qemud.c 71.7 KB
Newer Older
D
Daniel P. Berrange 已提交
1 2 3
/*
 * qemud.c: daemon start of day, guest process & i/o management
 *
4
 * Copyright (C) 2006, 2007, 2008, 2009 Red Hat, Inc.
D
Daniel P. Berrange 已提交
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
 * Copyright (C) 2006 Daniel P. Berrange
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
 *
 * Author: Daniel P. Berrange <berrange@redhat.com>
 */

24
#include <config.h>
25

D
Daniel P. Berrange 已提交
26 27 28 29 30 31 32 33 34 35
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <unistd.h>
#include <fcntl.h>
#include <limits.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/poll.h>
#include <netinet/in.h>
36
#include <netinet/tcp.h>
D
Daniel P. Berrange 已提交
37 38 39 40
#include <netdb.h>
#include <stdlib.h>
#include <pwd.h>
#include <stdio.h>
41 42
#include <stdarg.h>
#include <syslog.h>
D
Daniel P. Berrange 已提交
43 44 45
#include <string.h>
#include <errno.h>
#include <getopt.h>
46
#include <fnmatch.h>
47
#include <grp.h>
48
#include <signal.h>
49
#include <netdb.h>
50

51
#include "libvirt_internal.h"
52 53 54 55 56

#include "qemud.h"
#include "util.h"
#include "remote_internal.h"
#include "conf.h"
57
#include "event.h"
58
#include "memory.h"
59 60 61
#ifdef HAVE_AVAHI
#include "mdns.h"
#endif
D
Daniel P. Berrange 已提交
62

63 64 65
#ifdef WITH_DRIVER_MODULES
#include "driver.h"
#else
66 67 68 69 70 71
#ifdef WITH_QEMU
#include "qemu_driver.h"
#endif
#ifdef WITH_LXC
#include "lxc_driver.h"
#endif
72 73 74
#ifdef WITH_UML
#include "uml_driver.h"
#endif
75 76 77 78 79 80
#ifdef WITH_NETWORK
#include "network_driver.h"
#endif
#ifdef WITH_STORAGE_DIR
#include "storage_driver.h"
#endif
81 82 83
#ifdef WITH_NODE_DEVICES
#include "node_device.h"
#endif
84
#endif
85 86


87 88
static int godaemon = 0;        /* -d: Be a daemon */
static int verbose = 0;         /* -v: Verbose mode */
89
static int timeout = -1;        /* -t: Shutdown timeout */
90
static int sigwrite = -1;       /* Signal handler pipe */
91
static int ipsock = 0;          /* -l  Listen for TCP/IP */
92

93 94 95 96 97
/* Defaults for logging */
static int log_level = 3;
static char *log_filters = NULL;
static char *log_outputs = NULL;

98
/* Defaults for configuration file elements */
99 100
static int listen_tls = 1;
static int listen_tcp = 0;
101
static char *listen_addr  = (char *) LIBVIRTD_LISTEN_ADDR;
102 103
static char *tls_port = (char *) LIBVIRTD_TLS_PORT;
static char *tcp_port = (char *) LIBVIRTD_TCP_PORT;
104

105
static gid_t unix_sock_gid = 0; /* Only root by default */
106 107
static int unix_sock_rw_mask = 0700; /* Allow user only */
static int unix_sock_ro_mask = 0777; /* Allow world */
108

109 110 111 112
#if HAVE_POLKIT
static int auth_unix_rw = REMOTE_AUTH_POLKIT;
static int auth_unix_ro = REMOTE_AUTH_POLKIT;
#else
113 114
static int auth_unix_rw = REMOTE_AUTH_NONE;
static int auth_unix_ro = REMOTE_AUTH_NONE;
115
#endif /* HAVE_POLKIT */
116 117 118 119 120 121 122
#if HAVE_SASL
static int auth_tcp = REMOTE_AUTH_SASL;
#else
static int auth_tcp = REMOTE_AUTH_NONE;
#endif
static int auth_tls = REMOTE_AUTH_NONE;

123
static int mdns_adv = 1;
124
static char *mdns_name = NULL;
125

126
static int tls_no_verify_certificate = 0;
127
static char **tls_allowed_dn_list = NULL;
128

129 130 131 132
static char *key_file = (char *) LIBVIRT_SERVERKEY;
static char *cert_file = (char *) LIBVIRT_SERVERCERT;
static char *ca_file = (char *) LIBVIRT_CACERT;
static char *crl_file = (char *) "";
133 134 135 136

static gnutls_certificate_credentials_t x509_cred;
static gnutls_dh_params_t dh_params;

137 138 139 140
static int min_workers = 5;
static int max_workers = 20;
static int max_clients = 20;

141
#define DH_BITS 1024
142

143 144 145
static sig_atomic_t sig_errors = 0;
static int sig_lasterrno = 0;

146 147
static void sig_handler(int sig, siginfo_t * siginfo,
                        void* context ATTRIBUTE_UNUSED) {
148
    int origerrno;
149
    int r;
150

151 152
    /* set the sig num in the struct */
    siginfo->si_signo = sig;
153 154

    origerrno = errno;
155
    r = safewrite(sigwrite, siginfo, sizeof(*siginfo));
156 157 158 159
    if (r == -1) {
        sig_errors++;
        sig_lasterrno = errno;
    }
160
    errno = origerrno;
D
Daniel P. Berrange 已提交
161
}
162

163 164
static void qemudDispatchClientEvent(int watch, int fd, int events, void *opaque);
static void qemudDispatchServerEvent(int watch, int fd, int events, void *opaque);
165 166
static int qemudRegisterClientEvent(struct qemud_server *server,
                                    struct qemud_client *client,
167
                                    int removeFirst);
168

169 170 171 172 173
static int
remoteCheckCertFile(const char *type, const char *file)
{
    struct stat sb;
    if (stat(file, &sb) < 0) {
174
        VIR_ERROR(_("Cannot access %s '%s': %s (%d)"),
175 176 177 178 179 180
                  type, file, strerror(errno), errno);
        return -1;
    }
    return 0;
}

181 182 183 184 185 186 187 188 189 190
static int
remoteInitializeGnuTLS (void)
{
    int err;

    /* Initialise GnuTLS. */
    gnutls_global_init ();

    err = gnutls_certificate_allocate_credentials (&x509_cred);
    if (err) {
191
        VIR_ERROR(_("gnutls_certificate_allocate_credentials: %s"),
192 193 194 195 196
                  gnutls_strerror (err));
        return -1;
    }

    if (ca_file && ca_file[0] != '\0') {
197 198 199
        if (remoteCheckCertFile("CA certificate", ca_file) < 0)
            return -1;

200 201 202 203
        qemudDebug ("loading CA cert from %s", ca_file);
        err = gnutls_certificate_set_x509_trust_file (x509_cred, ca_file,
                                                      GNUTLS_X509_FMT_PEM);
        if (err < 0) {
204
            VIR_ERROR(_("gnutls_certificate_set_x509_trust_file: %s"),
205 206 207 208 209 210
                      gnutls_strerror (err));
            return -1;
        }
    }

    if (crl_file && crl_file[0] != '\0') {
211
        if (remoteCheckCertFile("CA revocation list", crl_file) < 0)
212 213
            return -1;

214
        DEBUG("loading CRL from %s", crl_file);
215 216 217
        err = gnutls_certificate_set_x509_crl_file (x509_cred, crl_file,
                                                    GNUTLS_X509_FMT_PEM);
        if (err < 0) {
218
            VIR_ERROR(_("gnutls_certificate_set_x509_crl_file: %s"),
219 220 221 222 223 224
                      gnutls_strerror (err));
            return -1;
        }
    }

    if (cert_file && cert_file[0] != '\0' && key_file && key_file[0] != '\0') {
225 226 227 228
        if (remoteCheckCertFile("server certificate", cert_file) < 0)
            return -1;
        if (remoteCheckCertFile("server key", key_file) < 0)
            return -1;
229
        DEBUG("loading cert and key from %s and %s", cert_file, key_file);
230 231 232 233 234
        err =
            gnutls_certificate_set_x509_key_file (x509_cred,
                                                  cert_file, key_file,
                                                  GNUTLS_X509_FMT_PEM);
        if (err < 0) {
235
            VIR_ERROR(_("gnutls_certificate_set_x509_key_file: %s"),
236 237 238 239 240 241 242 243 244 245 246 247
                      gnutls_strerror (err));
            return -1;
        }
    }

    /* Generate Diffie Hellman parameters - for use with DHE
     * kx algorithms. These should be discarded and regenerated
     * once a day, once a week or once a month. Depending on the
     * security requirements.
     */
    err = gnutls_dh_params_init (&dh_params);
    if (err < 0) {
248
        VIR_ERROR(_("gnutls_dh_params_init: %s"), gnutls_strerror (err));
249 250 251 252
        return -1;
    }
    err = gnutls_dh_params_generate2 (dh_params, DH_BITS);
    if (err < 0) {
253
        VIR_ERROR(_("gnutls_dh_params_generate2: %s"), gnutls_strerror (err));
254 255 256 257 258 259 260 261
        return -1;
    }

    gnutls_certificate_set_dh_params (x509_cred, dh_params);

    return 0;
}

262
static void
263 264
qemudDispatchSignalEvent(int watch ATTRIBUTE_UNUSED,
                         int fd ATTRIBUTE_UNUSED,
265 266
                         int events ATTRIBUTE_UNUSED,
                         void *opaque) {
267
    struct qemud_server *server = (struct qemud_server *)opaque;
268
    siginfo_t siginfo;
269 270
    int ret;

271 272
    pthread_mutex_lock(&server->lock);

273
    if (saferead(server->sigread, &siginfo, sizeof(siginfo)) != sizeof(siginfo)) {
274
        VIR_ERROR(_("Failed to read from signal pipe: %s"), strerror(errno));
275
        pthread_mutex_unlock(&server->lock);
276
        return;
277 278
    }

279 280
    ret = 0;

281
    switch (siginfo.si_signo) {
282
    case SIGHUP:
283
        VIR_INFO0(_("Reloading configuration on SIGHUP"));
284
        if (virStateReload() < 0)
285
            VIR_WARN0(_("Error while reloading drivers"));
286 287 288
        break;

    case SIGINT:
289
    case SIGQUIT:
290
    case SIGTERM:
291
        VIR_WARN(_("Shutting down on signal %d"), siginfo.si_signo);
292 293 294 295
        server->shutdown = 1;
        break;

    default:
296
        VIR_INFO(_("Received unexpected signal %d"), siginfo.si_signo);
297 298 299
        break;
    }

300 301
    if (ret != 0)
        server->shutdown = 1;
302 303

    pthread_mutex_unlock(&server->lock);
304 305
}

306
int qemudSetCloseExec(int fd) {
D
Daniel P. Berrange 已提交
307
    int flags;
308 309
    if ((flags = fcntl(fd, F_GETFD)) < 0)
        goto error;
D
Daniel P. Berrange 已提交
310
    flags |= FD_CLOEXEC;
311 312
    if ((fcntl(fd, F_SETFD, flags)) < 0)
        goto error;
D
Daniel P. Berrange 已提交
313
    return 0;
314
 error:
315
    VIR_ERROR0(_("Failed to set close-on-exec file descriptor flag"));
316
    return -1;
D
Daniel P. Berrange 已提交
317 318 319
}


