- 18 3月, 2014 6 次提交
-
-
由 Daniel P. Berrange 提交于
Any source file which calls the logging APIs now needs to have a VIR_LOG_INIT("source.name") declaration at the start of the file. This provides a static variable of the virLogSource type. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The dtrace probe macros rely on the logging API. We can't make the internal.h header include the virlog.h header though since that'd be a circular include. Instead simply split the dtrace probes into their own header file, since there's no compelling reason for them to be in the main internal.h header. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Michal Privoznik 提交于
Coverity spotted a use of possibly undefined variable. If a server is restarting as an result of update, the JSON file that keeps current value of some variables will not contain the new variables. This is the case of @max_anonymous_clients too. We are correctly querying if there's "max_anonymous_clients" in the JSON, however, we are not setting a sane default if there's none. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Martin Kletzander 提交于
Commit a1cbe4b5 added a check for spaces around assignments and this patch extends it to checks for spaces around '=='. One exception is virAssertCmpInt where comma after '==' is acceptable (since it is a macro and '==' is its argument). Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=992980 This config tunable allows users to determine the maximum number of accepted but yet not authenticated users. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
The counter gets incremented on each unauthenticated client added to the server and decremented whenever the client authenticates. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 10 3月, 2014 2 次提交
-
-
由 Ján Tomko 提交于
Some of these are leftovers from renaming the files, others are just typos. Also introduce an ugly awk script to enforce this.
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 24 2月, 2014 1 次提交
-
-
由 Michal Privoznik 提交于
Systemd does not forget about the cases, where client service needs to wait for daemon service to initialize and start accepting new clients. Setting a dependency in client is not enough as systemd doesn't know when the daemon has initialized itself and started accepting new clients. However, it offers a mechanism to solve this. The daemon needs to call a special systemd function by which the daemon tells "I'm ready to accept new clients". This is exactly what we need with libvirtd-guests (client) and libvirtd (daemon). So now, with this change, libvirt-guests.service is invoked not any sooner than libvirtd.service calls the systemd notify function. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 14 1月, 2014 1 次提交
-
-
由 Jiri Denemark 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When writing commit 173c2914, I missed the fact virNetServerClientClose unlocks the client object before actually clearing client->sock and thus it is possible to hit a window when client->keepalive is NULL while client->sock is not NULL. I was thinking client->sock == NULL was a better check for a closed connection but apparently we have to go with client->keepalive == NULL to actually fix the crash. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
- 13 1月, 2014 1 次提交
-
-
由 Jiri Denemark 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When a client closes its connection to libvirtd early during virConnectOpen, more specifically just after making REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for the result, libvirtd may crash due to a race in keep-alive initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, the daemon's event loop delegates it to a worker thread. In case the event loop detects EOF on the connection and calls virNetServerClientClose before the worker thread starts to handle REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be disposed by the time virNetServerClientStartKeepAlive gets called from remoteDispatchConnectSupportsFeature. Because the flow is common for both authenticated and read-only connections, even unprivileged clients may cause the daemon to crash. To avoid the crash, virNetServerClientStartKeepAlive needs to check if the connection is still open before starting keep-alive protocol. Every libvirt release since 0.9.8 is affected by this bug.
