1. 08 8月, 2013 1 次提交
    • D
      Fix validation of CA certificate chains · 31d41d92
      Daniel P. Berrange 提交于
      The code added to validate CA certificates did not take into
      account the possibility that the cacert.pem file can contain
      multiple (concatenated) cert data blocks. Extend the code for
      loading CA certs to use the gnutls APIs for loading cert lists.
      Add test cases to check that multi-level trees of certs will
      validate correctly.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      31d41d92
  2. 11 7月, 2013 1 次提交
  3. 10 7月, 2013 1 次提交
  4. 30 5月, 2013 1 次提交
    • E
      build: fix typo in earlier commit · 1cd97c7a
      Eric Blake 提交于
      Bummer, I committed, then fixed a typo, then tested, and forgot to
      amend the commit before pushing 7d21d6b6.
      
      * src/rpc/virnettlscontext.c (includes): Use correct spelling.
      1cd97c7a
  5. 29 5月, 2013 1 次提交
    • E
      build: fix build with newer gnutls · 7d21d6b6
      Eric Blake 提交于
      Building with gnutls 3.2.0 (such as shipped with current cygwin) fails
      with:
      
      rpc/virnettlscontext.c: In function 'virNetTLSSessionGetKeySize':
      rpc/virnettlscontext.c:1358:5: error: implicit declaration of function 'gnutls_cipher_get_key_size' [-Wimplicit-function-declaration]
      
      Yeah, it's stupid that gnutls broke API by moving their declaration
      into a new header without including that header from the old one,
      but it's easy enough to work around, all without breaking on gnutls
      1.4.1 (hello RHEL 5) that lacked the new header.
      
      * configure.ac (gnutls): Check for <gnutls/crypto.h>.
      * src/rpc/virnettlscontext.c (includes): Include additional header.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      7d21d6b6
  6. 23 5月, 2013 1 次提交
  7. 22 5月, 2013 1 次提交
    • O
      syntax-check: Add the rule to forbid whitespace before ";" · ba0880b2
      Osier Yang 提交于
      Only a few cases are allowed:
      
      1) The expression is empty for "for" loop, E.g.
      
        for (i = 0; ; i++)
      
      2) An empty statement
      
        while (write(statuswrite, &status, 1) == -1 &&
               errno == EINTR)
            ; /* empty */
      
      3) ";" is inside double-quote, I.e, as part of const string. E.g.
      
        vshPrint(ctl, "a ; b ; cd;\n");
      
      The "for" loop in src/rpc/virnettlscontext.c is the special case,
      1) applies for it, so change it together in this patch.
      ba0880b2
  8. 11 5月, 2013 1 次提交
    • L
      util: move virFile* functions from virutil.c to virfile.c · bfe7721d
      Laine Stump 提交于
      These all existed before virfile.c was created, and for some reason
      weren't moved.
      
      This is mostly straightfoward, although the syntax rule prohibiting
      write() had to be changed to have an exception for virfile.c instead
      of virutil.c.
      
      This movement pointed out that there is a function called
      virBuildPath(), and another almost identical function called
      virFileBuildPath(). They really should be a single function, which
      I'll take care of as soon as I figure out what the arglist should look
      like.
      bfe7721d
  9. 02 5月, 2013 1 次提交
    • M
      virutil: Move string related functions to virstring.c · 7c9a2d88
      Michal Privoznik 提交于
      The source code base needs to be adapted as well. Some files
      include virutil.h just for the string related functions (here,
      the include is substituted to match the new file), some include
      virutil.h without any need (here, the include is removed), and
      some require both.
      7c9a2d88
  10. 19 3月, 2013 1 次提交
  11. 14 3月, 2013 1 次提交
    • D
      Re-add DTrace probes on 'dispose' functions · ad9ea4a9
      Daniel P. Berrange 提交于
      When converting to virObject, the probes on the 'Free' functions
      were removed on the basis that there is a probe on virObjectFree
      that suffices. This puts a burden on people writing probe scripts
      to identify which object is being dispose. This adds back probes
      in the 'Dispose' functions and updates the rpc monitor systemtap
      example to use them
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      ad9ea4a9
  12. 08 2月, 2013 1 次提交
  13. 06 2月, 2013 1 次提交
  14. 16 1月, 2013 2 次提交
  15. 21 12月, 2012 5 次提交
  16. 02 11月, 2012 1 次提交
  17. 12 10月, 2012 1 次提交
  18. 21 9月, 2012 1 次提交
  19. 13 9月, 2012 1 次提交
    • E
      maint: fix missing spaces in message · 2387aa26
      Eric Blake 提交于
      I got an off-list report about a bad diagnostic:
      Target network card mac 52:54:00:49:07:ccdoes not match source 52:54:00:49:07:b8
      
      True to form, I've added a syntax check rule to prevent it
      from recurring, and found several other offenders.
      
