It is useful to know where the client is connecting from,
so include the socket address in probe data.

* daemon/libvirtd.h: Use virSocketAddr for storing client
  address and keep printable address handy for logging
* daemon/libvirtd.c: Include socket address in client
  connect/disconnect probes
* daemon/probes.d: Add socket address to probes
* examples/systemtap/client.stp: Print socket address
* src/util/network.h: Add sockaddr_un to virSocketAddr union

Adds initial support for dtrace static probes in libvirtd
daemon, assuming use of systemtap dtrace compat shim on
Linux. The probes are inserted for network client connect,
disconnect, TLS handshake states and authentication protocol
states.

This can be tested by running the xample program and then
attempting to connect with any libvirt client (virsh,
virt-manager, etc).

 # stap examples/systemtap/client.stp
  Client fd=44 connected readonly=0
  Client fd=44 auth polkit deny pid:24997,uid:500
  Client fd=44 disconnected
  Client fd=46 connected readonly=1
  Client fd=46 auth sasl allow test
  Client fd=46 disconnected

The libvirtd.stp file should also really not be required,
since it is duplicated info that is already available in
the main probes.d definition file. A script to autogenerate
the .stp file is needed, either in libvirtd tree, or better
as part of systemtap itself.

* Makefile.am: Add examples/systemtap subdir
* autobuild.sh: Disable dtrace for mingw32
* configure.ac: Add check for dtrace
* daemon/.gitignore: Ignore generated dtrace probe file
* daemon/Makefile.am: Build dtrace probe header & object
  files
* daemon/libvirtd.stp: SystemTAP convenience probeset
* daemon/libvirtd.c: Add connect/disconnect & TLS probes
* daemon/remote.c: Add SASL and PolicyKit auth probes
* daemon/probes.d: Master probe definition
* daemon/libvirtd.h: Add convenience macro for probes
  so that compilation is a no-op when dtrace is not available
* examples/systemtap/Makefile.am, examples/systemtap/client.stp
  Example systemtap script using dtrace probe markers
* libvirt.spec.in: Enable dtrace on F13/RHEL6
* mingw32-libvirt.spec.in: Force disable dtrace

Integrate with libaudit.so for auditing of important operations.
libvirtd gains a couple of config entries for auditing. By
default it will enable auditing, if its enabled on the host.
It can be configured to force exit if auditing is disabled
on the host. It will can also send audit messages via libvirt
internal logging API

Places requiring audit reporting can use the VIR_AUDIT
macro to report data. This is a no-op unless auditing is
enabled

* autobuild.sh, mingw32-libvirt.spec.in: Disable audit
  on mingw
* configure.ac: Add check for libaudit
* daemon/libvirtd.aug, daemon/libvirtd.conf,
  daemon/test_libvirtd.aug, daemon/libvirtd.c: Add config
  options to enable auditing
* include/libvirt/virterror.h, src/util/virterror.c: Add
  VIR_FROM_AUDIT source
* libvirt.spec.in: Enable audit
* src/util/virtaudit.h, src/util/virtaudit.c: Simple internal
  API for auditing messages

Refactor some daemon code to facilitate the introductioin of static
probes, sanitizing function exit paths in many places

* daemon/libvirtd.c: Pass the dname string into remoteCheckDN
  to let caller deal with failure paths. Add separate exit paths
  to remoteCheckCertificate for auth failure vs denial. Merge
  all exit paths in qemudDispatchServer to one cleanup block
* daemon/remote.c: Add separate exit paths to SASL & PolicyKit
  functions for auth failure vs denial

This address BZ # 556599:

  https://bugzilla.redhat.com/show_bug.cgi?id=556599

When libvirtd exits it is leaving UNIX domain sockets on
the filesystem. These need to be removed.

The qemudInitPaths() method has signficant code churn to
switch from using a pre-allocated buffer on the stack, to
dynamically allocating on the heap.

* daemon/libvirtd.c, daemon/libvirtd.h: Store a reference
  to the UNIX domain socket path and unlink it on shutdown

* daemon/libvirtd.c (remoteReadConfigFile): Diagnose an invalid
host UUID rather than silently exiting with status 7.