320
int qemudSetNonBlock(int fd) {
D
Daniel P. Berrange 已提交
321
    int flags;
322 323
    if ((flags = fcntl(fd, F_GETFL)) < 0)
        goto error;
D
Daniel P. Berrange 已提交
324
    flags |= O_NONBLOCK;
325 326
    if ((fcntl(fd, F_SETFL, flags)) < 0)
        goto error;
D
Daniel P. Berrange 已提交
327
    return 0;
328
 error:
329
    VIR_ERROR0(_("Failed to set non-blocking file descriptor flag"));
330 331 332
    return -1;
}

D
Daniel P. Berrange 已提交
333 334 335 336 337 338 339
static int qemudGoDaemon(void) {
    int pid = fork();
    switch (pid) {
    case 0:
        {
            int stdinfd = -1;
            int stdoutfd = -1;
340
            int nextpid;
D
Daniel P. Berrange 已提交
341

342
            if ((stdinfd = open("/dev/null", O_RDONLY)) < 0)
D
Daniel P. Berrange 已提交
343
                goto cleanup;
344
            if ((stdoutfd = open("/dev/null", O_WRONLY)) < 0)
D
Daniel P. Berrange 已提交
345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368
                goto cleanup;
            if (dup2(stdinfd, STDIN_FILENO) != STDIN_FILENO)
                goto cleanup;
            if (dup2(stdoutfd, STDOUT_FILENO) != STDOUT_FILENO)
                goto cleanup;
            if (dup2(stdoutfd, STDERR_FILENO) != STDERR_FILENO)
                goto cleanup;
            if (close(stdinfd) < 0)
                goto cleanup;
            stdinfd = -1;
            if (close(stdoutfd) < 0)
                goto cleanup;
            stdoutfd = -1;

            if (setsid() < 0)
                goto cleanup;

            nextpid = fork();
            switch (nextpid) {
            case 0:
                return 0;
            case -1:
                return -1;
            default:
369
                _exit(0);
D
Daniel P. Berrange 已提交
370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393
            }

        cleanup:
            if (stdoutfd != -1)
                close(stdoutfd);
            if (stdinfd != -1)
                close(stdinfd);
            return -1;

        }

    case -1:
        return -1;

    default:
        {
            int got, status = 0;
            /* We wait to make sure the next child forked
               successfully */
            if ((got = waitpid(pid, &status, 0)) < 0 ||
                got != pid ||
                status != 0) {
                return -1;
            }
394
            _exit(0);
D
Daniel P. Berrange 已提交
395 396 397 398
        }
    }
}

399 400 401 402 403 404 405 406
static int qemudWritePidFile(const char *pidFile) {
    int fd;
    FILE *fh;

    if (pidFile[0] == '\0')
        return 0;

    if ((fd = open(pidFile, O_WRONLY|O_CREAT|O_EXCL, 0644)) < 0) {
407 408
        VIR_ERROR(_("Failed to open pid file '%s' : %s"),
                  pidFile, strerror(errno));
409 410 411 412
        return -1;
    }

    if (!(fh = fdopen(fd, "w"))) {
413 414
        VIR_ERROR(_("Failed to fdopen pid file '%s' : %s"),
                  pidFile, strerror(errno));
415 416 417 418 419
        close(fd);
        return -1;
    }

    if (fprintf(fh, "%lu\n", (unsigned long)getpid()) < 0) {
420 421
        VIR_ERROR(_("Failed to write to pid file '%s' : %s"),
                  pidFile, strerror(errno));
422 423 424 425 426
        close(fd);
        return -1;
    }

    if (fclose(fh) == EOF) {
427 428
        VIR_ERROR(_("Failed to close pid file '%s' : %s"),
                  pidFile, strerror(errno));
429 430 431 432 433 434
        return -1;
    }

    return 0;
}

D
Daniel P. Berrange 已提交
435
static int qemudListenUnix(struct qemud_server *server,
436
                           const char *path, int readonly, int auth) {
437
    struct qemud_socket *sock;
D
Daniel P. Berrange 已提交
438 439
    struct sockaddr_un addr;
    mode_t oldmask;
440
    gid_t oldgrp;
D
Daniel P. Berrange 已提交
441

442
    if (VIR_ALLOC(sock) < 0) {
443
        VIR_ERROR("%s", _("Failed to allocate memory for struct qemud_socket"));
D
Daniel P. Berrange 已提交
444
        return -1;
445
    }
D
Daniel P. Berrange 已提交
446 447

    sock->readonly = readonly;
448
    sock->port = -1;
449
    sock->type = QEMUD_SOCK_TYPE_UNIX;
450
    sock->auth = auth;
D
Daniel P. Berrange 已提交
451

452
    if ((sock->fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
453 454
        VIR_ERROR(_("Failed to create socket: %s"),
                  strerror(errno));
455
        goto cleanup;
456
    }
D
Daniel P. Berrange 已提交
457

458 459
    if (qemudSetCloseExec(sock->fd) < 0 ||
        qemudSetNonBlock(sock->fd) < 0)
460
        goto cleanup;
D
Daniel P. Berrange 已提交
461 462 463 464 465 466 467 468

    memset(&addr, 0, sizeof(addr));
    addr.sun_family = AF_UNIX;
    strncpy(addr.sun_path, path, sizeof(addr.sun_path)-1);
    if (addr.sun_path[0] == '@')
        addr.sun_path[0] = '\0';


469
    oldgrp = getgid();
470
    oldmask = umask(readonly ? ~unix_sock_ro_mask : ~unix_sock_rw_mask);
471 472 473
    if (getuid() == 0)
        setgid(unix_sock_gid);

474
    if (bind(sock->fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
475 476
        VIR_ERROR(_("Failed to bind socket to '%s': %s"),
                  path, strerror(errno));
477
        goto cleanup;
478
    }
D
Daniel P. Berrange 已提交
479
    umask(oldmask);
480 481
    if (getuid() == 0)
        setgid(oldgrp);
D
Daniel P. Berrange 已提交
482

483
    if (listen(sock->fd, 30) < 0) {
484 485
        VIR_ERROR(_("Failed to listen for connections on '%s': %s"),
                  path, strerror(errno));
486 487 488
        goto cleanup;
    }

489 490 491 492 493
    if ((sock->watch = virEventAddHandleImpl(sock->fd,
                                             VIR_EVENT_HANDLE_READABLE |
                                             VIR_EVENT_HANDLE_ERROR |
                                             VIR_EVENT_HANDLE_HANGUP,
                                             qemudDispatchServerEvent,
494
                                             server, NULL)) < 0) {
495
        VIR_ERROR0(_("Failed to add server event callback"));
496
        goto cleanup;
497
    }
D
Daniel P. Berrange 已提交
498

499 500 501 502
    sock->next = server->sockets;
    server->sockets = sock;
    server->nsockets++;

D
Daniel P. Berrange 已提交
503
    return 0;
504 505 506 507 508 509

 cleanup:
    if (sock->fd)
        close(sock->fd);
    free(sock);
    return -1;
D
Daniel P. Berrange 已提交
510 511
}

512 513
// See: http://people.redhat.com/drepper/userapi-ipv6.html
static int
514
remoteMakeSockets (int *fds, int max_fds, int *nfds_r, const char *node, const char *service)
515 516 517 518 519 520 521
{
    struct addrinfo *ai;
    struct addrinfo hints;
    memset (&hints, 0, sizeof hints);
    hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
    hints.ai_socktype = SOCK_STREAM;

522
    int e = getaddrinfo (node, service, &hints, &ai);
523
    if (e != 0) {
524
        VIR_ERROR(_("getaddrinfo: %s\n"), gai_strerror (e));
525 526 527 528 529 530 531 532
        return -1;
    }

    struct addrinfo *runp = ai;
    while (runp && *nfds_r < max_fds) {
        fds[*nfds_r] = socket (runp->ai_family, runp->ai_socktype,
                               runp->ai_protocol);
        if (fds[*nfds_r] == -1) {
533
            VIR_ERROR(_("socket: %s"), strerror (errno));
534 535 536 537 538 539 540 541
            return -1;
        }

        int opt = 1;
        setsockopt (fds[*nfds_r], SOL_SOCKET, SO_REUSEADDR, &opt, sizeof opt);

        if (bind (fds[*nfds_r], runp->ai_addr, runp->ai_addrlen) == -1) {
            if (errno != EADDRINUSE) {
542
                VIR_ERROR(_("bind: %s"), strerror (errno));
543 544 545 546 547 548
                return -1;
            }
            close (fds[*nfds_r]);
        }
        else {
            if (listen (fds[*nfds_r], SOMAXCONN) == -1) {
549
                VIR_ERROR(_("listen: %s"), strerror (errno));
550 551 552 553 554 555
                return -1;
            }
            ++*nfds_r;
        }
        runp = runp->ai_next;
    }
556

557 558 559 560 561 562 563 564 565
    freeaddrinfo (ai);
    return 0;
}

/* Listen on the named/numbered TCP port.  On a machine with IPv4 and
 * IPv6 interfaces this may generate several sockets.
 */
static int
remoteListenTCP (struct qemud_server *server,
566
                 const char *addr,
567
                 const char *port,
568
                 int type,
569
                 int auth)
570 571 572
{
    int fds[2];
    int nfds = 0;
573
    int i;
574 575
    struct qemud_socket *sock;

576
    if (remoteMakeSockets (fds, 2, &nfds, addr, port) == -1)
577 578 579
        return -1;

    for (i = 0; i < nfds; ++i) {
580 581 582
        struct sockaddr_storage sa;
        socklen_t salen = sizeof(sa);

583
        if (VIR_ALLOC(sock) < 0) {
584
            VIR_ERROR(_("remoteListenTCP: calloc: %s"), strerror (errno));
585
            goto cleanup;
586 587 588 589 590 591 592 593
        }

        sock->readonly = 0;
        sock->next = server->sockets;
        server->sockets = sock;
        server->nsockets++;

        sock->fd = fds[i];
594
        sock->type = type;
595
        sock->auth = auth;
D
Daniel P. Berrange 已提交
596

597
        if (getsockname(sock->fd, (struct sockaddr *)(&sa), &salen) < 0)
598
            goto cleanup;
599 600 601

        if (sa.ss_family == AF_INET)
            sock->port = htons(((struct sockaddr_in*)&sa)->sin_port);
602
#ifdef AF_INET6
603 604
        else if (sa.ss_family == AF_INET6)
            sock->port = htons(((struct sockaddr_in6*)&sa)->sin6_port);
605
#endif
606 607 608
        else
            sock->port = -1;

609 610
        if (qemudSetCloseExec(sock->fd) < 0 ||
            qemudSetNonBlock(sock->fd) < 0)
611
            goto cleanup;
612 613

        if (listen (sock->fd, 30) < 0) {
614
            VIR_ERROR(_("remoteListenTCP: listen: %s"), strerror (errno));
615
            goto cleanup;
616
        }
617

618 619 620 621 622
        if ((sock->watch = virEventAddHandleImpl(sock->fd,
                                                 VIR_EVENT_HANDLE_READABLE |
                                                 VIR_EVENT_HANDLE_ERROR |
                                                 VIR_EVENT_HANDLE_HANGUP,
                                                 qemudDispatchServerEvent,
623
                                                 server, NULL)) < 0) {
624
            VIR_ERROR0(_("Failed to add server event callback"));
625
            goto cleanup;
626 627
        }