-
- 04 12月, 2013 2 次提交
-
-
由 John Ferlan 提交于
-
由 John Ferlan 提交于
The x509dname is only set inside a WITH_GNUTLS conditional, so when used/check later on for NULL, Coverity detects this is not possible. Added WITH_GNUTLS around uses to remove message
-
- 26 11月, 2013 2 次提交
-
-
由 Christophe Fergeau 提交于
virNetSASLSessionClientStep logs the data that is going to be passed to sasl_client_step as input data. However, it tries to log it as a string, while there is no guarantee that this data is going to be nul-terminated. This leads to this valgrind log: ==20938== Invalid read of size 1 ==20938== at 0x8BDB08F: vfprintf (vfprintf.c:1635) ==20938== by 0x8C06DF2: vasprintf (vasprintf.c:62) ==20938== by 0x4CCEDF9: virVasprintfInternal (virstring.c:337) ==20938== by 0x4CA9516: virLogVMessage (virlog.c:842) ==20938== by 0x4CA939A: virLogMessage (virlog.c:778) ==20938== by 0x4E21E0D: virNetSASLSessionClientStep (virnetsaslcontext.c:458) ==20938== by 0x4DE47B8: remoteAuthSASL (remote_driver.c:4136) ==20938== by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635) ==20938== by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832) ==20938== by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027) ==20938== by 0x4D8595F: do_open (libvirt.c:1239) ==20938== by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481) ==20938== by 0x12762B: vshReconnect (virsh.c:337) ==20938== by 0x12C9B0: vshInit (virsh.c:2470) ==20938== by 0x12E9A5: main (virsh.c:3338) ==20938== Address 0xe329ccd is 0 bytes after a block of size 141 alloc'd ==20938== at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==20938== by 0x8CB91B4: xdr_array (xdr_array.c:94) ==20938== by 0x4E039C2: xdr_remote_auth_sasl_start_ret (remote_protocol.c:3134) ==20938== by 0x4E1F8AA: virNetMessageDecodePayload (virnetmessage.c:405) ==20938== by 0x4E119F5: virNetClientProgramCall (virnetclientprogram.c:377) ==20938== by 0x4DF8141: callFull (remote_driver.c:5794) ==20938== by 0x4DF821A: call (remote_driver.c:5816) ==20938== by 0x4DE46CF: remoteAuthSASL (remote_driver.c:4112) ==20938== by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635) ==20938== by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832) ==20938== by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027) ==20938== by 0x4D8595F: do_open (libvirt.c:1239) ==20938== by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481) ==20938== by 0x12762B: vshReconnect (virsh.c:337) ==20938== by 0x12C9B0: vshInit (virsh.c:2470) ==20938== by 0x12E9A5: main (virsh.c:3338)
-
由 Christophe Fergeau 提交于
The array of sasl_callback_t callbacks which is passed to sasl_client_new() must be kept alive as long as the created sasl_conn_t object is alive as cyrus-sasl uses this structure internally for things like logging, so the memory used for callbacks must only be freed after sasl_dispose() has been called. During testing of successful SASL logins with virsh -c qemu+tls:///system list --all I've been getting invalid read reports from valgrind ==9237== Invalid read of size 8 ==9237== at 0x6E93B6F: _sasl_getcallback (common.c:1745) ==9237== by 0x6E95430: _sasl_log (common.c:1850) ==9237== by 0x16593D87: digestmd5_client_mech_dispose (digestmd5.c:4580) ==9237== by 0x6E91653: client_dispose (client.c:332) ==9237== by 0x6E9476A: sasl_dispose (common.c:851) ==9237== by 0x4E225A1: virNetSASLSessionDispose (virnetsaslcontext.c:678) ==9237== by 0x4CBC551: virObjectUnref (virobject.c:262) ==9237== by 0x4E254D1: virNetSocketDispose (virnetsocket.c:1042) ==9237== by 0x4CBC551: virObjectUnref (virobject.c:262) ==9237== by 0x4E2701C: virNetSocketEventFree (virnetsocket.c:1794) ==9237== by 0x4C965D3: virEventPollCleanupHandles (vireventpoll.c:583) ==9237== by 0x4C96987: virEventPollRunOnce (vireventpoll.c:652) ==9237== by 0x4C94730: virEventRunDefaultImpl (virevent.c:274) ==9237== by 0x12C7BA: vshEventLoop (virsh.c:2407) ==9237== by 0x4CD3D04: virThreadHelper (virthreadpthread.c:161) ==9237== by 0x7DAEF32: start_thread (pthread_create.c:309) ==9237== by 0x8C86EAC: clone (clone.S:111) ==9237== Address 0xe2d61b0 is 0 bytes inside a block of size 168 free'd ==9237== at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==9237== by 0x4C73827: virFree (viralloc.c:580) ==9237== by 0x4DE4BC7: remoteAuthSASL (remote_driver.c:4219) ==9237== by 0x4DE33D0: remoteAuthenticate (remote_driver.c:3639) ==9237== by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832) ==9237== by 0x4DDC8DC: remoteConnectOpen (remote_driver.c:1031) ==9237== by 0x4D8595F: do_open (libvirt.c:1239) ==9237== by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481) ==9237== by 0x12762B: vshReconnect (virsh.c:337) ==9237== by 0x12C9B0: vshInit (virsh.c:2470) ==9237== by 0x12E9A5: main (virsh.c:3338) This commit changes virNetSASLSessionNewClient() to take ownership of the SASL callbacks. Then we can free them in virNetSASLSessionDispose() after the corresponding sasl_conn_t has been freed.
