It is useful to know where the client is connecting from,
so include the socket address in probe data.

* daemon/libvirtd.h: Use virSocketAddr for storing client
  address and keep printable address handy for logging
* daemon/libvirtd.c: Include socket address in client
  connect/disconnect probes
* daemon/probes.d: Add socket address to probes
* examples/systemtap/client.stp: Print socket address
* src/util/network.h: Add sockaddr_un to virSocketAddr union

Adds initial support for dtrace static probes in libvirtd
daemon, assuming use of systemtap dtrace compat shim on
Linux. The probes are inserted for network client connect,
disconnect, TLS handshake states and authentication protocol
states.

This can be tested by running the xample program and then
attempting to connect with any libvirt client (virsh,
virt-manager, etc).

 # stap examples/systemtap/client.stp
  Client fd=44 connected readonly=0
  Client fd=44 auth polkit deny pid:24997,uid:500
  Client fd=44 disconnected
  Client fd=46 connected readonly=1
  Client fd=46 auth sasl allow test
  Client fd=46 disconnected

The libvirtd.stp file should also really not be required,
since it is duplicated info that is already available in
the main probes.d definition file. A script to autogenerate
the .stp file is needed, either in libvirtd tree, or better
as part of systemtap itself.

* Makefile.am: Add examples/systemtap subdir
* autobuild.sh: Disable dtrace for mingw32
* configure.ac: Add check for dtrace
* daemon/.gitignore: Ignore generated dtrace probe file
* daemon/Makefile.am: Build dtrace probe header & object
  files
* daemon/libvirtd.stp: SystemTAP convenience probeset
* daemon/libvirtd.c: Add connect/disconnect & TLS probes
* daemon/remote.c: Add SASL and PolicyKit auth probes
* daemon/probes.d: Master probe definition
* daemon/libvirtd.h: Add convenience macro for probes
  so that compilation is a no-op when dtrace is not available
* examples/systemtap/Makefile.am, examples/systemtap/client.stp
  Example systemtap script using dtrace probe markers
* libvirt.spec.in: Enable dtrace on F13/RHEL6
* mingw32-libvirt.spec.in: Force disable dtrace

The addrToString functionality is now available via the
virSocketFormatAddrFull method.

* daemon/remote.c, src/remote/remote_driver.c: Remove
  addrToString methods

If getnameinfo() with NI_NUMERICHOST set fails, there are no
grounds to expect inet_ntop to succeed, since these calls
are functionally equivalent. Remove useless inet_ntop code
in the getnameinfo() error path.

* daemon/remote.c, src/remote/remote_driver.c: Remove
  calls to inet_ntop

The libvirt_util.la library was mistakenly linked into libvirtd
directly. Since libvirt_util.la is already linked to libvirt.so,
this resulted in libvirtd getting two copies of the code and
more critically 2 copies of static global variables.

Testing in turn exposed a issue with loadable modules. The
gnulib replacement functions are not exported to loadable
modules. Rather than trying to figure out the name sof all
gnulib functions & export them, just linkage all loadable
modules against libgnu.la statically.

* daemon/Makefile.am: Remove linkage of libvirt_util.la
  and libvirt_driver.la
* src/Makefile.am: Link driver modules against libgnu.la
* src/libvirt.c: Don't try to load modules which were
  compiled out
* src/libvirt_private.syms: Export all other internal
  symbols that are required  by drivers

Most operations are audited at the libvirtd level; auditing in
src/libvirt.c would result in two audit entries per operation (one in
the client, one in libvirtd).

The only exception is a domain stopping of its own will (e.g. because
the user clicks on "shutdown" inside the interface).  There can often be
no client connected at the time the domain stops, so libvirtd does not
have any virConnectPtr object on which to attach an event watch.  This
patch therefore adds auditing directly inside the qemu driver (other
drivers are not supported).