628 629 630
    }

    return 0;
631 632 633 634 635

cleanup:
    for (i = 0; i < nfds; ++i)
        close(fds[0]);
    return -1;
636 637 638 639 640 641
}

static int qemudInitPaths(struct qemud_server *server,
                          char *sockname,
                          char *roSockname,
                          int maxlen) {
642
    uid_t uid = geteuid();
643

644
    if (!uid) {
645 646
        if (snprintf (sockname, maxlen, "%s/run/libvirt/libvirt-sock",
                      LOCAL_STATE_DIR) >= maxlen)
647 648
            goto snprintf_error;

D
Daniel P. Berrange 已提交
649 650
        unlink(sockname);

651 652
        if (snprintf (roSockname, maxlen, "%s/run/libvirt/libvirt-sock-ro",
                      LOCAL_STATE_DIR) >= maxlen)
653
            goto snprintf_error;
D
Daniel P. Berrange 已提交
654

655
        unlink(roSockname);
D
Daniel P. Berrange 已提交
656

657
        if (snprintf(server->logDir, PATH_MAX, "%s/log/libvirt/", LOCAL_STATE_DIR) >= PATH_MAX)
D
Daniel P. Berrange 已提交
658
            goto snprintf_error;
D
Daniel P. Berrange 已提交
659
    } else {
660 661
        struct passwd *pw;

662
        if (!(pw = getpwuid(uid))) {
663
            VIR_ERROR(_("Failed to find user record for uid '%d': %s"),
664 665 666
                     uid, strerror(errno));
            return -1;
        }
667

668 669
        if (snprintf(sockname, maxlen, "@%s/.libvirt/libvirt-sock", pw->pw_dir) >= maxlen)
            goto snprintf_error;
670

671 672
        if (snprintf(server->logDir, PATH_MAX, "%s/.libvirt/log", pw->pw_dir) >= PATH_MAX)
            goto snprintf_error;
673

674 675
    } /* !remote */

D
Daniel P. Berrange 已提交
676
    return 0;
677 678

 snprintf_error:
679
    VIR_ERROR("%s", _("Resulting path too long for buffer in qemudInitPaths()"));
680
    return -1;
D
Daniel P. Berrange 已提交
681 682
}

683
static struct qemud_server *qemudInitialize(int sigread) {
D
Daniel P. Berrange 已提交
684 685
    struct qemud_server *server;

686
    if (VIR_ALLOC(server) < 0) {
687
        VIR_ERROR0(_("Failed to allocate struct qemud_server"));
D
Daniel P. Berrange 已提交
688
        return NULL;
689
    }
D
Daniel P. Berrange 已提交
690

691 692 693 694 695
    if (pthread_mutex_init(&server->lock, NULL) != 0) {
        VIR_FREE(server);
        return NULL;
    }

696
    server->sigread = sigread;
D
Daniel P. Berrange 已提交
697

698
    if (virEventInit() < 0) {
699
        VIR_ERROR0(_("Failed to initialize event system"));
700 701 702 703
        VIR_FREE(server);
        return NULL;
    }

704 705
    virInitialize();

706 707 708 709 710 711 712
    /*
     * Note that the order is important: the first ones have a higher
     * priority when calling virStateInitialize. We must register
     * the network, storage and nodedev drivers before any domain
     * drivers, since their resources must be auto-started before
     * any domains can be auto-started.
     */
713 714 715 716 717 718 719 720
#ifdef WITH_DRIVER_MODULES
    /* We don't care if any of these fail, because the whole point
     * is to allow users to only install modules they want to use.
     * If they try to use a open a connection for a module that
     * is not loaded they'll get a suitable error at that point
     */
    virDriverLoadModule("network");
    virDriverLoadModule("storage");
721
    virDriverLoadModule("nodedev");
722 723 724
    virDriverLoadModule("qemu");
    virDriverLoadModule("lxc");
    virDriverLoadModule("uml");
725
#else
726 727 728 729 730
#ifdef WITH_NETWORK
    networkRegister();
#endif
#ifdef WITH_STORAGE_DIR
    storageRegister();
731
#endif
732 733
#if defined(WITH_NODE_DEVICES) && \
    (defined(HAVE_HAL) || defined(HAVE_DEVKIT))
734 735
    nodedevRegister();
#endif
736 737 738 739 740 741 742 743 744
#ifdef WITH_QEMU
    qemuRegister();
#endif
#ifdef WITH_LXC
    lxcRegister();
#endif
#ifdef WITH_UML
    umlRegister();
#endif
745 746
#endif

747 748 749 750 751 752
    virEventRegisterImpl(virEventAddHandleImpl,
                         virEventUpdateHandleImpl,
                         virEventRemoveHandleImpl,
                         virEventAddTimeoutImpl,
                         virEventUpdateTimeoutImpl,
                         virEventRemoveTimeoutImpl);
753

754 755
    virStateInitialize();

756 757 758 759 760 761 762
    return server;
}

static struct qemud_server *qemudNetworkInit(struct qemud_server *server) {
    struct qemud_socket *sock;
    char sockname[PATH_MAX];
    char roSockname[PATH_MAX];
763
#if HAVE_SASL
764 765 766 767 768 769 770 771 772
    int err;
#endif /* HAVE_SASL */

    roSockname[0] = '\0';

    if (qemudInitPaths(server, sockname, roSockname, PATH_MAX) < 0)
        goto cleanup;

    if (qemudListenUnix(server, sockname, 0, auth_unix_rw) < 0)
773
        goto cleanup;
774 775 776 777 778 779 780 781 782 783

    if (roSockname[0] != '\0' && qemudListenUnix(server, roSockname, 1, auth_unix_ro) < 0)
        goto cleanup;

#if HAVE_SASL
    if (auth_unix_rw == REMOTE_AUTH_SASL ||
        auth_unix_ro == REMOTE_AUTH_SASL ||
        auth_tcp == REMOTE_AUTH_SASL ||
        auth_tls == REMOTE_AUTH_SASL) {
        if ((err = sasl_server_init(NULL, "libvirt")) != SASL_OK) {
784 785
            VIR_ERROR(_("Failed to initialize SASL authentication %s"),
                      sasl_errstring(err, NULL, NULL));
786 787
            goto cleanup;
        }
788 789 790
    }
#endif

791 792 793 794 795 796 797
#ifdef HAVE_POLKIT
    if (auth_unix_rw == REMOTE_AUTH_POLKIT ||
        auth_unix_ro == REMOTE_AUTH_POLKIT) {
        DBusError derr;
        dbus_error_init(&derr);
        server->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr);
        if (!(server->sysbus)) {
798 799
            VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"),
                      derr.message);
800 801 802 803 804 805
            dbus_error_free(&derr);
            goto cleanup;
        }
    }
#endif

806
    if (ipsock) {
807
        if (listen_tcp && remoteListenTCP (server, listen_addr, tcp_port, QEMUD_SOCK_TYPE_TCP, auth_tcp) < 0)
808 809 810 811 812 813
            goto cleanup;

        if (listen_tls) {
            if (remoteInitializeGnuTLS () < 0)
                goto cleanup;

814
            if (remoteListenTCP (server, listen_addr, tls_port, QEMUD_SOCK_TYPE_TLS, auth_tls) < 0)
815 816
                goto cleanup;
        }
D
Daniel P. Berrange 已提交
817 818
    }

819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839
#ifdef HAVE_AVAHI
    if (getuid() == 0 && mdns_adv) {
        struct libvirtd_mdns_group *group;
        int port = 0;

        server->mdns = libvirtd_mdns_new();

        if (!mdns_name) {
            char groupname[64], localhost[HOST_NAME_MAX+1], *tmp;
            /* Extract the host part of the potentially FQDN */
            gethostname(localhost, HOST_NAME_MAX);
            localhost[HOST_NAME_MAX] = '\0';
            if ((tmp = strchr(localhost, '.')))
                *tmp = '\0';
            snprintf(groupname, sizeof(groupname)-1, "Virtualization Host %s", localhost);
            groupname[sizeof(groupname)-1] = '\0';
            group = libvirtd_mdns_add_group(server->mdns, groupname);
        } else {
            group = libvirtd_mdns_add_group(server->mdns, mdns_name);
        }

840
        /*
841 842 843 844 845 846
         * See if there's a TLS enabled port we can advertise. Cowardly
         * don't bother to advertise TCP since we don't want people using
         * them for real world apps
         */
        sock = server->sockets;
        while (sock) {
847
            if (sock->port != -1 && sock->type == QEMUD_SOCK_TYPE_TLS) {
848 849 850 851 852
                port = sock->port;
                break;
            }
            sock = sock->next;
        }
853

854 855 856 857 858 859 860 861 862
        /*
         * Add the primary entry - we choose SSH because its most likely to always
         * be available
         */
        libvirtd_mdns_add_entry(group, "_libvirt._tcp", port);
        libvirtd_mdns_start(server->mdns);
    }
#endif

D
Daniel P. Berrange 已提交
863 864 865 866
    return server;

 cleanup:
    if (server) {
867
        sock = server->sockets;
D
Daniel P. Berrange 已提交
868 869 870 871 872
        while (sock) {
            close(sock->fd);
            sock = sock->next;
        }

873 874 875 876
#ifdef HAVE_POLKIT
        if (server->sysbus)
            dbus_connection_unref(server->sysbus);
#endif
D
Daniel P. Berrange 已提交
877 878 879 880 881
        free(server);
    }
    return NULL;
}

882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908
static gnutls_session_t
remoteInitializeTLSSession (void)
{
  gnutls_session_t session;
  int err;

  err = gnutls_init (&session, GNUTLS_SERVER);
  if (err != 0) goto failed;

  /* avoid calling all the priority functions, since the defaults
   * are adequate.
   */
  err = gnutls_set_default_priority (session);
  if (err != 0) goto failed;

  err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
  if (err != 0) goto failed;

  /* request client certificate if any.
   */
  gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);

  gnutls_dh_set_prime_bits (session, DH_BITS);

  return session;

 failed:
909
  VIR_ERROR(_("remoteInitializeTLSSession: %s"),
910 911 912 913 914 915 916 917 918 919
            gnutls_strerror (err));
  return NULL;
}

/* Check DN is on tls_allowed_dn_list. */
static int
remoteCheckDN (gnutls_x509_crt_t cert)
{
    char name[256];
    size_t namesize = sizeof name;
920
    char **wildcards;
921 922 923 924
    int err;

    err = gnutls_x509_crt_get_dn (cert, name, &namesize);
    if (err != 0) {
925
        VIR_ERROR(_("remoteCheckDN: gnutls_x509_cert_get_dn: %s"),
926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941
                  gnutls_strerror (err));
        return 0;
    }

    /* If the list is not set, allow any DN. */
    wildcards = tls_allowed_dn_list;
    if (!wildcards)
        return 1;

    while (*wildcards) {
        if (fnmatch (*wildcards, name, 0) == 0)
            return 1;
        wildcards++;
    }

