提交 153fd683 编写于 作者: P Pavel Hrdina

src: remove WITH_GNUTLS usage

Since commit <60d9ad6f> we require
GnuTLS and since commit <ac0d21c7>
we can actually drop the usage of WITH_GNUTLS.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>
上级 e4e62941
......@@ -45,9 +45,7 @@
#include "viralloc.h"
#include "configmake.h"
#include "virconf.h"
#if WITH_GNUTLS
# include "rpc/virnettlscontext.h"
#endif
#include "rpc/virnettlscontext.h"
#include "vircommand.h"
#include "virfile.h"
#include "virrandom.h"
......@@ -233,9 +231,7 @@ virGlobalInit(void)
virLogSetFromEnv();
#ifdef WITH_GNUTLS
virNetTLSInit();
#endif
#if WITH_CURL
curl_global_init(CURL_GLOBAL_DEFAULT);
......
......@@ -124,9 +124,7 @@ struct private_data {
int counter; /* Serial number for RPC */
#ifdef WITH_GNUTLS
virNetTLSContextPtr tls;
#endif
int is_secure; /* Secure if TLS or SASL or UNIX sockets */
char *type; /* Cached return from remoteType. */
......@@ -1132,7 +1130,6 @@ doRemoteOpen(virConnectPtr conn,
virConfGetValueString(conf, "tls_priority", &tls_priority) < 0)
goto failed;
#ifdef WITH_GNUTLS
priv->tls = virNetTLSContextNewClientPath(pkipath,
geteuid() != 0 ? true : false,
tls_priority,
......@@ -1141,27 +1138,17 @@ doRemoteOpen(virConnectPtr conn,
goto failed;
priv->is_secure = 1;
G_GNUC_FALLTHROUGH;
#else
(void)tls_priority;
(void)sanity;
(void)verify;
virReportError(VIR_ERR_INVALID_ARG, "%s",
_("GNUTLS support not available in this build"));
goto failed;
#endif
case REMOTE_DRIVER_TRANSPORT_TCP:
priv->client = virNetClientNewTCP(priv->hostname, port, AF_UNSPEC);
if (!priv->client)
goto failed;
#ifdef WITH_GNUTLS
if (priv->tls) {
VIR_DEBUG("Starting TLS session");
if (virNetClientSetTLSSession(priv->client, priv->tls) < 0)
goto failed;
}
#endif
break;
......@@ -1388,10 +1375,8 @@ doRemoteOpen(virConnectPtr conn,
priv->client = NULL;
virObjectUnref(priv->closeCallback);
priv->closeCallback = NULL;
#ifdef WITH_GNUTLS
virObjectUnref(priv->tls);
priv->tls = NULL;
#endif
VIR_FREE(priv->hostname);
return VIR_DRV_OPEN_ERROR;
......@@ -1533,10 +1518,8 @@ doRemoteClose(virConnectPtr conn, struct private_data *priv)
(xdrproc_t) xdr_void, (char *) NULL) == -1)
ret = -1;
#ifdef WITH_GNUTLS
virObjectUnref(priv->tls);
priv->tls = NULL;
#endif
virNetClientSetCloseCallback(priv->client,
NULL,
......@@ -4271,7 +4254,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
/* saslcb is now owned by sasl */
saslcb = NULL;
# ifdef WITH_GNUTLS
/* Initialize some connection props we care about */
if (priv->tls) {
if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0)
......@@ -4283,7 +4265,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
goto cleanup;
}
# endif
/* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */
/* If we're not secure, then forbid any anonymous or trivially crackable auth */
......
