char *remote_config_file = NULL;
int ret = 1;
struct option opts[] = {
{ "verbose", no_argument, &verbose, 1},
{ "daemon", no_argument, &godaemon, 1},
{ "listen", no_argument, &ipsock, 1},
{ "config", required_argument, NULL, 'f'},
{ "timeout", required_argument, NULL, 't'},
{ "pid-file", required_argument, NULL, 'p'},
{ "version", no_argument, NULL, OPT_VERSION },
{ "help", no_argument, NULL, '?' },
{0, 0, 0, 0}
};
while (1) {
int optidx = 0;
int c;
char *tmp;
c = getopt_long(argc, argv, "ldf:p:t:v", opts, &optidx);
if (c == -1) {
break;
}
switch (c) {
case 0:
/* Got one of the flags */
break;
case 'v':
verbose = 1;
break;
case 'd':
godaemon = 1;
break;
case 'l':
ipsock = 1;
break;
case 't':
if (virStrToLong_i(optarg, &tmp, 10, &timeout) != 0
|| timeout <= 0
/* Ensure that we can multiply by 1000 without overflowing. */
|| timeout > INT_MAX / 1000)
timeout = -1;
break;
case 'p':
pid_file = optarg;
break;
case 'f':
remote_config_file = optarg;
break;
case OPT_VERSION:
version (argv[0]);
return 0;
case '?':
usage (argv[0]);
return 2;
default:
fprintf (stderr, "libvirtd: internal error: unknown flag: %c\n",
c);
exit (1);
}
}
if (remote_config_file == NULL) {
static const char *default_config_file
= SYSCONF_DIR "/libvirt/libvirtd.conf";
remote_config_file =
(access(default_config_file, R_OK) == 0
? default_config_file
: "/dev/null");
}
if (godaemon) {
if (qemudGoDaemon() < 0) {
VIR_ERROR(_("Failed to fork as daemon: %s"), strerror(errno));
goto error1;
}
}
/* If running as root and no PID file is set, use the default */
if (pid_file == NULL &&
getuid() == 0 &&
REMOTE_PID_FILE[0] != '\0')
pid_file = REMOTE_PID_FILE;
/* If we have a pidfile set, claim it now, exiting if already taken */
if (pid_file != NULL &&
qemudWritePidFile (pid_file) < 0)
goto error1;
if (pipe(sigpipe) < 0 ||
qemudSetNonBlock(sigpipe[0]) < 0 ||
qemudSetNonBlock(sigpipe[1]) < 0 ||
qemudSetCloseExec(sigpipe[0]) < 0 ||
qemudSetCloseExec(sigpipe[1]) < 0) {
VIR_ERROR(_("Failed to create pipe: %s"), strerror(errno));
goto error2;
}
sigwrite = sigpipe[1];
sig_action.sa_sigaction = sig_handler;
sig_action.sa_flags = SA_SIGINFO;
sigemptyset(&sig_action.sa_mask);
sigaction(SIGHUP, &sig_action, NULL);
sigaction(SIGINT, &sig_action, NULL);
sigaction(SIGQUIT, &sig_action, NULL);
sigaction(SIGTERM, &sig_action, NULL);
sigaction(SIGCHLD, &sig_action, NULL);
sig_action.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &sig_action, NULL);
if (!(server = qemudInitialize(sigpipe[0]))) {
ret = 2;
goto error2;
}
/* Read the config file (if it exists). */
if (remoteReadConfigFile (server, remote_config_file) < 0)
goto error2;
/* Change the group ownership of /var/run/libvirt to unix_sock_gid */
if (getuid() == 0) {
const char *sockdirname = LOCAL_STATE_DIR "/run/libvirt";
if (chown(sockdirname, -1, unix_sock_gid) < 0)
VIR_ERROR(_("Failed to change group ownership of %s"), sockdirname);
}
if (virEventAddHandleImpl(sigpipe[0],
VIR_EVENT_HANDLE_READABLE,
qemudDispatchSignalEvent,
server, NULL) < 0) {
VIR_ERROR0(_("Failed to register callback for signal pipe"));
ret = 3;
goto error2;
}
if (!(server = qemudNetworkInit(server))) {
ret = 2;
goto error2;
}
qemudRunLoop(server);
ret = 0;
error2:
if (server)
qemudCleanup(server);
if (pid_file)
unlink (pid_file);
close(sigwrite);
error1:
virLogShutdown();
return ret;
}