    /* Print the client's DN. */
942
    DEBUG(_("remoteCheckDN: failed: client DN is %s"), name);
943 944 945 946 947 948 949 950 951 952 953 954 955 956

    return 0; // Not found.
}

static int
remoteCheckCertificate (gnutls_session_t session)
{
    int ret;
    unsigned int status;
    const gnutls_datum_t *certs;
    unsigned int nCerts, i;
    time_t now;

    if ((ret = gnutls_certificate_verify_peers2 (session, &status)) < 0){
957
        VIR_ERROR(_("remoteCheckCertificate: verify failed: %s"),
958 959 960 961 962 963
                  gnutls_strerror (ret));
        return -1;
    }

    if (status != 0) {
        if (status & GNUTLS_CERT_INVALID)
964 965
            VIR_ERROR0(_("remoteCheckCertificate: "
                         "the client certificate is not trusted."));
966 967

        if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
968 969
            VIR_ERROR0(_("remoteCheckCertificate: the client "
                         "certificate has unknown issuer."));
970 971

        if (status & GNUTLS_CERT_REVOKED)
972 973
            VIR_ERROR0(_("remoteCheckCertificate: "
                         "the client certificate has been revoked."));
974

975
#ifndef GNUTLS_1_0_COMPAT
976
        if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
977 978
            VIR_ERROR0(_("remoteCheckCertificate: the client certificate"
                         " uses an insecure algorithm."));
979
#endif
980 981 982 983 984

        return -1;
    }

    if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) {
985
        VIR_ERROR0(_("remoteCheckCertificate: certificate is not X.509"));
986 987 988 989
        return -1;
    }

    if (!(certs = gnutls_certificate_get_peers(session, &nCerts))) {
990
        VIR_ERROR0(_("remoteCheckCertificate: no peers"));
991 992 993 994 995 996 997 998 999
        return -1;
    }

    now = time (NULL);

    for (i = 0; i < nCerts; i++) {
        gnutls_x509_crt_t cert;

        if (gnutls_x509_crt_init (&cert) < 0) {
1000
            VIR_ERROR0(_("remoteCheckCertificate: gnutls_x509_crt_init failed"));
1001 1002 1003 1004 1005 1006 1007
            return -1;
        }

        if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
            gnutls_x509_crt_deinit (cert);
            return -1;
        }
1008

1009
        if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1010 1011
            VIR_ERROR0(_("remoteCheckCertificate: "
                         "the client certificate has expired"));
1012 1013 1014
            gnutls_x509_crt_deinit (cert);
            return -1;
        }
1015

1016
        if (gnutls_x509_crt_get_activation_time (cert) > now) {
1017 1018
            VIR_ERROR0(_("remoteCheckCertificate: the client "
                         "certificate is not yet activated"));
1019 1020 1021 1022 1023 1024 1025
            gnutls_x509_crt_deinit (cert);
            return -1;
        }

        if (i == 0) {
            if (!remoteCheckDN (cert)) {
                /* This is the most common error: make it informative. */
1026
                VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list).  Use 'openssl x509 -in clientcert.pem -text' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option."));
1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040
                gnutls_x509_crt_deinit (cert);
                return -1;
            }
        }
    }

    return 0;
}

/* Check the client's access. */
static int
remoteCheckAccess (struct qemud_client *client)
{
    /* Verify client certificate. */
1041
    if (remoteCheckCertificate (client->tlssession) == -1) {
1042 1043
        VIR_ERROR0(_("remoteCheckCertificate: "
                     "failed to verify client's certificate"));
1044
        if (!tls_no_verify_certificate) return -1;
1045 1046
        else VIR_INFO0(_("remoteCheckCertificate: tls_no_verify_certificate "
                          "is set so the bad certificate is ignored"));
1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058
    }

    /* Checks have succeeded.  Write a '\1' byte back to the client to
     * indicate this (otherwise the socket is abruptly closed).
     * (NB. The '\1' byte is sent in an encrypted record).
     */
    client->bufferLength = 1;
    client->bufferOffset = 0;
    client->buffer[0] = '\1';
    client->mode = QEMUD_MODE_TX_PACKET;
    return 0;
}
D
Daniel P. Berrange 已提交
1059

1060 1061 1062 1063 1064 1065 1066
#if HAVE_POLKIT
int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid) {
#ifdef SO_PEERCRED
    struct ucred cr;
    unsigned int cr_len = sizeof (cr);

    if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
1067 1068
        VIR_ERROR(_("Failed to verify client credentials: %s"),
                  strerror(errno));
1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081
        return -1;
    }

    *pid = cr.pid;
    *uid = cr.uid;
#else
    /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
#error "UNIX socket credentials not supported/implemented on this platform yet..."
#endif
    return 0;
}
#endif

D
Daniel P. Berrange 已提交
1082 1083 1084
static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket *sock) {
    int fd;
    struct sockaddr_storage addr;
1085
    socklen_t addrlen = (socklen_t) (sizeof addr);
D
Daniel P. Berrange 已提交
1086
    struct qemud_client *client;
1087
    int no_slow_start = 1;
D
Daniel P. Berrange 已提交
1088 1089 1090 1091

    if ((fd = accept(sock->fd, (struct sockaddr *)&addr, &addrlen)) < 0) {
        if (errno == EAGAIN)
            return 0;
1092
        VIR_ERROR(_("Failed to accept connection: %s"), strerror(errno));
D
Daniel P. Berrange 已提交
1093 1094 1095
        return -1;
    }

1096
    if (server->nclients >= max_clients) {
1097
        VIR_ERROR0(_("Too many active clients, dropping connection"));
1098 1099 1100 1101
        close(fd);
        return -1;
    }

1102
    if (VIR_REALLOC_N(server->clients, server->nclients+1) < 0) {
1103
        VIR_ERROR0(_("Out of memory allocating clients"));
1104 1105 1106 1107
        close(fd);
        return -1;
    }

1108 1109 1110 1111
    /* Disable Nagle.  Unix sockets will ignore this. */
    setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (void *)&no_slow_start,
                sizeof no_slow_start);

1112 1113
    if (qemudSetCloseExec(fd) < 0 ||
        qemudSetNonBlock(fd) < 0) {
D
Daniel P. Berrange 已提交
1114 1115 1116 1117
        close(fd);
        return -1;
    }

1118
    if (VIR_ALLOC(client) < 0)
1119
        goto cleanup;
1120 1121 1122
    if (pthread_mutex_init(&client->lock, NULL) != 0)
        goto cleanup;

1123
    client->magic = QEMUD_CLIENT_MAGIC;
D
Daniel P. Berrange 已提交
1124 1125
    client->fd = fd;
    client->readonly = sock->readonly;
1126
    client->type = sock->type;
1127
    client->auth = sock->auth;
1128 1129
    memcpy (&client->addr, &addr, sizeof addr);
    client->addrlen = addrlen;
1130
    client->server = server;
1131

1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143
#if HAVE_POLKIT
    /* Only do policy checks for non-root - allow root user
       through with no checks, as a fail-safe - root can easily
       change policykit policy anyway, so its pointless trying
       to restrict root */
    if (client->auth == REMOTE_AUTH_POLKIT) {
        uid_t uid;
        pid_t pid;

        if (qemudGetSocketIdentity(client->fd, &uid, &pid) < 0)
            goto cleanup;

1144
        /* Client is running as root, so disable auth */
1145
        if (uid == 0) {
1146
            VIR_INFO(_("Turn off polkit auth for privileged client %d"), pid);
1147 1148 1149 1150 1151
            client->auth = REMOTE_AUTH_NONE;
        }
    }
#endif

1152
    if (client->type != QEMUD_SOCK_TYPE_TLS) {
1153
        client->mode = QEMUD_MODE_RX_HEADER;
1154
        client->bufferLength = REMOTE_MESSAGE_HEADER_XDR_LEN;
1155 1156 1157

        if (qemudRegisterClientEvent (server, client, 0) < 0)
            goto cleanup;
1158 1159 1160
    } else {
        int ret;

1161 1162
        client->tlssession = remoteInitializeTLSSession ();
        if (client->tlssession == NULL)
1163
            goto cleanup;
1164

1165
        gnutls_transport_set_ptr (client->tlssession,
1166 1167 1168
                                  (gnutls_transport_ptr_t) (long) fd);

        /* Begin the TLS handshake. */
1169
        ret = gnutls_handshake (client->tlssession);
1170 1171 1172
        if (ret == 0) {
            /* Unlikely, but ...  Next step is to check the certificate. */
            if (remoteCheckAccess (client) == -1)
1173 1174 1175 1176
                goto cleanup;

            if (qemudRegisterClientEvent(server, client, 0) < 0)
                goto cleanup;
1177 1178 1179 1180
        } else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
            /* Most likely. */
            client->mode = QEMUD_MODE_TLS_HANDSHAKE;
            client->bufferLength = -1;
1181 1182 1183

            if (qemudRegisterClientEvent (server, client, 0) < 0)
                goto cleanup;
1184
        } else {
1185
            VIR_ERROR(_("TLS handshake failed: %s"),
1186
                      gnutls_strerror (ret));
1187
            goto cleanup;
1188 1189
        }
    }
D
Daniel P. Berrange 已提交
1190

1191
    server->clients[server->nclients++] = client;
D
Daniel P. Berrange 已提交
1192 1193

    return 0;
1194

1195
 cleanup:
1196 1197
    if (client &&
        client->tlssession) gnutls_deinit (client->tlssession);
1198 1199 1200
    close (fd);
    free (client);
    return -1;
D
Daniel P. Berrange 已提交
1201 1202 1203
}


1204 1205 1206 1207 1208 1209 1210 1211 1212
/*
 * You must hold lock for at least the client
 * We don't free stuff here, merely disconnect the client's
 * network socket & resources.
 * We keep the libvirt connection open until any async
 * jobs have finished, then clean it up elsehwere
 */
static void qemudDispatchClientFailure(struct qemud_server *server ATTRIBUTE_UNUSED,
                                       struct qemud_client *client) {
1213
    virEventRemoveHandleImpl(client->watch);
1214

1215 1216
    /* Deregister event delivery callback */
    if(client->conn) {
1217
        DEBUG0("Deregistering to relay remote events");
1218 1219 1220
        virConnectDomainEventDeregister(client->conn, remoteRelayDomainEvent);
    }

1221 1222
#if HAVE_SASL
    if (client->saslconn) sasl_dispose(&client->saslconn);
1223
    free(client->saslUsername);
1224
#endif
1225
    if (client->tlssession) gnutls_deinit (client->tlssession);
D
Daniel P. Berrange 已提交
1226
    close(client->fd);
1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243
    client->fd = -1;
}


/* Caller must hold server lock */
static struct qemud_client *qemudPendingJob(struct qemud_server *server)
{
    int i;
    for (i = 0 ; i < server->nclients ; i++) {
        pthread_mutex_lock(&server->clients[i]->lock);
        if (server->clients[i]->mode == QEMUD_MODE_WAIT_DISPATCH) {
            /* Delibrately don't unlock client - caller wants the lock */
            return server->clients[i];
        }
        pthread_mutex_unlock(&server->clients[i]->lock);
    }
    return NULL;
D
Daniel P. Berrange 已提交
1244 1245
}

