- 08 8月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The code added to validate CA certificates did not take into account the possibility that the cacert.pem file can contain multiple (concatenated) cert data blocks. Extend the code for loading CA certs to use the gnutls APIs for loading cert lists. Add test cases to check that multi-level trees of certs will validate correctly. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 11 7月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Convert the type of loop iterators named 'i', 'j', k', 'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or 'unsigned int', also santizing 'ii', 'jj', 'kk' to use the normal 'i', 'j', 'k' naming Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 10 7月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 30 5月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Bummer, I committed, then fixed a typo, then tested, and forgot to amend the commit before pushing 7d21d6b6. * src/rpc/virnettlscontext.c (includes): Use correct spelling.
-
- 29 5月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Building with gnutls 3.2.0 (such as shipped with current cygwin) fails with: rpc/virnettlscontext.c: In function 'virNetTLSSessionGetKeySize': rpc/virnettlscontext.c:1358:5: error: implicit declaration of function 'gnutls_cipher_get_key_size' [-Wimplicit-function-declaration] Yeah, it's stupid that gnutls broke API by moving their declaration into a new header without including that header from the old one, but it's easy enough to work around, all without breaking on gnutls 1.4.1 (hello RHEL 5) that lacked the new header. * configure.ac (gnutls): Check for <gnutls/crypto.h>. * src/rpc/virnettlscontext.c (includes): Include additional header. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 23 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 22 5月, 2013 1 次提交
-
-
由 Osier Yang 提交于
Only a few cases are allowed: 1) The expression is empty for "for" loop, E.g. for (i = 0; ; i++) 2) An empty statement while (write(statuswrite, &status, 1) == -1 && errno == EINTR) ; /* empty */ 3) ";" is inside double-quote, I.e, as part of const string. E.g. vshPrint(ctl, "a ; b ; cd;\n"); The "for" loop in src/rpc/virnettlscontext.c is the special case, 1) applies for it, so change it together in this patch.
-
- 11 5月, 2013 1 次提交
-
-
由 Laine Stump 提交于
These all existed before virfile.c was created, and for some reason weren't moved. This is mostly straightfoward, although the syntax rule prohibiting write() had to be changed to have an exception for virfile.c instead of virutil.c. This movement pointed out that there is a function called virBuildPath(), and another almost identical function called virFileBuildPath(). They really should be a single function, which I'll take care of as soon as I figure out what the arglist should look like.
-
- 02 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
The source code base needs to be adapted as well. Some files include virutil.h just for the string related functions (here, the include is substituted to match the new file), some include virutil.h without any need (here, the include is removed), and some require both.
-
- 19 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
A socket object has various pieces of security data associated with it, such as the SELinux context, the SASL username and the x509 distinguished name. Add new APIs to virNetServerClient and related modules to access this data. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
When converting to virObject, the probes on the 'Free' functions were removed on the basis that there is a probe on virObjectFree that suffices. This puts a burden on people writing probe scripts to identify which object is being dispose. This adds back probes in the 'Dispose' functions and updates the rpc monitor systemtap example to use them Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 08 2月, 2013 1 次提交
-
-
由 John Ferlan 提交于
Need to initialize 'usage' and 'critical' since the VIR_DEBUG will attempt to use them.
-
- 06 2月, 2013 1 次提交
-
-
由 John Ferlan 提交于
Keep Coverity happy by passing a pointer to 'dname' rather than the array itself. The PROBE expansion would cause a BAD_SIZEOF.
-
- 16 1月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
Currently all classes must directly inherit from virObject. This allows for arbitrarily deep hierarchy. There's not much to this aside from chaining up the 'dispose' handlers from each class & providing APIs to check types. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 12月, 2012 5 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
- 02 11月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirt coding standard is to use 'function(...args...)' instead of 'function (...args...)'. A non-trivial number of places did not follow this rule and are fixed in this patch. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 12 10月, 2012 1 次提交
-
-
由 Ján Tomko 提交于
-
- 21 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
-
- 13 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
I got an off-list report about a bad diagnostic: Target network card mac 52:54:00:49:07:ccdoes not match source 52:54:00:49:07:b8 True to form, I've added a syntax check rule to prevent it from recurring, and found several other offenders. * cfg.mk (sc_require_whitespace_in_translation): New rule. * src/conf/domain_conf.c (virDomainNetDefCheckABIStability): Add space. * src/esx/esx_util.c (esxUtil_ParseUri): Likewise. * src/qemu/qemu_command.c (qemuCollectPCIAddress): Likewise. * src/qemu/qemu_driver.c (qemuDomainSetMetadata) (qemuDomainGetMetadata): Likewise. * src/qemu/qemu_hotplug.c (qemuDomainChangeNetBridge): Likewise. * src/rpc/virnettlscontext.c (virNetTLSContextCheckCertDNWhitelist): Likewise. * src/vmware/vmware_driver.c (vmwareDomainResume): Likewise. * src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc, vboxAttachDrives): Avoid false negatives. * tools/virsh-domain.c (info_save_image_dumpxml): Reword. Based on a report by Luwen Su.