......@@ -70,9 +70,7 @@ struct _virNetClient {
virNetSocketPtr sock;
bool asyncIO;
#if WITH_GNUTLS
virNetTLSSessionPtr tls;
#endif
char *hostname;
virNetClientProgramPtr *programs;
......@@ -708,9 +706,7 @@ void virNetClientDispose(void *obj)
if (client->sock)
virNetSocketRemoveIOCallback(client->sock);
virObjectUnref(client->sock);
#if WITH_GNUTLS
virObjectUnref(client->tls);
#endif
#if WITH_SASL
virObjectUnref(client->sasl);
#endif
......@@ -750,10 +746,8 @@ virNetClientCloseLocked(virNetClientPtr client)
virObjectUnref(client->sock);
client->sock = NULL;
#if WITH_GNUTLS
virObjectUnref(client->tls);
client->tls = NULL;
#endif
#if WITH_SASL
virObjectUnref(client->sasl);
client->sasl = NULL;
......@@ -837,7 +831,6 @@ void virNetClientSetSASLSession(virNetClientPtr client,
#endif
#if WITH_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls)
{
......@@ -848,12 +841,12 @@ int virNetClientSetTLSSession(virNetClientPtr client,
sigset_t oldmask, blockedsigs;
sigemptyset(&blockedsigs);
# ifdef SIGWINCH
#ifdef SIGWINCH
sigaddset(&blockedsigs, SIGWINCH);
# endif
# ifdef SIGCHLD
#endif
#ifdef SIGCHLD
sigaddset(&blockedsigs, SIGCHLD);
# endif
#endif
sigaddset(&blockedsigs, SIGPIPE);
virObjectLock(client);
......@@ -940,16 +933,13 @@ int virNetClientSetTLSSession(virNetClientPtr client,
virObjectUnlock(client);
return -1;
}
#endif
bool virNetClientIsEncrypted(virNetClientPtr client)
{
bool ret = false;
virObjectLock(client);
#if WITH_GNUTLS
if (client->tls)
ret = true;
#endif
#if WITH_SASL
if (client->sasl)
ret = true;
......@@ -1041,7 +1031,6 @@ const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client)
return virNetSocketRemoteAddrStringSASL(client->sock);
}
#if WITH_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client)
{
int ret = 0;
......@@ -1051,7 +1040,6 @@ int virNetClientGetTLSKeySize(virNetClientPtr client)
virObjectUnlock(client);
return ret;
}
#endif
static int
virNetClientCallDispatchReply(virNetClientPtr client)
......
......@@ -20,9 +20,7 @@
#pragma once
#ifdef WITH_GNUTLS
# include "virnettlscontext.h"
#endif
#include "virnettlscontext.h"
#include "virnetmessage.h"
#ifdef WITH_SASL
# include "virnetsaslcontext.h"
......@@ -120,10 +118,8 @@ void virNetClientSetSASLSession(virNetClientPtr client,
virNetSASLSessionPtr sasl);
#endif
#ifdef WITH_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls);
#endif
bool virNetClientIsEncrypted(virNetClientPtr client);
bool virNetClientIsOpen(virNetClientPtr client);
......@@ -131,9 +127,7 @@ bool virNetClientIsOpen(virNetClientPtr client);
const char *virNetClientLocalAddrStringSASL(virNetClientPtr client);
const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client);
#ifdef WITH_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client);
#endif
void virNetClientClose(virNetClientPtr client);
......