1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277
static void *qemudWorker(void *data)
{
    struct qemud_server *server = data;

    while (1) {
        struct qemud_client *client;
        int len;
        pthread_mutex_lock(&server->lock);
        while ((client = qemudPendingJob(server)) == NULL)
            pthread_cond_wait(&server->job, &server->lock);
        pthread_mutex_unlock(&server->lock);

        /* We own a locked client now... */
        client->mode = QEMUD_MODE_IN_DISPATCH;
        client->refs++;

        if ((len = remoteDispatchClientRequest (server, client)) == 0)
            qemudDispatchClientFailure(server, client);

        /* Set up the output buffer. */
        client->mode = QEMUD_MODE_TX_PACKET;
        client->bufferLength = len;
        client->bufferOffset = 0;

        if (qemudRegisterClientEvent(server, client, 1) < 0)
            qemudDispatchClientFailure(server, client);

        client->refs--;
        pthread_mutex_unlock(&client->lock);
        pthread_mutex_unlock(&server->lock);
    }
}
D
Daniel P. Berrange 已提交
1278 1279


1280 1281 1282 1283
static int qemudClientReadBuf(struct qemud_server *server,
                              struct qemud_client *client,
                              char *data, unsigned len) {
    int ret;
1284 1285 1286

    /*qemudDebug ("qemudClientRead: len = %d", len);*/

1287
    if (!client->tlssession) {
1288 1289 1290
        if ((ret = read (client->fd, data, len)) <= 0) {
            if (ret == 0 || errno != EAGAIN) {
                if (ret != 0)
1291
                    VIR_ERROR(_("read: %s"), strerror (errno));
1292 1293 1294 1295 1296
                qemudDispatchClientFailure(server, client);
            }
            return -1;
        }
    } else {
1297
        ret = gnutls_record_recv (client->tlssession, data, len);
1298 1299
        if (qemudRegisterClientEvent (server, client, 1) < 0)
            qemudDispatchClientFailure (server, client);
1300
        else if (ret <= 0) {
1301 1302 1303
            if (ret == 0 || (ret != GNUTLS_E_AGAIN &&
                             ret != GNUTLS_E_INTERRUPTED)) {
                if (ret != 0)
1304
                    VIR_ERROR(_("gnutls_record_recv: %s"),
1305 1306 1307 1308 1309
                              gnutls_strerror (ret));
                qemudDispatchClientFailure (server, client);
            }
            return -1;
        }
D
Daniel P. Berrange 已提交
1310
    }
1311

1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322
    return ret;
}

static int qemudClientReadPlain(struct qemud_server *server,
                                struct qemud_client *client) {
    int ret;
    ret = qemudClientReadBuf(server, client,
                             client->buffer + client->bufferOffset,
                             client->bufferLength - client->bufferOffset);
    if (ret < 0)
        return ret;
1323 1324
    client->bufferOffset += ret;
    return 0;
D
Daniel P. Berrange 已提交
1325 1326
}

1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385
#if HAVE_SASL
static int qemudClientReadSASL(struct qemud_server *server,
                               struct qemud_client *client) {
    int got, want;

    /* We're doing a SSF data read, so now its times to ensure
     * future writes are under SSF too.
     *
     * cf remoteSASLCheckSSF in remote.c
     */
    client->saslSSF |= QEMUD_SASL_SSF_WRITE;

    /* Need to read some more data off the wire */
    if (client->saslDecoded == NULL) {
        char encoded[8192];
        int encodedLen = sizeof(encoded);
        encodedLen = qemudClientReadBuf(server, client, encoded, encodedLen);

        if (encodedLen < 0)
            return -1;

        sasl_decode(client->saslconn, encoded, encodedLen,
                    &client->saslDecoded, &client->saslDecodedLength);

        client->saslDecodedOffset = 0;
    }

    /* Some buffered decoded data to return now */
    got = client->saslDecodedLength - client->saslDecodedOffset;
    want = client->bufferLength - client->bufferOffset;

    if (want > got)
        want = got;

    memcpy(client->buffer + client->bufferOffset,
           client->saslDecoded + client->saslDecodedOffset, want);
    client->saslDecodedOffset += want;
    client->bufferOffset += want;

    if (client->saslDecodedOffset == client->saslDecodedLength) {
        client->saslDecoded = NULL;
        client->saslDecodedOffset = client->saslDecodedLength = 0;
    }

    return 0;
}
#endif

static int qemudClientRead(struct qemud_server *server,
                           struct qemud_client *client) {
#if HAVE_SASL
    if (client->saslSSF & QEMUD_SASL_SSF_READ)
        return qemudClientReadSASL(server, client);
    else
#endif
        return qemudClientReadPlain(server, client);
}


D
Daniel P. Berrange 已提交
1386
static void qemudDispatchClientRead(struct qemud_server *server, struct qemud_client *client) {
1387
    unsigned int len;
1388
    /*qemudDebug ("qemudDispatchClientRead: mode = %d", client->mode);*/
D
Daniel P. Berrange 已提交
1389

1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401
    switch (client->mode) {
    case QEMUD_MODE_RX_HEADER: {
        XDR x;

        if (qemudClientRead(server, client) < 0)
            return; /* Error, or blocking */

        if (client->bufferOffset < client->bufferLength)
            return; /* Not read enough */

        xdrmem_create(&x, client->buffer, client->bufferLength, XDR_DECODE);

1402 1403
        if (!xdr_u_int(&x, &len)) {
            xdr_destroy (&x);
1404
            DEBUG0("Failed to decode packet length");
D
Daniel P. Berrange 已提交
1405 1406 1407
            qemudDispatchClientFailure(server, client);
            return;
        }
1408
        xdr_destroy (&x);
1409

1410
        if (len > REMOTE_MESSAGE_MAX) {
1411
            DEBUG("Packet length %u too large", len);
1412 1413
            qemudDispatchClientFailure(server, client);
            return;
D
Daniel P. Berrange 已提交
1414
        }
1415

1416 1417 1418
        /* Length include length of the length field itself, so
         * check minimum size requirements */
        if (len <= REMOTE_MESSAGE_HEADER_XDR_LEN) {
1419
            DEBUG("Packet length %u too small", len);
1420 1421 1422 1423 1424
            qemudDispatchClientFailure(server, client);
            return;
        }

        client->mode = QEMUD_MODE_RX_PAYLOAD;
1425 1426
        client->bufferLength = len - REMOTE_MESSAGE_HEADER_XDR_LEN;
        client->bufferOffset = 0;
1427

1428 1429 1430 1431 1432
        if (qemudRegisterClientEvent(server, client, 1) < 0) {
            qemudDispatchClientFailure(server, client);
            return;
        }

1433
        /* Fall through */
D
Daniel P. Berrange 已提交
1434 1435
    }

1436 1437 1438 1439 1440 1441 1442
    case QEMUD_MODE_RX_PAYLOAD: {
        if (qemudClientRead(server, client) < 0)
            return; /* Error, or blocking */

        if (client->bufferOffset < client->bufferLength)
            return; /* Not read enough */

1443
        client->mode = QEMUD_MODE_WAIT_DISPATCH;
1444
        if (qemudRegisterClientEvent(server, client, 1) < 0)
1445 1446
            qemudDispatchClientFailure(server, client);

1447 1448
        pthread_cond_signal(&server->job);

1449 1450 1451 1452 1453 1454 1455
        break;
    }

    case QEMUD_MODE_TLS_HANDSHAKE: {
        int ret;

        /* Continue the handshake. */
1456
        ret = gnutls_handshake (client->tlssession);
1457 1458 1459 1460
        if (ret == 0) {
            /* Finished.  Next step is to check the certificate. */
            if (remoteCheckAccess (client) == -1)
                qemudDispatchClientFailure (server, client);
1461
            else if (qemudRegisterClientEvent (server, client, 1) < 0)
1462
                qemudDispatchClientFailure (server, client);
1463
        } else if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED) {
1464
            VIR_ERROR(_("TLS handshake failed: %s"),
1465 1466
                      gnutls_strerror (ret));
            qemudDispatchClientFailure (server, client);
1467 1468 1469 1470
        } else {
            if (qemudRegisterClientEvent (server ,client, 1) < 0)
                qemudDispatchClientFailure (server, client);
        }
1471 1472 1473 1474 1475

        break;
    }

    default:
1476
        DEBUG("Got unexpected data read while in %d mode", client->mode);
1477
        qemudDispatchClientFailure(server, client);
D
Daniel P. Berrange 已提交
1478 1479 1480 1481
    }
}


1482 1483 1484 1485 1486
static int qemudClientWriteBuf(struct qemud_server *server,
                               struct qemud_client *client,
                               const char *data, int len) {
    int ret;
    if (!client->tlssession) {
1487
        if ((ret = safewrite(client->fd, data, len)) == -1) {
1488
            VIR_ERROR(_("write: %s"), strerror (errno));
1489
            qemudDispatchClientFailure(server, client);
1490 1491 1492
            return -1;
        }
    } else {
1493
        ret = gnutls_record_send (client->tlssession, data, len);
1494 1495
        if (qemudRegisterClientEvent (server, client, 1) < 0)
            qemudDispatchClientFailure (server, client);
1496
        else if (ret < 0) {
1497
            if (ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_AGAIN) {
1498
                VIR_ERROR(_("gnutls_record_send: %s"), gnutls_strerror (ret));
1499 1500 1501 1502
                qemudDispatchClientFailure (server, client);
            }
            return -1;
        }
D
Daniel P. Berrange 已提交
1503
    }
1504 1505
    return ret;
}
1506

1507 1508 1509 1510 1511 1512 1513 1514

static int qemudClientWritePlain(struct qemud_server *server,
                                 struct qemud_client *client) {
    int ret = qemudClientWriteBuf(server, client,
                                  client->buffer + client->bufferOffset,
                                  client->bufferLength - client->bufferOffset);
    if (ret < 0)
        return -1;
1515 1516
    client->bufferOffset += ret;
    return 0;
D
Daniel P. Berrange 已提交
1517 1518 1519
}


1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569
#if HAVE_SASL
static int qemudClientWriteSASL(struct qemud_server *server,
                                struct qemud_client *client) {
    int ret;

    /* Not got any pending encoded data, so we need to encode raw stuff */
    if (client->saslEncoded == NULL) {
        int err;
        err = sasl_encode(client->saslconn,
                          client->buffer + client->bufferOffset,
                          client->bufferLength - client->bufferOffset,
                          &client->saslEncoded,
                          &client->saslEncodedLength);

        client->saslEncodedOffset = 0;
    }

    /* Send some of the encoded stuff out on the wire */
    ret = qemudClientWriteBuf(server, client,
                              client->saslEncoded + client->saslEncodedOffset,
                              client->saslEncodedLength - client->saslEncodedOffset);

    if (ret < 0)
        return -1;

    /* Note how much we sent */
    client->saslEncodedOffset += ret;

    /* Sent all encoded, so update raw buffer to indicate completion */
    if (client->saslEncodedOffset == client->saslEncodedLength) {
        client->saslEncoded = NULL;
        client->saslEncodedOffset = client->saslEncodedLength = 0;
        client->bufferOffset = client->bufferLength;
    }

    return 0;
}
#endif

static int qemudClientWrite(struct qemud_server *server,
                            struct qemud_client *client) {
#if HAVE_SASL
    if (client->saslSSF & QEMUD_SASL_SSF_WRITE)
        return qemudClientWriteSASL(server, client);
    else
#endif
        return qemudClientWritePlain(server, client);
}


