1. 18 3月, 2014 6 次提交
  2. 10 3月, 2014 2 次提交
  3. 24 2月, 2014 1 次提交
    • M
      virNetServerRun: Notify systemd that we're accepting clients · 68954fb2
      Michal Privoznik 提交于
      Systemd does not forget about the cases, where client service needs to
      wait for daemon service to initialize and start accepting new clients.
      Setting a dependency in client is not enough as systemd doesn't know
      when the daemon has initialized itself and started accepting new
      clients. However, it offers a mechanism to solve this. The daemon needs
      to call a special systemd function by which the daemon tells "I'm ready
      to accept new clients". This is exactly what we need with
      libvirtd-guests (client) and libvirtd (daemon). So now, with this
      change, libvirt-guests.service is invoked not any sooner than
      libvirtd.service calls the systemd notify function.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      68954fb2
  4. 14 1月, 2014 1 次提交
  5. 13 1月, 2014 1 次提交
    • J
      Don't crash if a connection closes early · 173c2914
      Jiri Denemark 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1047577
      
      When a client closes its connection to libvirtd early during
      virConnectOpen, more specifically just after making
      REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if
      VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for
      the result, libvirtd may crash due to a race in keep-alive
      initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE
      call, the daemon's event loop delegates it to a worker thread. In case
      the event loop detects EOF on the connection and calls
      virNetServerClientClose before the worker thread starts to handle
      REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be
      disposed by the time virNetServerClientStartKeepAlive gets called from
      remoteDispatchConnectSupportsFeature. Because the flow is common for
      both authenticated and read-only connections, even unprivileged clients
      may cause the daemon to crash.
      
      To avoid the crash, virNetServerClientStartKeepAlive needs to check if
      the connection is still open before starting keep-alive protocol.
      
      Every libvirt release since 0.9.8 is affected by this bug.
      173c2914
  6. 04 12月, 2013 2 次提交
  7. 26 11月, 2013 2 次提交
    • C
      Fix invalid read in virNetSASLSessionClientStep debug log · 986900a5
      Christophe Fergeau 提交于
      virNetSASLSessionClientStep logs the data that is going to be passed to
      sasl_client_step as input data. However, it tries to log it as a string,
      while there is no guarantee that this data is going to be nul-terminated.
      This leads to this valgrind log:
      
      ==20938== Invalid read of size 1
      ==20938==    at 0x8BDB08F: vfprintf (vfprintf.c:1635)
      ==20938==    by 0x8C06DF2: vasprintf (vasprintf.c:62)
      ==20938==    by 0x4CCEDF9: virVasprintfInternal (virstring.c:337)
      ==20938==    by 0x4CA9516: virLogVMessage (virlog.c:842)
      ==20938==    by 0x4CA939A: virLogMessage (virlog.c:778)
      ==20938==    by 0x4E21E0D: virNetSASLSessionClientStep (virnetsaslcontext.c:458)
      ==20938==    by 0x4DE47B8: remoteAuthSASL (remote_driver.c:4136)
      ==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
      ==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
      ==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
      ==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
      ==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
      ==20938==    by 0x12762B: vshReconnect (virsh.c:337)
      ==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
      ==20938==    by 0x12E9A5: main (virsh.c:3338)
      ==20938==  Address 0xe329ccd is 0 bytes after a block of size 141 alloc'd
      ==20938==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==20938==    by 0x8CB91B4: xdr_array (xdr_array.c:94)
      ==20938==    by 0x4E039C2: xdr_remote_auth_sasl_start_ret (remote_protocol.c:3134)
      ==20938==    by 0x4E1F8AA: virNetMessageDecodePayload (virnetmessage.c:405)
      ==20938==    by 0x4E119F5: virNetClientProgramCall (virnetclientprogram.c:377)
      ==20938==    by 0x4DF8141: callFull (remote_driver.c:5794)
      ==20938==    by 0x4DF821A: call (remote_driver.c:5816)
      ==20938==    by 0x4DE46CF: remoteAuthSASL (remote_driver.c:4112)
      ==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
      ==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
      ==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
      ==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
      ==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
      ==20938==    by 0x12762B: vshReconnect (virsh.c:337)
      ==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
      ==20938==    by 0x12E9A5: main (virsh.c:3338)
      986900a5
    • C
      Tie SASL callbacks lifecycle to virNetSessionSASLContext · 13fdc6d6
      Christophe Fergeau 提交于
      The array of sasl_callback_t callbacks which is passed to sasl_client_new()
      must be kept alive as long as the created sasl_conn_t object is alive as
      cyrus-sasl uses this structure internally for things like logging, so
      the memory used for callbacks must only be freed after sasl_dispose() has
      been called.
      