-
- 04 11月, 2013 1 次提交
-
-
由 Ryota Ozaki 提交于
aa0f0992 introduced a strict error checking for getsockopt and it revealed that getting a peer credential of a socket on FreeBSD didn't work. Libvirtd hits the error: error : virNetSocketGetUNIXIdentity:1198 : Failed to get valid client socket identity groups SOL_SOCKET (0xffff) was used as a level of getsockopt for LOCAL_PEERCRED, however, it was wrong. 0 is correct as well as Mac OS X. So for LOCAL_PEERCRED our options are SOL_LOCAL (if defined) or 0 on Mac OS X and FreeBSD. According to the fact, the patch simplifies the code by removing ifdef __APPLE__. I tested the patch on FreeBSD 8.4, 9.2 and 10.0-BETA1. Signed-off-by: NRyota Ozaki <ozaki.ryota@gmail.com>
-
- 03 11月, 2013 1 次提交
-
-
由 Doug Goldstein 提交于
With Mac OS X 10.9, xdrproc_t is no longer defined as: typedef bool_t (*xdrproc_t)(XDR *, ...); but instead as: typdef bool_t (*xdrproc_t)(XDR *, void *, unsigned int); For reference, Linux systems typically define it as: typedef bool_t (*xdrproc_t)(XDR *, void *, ...); The rationale explained in the header is that using a vararg is incorrect and has a potential to change the ABI slightly do to compiler optimizations taken and the undefined behavior. They decided to specify the exact number of parameters and for compatibility with old code decided to make the signature require 3 arguments. The third argument is ignored for cases that its not used and its recommended to supply a 0.
-
- 22 10月, 2013 2 次提交
-
-
由 Doug Goldstein 提交于
While LOCAL_PEERCRED on the BSDs does not return the pid information of the peer, Mac OS X 10.8 added LOCAL_PEERPID to retrieve the pid so we should use that when its available to get that information.
-
由 Michal Privoznik 提交于
There are still two places where we are using 1bit width unsigned integer to store a boolean. There's no real need for this and these occurrences can be replaced with 'bool'. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 21 10月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Unconditional use of getenv is not secure in setuid env. While not all libvirt code runs in a setuid env (since much of it only exists inside libvirtd) this is not always clear to developers. So make all the code paranoid, even if it only ever runs inside libvirtd. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
When running setuid, we must be careful about what env vars we allow commands to inherit from us. Replace the virCommandAddEnvPass function with two new ones which do filtering virCommandAddEnvPassAllowSUID virCommandAddEnvPassBlockSUID And make virCommandAddEnvPassCommon use the appropriate ones Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 17 10月, 2013 1 次提交
-
-
由 Brian Candler 提交于
This patch improves the error checking in the LOCAL_PEERCRED version of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX. 1. The error return paths now correctly unlock the socket. This is implemented in exactly the same way as the SO_PEERCRED version, using "goto cleanup" 2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked for negative and overlarge values. This means that if the getsockopt() call returns success but doesn't actually update the xucred structure, this is now caught. This happened previously when getsockopt was called with SOL_SOCKET instead of SOL_LOCAL, prior to commit 5a468b38, and resulted in random uids being accepted. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 16 10月, 2013 1 次提交
-
-
由 Osier Yang 提交于
<...> /* Size of message length field. Not counted in VIR_NET_MESSAGE_MAX * and VIR_NET_MESSAGE_INITIAL. */ const VIR_NET_MESSAGE_LEN_MAX = 4; </...> However, msg->bufferLength includes the length word. The wrong checking was introduced by commit e914dcfd. * src/rpc/virnetmessage.c: - Correct the checking in virNetMessageEncodePayloadRaw - Use a new variable to track the new payload length in virNetMessageEncodePayloadRaw
-
- 11 10月, 2013 1 次提交
-
-
由 Doug Goldstein 提交于
Since 5a468b38 we use SOL_LOCAL for the 2nd argument of getsockopt() however Lion added the define SOL_LOCAL set to 0, which is the value to the 2nd argument of getsockopt() for Unix sockets on Mac OS X. So instead of using the define just pass 0 so we restore compatibility with Snow Leopard and Leopard. Reported at https://github.com/mxcl/homebrew/pull/23141
-
- 07 10月, 2013 2 次提交
-
-
由 Claudio Bley 提交于
Commit 27e81517 set the payload size to 256 KB, which is actually the max packet size, including the size of the header. Reduce this by VIR_NET_MESSAGE_HEADER_MAX (24) and set VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX to 262120, which was the original value before increasing the limit in commit eb635de1.