1570 1571 1572
void
qemudDispatchClientWrite(struct qemud_server *server,
                         struct qemud_client *client) {
1573 1574 1575 1576 1577 1578
    switch (client->mode) {
    case QEMUD_MODE_TX_PACKET: {
        if (qemudClientWrite(server, client) < 0)
            return;

        if (client->bufferOffset == client->bufferLength) {
1579
            if (client->closing) {
1580
                qemudDispatchClientFailure (server, client);
1581 1582 1583 1584 1585 1586 1587 1588 1589
            } else {
                /* Done writing, switch back to receive */
                client->mode = QEMUD_MODE_RX_HEADER;
                client->bufferLength = REMOTE_MESSAGE_HEADER_XDR_LEN;
                client->bufferOffset = 0;

                if (qemudRegisterClientEvent (server, client, 1) < 0)
                    qemudDispatchClientFailure (server, client);
            }
1590 1591 1592 1593 1594 1595 1596 1597 1598
        }
        /* Still writing */
        break;
    }

    case QEMUD_MODE_TLS_HANDSHAKE: {
        int ret;

        /* Continue the handshake. */
1599
        ret = gnutls_handshake (client->tlssession);
1600 1601 1602 1603
        if (ret == 0) {
            /* Finished.  Next step is to check the certificate. */
            if (remoteCheckAccess (client) == -1)
                qemudDispatchClientFailure (server, client);
1604
            else if (qemudRegisterClientEvent (server, client, 1))
1605
                qemudDispatchClientFailure (server, client);
1606
        } else if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED) {
1607
            VIR_ERROR(_("TLS handshake failed: %s"), gnutls_strerror (ret));
1608
            qemudDispatchClientFailure (server, client);
1609 1610 1611 1612
        } else {
            if (qemudRegisterClientEvent (server, client, 1))
                qemudDispatchClientFailure (server, client);
        }
1613 1614 1615 1616 1617

        break;
    }

    default:
1618
        DEBUG("Got unexpected data write while in %d mode", client->mode);
1619
        qemudDispatchClientFailure(server, client);
D
Daniel P. Berrange 已提交
1620 1621 1622
    }
}

1623

1624
static void
1625
qemudDispatchClientEvent(int watch, int fd, int events, void *opaque) {
1626
    struct qemud_server *server = (struct qemud_server *)opaque;
1627 1628
    struct qemud_client *client = NULL;
    int i;
1629

1630 1631
    pthread_mutex_lock(&server->lock);

1632 1633 1634
    for (i = 0 ; i < server->nclients ; i++) {
        if (server->clients[i]->watch == watch) {
            client = server->clients[i];
1635
            break;
1636
        }
1637
    }
1638

1639 1640
    if (!client) {
        pthread_mutex_unlock(&server->lock);
1641
        return;
1642 1643 1644 1645
    }

    pthread_mutex_lock(&client->lock);
    pthread_mutex_unlock(&server->lock);
1646

1647 1648 1649
    if (client->fd != fd)
        return;

1650
    if (events == VIR_EVENT_HANDLE_WRITABLE)
1651
        qemudDispatchClientWrite(server, client);
1652
    else if (events == VIR_EVENT_HANDLE_READABLE)
1653 1654 1655
        qemudDispatchClientRead(server, client);
    else
        qemudDispatchClientFailure(server, client);
1656
    pthread_mutex_unlock(&client->lock);
1657 1658 1659 1660
}

static int qemudRegisterClientEvent(struct qemud_server *server,
                                    struct qemud_client *client,
1661
                                    int update) {
1662 1663 1664 1665
    int mode;
    switch (client->mode) {
    case QEMUD_MODE_TLS_HANDSHAKE:
        if (gnutls_record_get_direction (client->tlssession) == 0)
1666
            mode = VIR_EVENT_HANDLE_READABLE;
1667
        else
1668
            mode = VIR_EVENT_HANDLE_WRITABLE;
1669 1670 1671 1672
        break;

    case QEMUD_MODE_RX_HEADER:
    case QEMUD_MODE_RX_PAYLOAD:
1673
        mode = VIR_EVENT_HANDLE_READABLE;
1674 1675 1676
        break;

    case QEMUD_MODE_TX_PACKET:
1677
        mode = VIR_EVENT_HANDLE_WRITABLE;
1678 1679
        break;

1680 1681 1682 1683
    case QEMUD_MODE_WAIT_DISPATCH:
        mode = 0;
        break;

1684 1685 1686 1687
    default:
        return -1;
    }

1688 1689 1690 1691 1692 1693 1694
    if (update) {
        virEventUpdateHandleImpl(client->watch, mode);
    } else {
        if ((client->watch = virEventAddHandleImpl(client->fd,
                                                   mode,
                                                   qemudDispatchClientEvent,
                                                   server, NULL)) < 0)
1695
            return -1;
1696
    }
1697 1698 1699 1700

    return 0;
}

1701
static void
1702
qemudDispatchServerEvent(int watch, int fd, int events, void *opaque) {
1703
    struct qemud_server *server = (struct qemud_server *)opaque;
1704 1705 1706 1707 1708
    struct qemud_socket *sock;

    pthread_mutex_lock(&server->lock);

    sock = server->sockets;
1709

1710
    while (sock) {
1711
        if (sock->watch == watch)
1712 1713 1714
            break;

        sock = sock->next;
1715
    }
D
Daniel P. Berrange 已提交
1716

1717
    if (sock && sock->fd == fd && events)
1718
        qemudDispatchServer(server, sock);
1719 1720

    pthread_mutex_unlock(&server->lock);
1721 1722 1723
}


1724
static int qemudOneLoop(void) {
1725
    sig_atomic_t errors;
D
Daniel P. Berrange 已提交
1726

1727
    if (virEventRunOnce() < 0)
D
Daniel P. Berrange 已提交
1728 1729
        return -1;

1730 1731 1732 1733
    /* Check for any signal handling errors and log them. */
    errors = sig_errors;
    if (errors) {
        sig_errors -= errors;
1734
        VIR_ERROR(_("Signal handler reported %d errors: last error: %s"),
1735 1736 1737 1738
                  errors, strerror (sig_lasterrno));
        return -1;
    }

D
Daniel P. Berrange 已提交
1739 1740 1741
    return 0;
}

1742 1743
static void qemudInactiveTimer(int timer ATTRIBUTE_UNUSED, void *data) {
    struct qemud_server *server = (struct qemud_server *)data;
1744
    DEBUG0("Got inactive timer expiry");
1745
    if (!virStateActive()) {
1746
        DEBUG0("No state active, shutting down");
1747 1748 1749 1750
        server->shutdown = 1;
    }
}

1751
static int qemudRunLoop(struct qemud_server *server) {
1752
    int timerid = -1;
1753 1754 1755 1756
    int ret = -1, i;

    pthread_mutex_lock(&server->lock);

1757
    server->nworkers = min_workers;
1758
    if (VIR_ALLOC_N(server->workers, server->nworkers) < 0) {
1759
        VIR_ERROR0(_("Failed to allocate workers"));
1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772
        return -1;
    }

    for (i = 0 ; i < server->nworkers ; i++) {
        pthread_attr_t attr;
        pthread_attr_init(&attr);
        pthread_attr_setdetachstate(&attr, 1);

        pthread_create(&server->workers[i],
                       &attr,
                       qemudWorker,
                       server);
    }
1773 1774 1775 1776 1777 1778 1779

    for (;;) {
        /* A shutdown timeout is specified, so check
         * if any drivers have active state, if not
         * shutdown after timeout seconds
         */
        if (timeout > 0 && !virStateActive() && !server->clients) {
1780 1781 1782
            timerid = virEventAddTimeoutImpl(timeout*1000,
                                             qemudInactiveTimer,
                                             server, NULL);
1783
            DEBUG("Scheduling shutdown timer %d", timerid);
1784 1785
        }

1786
        pthread_mutex_unlock(&server->lock);
1787 1788
        if (qemudOneLoop() < 0)
            break;
1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810
        pthread_mutex_lock(&server->lock);

    reprocess:
        for (i = 0 ; i < server->nclients ; i++) {
            int inactive;
            pthread_mutex_lock(&server->clients[i]->lock);
            inactive = server->clients[i]->fd == -1
                && server->clients[i]->refs == 0;
            pthread_mutex_unlock(&server->clients[i]->lock);
            if (inactive) {
                if (server->clients[i]->conn)
                    virConnectClose(server->clients[i]->conn);
                VIR_FREE(server->clients[i]);
                server->nclients--;
                if (i < server->nclients) {
                    memmove(server->clients + i,
                            server->clients + i + 1,
                            server->nclients - i);
                    goto reprocess;
                }
            }
        }
D
Daniel P. Berrange 已提交
1811

1812 1813 1814 1815
        /* Unregister any timeout that's active, since we
         * just had an event processed
         */
        if (timerid != -1) {
1816
            DEBUG("Removing shutdown timer %d", timerid);
1817 1818 1819
            virEventRemoveTimeoutImpl(timerid);
            timerid = -1;
        }
D
Daniel P. Berrange 已提交
1820

1821 1822 1823 1824
        if (server->shutdown) {
            ret = 0;
            break;
        }
1825 1826
    }

1827 1828 1829 1830 1831 1832 1833
    for (i = 0 ; i < server->nworkers ; i++) {
        pthread_t thread = server->workers[i];
        pthread_mutex_unlock(&server->lock);
        pthread_join(thread, NULL);
        pthread_mutex_lock(&server->lock);
    }

J
Jim Meyering 已提交
1834
    free(server->workers);
1835 1836
    pthread_mutex_unlock(&server->lock);
    return ret;
D
Daniel P. Berrange 已提交
1837 1838 1839
}

static void qemudCleanup(struct qemud_server *server) {
1840 1841
    struct qemud_socket *sock;

1842
    close(server->sigread);
1843 1844

    sock = server->sockets;
D
Daniel P. Berrange 已提交
1845
    while (sock) {
1846
        struct qemud_socket *next = sock->next;
D
Daniel P. Berrange 已提交
1847
        close(sock->fd);
1848 1849
        free(sock);
        sock = next;
D
Daniel P. Berrange 已提交
1850
    }
1851

1852
#ifdef HAVE_SASL
1853 1854 1855
    if (server->saslUsernameWhitelist) {
        char **list = server->saslUsernameWhitelist;
        while (*list) {
1856
            free(*list);
1857 1858
            list++;
        }
1859
        free(server->saslUsernameWhitelist);
1860
    }
1861
#endif
1862