      During testing of successful SASL logins with
      virsh -c qemu+tls:///system list --all
      I've been getting invalid read reports from valgrind
      
      ==9237== Invalid read of size 8
      ==9237==    at 0x6E93B6F: _sasl_getcallback (common.c:1745)
      ==9237==    by 0x6E95430: _sasl_log (common.c:1850)
      ==9237==    by 0x16593D87: digestmd5_client_mech_dispose (digestmd5.c:4580)
      ==9237==    by 0x6E91653: client_dispose (client.c:332)
      ==9237==    by 0x6E9476A: sasl_dispose (common.c:851)
      ==9237==    by 0x4E225A1: virNetSASLSessionDispose (virnetsaslcontext.c:678)
      ==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
      ==9237==    by 0x4E254D1: virNetSocketDispose (virnetsocket.c:1042)
      ==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
      ==9237==    by 0x4E2701C: virNetSocketEventFree (virnetsocket.c:1794)
      ==9237==    by 0x4C965D3: virEventPollCleanupHandles (vireventpoll.c:583)
      ==9237==    by 0x4C96987: virEventPollRunOnce (vireventpoll.c:652)
      ==9237==    by 0x4C94730: virEventRunDefaultImpl (virevent.c:274)
      ==9237==    by 0x12C7BA: vshEventLoop (virsh.c:2407)
      ==9237==    by 0x4CD3D04: virThreadHelper (virthreadpthread.c:161)
      ==9237==    by 0x7DAEF32: start_thread (pthread_create.c:309)
      ==9237==    by 0x8C86EAC: clone (clone.S:111)
      ==9237==  Address 0xe2d61b0 is 0 bytes inside a block of size 168 free'd
      ==9237==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==9237==    by 0x4C73827: virFree (viralloc.c:580)
      ==9237==    by 0x4DE4BC7: remoteAuthSASL (remote_driver.c:4219)
      ==9237==    by 0x4DE33D0: remoteAuthenticate (remote_driver.c:3639)
      ==9237==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
      ==9237==    by 0x4DDC8DC: remoteConnectOpen (remote_driver.c:1031)
      ==9237==    by 0x4D8595F: do_open (libvirt.c:1239)
      ==9237==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
      ==9237==    by 0x12762B: vshReconnect (virsh.c:337)
      ==9237==    by 0x12C9B0: vshInit (virsh.c:2470)
      ==9237==    by 0x12E9A5: main (virsh.c:3338)
      
      This commit changes virNetSASLSessionNewClient() to take ownership of the SASL
      callbacks. Then we can free them in virNetSASLSessionDispose() after the corresponding
      sasl_conn_t has been freed.
      13fdc6d6
  8. 04 11月, 2013 1 次提交
    • R
      virnetsocket: fix getsockopt on FreeBSD · 8079b0e0
      Ryota Ozaki 提交于
      aa0f0992 introduced a strict error checking for getsockopt and it
      revealed that getting a peer credential of a socket on FreeBSD
      didn't work. Libvirtd hits the error:
        error : virNetSocketGetUNIXIdentity:1198 : Failed to get valid
        client socket identity groups
      
      SOL_SOCKET (0xffff) was used as a level of getsockopt for
      LOCAL_PEERCRED, however, it was wrong. 0 is correct as well as
      Mac OS X.
      
      So for LOCAL_PEERCRED our options are SOL_LOCAL (if defined) or
      0 on Mac OS X and FreeBSD. According to the fact, the patch
      simplifies the code by removing ifdef __APPLE__.
      
      I tested the patch on FreeBSD 8.4, 9.2 and 10.0-BETA1.
      Signed-off-by: NRyota Ozaki <ozaki.ryota@gmail.com>
      8079b0e0
  9. 03 11月, 2013 1 次提交
    • D
      MacOS: Handle changes to xdrproc_t definition · 9fa3a8ab
      Doug Goldstein 提交于
      With Mac OS X 10.9, xdrproc_t is no longer defined as:
      
      typedef bool_t (*xdrproc_t)(XDR *, ...);
      
      but instead as:
      
      typdef bool_t (*xdrproc_t)(XDR *, void *, unsigned int);
      
      For reference, Linux systems typically define it as:
      
      typedef bool_t (*xdrproc_t)(XDR *, void *, ...);
      
      The rationale explained in the header is that using a vararg is
      incorrect and has a potential to change the ABI slightly do to compiler
      optimizations taken and the undefined behavior. They decided
      to specify the exact number of parameters and for compatibility with old
      code decided to make the signature require 3 arguments. The third
      argument is ignored for cases that its not used and its recommended to
      supply a 0.
      9fa3a8ab
  10. 22 10月, 2013 2 次提交
  11. 21 10月, 2013 2 次提交
  12. 17 10月, 2013 1 次提交
    • B
      better error checking for LOCAL_PEERCRED · aa0f0992
      Brian Candler 提交于
      This patch improves the error checking in the LOCAL_PEERCRED version
      of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX.
      
      1. The error return paths now correctly unlock the socket. This is
      implemented in exactly the same way as the SO_PEERCRED version,
      using "goto cleanup"
      
      2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked
      for negative and overlarge values.
      
      This means that if the getsockopt() call returns success but doesn't
      actually update the xucred structure, this is now caught. This
      happened previously when getsockopt was called with SOL_SOCKET
      instead of SOL_LOCAL, prior to commit 5a468b38, and resulted in
      random uids being accepted.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      aa0f0992
  13. 16 10月, 2013 1 次提交
    • O
      rpc: Correct the wrong payload size checking · 0959785d
      Osier Yang 提交于
      <...>
      /* Size of message length field. Not counted in VIR_NET_MESSAGE_MAX
       * and VIR_NET_MESSAGE_INITIAL.
       */
      const VIR_NET_MESSAGE_LEN_MAX = 4;
      </...>
      
      However, msg->bufferLength includes the length word. The wrong checking
      was introduced by commit e914dcfd.
      