-
由 Ryota Ozaki 提交于
This fixes the following error: error : virGetUserEnt:703 : Failed to find user record for uid '32654' '32654' (it's random and varies) comes from getsockopt with LOCAL_PEERCRED option. getsockopt returns w/o error but seems to not set any value to the buffer for uid. For Mac OS X, LOCAL_PEERCRED has to be used with SOL_LOCAL level. With SOL_LOCAL, getsockopt returns a correct uid. Note that SOL_LOCAL can be found in /System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/un.h. Signed-off-by: NRyota Ozaki <ozaki.ryota@gmail.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 01 10月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirtd server pushes data out to clients. It does not know what protocol version the client might have, so must be conservative and use the old payload limits. ie send no more than 256kb of data per packet. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 28 9月, 2013 3 次提交
-
-
由 Michal Privoznik 提交于
On some systems (linux, cygwin and gnukfreebsd) rpcgen generates files which when compiling produces this warning: remote/remote_protocol.c: In function 'xdr_remote_node_get_cpu_stats_ret': remote/remote_protocol.c:530: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] Hence, on those systems we need to post-process the files by the rpc/genprotocol.pl perl script. At the beginning of the script the OS is detected via $^O perl variable. From my latest build on FreeBSD I see we need to fix the code there too. On FreeBSD the variable contains 'freebsd' string: http://perldoc.perl.org/perlport.html#PLATFORMSSigned-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Doug Goldstein 提交于
While BSDs don't support process creation timestamp information via PEERCRED for Unix sockets, we need to actually initialize the value because it is used by the libvirt code.
-
由 Doug Goldstein 提交于
Ensure that the socket credentials we got back on BSD are valid before using them.
-
- 24 9月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
To allow creation of a virNetSocketPtr instance from a pre-opened socketpair FD, add a virNetSocketNewConnectSockFD method. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The fix for CVE-2013-4311 had a pre-requisite enhancement to the identity code commit db7a5688 Author: Daniel P. Berrange <berrange@redhat.com> Date: Thu Aug 22 16:00:01 2013 +0100 Also store user & group ID values in virIdentity This had a typo which caused the group ID to overwrite the user ID string. This meant any checks using this would have the wrong ID value. This only affected the ACL code, not the initial polkit auth. It also leaked memory. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 18 9月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Future improvements to the polkit code will require access to the numeric user ID, not merely user name. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 05 9月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 10 8月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The gendispatch.pl script puts comments at the top of files it creates, saying that it auto-generated them. Also include the name of the source data file which it reads when doing the auto-generation. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 09 8月, 2013 1 次提交
-
-
由 John Ferlan 提交于
Coverity complained about the usage of the uninitialized cacerts in the event(s) that "access(certFile, R_OK)" and/or "access(cacertFile, R_OK)" fail the for loop used to fill in the certs will have indeterminate data as well as the possibility that both failures would result in the gnutls_x509_crt_deinit() call having a similar fate. Initializing cacerts only would resolve the issue; however, it still would leave the indeterminate action, so rather add a parameter to the virNetTLSContextLoadCACertListFromFile() to pass the max size rather then overloading the returned count parameter. If the the call is never made, then we won't go through the for loops referencing the empty cacerts
-
- 08 8月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
So that app developers / admins know what access control checks are performed for each API, this patch extends the API docs generator to include details of the ACLs for each. The gendispatch.pl script is extended so that it generates a simple XML describing ACL rules, eg. <aclinfo> ... <api name='virConnectNumOfDomains'> <check object='connect' perm='search_domains'/> <filter object='domain' perm='getattr'/> </api> <api name='virDomainAttachDeviceFlags'> <check object='domain' perm='write'/> <check object='domain' perm='save' flags='!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE'/> <check object='domain' perm='save' flags='VIR_DOMAIN_AFFECT_CONFIG'/> </api> ... </aclinfo> The newapi.xsl template loads the XML files containing the ACL rules and generates a short block of HTML for each API describing the parameter checks and return value filters (if any). Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The code added to validate CA certificates did not take into account the possibility that the cacert.pem file can contain multiple (concatenated) cert data blocks. Extend the code for loading CA certs to use the gnutls APIs for loading cert lists. Add test cases to check that multi-level trees of certs will validate correctly. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 05 8月, 2013 2 次提交
-
-
由 Michal Privoznik 提交于
This configuration knob lets user to set the length of queue of connection requests waiting to be accept()-ed by the daemon. IOW, it just controls the @backlog passed to listen: int listen(int sockfd, int backlog);
-
由 Michal Privoznik 提交于
Currently, even if max_client limit is hit, we accept() incoming connection request, but close it immediately. This has disadvantage of not using listen() queue. We should accept() only those clients we know we can serve and let all other wait in the (limited) queue.
-