      * cfg.mk (sc_require_whitespace_in_translation): New rule.
      * src/conf/domain_conf.c (virDomainNetDefCheckABIStability): Add
      space.
      * src/esx/esx_util.c (esxUtil_ParseUri): Likewise.
      * src/qemu/qemu_command.c (qemuCollectPCIAddress): Likewise.
      * src/qemu/qemu_driver.c (qemuDomainSetMetadata)
      (qemuDomainGetMetadata): Likewise.
      * src/qemu/qemu_hotplug.c (qemuDomainChangeNetBridge): Likewise.
      * src/rpc/virnettlscontext.c
      (virNetTLSContextCheckCertDNWhitelist): Likewise.
      * src/vmware/vmware_driver.c (vmwareDomainResume): Likewise.
      * src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc, vboxAttachDrives):
      Avoid false negatives.
      * tools/virsh-domain.c (info_save_image_dumpxml): Reword.
      Based on a report by Luwen Su.
      2387aa26
  20. 07 8月, 2012 1 次提交
  21. 23 7月, 2012 1 次提交
    • O
      Desert the FSF address in copyright · f9ce7dad
      Osier Yang 提交于
      Per the FSF address could be changed from time to time, and GNU
      recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)
      
        You should have received a copy of the GNU General Public License
        along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
      
      This patch removes the explicit FSF address, and uses above instead
      (of course, with inserting 'Lesser' before 'General').
      
      Except a bunch of files for security driver, all others are changed
      automatically, the copyright for securify files are not complete,
      that's why to do it manually:
      
        src/security/security_selinux.h
        src/security/security_driver.h
        src/security/security_selinux.c
        src/security/security_apparmor.h
        src/security/security_apparmor.c
        src/security/security_driver.c
      f9ce7dad
  22. 18 7月, 2012 1 次提交
  23. 28 5月, 2012 1 次提交
  24. 10 4月, 2012 1 次提交
  25. 11 10月, 2011 3 次提交
    • D
      Rewrite all the DTrace/SystemTAP probing · ddf3bd32
      Daniel P. Berrange 提交于
      The libvirtd daemon had a few crude system tap probes. Some of
      these were broken during the RPC rewrite. The new modular RPC
      code is structured in a way that allows much more effective
      tracing. Instead of trying to hook up the original probes,
      define a new set of probes for the RPC and event code.
      
      The master probes file is now src/probes.d.  This contains
      probes for virNetServerClientPtr, virNetClientPtr, virSocketPtr
      virNetTLSContextPtr and virNetTLSSessionPtr modules. Also add
      probes for the poll event loop.
      
      The src/dtrace2systemtap.pl script can convert the probes.d
      file into a libvirt_probes.stp file to make use from systemtap
      much simpler.
      
      The src/rpc/gensystemtap.pl script can generate a set of
      systemtap functions for translating RPC enum values into
      printable strings. This works for all RPC header enums (program,
      type, status, procedure) and also the authentication enum
      
      The PROBE macro will automatically generate a VIR_DEBUG
      statement, so any place with a PROBE can remove any existing
      manual DEBUG statements.
      
      * daemon/libvirtd.stp, daemon/probes.d: Remove obsolete probing
      * daemon/libvirtd.h: Remove probe macros
      * daemon/Makefile.am: Remove all probe buildings/install
      * daemon/remote.c: Update authentication probes
      * src/dtrace2systemtap.pl, src/rpc/gensystemtap.pl: Scripts
        to generate STP files
      * src/internal.h: Add probe macros
      * src/probes.d: Master list of probes
      * src/rpc/virnetclient.c, src/rpc/virnetserverclient.c,
        src/rpc/virnetsocket.c, src/rpc/virnettlscontext.c,
        src/util/event_poll.c: Insert probe points, removing any
        DEBUG statements that duplicate the info
      ddf3bd32
    • D
      Fix missing lock calls on virNetTLSContextRef · bc7b8c7e
      Daniel P. Berrange 提交于
      The virNetTLSContextRef API forgot to acquire/release the lock
      while changing ctxt->refs
      
      * src/rpc/virnettlscontext.c: Add lock calls
      bc7b8c7e
    • D
      Refactor TLS to facilitate dynamic probing · 5bcbb390
      Daniel P. Berrange 提交于
      Pull the call to gnutls_x509_crt_get_dn up into a higher function
      so that the 'dname' variable will be available for probe points
      
      * src/rpc/virnettlscontext.c: Pull gnutls_x509_crt_get_dn up
        one level
      5bcbb390
  26. 27 9月, 2011 1 次提交
  27. 08 9月, 2011 1 次提交
    • A
      rpc: avoid memory leak on virNetTLSContextValidCertificate · db8ffc2d
      Alex Jia 提交于
      * src/rpc/virnettlscontext.c: fix memory leak on
        virNetTLSContextValidCertificate.
      