Integrate with libaudit.so for auditing of important operations.
libvirtd gains a couple of config entries for auditing. By
default it will enable auditing, if its enabled on the host.
It can be configured to force exit if auditing is disabled
on the host. It will can also send audit messages via libvirt
internal logging API

Places requiring audit reporting can use the VIR_AUDIT
macro to report data. This is a no-op unless auditing is
enabled

* autobuild.sh, mingw32-libvirt.spec.in: Disable audit
  on mingw
* configure.ac: Add check for libaudit
* daemon/libvirtd.aug, daemon/libvirtd.conf,
  daemon/test_libvirtd.aug, daemon/libvirtd.c: Add config
  options to enable auditing
* include/libvirt/virterror.h, src/util/virterror.c: Add
  VIR_FROM_AUDIT source
* libvirt.spec.in: Enable audit
* src/util/virtaudit.h, src/util/virtaudit.c: Simple internal
  API for auditing messages

Done by editing the first three files, then running
'make -C src rpcgen', then editing src/remote_protocol-structs
to match.

* daemon/remote.c (remoteDispatchDomainSetVcpusFlags)
(remoteDispatchDomainGetVcpusFlags): New functions.
* src/remote/remote_driver.c (remoteDomainSetVcpusFlags)
(remoteDomainGetVcpusFlags, remote_driver): Client side
serialization.
* src/remote/remote_protocol.x
(remote_domain_set_vcpus_flags_args)
(remote_domain_get_vcpus_flags_args)
(remote_domain_get_vcpus_flags_ret)
(REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS)
(REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS): Define wire format.
* daemon/remote_dispatch_args.h: Regenerate.
* daemon/remote_dispatch_prototypes.h: Likewise.
* daemon/remote_dispatch_table.h: Likewise.
* src/remote/remote_protocol.c: Likewise.
* src/remote/remote_protocol.h: Likewise.
* src/remote_protocol-structs: Likewise.

The addrToString methods were not coping with UNIX domain sockets
which have no normal host+port address. Hardcode special handling
for these so that SASL routines can work over UNIX sockets. Also
fix up SSF logic in remote client so that it presumes that a UNIX
socket is secure

* daemon/remote.c: Fix addrToString for UNIX sockets.
* src/remote/remote_driver.c: Fix addrToString for UNIX sockets
  and fix SSF logic to work for TLS + UNIX sockets in the same
  manner

Refactor some daemon code to facilitate the introductioin of static
probes, sanitizing function exit paths in many places

* daemon/libvirtd.c: Pass the dname string into remoteCheckDN
  to let caller deal with failure paths. Add separate exit paths
  to remoteCheckCertificate for auth failure vs denial. Merge
  all exit paths in qemudDispatchServer to one cleanup block
* daemon/remote.c: Add separate exit paths to SASL & PolicyKit
  functions for auth failure vs denial

This address BZ # 556599:

  https://bugzilla.redhat.com/show_bug.cgi?id=556599

Very occasionally during a parallel make, dispatch.c would
be compiled before the generated remote headers had been
fully written. This would cause it to compile an empty
union, and result in really wierd runtime bugs that are
near impossible to diagnose.

* daemon/Makefile.am: Fix remote build deps

If the remote daemon args/ret unions ever become zero length
(due to a build / Makefile bug) then bad stuff happens at
runtime. Add a compile time assertion to check for this kind
of problem

* daemon/remote.h: Ensure non-zero length unions

* daemon/.gitignore: Move libvirt-guests.init...
* tools/.gitignore: ...to its new location.

Since libvirt-guests init script and its configuration do not require
libvirtd to be running/installed, it was a bad idea to put them into
daemon directory. libvirt.spec even includes these files in
libvirt-client subpackage, which may result in build failure for
client-only builds when the whole daemon directory is just skipped.

When failing to serialize the normal RPC reply, try harder to
send a error message back to the client, instead of immediately
closing the connection.

* daemon/dispatch.c: Improve error messages when RPC reply
  can not be sent

When libvirtd fails to serialize a message to XDR the client
connection is terminated immediately. To enable this to be
diagnosed, log the message which caused the problem on the
server

* daemon/dispatch.c: Log XDR serialization failures

Since the rule to build libvirtd.8 is within the WITH_LIBVIRTD conditional,
so declare the man page in there as well. Without this change, build
without daemon will fail.

* src/Makefile.am (EXTRA_DIST): Ensure 'make distcheck' and
'rpmbuild' can reproduce a build.
* daemon/Makefile.am (DAEMON_SOURCES): Likewise.