      * src/rpc/virnetmessage.c:
        - Correct the checking in virNetMessageEncodePayloadRaw
        - Use a new variable to track the new payload length in
          virNetMessageEncodePayloadRaw
      0959785d
  14. 11 10月, 2013 1 次提交
  15. 07 10月, 2013 2 次提交
    • C
      Adjust legacy max payload size to account for header information · 609eb987
      Claudio Bley 提交于
      Commit 27e81517 set the payload size to 256 KB, which is
      actually the max packet size, including the size of the header.
      
      Reduce this by VIR_NET_MESSAGE_HEADER_MAX (24) and set
      VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX to 262120, which was the original
      value before increasing the limit in commit eb635de1.
      609eb987
    • R
      rpc: fix getsockopt for LOCAL_PEERCRED on Mac OS X · 5a468b38
      Ryota Ozaki 提交于
      This fixes the following error:
        error : virGetUserEnt:703 : Failed to find user record for uid '32654'
      
      '32654' (it's random and varies) comes from getsockopt with
      LOCAL_PEERCRED option. getsockopt returns w/o error but seems
      to not set any value to the buffer for uid.
      
      For Mac OS X, LOCAL_PEERCRED has to be used with SOL_LOCAL level.
      With SOL_LOCAL, getsockopt returns a correct uid.
      
      Note that SOL_LOCAL can be found in
      /System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/un.h.
      Signed-off-by: NRyota Ozaki <ozaki.ryota@gmail.com>
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      5a468b38
  16. 01 10月, 2013 1 次提交
  17. 28 9月, 2013 3 次提交
  18. 24 9月, 2013 2 次提交
  19. 18 9月, 2013 1 次提交
  20. 05 9月, 2013 1 次提交
  21. 10 8月, 2013 1 次提交
  22. 09 8月, 2013 1 次提交
    • J
      virnettlscontext: Resolve Coverity warnings (UNINIT) · f905cc99
      John Ferlan 提交于
      Coverity complained about the usage of the uninitialized cacerts in the
      event(s) that "access(certFile, R_OK)" and/or "access(cacertFile, R_OK)"
      fail the for loop used to fill in the certs will have indeterminate data
      as well as the possibility that both failures would result in the
      gnutls_x509_crt_deinit() call having a similar fate.
      
      Initializing cacerts only would resolve the issue; however, it still
      would leave the indeterminate action, so rather add a parameter to
      the virNetTLSContextLoadCACertListFromFile() to pass the max size rather
      then overloading the returned count parameter. If the the call is never
      made, then we won't go through the for loops referencing the empty
      cacerts
      f905cc99
  23. 08 8月, 2013 2 次提交
    • D
      Add info about access control checks into API reference · 664ab280
      Daniel P. Berrange 提交于
      So that app developers / admins know what access control checks
      are performed for each API, this patch extends the API docs
      generator to include details of the ACLs for each.
      
      The gendispatch.pl script is extended so that it generates
      a simple XML describing ACL rules, eg.
      
        <aclinfo>
          ...
          <api name='virConnectNumOfDomains'>
            <check object='connect' perm='search_domains'/>
            <filter object='domain' perm='getattr'/>
          </api>
          <api name='virDomainAttachDeviceFlags'>
            <check object='domain' perm='write'/>
            <check object='domain' perm='save' flags='!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE'/>
            <check object='domain' perm='save' flags='VIR_DOMAIN_AFFECT_CONFIG'/>
          </api>
          ...
        </aclinfo>
      
      The newapi.xsl template loads the XML files containing the ACL
      rules and generates a short block of HTML for each API describing
      the parameter checks and return value filters (if any).
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      664ab280
    • D
      Fix validation of CA certificate chains · 31d41d92
      Daniel P. Berrange 提交于
      The code added to validate CA certificates did not take into
      account the possibility that the cacert.pem file can contain
      multiple (concatenated) cert data blocks. Extend the code for
      loading CA certs to use the gnutls APIs for loading cert lists.
      Add test cases to check that multi-level trees of certs will
      validate correctly.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      31d41d92
  24. 05 8月, 2013 2 次提交
    • M
      Introduce max_queued_clients · 1199edb1
      Michal Privoznik 提交于
      This configuration knob lets user to set the length of queue of
      connection requests waiting to be accept()-ed by the daemon. IOW, it
      just controls the @backlog passed to listen:
      
        int listen(int sockfd, int backlog);
      1199edb1
    • M
      RPC: Don't accept client if it would overcommit max_clients · 2737aaaf
      Michal Privoznik 提交于
      Currently, even if max_client limit is hit, we accept() incoming
      connection request, but close it immediately. This has disadvantage of
      not using listen() queue. We should accept() only those clients we
      know we can serve and let all other wait in the (limited) queue.
      2737aaaf