-
- 07 8月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Make virNetTLSContext and virNetTLSSession use the virObject APIs for reference counting Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 23 7月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
-
- 18 7月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
This rmoves all the per-file error reporting macros from the code in src/rpc/ Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 28 5月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Remove the uid param from virGetUserConfigDirectory, virGetUserCacheDirectory, virGetUserRuntimeDirectory, and virGetUserDirectory These functions were universally called with the results of getuid() or geteuid(). To make it practical to port to Win32, remove the uid parameter and hardcode geteuid() Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 10 4月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 11 10月, 2011 3 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirtd daemon had a few crude system tap probes. Some of these were broken during the RPC rewrite. The new modular RPC code is structured in a way that allows much more effective tracing. Instead of trying to hook up the original probes, define a new set of probes for the RPC and event code. The master probes file is now src/probes.d. This contains probes for virNetServerClientPtr, virNetClientPtr, virSocketPtr virNetTLSContextPtr and virNetTLSSessionPtr modules. Also add probes for the poll event loop. The src/dtrace2systemtap.pl script can convert the probes.d file into a libvirt_probes.stp file to make use from systemtap much simpler. The src/rpc/gensystemtap.pl script can generate a set of systemtap functions for translating RPC enum values into printable strings. This works for all RPC header enums (program, type, status, procedure) and also the authentication enum The PROBE macro will automatically generate a VIR_DEBUG statement, so any place with a PROBE can remove any existing manual DEBUG statements. * daemon/libvirtd.stp, daemon/probes.d: Remove obsolete probing * daemon/libvirtd.h: Remove probe macros * daemon/Makefile.am: Remove all probe buildings/install * daemon/remote.c: Update authentication probes * src/dtrace2systemtap.pl, src/rpc/gensystemtap.pl: Scripts to generate STP files * src/internal.h: Add probe macros * src/probes.d: Master list of probes * src/rpc/virnetclient.c, src/rpc/virnetserverclient.c, src/rpc/virnetsocket.c, src/rpc/virnettlscontext.c, src/util/event_poll.c: Insert probe points, removing any DEBUG statements that duplicate the info
-
由 Daniel P. Berrange 提交于
The virNetTLSContextRef API forgot to acquire/release the lock while changing ctxt->refs * src/rpc/virnettlscontext.c: Add lock calls
-
由 Daniel P. Berrange 提交于
Pull the call to gnutls_x509_crt_get_dn up into a higher function so that the 'dname' variable will be available for probe points * src/rpc/virnettlscontext.c: Pull gnutls_x509_crt_get_dn up one level
-
- 27 9月, 2011 1 次提交
-
-
由 Michal Privoznik 提交于
as they are not used with debugging turned off.
-
- 08 9月, 2011 1 次提交
-
-
由 Alex Jia 提交于
* src/rpc/virnettlscontext.c: fix memory leak on virNetTLSContextValidCertificate. * Detected in valgrind run: ==25667== ==25667== 6,085 (44 direct, 6,041 indirect) bytes in 1 blocks are definitely lost in loss record 326 of 351 ==25667== at 0x4005447: calloc (vg_replace_malloc.c:467) ==25667== by 0x4F2791F3: _asn1_add_node_only (structure.c:53) ==25667== by 0x4F27997A: _asn1_copy_structure3 (structure.c:421) ==25667== by 0x4F276A50: _asn1_append_sequence_set (element.c:144) ==25667== by 0x4F2743FF: asn1_der_decoding (decoding.c:1194) ==25667== by 0x4F22B9CC: gnutls_x509_crt_import (x509.c:229) ==25667== by 0x805274B: virNetTLSContextCheckCertificate (virnettlscontext.c:1009) ==25667== by 0x804DE32: testTLSSessionInit (virnettlscontexttest.c:693) ==25667== by 0x804F14D: virtTestRun (testutils.c:140) ==25667== ==25667== 23,188 (88 direct, 23,100 indirect) bytes in 11 blocks are definitely lost in loss record 346 of 351 ==25667== at 0x4005447: calloc (vg_replace_malloc.c:467) ==25667== by 0x4F22B841: gnutls_x509_crt_init (x509.c:50) ==25667== by 0x805272B: virNetTLSContextCheckCertificate (virnettlscontext.c:1003) ==25667== by 0x804DDD1: testTLSSessionInit (virnettlscontexttest.c:673) ==25667== by 0x804F14D: virtTestRun (testutils.c:140) * How to reproduce? % cd libvirt && ./configure && make && make -C tests valgrind or % valgrind -v --leak-check=full ./tests/virnettlscontexttest Signed-off-by: NAlex Jia <ajia@redhat.com>
-
- 25 8月, 2011 1 次提交
-
-
由 Michal Privoznik 提交于
My previous patch 74c75671 introduced a regression by removing TLS initialization from client.
-
- 19 8月, 2011 1 次提交
-
-
由 Michal Privoznik 提交于
When spice_tls is set but listen_tls is not, we don't initialize GnuTLS library. So any later gnutls call (e.g. during migration, where we initialize a certificate) will access uninitialized GnuTLS internal structs and throws an error. Although, we might now initialize GnuTLS twice, it is safe according to the documentation: This function can be called many times, but will only do something the first time. This patch creates 2 functions: virNetTLSInit and virNetTLSDeinit with respect to written above.
-
- 03 8月, 2011 2 次提交
-
-
由 Eric Blake 提交于
Detected by Coverity. Freeing the wrong variable results in both a memory leak and the likelihood of the caller dereferencing through a freed pointer. * src/rpc/virnettlscontext.c (virNetTLSSessionNew): Free correct variable.
-
由 Eric Blake 提交于
Spotted by Coverity. Gnutls documents that buffer must be NULL if gnutls_x509_crt_get_key_purpose_oid is to be used to determine the correct size needed for allocating a buffer. * src/rpc/virnettlscontext.c (virNetTLSContextCheckCertKeyPurpose): Initialize buffer.
-
- 26 7月, 2011 2 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
The virNetSASLContext, virNetSASLSession, virNetTLSContext and virNetTLSSession classes previously relied in their owners (virNetClient / virNetServer / virNetServerClient) to provide locking protection for concurrent usage. When virNetSocket gained its own locking code, this invalidated the implicit safety the SASL/TLS modules relied on. Thus we need to give them all explicit locking of their own via new mutexes. * src/rpc/virnetsaslcontext.c, src/rpc/virnettlscontext.c: Add a mutex per object
-