1863
    virStateCleanup();
1864

D
Daniel P. Berrange 已提交
1865 1866 1867
    free(server);
}

1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883
/* Allocate an array of malloc'd strings from the config file, filename
 * (used only in diagnostics), using handle "conf".  Upon error, return -1
 * and free any allocated memory.  Otherwise, save the array in *list_arg
 * and return 0.
 */
static int
remoteConfigGetStringList(virConfPtr conf, const char *key, char ***list_arg,
                          const char *filename)
{
    char **list;
    virConfValuePtr p = virConfGetValue (conf, key);
    if (!p)
        return 0;

    switch (p->type) {
    case VIR_CONF_STRING:
1884
        if (VIR_ALLOC_N(list, 2) < 0) {
1885
            VIR_ERROR(_("failed to allocate memory for %s config list"), key);
1886 1887 1888 1889 1890
            return -1;
        }
        list[0] = strdup (p->str);
        list[1] = NULL;
        if (list[0] == NULL) {
1891
            VIR_ERROR(_("failed to allocate memory for %s config list value"),
1892
                      key);
1893
            VIR_FREE(list);
1894 1895 1896 1897 1898 1899 1900 1901 1902
            return -1;
        }
        break;

    case VIR_CONF_LIST: {
        int i, len = 0;
        virConfValuePtr pp;
        for (pp = p->list; pp; pp = pp->next)
            len++;
1903
        if (VIR_ALLOC_N(list, 1+len) < 0) {
1904
            VIR_ERROR(_("failed to allocate memory for %s config list"), key);
1905 1906 1907 1908
            return -1;
        }
        for (i = 0, pp = p->list; pp; ++i, pp = pp->next) {
            if (pp->type != VIR_CONF_STRING) {
1909 1910
                VIR_ERROR(_("remoteReadConfigFile: %s: %s:"
                            " must be a string or list of strings\n"),
1911
                          filename, key);
1912
                VIR_FREE(list);
1913 1914 1915 1916 1917 1918
                return -1;
            }
            list[i] = strdup (pp->str);
            if (list[i] == NULL) {
                int j;
                for (j = 0 ; j < i ; j++)
1919 1920
                    VIR_FREE(list[j]);
                VIR_FREE(list);
1921 1922
                VIR_ERROR(_("failed to allocate memory for %s config list value"),
                          key);
1923 1924 1925 1926 1927 1928 1929 1930 1931
                return -1;
            }

        }
        list[i] = NULL;
        break;
    }

    default:
1932 1933
        VIR_ERROR(_("remoteReadConfigFile: %s: %s:"
                    " must be a string or list of strings\n"),
1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947
                  filename, key);
        return -1;
    }

    *list_arg = list;
    return 0;
}

/* A helper function used by each of the following macros.  */
static int
checkType (virConfValuePtr p, const char *filename,
           const char *key, virConfType required_type)
{
    if (p->type != required_type) {
1948
        VIR_ERROR(_("remoteReadConfigFile: %s: %s: invalid type:"
1949
                    " got %s; expected %s\n"), filename, key,
1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968
                  virConfTypeName (p->type),
                  virConfTypeName (required_type));
        return -1;
    }
    return 0;
}

/* If there is no config data for the key, #var_name, then do nothing.
   If there is valid data of type VIR_CONF_STRING, and strdup succeeds,
   store the result in var_name.  Otherwise, (i.e. invalid type, or strdup
   failure), give a diagnostic and "goto" the cleanup-and-fail label.  */
#define GET_CONF_STR(conf, filename, var_name)                          \
    do {                                                                \
        virConfValuePtr p = virConfGetValue (conf, #var_name);          \
        if (p) {                                                        \
            if (checkType (p, filename, #var_name, VIR_CONF_STRING) < 0) \
                goto free_and_fail;                                     \
            (var_name) = strdup (p->str);                               \
            if ((var_name) == NULL) {                                   \
1969
                VIR_ERROR(_("remoteReadConfigFile: %s\n"),strerror (errno)); \
1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985
                goto free_and_fail;                                     \
            }                                                           \
        }                                                               \
    } while (0)

/* Like GET_CONF_STR, but for integral values.  */
#define GET_CONF_INT(conf, filename, var_name)                          \
    do {                                                                \
        virConfValuePtr p = virConfGetValue (conf, #var_name);          \
        if (p) {                                                        \
            if (checkType (p, filename, #var_name, VIR_CONF_LONG) < 0)  \
                goto free_and_fail;                                     \
            (var_name) = p->l;                                          \
        }                                                               \
    } while (0)

1986 1987 1988 1989 1990 1991 1992 1993

static int remoteConfigGetAuth(virConfPtr conf, const char *key, int *auth, const char *filename) {
    virConfValuePtr p;

    p = virConfGetValue (conf, key);
    if (!p)
        return 0;

1994
    if (checkType (p, filename, key, VIR_CONF_STRING) < 0)
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
        return -1;

    if (!p->str)
        return 0;

    if (STREQ(p->str, "none")) {
        *auth = REMOTE_AUTH_NONE;
#if HAVE_SASL
    } else if (STREQ(p->str, "sasl")) {
        *auth = REMOTE_AUTH_SASL;
2005 2006 2007 2008
#endif
#if HAVE_POLKIT
    } else if (STREQ(p->str, "polkit")) {
        *auth = REMOTE_AUTH_POLKIT;
2009 2010
#endif
    } else {
2011
        VIR_ERROR(_("remoteReadConfigFile: %s: %s: unsupported auth %s\n"),
2012
                  filename, key, p->str);
2013 2014 2015 2016 2017 2018
        return -1;
    }

    return 0;
}

2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038
#ifdef HAVE_SASL
static inline int
remoteReadSaslAllowedUsernameList (virConfPtr conf,
                                   struct qemud_server *server,
                                   const char *filename)
{
    return
        remoteConfigGetStringList (conf, "sasl_allowed_username_list",
                                   &server->saslUsernameWhitelist, filename);
}
#else
static inline int
remoteReadSaslAllowedUsernameList (virConfPtr conf ATTRIBUTE_UNUSED,
                                   struct qemud_server *server ATTRIBUTE_UNUSED,
                                   const char *filename ATTRIBUTE_UNUSED)
{
    return 0;
}
#endif

2039 2040 2041 2042 2043 2044
/*
 * Set up the logging environment
 * By default if daemonized all errors go to syslog and the logging
 * is also saved onto the logfile libvird.log, but if verbose or error
 * debugging is asked for then output informations or debug.
 */
2045
static int
2046
qemudSetLogging(virConfPtr conf, const char *filename) {
2047 2048 2049
    char *debugEnv;
    int ret = -1;

2050 2051
    virLogReset();

2052 2053 2054 2055 2056
    /*
     * look for default logging level first from config file,
     * then from environment variable and finally from command
     * line options
     */
2057
    GET_CONF_INT (conf, filename, log_level);
2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068
    debugEnv = getenv("LIBVIRT_DEBUG");
    if (debugEnv && *debugEnv && *debugEnv != '0') {
        if (STREQ(debugEnv, "2") || STREQ(debugEnv, "info"))
            log_level = VIR_LOG_INFO;
        else if (STREQ(debugEnv, "3") || STREQ(debugEnv, "warning"))
            log_level = VIR_LOG_WARN;
        else if (STREQ(debugEnv, "4") || STREQ(debugEnv, "error"))
            log_level = VIR_LOG_ERROR;
        else
            log_level = VIR_LOG_DEBUG;
    }
2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088
    if ((verbose) && (log_level >= VIR_LOG_WARN))
        log_level = VIR_LOG_INFO;
    virLogSetDefaultPriority(log_level);

    /* there is no default filters */
    GET_CONF_STR (conf, filename, log_filters);
    virLogParseFilters(log_filters);

    /*
     * by default save all warning and errors to syslog or
     * all logs to stderr if not running as daemon
     */
    GET_CONF_STR (conf, filename, log_outputs);
    if (log_outputs == NULL) {
        if (godaemon)
            virLogParseOutputs("3:syslog:libvirtd");
        else
            virLogParseOutputs("0:stderr:libvirtd");
    } else
        virLogParseOutputs(log_outputs);
2089 2090
    ret = 0;

2091 2092 2093
free_and_fail:
    VIR_FREE(log_filters);
    VIR_FREE(log_outputs);
2094
    return(ret);
2095
}
2096

2097 2098 2099 2100
/* Read the config file if it exists.
 * Only used in the remote case, hence the name.
 */
static int
2101
remoteReadConfigFile (struct qemud_server *server, const char *filename)
2102 2103 2104
{
    virConfPtr conf;

2105 2106 2107 2108 2109 2110
    /* The following variable names must match the corresponding
       configuration strings.  */
    char *unix_sock_ro_perms = NULL;
    char *unix_sock_rw_perms = NULL;
    char *unix_sock_group = NULL;

2111 2112 2113 2114 2115 2116 2117 2118
#if HAVE_POLKIT
    /* Change the default back to no auth for non-root */
    if (getuid() != 0 && auth_unix_rw == REMOTE_AUTH_POLKIT)
        auth_unix_rw = REMOTE_AUTH_NONE;
    if (getuid() != 0 && auth_unix_ro == REMOTE_AUTH_POLKIT)
        auth_unix_ro = REMOTE_AUTH_NONE;
#endif

2119
    conf = virConfReadFile (filename);
2120
    if (!conf) return -1;
2121

2122 2123 2124
    /*
     * First get all the logging settings and activate them
     */
2125 2126
    if (qemudSetLogging(conf, filename) < 0)
        goto free_and_fail;
2127

2128 2129
    GET_CONF_INT (conf, filename, listen_tcp);
    GET_CONF_INT (conf, filename, listen_tls);
2130 2131
    GET_CONF_STR (conf, filename, tls_port);
    GET_CONF_STR (conf, filename, tcp_port);
2132
    GET_CONF_STR (conf, filename, listen_addr);
J
Jim Meyering 已提交
2133

2134
    if (remoteConfigGetAuth(conf, "auth_unix_rw", &auth_unix_rw, filename) < 0)
2135
        goto free_and_fail;
2136 2137 2138 2139 2140 2141 2142
#if HAVE_POLKIT
    /* Change default perms to be wide-open if PolicyKit is enabled.
     * Admin can always override in config file
     */
    if (auth_unix_rw == REMOTE_AUTH_POLKIT)
        unix_sock_rw_mask = 0777;
#endif
2143
    if (remoteConfigGetAuth(conf, "auth_unix_ro", &auth_unix_ro, filename) < 0)
2144
        goto free_and_fail;
2145
    if (remoteConfigGetAuth(conf, "auth_tcp", &auth_tcp, filename) < 0)
2146
        goto free_and_fail;
2147
    if (remoteConfigGetAuth(conf, "auth_tls", &auth_tls, filename) < 0)
2148
        goto free_and_fail;
2149

2150 2151
    GET_CONF_STR (conf, filename, unix_sock_group);
    if (unix_sock_group) {
2152
        if (getuid() != 0) {
2153
            VIR_WARN0(_("Cannot set group when not running as root"));
2154
        } else {
2155
            struct group *grp = getgrnam(unix_sock_group);
2156
            if (!grp) {
2157
                VIR_ERROR(_("Failed to lookup group '%s'"), unix_sock_group);
2158
                goto free_and_fail;
2159 2160 2161
            }
            unix_sock_gid = grp->gr_gid;
        }
2162 2163
        free (unix_sock_group);
        unix_sock_group = NULL;
2164 2165
    }

2166 2167
    GET_CONF_STR (conf, filename, unix_sock_ro_perms);
    if (unix_sock_ro_perms) {
2168
        if (virStrToLong_i (unix_sock_ro_perms, NULL, 8, &unix_sock_ro_mask) != 0) {
2169
            VIR_ERROR(_("Failed to parse mode '%s'"), unix_sock_ro_perms);
2170
            goto free_and_fail;
2171
        }
2172 2173
        free (unix_sock_ro_perms);
        unix_sock_ro_perms = NULL;
2174 2175
    }