'./autobuild.sh' with lcov installed discovered that our
coverage support has been bit-rotting for a while.  This
restores it back to a successful state, although I have
not yet spent any time looking through the resulting files to
look for low-hanging fruit in the unit test coverage front.

* configure.ac: Clear COMPILER_FLAGS at right place.
* Makefile.am (cov): Newer genhtml no longer likes plain -s.
* m4/compiler-flags.m4 (gl_COMPILER_FLAGS): Don't AC_SUBST
COMPILER_FLAGS; it is a shell variable for use in configure only.
* src/Makefile.am (AM_CFLAGS, AM_LDFLAGS): New variables, to make
it easier to provide global flag additions.  Use throughout, to
uniformly apply coverage flags.
* .gitignore: Globally ignore gcov output.
* daemon/.gitignore: Simplify.
* src/.gitignore: Likewise.
* tests/.gitignore: Likewise.

Optional per LSB, but required by Fedora:
https://fedoraproject.org/wiki/Packaging/SysVInitScript

* daemon/libvirt-guests.init.in (main): Add more required
commands.

LSB and https://fedoraproject.org/wiki/Packaging/SysVInitScript
require status to output something useful, rather than just use
the exit code.

* daemon/libvirt-guests.init.in (rh_status): Break into new routine,
and provide output.
(usage): Document status.

Reject extra arguments.
Return the correct status for unknown arguments, as mandated by
https://fedoraproject.org/wiki/Packaging/SysVInitScript
Add --help, as a permitted extension.

* daemon/libvirt-guests.init.in (usage): New function.  Use it in
more places, and return correct value.

When only client parts of libvirt are installed (i.e., no libvirtd
daemon), libvirt-guests init script in its default configuration would
throw seriously looking errors during host shutdown:

Running guests on default URI: error: unable to connect to
'/var/run/libvirt/libvirt-sock', libvirtd may need to be started: No
such file or directory
error: failed to connect to the hypervisor

This patch changes the script to print rather harmless message in that
situation:

Running guests on default URI: libvirtd not installed; skipping this
URI.

Since we are adding a new "per-hypervisor" protocol, we
make it so that the qemu remote protocol uses a new
PROTOCOL and PROGRAM number.  This allows us to easily
distinguish it from the normal REMOTE protocol.

This necessitates changing the proc in remote_message_header
from a "remote_procedure" to an "unsigned", which should
be the same size (and thus preserve the on-wire protocol).

Changes since v1:
 - Fixed up a couple of script problems in remote_generate_stubs.pl
 - Switch an int flag to a bool in dispatch.c

Changes since v2:
 - None

Changes since v3:
 - Change unsigned proc to signed proc, to conform to spec
Signed-off-by: NChris Lalancette <clalance@redhat.com>

This patch removes the individual author names from the libvirtd and virsh
man pages, instead referring to the main AUTHORS file distributed with
libvirt.  This approach is needed, as we can't guarantee unicode support
across all versions of pod2man used with libvirt.

Additionally, this patch includes the libvirtd man page in the spec file
used with "make rpm".  Without this patch "make rpm" is broken.

dispatch.c requires stdio.h (and stdarg.h), however, currently
dispatch.c implicitly relys on rpc/xdr.h to include stdio.h.
If rpc/xdr.h unxpectedly does not include stdio.h, the compilation
of dispatch.c fails.

This can happen, for example, when portablexdr is installed
under /usr/local; because portablexdr's rpc/xdr.h does not
include stdio.h and gcc looks up it not /usr/include/rpc/xdr.h.

Note that stdarg.h is also included according to man va_start,
although stdio.h seems including it anyway.

Some versions of pod2man do not support the -u flag, so this
can't be used

* daemon/Makefile.am: Remove -u flag from pod2man

With gracious thanks to Chris Lalancette for helping knock the
description section into shape.

This addresses BZ #595350

  https://bugzilla.redhat.com/show_bug.cgi?id=595350

There were some major, and some minor bugs having to do with
the reference counting of node devices in daemon/remote.c.

Some functions were completely failing to unreference node devices;
this would lead to many open file descriptors, which would eventually
fail.