......@@ -93,9 +93,7 @@ struct _virNetSocket {
char *remoteAddrStrSASL;
char *remoteAddrStrURI;
#if WITH_GNUTLS
virNetTLSSessionPtr tlsSession;
#endif
#if WITH_SASL
virNetSASLSessionPtr saslSession;
......@@ -1288,13 +1286,11 @@ virJSONValuePtr virNetSocketPreExecRestart(virNetSocketPtr sock)
goto error;
}
#endif
#if WITH_GNUTLS
if (sock->tlsSession) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("Unable to save socket state when TLS session is active"));
goto error;
}
#endif
if (!(object = virJSONValueNewObject()))
goto error;
......@@ -1358,12 +1354,10 @@ void virNetSocketDispose(void *obj)
unlink(sock->localAddr.data.un.sun_path);
#endif
#if WITH_GNUTLS
/* Make sure it can't send any more I/O during shutdown */
if (sock->tlsSession)
virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL);
virObjectUnref(sock->tlsSession);
#endif
#if WITH_SASL
virObjectUnref(sock->saslSession);
#endif
......@@ -1660,7 +1654,6 @@ const char *virNetSocketRemoteAddrStringURI(virNetSocketPtr sock)
return sock->remoteAddrStrURI;
}
#if WITH_GNUTLS
static ssize_t virNetSocketTLSSessionWrite(const char *buf,
size_t len,
void *opaque)
......@@ -1691,7 +1684,6 @@ void virNetSocketSetTLSSession(virNetSocketPtr sock,
sock);
virObjectUnlock(sock);
}
#endif
#if WITH_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock,
......@@ -1789,17 +1781,13 @@ static ssize_t virNetSocketReadWire(virNetSocketPtr sock, char *buf, size_t len)
#endif
reread:
#if WITH_GNUTLS
if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionRead(sock->tlsSession, buf, len);
} else {
#endif
ret = read(sock->fd, buf, len);
#if WITH_GNUTLS
}
#endif
if ((ret < 0) && (errno == EINTR))
goto reread;
......@@ -1862,17 +1850,13 @@ static ssize_t virNetSocketWriteWire(virNetSocketPtr sock, const char *buf, size
#endif
rewrite:
#if WITH_GNUTLS
if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionWrite(sock->tlsSession, buf, len);
} else {
#endif
ret = write(sock->fd, buf, len);
#if WITH_GNUTLS
}
#endif
if (ret < 0) {
if (errno == EINTR)
......
......@@ -23,9 +23,7 @@
#include "virsocketaddr.h"
#include "vircommand.h"
#ifdef WITH_GNUTLS
# include "virnettlscontext.h"
#endif
#include "virnettlscontext.h"
#include "virobject.h"
#ifdef WITH_SASL
# include "virnetsaslcontext.h"
......@@ -152,10 +150,8 @@ ssize_t virNetSocketWrite(virNetSocketPtr sock, const char *buf, size_t len);
int virNetSocketSendFD(virNetSocketPtr sock, int fd);
int virNetSocketRecvFD(virNetSocketPtr sock, int *fd);
#ifdef WITH_GNUTLS
void virNetSocketSetTLSSession(virNetSocketPtr sock,
virNetTLSSessionPtr sess);
#endif
#ifdef WITH_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock,
......
......@@ -24,10 +24,8 @@
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#ifdef WITH_GNUTLS
# include <gnutls/gnutls.h>
# include <gnutls/crypto.h>
#endif
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
#include "virrandom.h"
#include "virthread.h"
......@@ -41,8 +39,6 @@
VIR_LOG_INIT("util.random");
#define RANDOM_SOURCE "/dev/urandom"
/**
* virRandomBits:
* @nbits: Number of bits of randomness required
......@@ -107,7 +103,7 @@ uint32_t virRandomInt(uint32_t max)
* @buf: Pointer to location to store bytes
* @buflen: Number of bytes to store
*
* Generate a stream of random bytes from RANDOM_SOURCE
* Generate a stream of random bytes using gnutls_rnd()
* into @buf of size @buflen
*
* Returns 0 on success or -1 (with error reported)
......@@ -116,10 +112,8 @@ int
virRandomBytes(unsigned char *buf,
size_t buflen)
{
#if WITH_GNUTLS
int rv;
/* Generate the byte stream using gnutls_rnd() if possible */
if ((rv = gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to generate byte stream: %s"),
......@@ -127,35 +121,6 @@ virRandomBytes(unsigned char *buf,
return -1;
}
#else /* !WITH_GNUTLS */
int fd;
if ((fd = open(RANDOM_SOURCE, O_RDONLY)) < 0) {
virReportSystemError(errno,
_("unable to open %s"),
RANDOM_SOURCE);
return -1;
}
while (buflen > 0) {
ssize_t n;
if ((n = saferead(fd, buf, buflen)) <= 0) {
virReportSystemError(errno,
_("unable to read from %s"),
RANDOM_SOURCE);
VIR_FORCE_CLOSE(fd);
return n < 0 ? -errno : -ENODATA;
}
buf += n;
buflen -= n;
}
VIR_FORCE_CLOSE(fd);
#endif /* !WITH_GNUTLS */
return 0;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册