2176 2177
    GET_CONF_STR (conf, filename, unix_sock_rw_perms);
    if (unix_sock_rw_perms) {
2178
        if (virStrToLong_i (unix_sock_rw_perms, NULL, 8, &unix_sock_rw_mask) != 0) {
2179
            VIR_ERROR(_("Failed to parse mode '%s'"), unix_sock_rw_perms);
2180
            goto free_and_fail;
2181
        }
2182 2183
        free (unix_sock_rw_perms);
        unix_sock_rw_perms = NULL;
2184 2185
    }

2186 2187
    GET_CONF_INT (conf, filename, mdns_adv);
    GET_CONF_STR (conf, filename, mdns_name);
2188

2189
    GET_CONF_INT (conf, filename, tls_no_verify_certificate);
2190

2191 2192 2193 2194
    GET_CONF_STR (conf, filename, key_file);
    GET_CONF_STR (conf, filename, cert_file);
    GET_CONF_STR (conf, filename, ca_file);
    GET_CONF_STR (conf, filename, crl_file);
2195

2196 2197 2198
    if (remoteConfigGetStringList (conf, "tls_allowed_dn_list",
                                   &tls_allowed_dn_list, filename) < 0)
        goto free_and_fail;
2199

2200
    if (remoteReadSaslAllowedUsernameList (conf, server, filename) < 0)
2201
        goto free_and_fail;
2202

2203 2204 2205 2206 2207

    GET_CONF_INT (conf, filename, min_workers);
    GET_CONF_INT (conf, filename, max_workers);
    GET_CONF_INT (conf, filename, max_clients);

2208 2209
    virConfFree (conf);
    return 0;
2210

2211 2212 2213 2214 2215 2216 2217 2218
 free_and_fail:
    virConfFree (conf);
    free (mdns_name);
    mdns_name = NULL;
    free (unix_sock_ro_perms);
    free (unix_sock_rw_perms);
    free (unix_sock_group);

2219 2220 2221 2222
    /* Don't bother trying to free listen_addr, tcp_port, tls_port, key_file,
       cert_file, ca_file, or crl_file, since they are initialized to
       non-malloc'd strings.  Besides, these are static variables, and callers
       are unlikely to call this function more than once, so there wouldn't
2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233
       even be a real leak.  */

    if (tls_allowed_dn_list) {
        int i;
        for (i = 0; tls_allowed_dn_list[i]; i++)
            free (tls_allowed_dn_list[i]);
        free (tls_allowed_dn_list);
        tls_allowed_dn_list = NULL;
    }

    return -1;
2234 2235
}

2236 2237 2238 2239 2240 2241 2242
/* Display version information. */
static void
version (const char *argv0)
{
    printf ("%s (%s) %s\n", argv0, PACKAGE_NAME, PACKAGE_VERSION);
}

2243 2244 2245 2246 2247
/* Print command-line usage. */
static void
usage (const char *argv0)
{
    fprintf (stderr,
2248 2249 2250 2251 2252 2253 2254
             "\n\
Usage:\n\
  %s [options]\n\
\n\
Options:\n\
  -v | --verbose         Verbose messages.\n\
  -d | --daemon          Run as a daemon & write PID file.\n\
2255 2256
  -l | --listen          Listen for TCP/IP connections.\n\
  -t | --timeout <secs>  Exit after timeout period.\n\
2257
  -f | --config <file>   Configuration file.\n\
2258
     | --version         Display version information.\n\
2259 2260
  -p | --pid-file <file> Change name of PID file.\n\
\n\
2261
libvirt management daemon:\n\
2262 2263 2264
\n\
  Default paths:\n\
\n\
2265
    Configuration file (unless overridden by -c):\n\
2266 2267
      " SYSCONF_DIR "/libvirt/libvirtd.conf\n\
\n\
2268
    Sockets (as root):\n\
2269 2270
      " LOCAL_STATE_DIR "/run/libvirt/libvirt-sock\n\
      " LOCAL_STATE_DIR "/run/libvirt/libvirt-sock-ro\n\
2271 2272 2273
\n\
    Sockets (as non-root):\n\
      $HOME/.libvirt/libvirt-sock (in UNIX abstract namespace)\n\
2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286
\n\
    TLS:\n\
      CA certificate:     " LIBVIRT_CACERT "\n\
      Server certificate: " LIBVIRT_SERVERCERT "\n\
      Server private key: " LIBVIRT_SERVERKEY "\n\
\n\
    PID file (unless overridden by --pid-file):\n\
      %s\n\
\n",
             argv0,
             REMOTE_PID_FILE[0] != '\0'
               ? REMOTE_PID_FILE
               : "(disabled in ./configure)");
2287 2288
}

2289 2290 2291 2292
enum {
    OPT_VERSION = 129
};

D
Daniel P. Berrange 已提交
2293 2294
#define MAX_LISTEN 5
int main(int argc, char **argv) {
2295
    struct qemud_server *server = NULL;
2296 2297
    struct sigaction sig_action;
    int sigpipe[2];
2298
    const char *pid_file = NULL;
2299
    const char *remote_config_file = NULL;
2300
    int ret = 1;
D
Daniel P. Berrange 已提交
2301 2302 2303 2304

    struct option opts[] = {
        { "verbose", no_argument, &verbose, 1},
        { "daemon", no_argument, &godaemon, 1},
2305
        { "listen", no_argument, &ipsock, 1},
2306
        { "config", required_argument, NULL, 'f'},
2307 2308
        { "timeout", required_argument, NULL, 't'},
        { "pid-file", required_argument, NULL, 'p'},
2309
        { "version", no_argument, NULL, OPT_VERSION },
2310
        { "help", no_argument, NULL, '?' },
D
Daniel P. Berrange 已提交
2311 2312 2313 2314 2315 2316 2317 2318
        {0, 0, 0, 0}
    };

    while (1) {
        int optidx = 0;
        int c;
        char *tmp;

2319
        c = getopt_long(argc, argv, "ldf:p:t:v", opts, &optidx);
D
Daniel P. Berrange 已提交
2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334

        if (c == -1) {
            break;
        }

        switch (c) {
        case 0:
            /* Got one of the flags */
            break;
        case 'v':
            verbose = 1;
            break;
        case 'd':
            godaemon = 1;
            break;
2335 2336
        case 'l':
            ipsock = 1;
D
Daniel P. Berrange 已提交
2337 2338 2339
            break;

        case 't':
2340
            if (virStrToLong_i(optarg, &tmp, 10, &timeout) != 0
2341 2342 2343
                || timeout <= 0
                /* Ensure that we can multiply by 1000 without overflowing.  */
                || timeout > INT_MAX / 1000)
D
Daniel P. Berrange 已提交
2344 2345
                timeout = -1;
            break;
2346 2347

        case 'p':
2348 2349 2350 2351 2352
            pid_file = optarg;
            break;

        case 'f':
            remote_config_file = optarg;
2353 2354
            break;

2355 2356 2357 2358
        case OPT_VERSION:
            version (argv[0]);
            return 0;

D
Daniel P. Berrange 已提交
2359
        case '?':
2360
            usage (argv[0]);
D
Daniel P. Berrange 已提交
2361 2362 2363
            return 2;

        default:
2364 2365 2366
            fprintf (stderr, "libvirtd: internal error: unknown flag: %c\n",
                     c);
            exit (1);
D
Daniel P. Berrange 已提交
2367 2368 2369
        }
    }

2370 2371 2372 2373 2374 2375 2376 2377 2378
    if (remote_config_file == NULL) {
        static const char *default_config_file
            = SYSCONF_DIR "/libvirt/libvirtd.conf";
        remote_config_file =
            (access(default_config_file, X_OK) == 0
             ? default_config_file
             : "/dev/null");
    }

2379 2380
    if (godaemon) {
        if (qemudGoDaemon() < 0) {
2381
            VIR_ERROR(_("Failed to fork as daemon: %s"), strerror(errno));
2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396
            goto error1;
        }
    }

    /* If running as root and no PID file is set, use the default */
    if (pid_file == NULL &&
        getuid() == 0 &&
        REMOTE_PID_FILE[0] != '\0')
        pid_file = REMOTE_PID_FILE;

    /* If we have a pidfile set, claim it now, exiting if already taken */
    if (pid_file != NULL &&
        qemudWritePidFile (pid_file) < 0)
        goto error1;

2397 2398
    if (pipe(sigpipe) < 0 ||
        qemudSetNonBlock(sigpipe[0]) < 0 ||
2399 2400 2401
        qemudSetNonBlock(sigpipe[1]) < 0 ||
        qemudSetCloseExec(sigpipe[0]) < 0 ||
        qemudSetCloseExec(sigpipe[1]) < 0) {
2402
        VIR_ERROR(_("Failed to create pipe: %s"), strerror(errno));
2403
        goto error2;
2404
    }
2405 2406
    sigwrite = sigpipe[1];

2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419
    sig_action.sa_sigaction = sig_handler;
    sig_action.sa_flags = SA_SIGINFO;
    sigemptyset(&sig_action.sa_mask);

    sigaction(SIGHUP, &sig_action, NULL);
    sigaction(SIGINT, &sig_action, NULL);
    sigaction(SIGQUIT, &sig_action, NULL);
    sigaction(SIGTERM, &sig_action, NULL);
    sigaction(SIGCHLD, &sig_action, NULL);

    sig_action.sa_handler = SIG_IGN;
    sigaction(SIGPIPE, &sig_action, NULL);

2420 2421
    if (!(server = qemudInitialize(sigpipe[0]))) {
        ret = 2;
2422
        goto error2;
2423
    }
2424

2425 2426
    /* Read the config file (if it exists). */
    if (remoteReadConfigFile (server, remote_config_file) < 0)
2427
        goto error2;
D
Daniel P. Berrange 已提交
2428

2429
    /* Change the group ownership of /var/run/libvirt to unix_sock_gid */
2430
    if (getuid() == 0) {
2431 2432 2433
        const char *sockdirname = LOCAL_STATE_DIR "/run/libvirt";

        if (chown(sockdirname, -1, unix_sock_gid) < 0)
2434
            VIR_ERROR(_("Failed to change group ownership of %s"), sockdirname);
2435 2436
    }

2437
    if (virEventAddHandleImpl(sigpipe[0],
2438
                              VIR_EVENT_HANDLE_READABLE,
2439
                              qemudDispatchSignalEvent,
2440
                              server, NULL) < 0) {
2441
        VIR_ERROR0(_("Failed to register callback for signal pipe"));
2442 2443 2444 2445
        ret = 3;
        goto error2;
    }

2446 2447 2448 2449 2450
    if (!(server = qemudNetworkInit(server))) {
        ret = 2;
        goto error2;
    }

2451
    qemudRunLoop(server);
D
Daniel P. Berrange 已提交
2452

2453 2454
    ret = 0;

2455
error2:
2456 2457
    if (server)
        qemudCleanup(server);
2458 2459 2460 2461 2462
    if (pid_file)
        unlink (pid_file);
    close(sigwrite);

error1:
2463
    virLogShutdown();
2464
    return ret;
D
Daniel P. Berrange 已提交
2465
}
新手
引导
客服 返回
顶部