The minor bugs were along the same lines, but were in rarely
used error paths.
Signed-off-by: NChris Lalancette <clalance@redhat.com>
Signed-off-by: NMatthias Bolte <matthias.bolte@googlemail.com>

Running virsh while having /var/lib/libvirt/libvirt-guests file open
makes SELinux emit messages about preventing virsh from reading that
file. Since virsh doesn't really want to read anything, it's better to
run it with /dev/null on stdin to prevent those messages.

Justin Clift reported a problem with adding virStoragePoolIsPersistent
to virsh's pool-info command, resulting in a strange problem. Here's
an example:

    virsh # pool-create-as images_dir3 dir - - - - "/home/images2"
    Pool images_dir3 created

    virsh # pool-info images_dir3
    Name:           images_dir3
    UUID:           90301885-94eb-4ca7-14c2-f30b25a29a36
    State:          running
    Capacity:       395.20 GB
    Allocation:     30.88 GB
    Available:      364.33 GB

    virsh # pool-destroy images_dir3
    Pool images_dir3 destroyed

At this point the images_dir3 pool should be gone (because it was
transient) and we should be able to create a new pool with the same name:

    virsh # pool-create-as images_dir3 dir - - - - "/home/images2"
    Pool images_dir3 created

    virsh # pool-info images_dir3
    Name:           images_dir3
    UUID:           90301885-94eb-4ca7-14c2-f30b25a29a36
    error: Storage pool not found

The new pool got the same UUID as the first one, but we didn't specify
one. libvirt should have picked a random UUID, but it didn't.

It turned out that virStoragePoolIsPersistent leaks a reference to the
storage pool object (actually remoteDispatchStoragePoolIsPersistent does).
As a result, pool-destroy doesn't remove the virStoragePool for the
"images_dir3" pool from the virConnectPtr's storagePools hash on libvirtd's
side. Then the second pool-create-as get's the stale virStoragePool object
associated with the "images_dir3" name. But this object has the old UUID.

This commit ensures that all get_nonnull_* and make_nonnull_* calls for
libvirt objects are matched properly with vir*Free calls. This fixes the
reference leaks and the reported problem.

All remoteDispatch*IsActive and remoteDispatch*IsPersistent functions were
affected. But also remoteDispatchDomainMigrateFinish2 was affected in the
success path. I wonder why that didn't surface earlier. Probably because
domainMigrateFinish2 is executed on the destination host and in the common
case this connection is opened especially for the migration and gets closed
after the migration is done. So there was no chance to run into a problem
because of the leaked reference.

Define the wire format for the new virDomainCreateWithFlags
API, and implement client and server side of marshaling code.

* daemon/remote.c (remoteDispatchDomainCreateWithFlags): Add
server side dispatch for virDomainCreateWithFlags.
* src/remote/remote_driver.c (remoteDomainCreateWithFlags)
(remote_driver): Client side serialization.
* src/remote/remote_protocol.x
(remote_domain_create_with_flags_args)
(remote_domain_create_with_flags_ret)
(REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS): Define wire format.
* daemon/remote_dispatch_args.h: Regenerate.
* daemon/remote_dispatch_prototypes.h: Likewise.
* daemon/remote_dispatch_table.h: Likewise.
* src/remote/remote_protocol.c: Likewise.
* src/remote/remote_protocol.h: Likewise.
* src/remote_protocol-structs: Likewise.

When libvirtd exits it is leaving UNIX domain sockets on
the filesystem. These need to be removed.

The qemudInitPaths() method has signficant code churn to
switch from using a pre-allocated buffer on the stack, to
dynamically allocating on the heap.

* daemon/libvirtd.c, daemon/libvirtd.h: Store a reference
  to the UNIX domain socket path and unlink it on shutdown

Otherwise, VPATH builds fail with:

make[1]: *** No rule to make target `libvirt-guests.init', needed by `all'.

Regression introduced in commit 482e08a9.

* daemon/Makefile.am (%.init): Look in correct place for
config.status.

Firstly, the init script has to touch its file under /var/lock/subsys
when started, otherwise the system would think it's not running and
won't stop it during shutdown.

Secondly, for some reason there is a policy to automatically enable
init scripts when they are installed, so let the specfile do this. We
also need to start the init script to ensure it will be stopped during
the first shutdown after installing the package.

Also $LISTFILE should be enclosed by quotes everywhere as suggested by
Eric.