      * Detected in valgrind run:
      
      ==25667==
      ==25667== 6,085 (44 direct, 6,041 indirect) bytes in 1 blocks are definitely
      lost in loss record 326 of 351
      ==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
      ==25667==    by 0x4F2791F3: _asn1_add_node_only (structure.c:53)
      ==25667==    by 0x4F27997A: _asn1_copy_structure3 (structure.c:421)
      ==25667==    by 0x4F276A50: _asn1_append_sequence_set (element.c:144)
      ==25667==    by 0x4F2743FF: asn1_der_decoding (decoding.c:1194)
      ==25667==    by 0x4F22B9CC: gnutls_x509_crt_import (x509.c:229)
      ==25667==    by 0x805274B: virNetTLSContextCheckCertificate
      (virnettlscontext.c:1009)
      ==25667==    by 0x804DE32: testTLSSessionInit (virnettlscontexttest.c:693)
      ==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
      ==25667==
      ==25667== 23,188 (88 direct, 23,100 indirect) bytes in 11 blocks are definitely
      lost in loss record 346 of 351
      ==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
      ==25667==    by 0x4F22B841: gnutls_x509_crt_init (x509.c:50)
      ==25667==    by 0x805272B: virNetTLSContextCheckCertificate
      (virnettlscontext.c:1003)
      ==25667==    by 0x804DDD1: testTLSSessionInit (virnettlscontexttest.c:673)
      ==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
      
      * How to reproduce?
      % cd libvirt && ./configure && make && make -C tests valgrind
      or
      % valgrind -v --leak-check=full ./tests/virnettlscontexttest
      Signed-off-by: NAlex Jia <ajia@redhat.com>
      db8ffc2d
  28. 25 8月, 2011 1 次提交
  29. 19 8月, 2011 1 次提交
    • M
      daemon: initialize GnuTLS · 74c75671
      Michal Privoznik 提交于
      When spice_tls is set but listen_tls is not, we don't initialize
      GnuTLS library. So any later gnutls call (e.g. during migration,
      where we initialize a certificate) will access uninitialized GnuTLS
      internal structs and throws an error.
      
      Although, we might now initialize GnuTLS twice, it is safe according
      to the documentation:
      
          This function can be called many times,
          but will only do something the first time.
      
      This patch creates 2 functions: virNetTLSInit and virNetTLSDeinit
      with respect to written above.
      74c75671
  30. 03 8月, 2011 2 次提交
    • E
      rpc: avoid crash on error · ed246fbb
      Eric Blake 提交于
      Detected by Coverity.  Freeing the wrong variable results in both
      a memory leak and the likelihood of the caller dereferencing through
      a freed pointer.
      
      * src/rpc/virnettlscontext.c (virNetTLSSessionNew): Free correct
      variable.
      ed246fbb
    • E
      rpc: avoid uninitialized memory use · 3157d78f
      Eric Blake 提交于
      Spotted by Coverity.  Gnutls documents that buffer must be NULL
      if gnutls_x509_crt_get_key_purpose_oid is to be used to determine
      the correct size needed for allocating a buffer.
      
      * src/rpc/virnettlscontext.c
      (virNetTLSContextCheckCertKeyPurpose): Initialize buffer.
      3157d78f
  31. 26 7月, 2011 2 次提交
    • D
      Fix build with gnutls 1.0.x branch · 4d349ef7
      Daniel P. Berrange 提交于
      4d349ef7
    • D
      Add mutex protection to SASL and TLS modules · 5622830c
      Daniel P. Berrange 提交于
      The virNetSASLContext, virNetSASLSession, virNetTLSContext and
      virNetTLSSession classes previously relied in their owners
      (virNetClient / virNetServer / virNetServerClient) to provide
      locking protection for concurrent usage. When virNetSocket
      gained its own locking code, this invalidated the implicit
      safety the SASL/TLS modules relied on. Thus we need to give
      them all explicit locking of their own via new mutexes.
      
      * src/rpc/virnetsaslcontext.c, src/rpc/virnettlscontext.c: Add
        a mutex per object
      5622830c