Allow for a host UUID in the capabilities XML. Local drivers
will initialize this from the SMBIOS data. If a sanity check
shows SMBIOS uuid is invalid, allow an override from the
libvirtd.conf configuration file

* daemon/libvirtd.c, daemon/libvirtd.conf: Support a host_uuid
  configuration option
* docs/schemas/capability.rng: Add optional host uuid field
* src/conf/capabilities.c, src/conf/capabilities.h: Include
  host UUID in XML
* src/libvirt_private.syms: Export new uuid.h functions
* src/lxc/lxc_conf.c, src/qemu/qemu_driver.c,
  src/uml/uml_conf.c: Set host UUID in capabilities
* src/util/uuid.c, src/util/uuid.h: Support for host UUIDs
* src/node_device/node_device_udev.c: Use the host UUID functions
* tests/confdata/libvirtd.conf, tests/confdata/libvirtd.out: Add
  new host_uuid config option to test

Some diagnostics had a hard-coded "libvirtd: " prefix, some used
"error: " and some used "argv[0]: ".  Always use "argv[0]: ".
* daemon/libvirtd.c (argv0): New global.
(main): Set it.
(version, usage): Remove argv0 parameter.  Use global; update callers.
(daemonForkIntoBackground): Use argv0:, not error:.
(qemudWritePidFile): Start each diagnostic with argv0:.
Suggested by Eric Blake.

* daemon/libvirtd.c (daemonForkIntoBackground, main): Mark strings
for translation.
(usage): Rework --help so that it is translatable, replacing
each embedded, configuration-dependent, macro with an `%s'.

libvirtd: don't ignore virInitialize failure
* daemon/libvirtd.c (main): Diagnose virInitialize failure
and exit nonzero.

Run this:
  git grep -l 'VIR_ERROR\s*("'|xargs perl -pi -e \
    's/(VIR_ERROR)\s*\((".*?"),/$1(_($2),/'

Run this:
  git grep -l 'VIR_ERROR0\s*("'|xargs perl -pi -e \
    's/(VIR_ERROR0)\s*\((".*?")\)/$1(_($2))/'

Change VIR_ERROR("%s", "..."
to     VIR_ERROR0("..."

and

Change VIR_ERROR("%s", _("...")
to     VIR_ERROR0(_("...")

Use this command:
  git grep -E -l 'VIR_ERROR\("%s", (_\()?"'|xargs perl -pi -e \
  's/VIR_ERROR\("%s", (_\()?"/VIR_ERROR0($1"/'

* daemon/libvirtd.c (main): Diagnose virInitialize failure
and exit nonzero.

Approximately 60 messages were marked.  Since these diagnostics are
intended solely for developers and maintainers, encouraging translation
is deemed to be counterproductive:
http://thread.gmane.org/gmane.comp.emulators.libvirt/25050/focus=25052

Run this command:
  git grep -l VIR_WARN|xargs perl -pi -e \
    's/(VIR_WARN0?)\s*\(_\((".*?")\)/$1($2/'

If the hostname of the current virtualization machine
could not be resolved, then libvirtd would fail to
start.  However, for disconnected operation (on a laptop,
for instance) the hostname may very legitimately not
be resolvable.  This patch makes it so that if we can't
resolve the hostname, avahi doesn't fail, it just uses
a less useful MDNS string.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

* daemon/libvirtd.c: we should error out only if virHookInitialize()
  return value is negative

It supports 3 kind of probing times, at daemon startup, when the
daemon reloads its drivers on SIGHUP and when the daemon exits

* daemon/libvirtd.c: daemon hooks for startup, reload and exit

This patch implements the core driver and provides
- management functionality for managing the filter XMLs
- compiling the internal filter representation into ebtables rules
- applying ebtables rules on a network (tap,macvtap) interface
- tearing down ebtables rules that were applied on behalf of an
interface
- updating of filters while VMs are running and causing the firewalls to
be rebuilt
- other bits and pieces
Signed-off-by: NStefan Berger <stefanb@us.ibm.com>

This wires up the remote driver to handle the new events APIs.
The public API allows an application to request a callback filters
events to a specific domain object, and register multiple callbacks
for the same event type. On the wire there are two strategies for
this

 - Register multiple callbacks with the remote daemon, each
   with filtering as needed
 - Register only one callback per event type, with no filtering

Both approaches have potential inefficiency. In the first scheme,
the same event gets sent over the wire many times if multiple
callbacks are registered. With the second scheme, unneccessary
events get sent over the wire if a per-domain filter is set on
the client. The second scheme is far easier to implement though,
so this patch takes that approach.

* daemon/dispatch.h: Don't export remoteRelayDomainEvent since it
  is no longer needed for unregistering callbacks, instead the
  unique callback ID is used
* daemon/libvirtd.c, daemon/libvirtd.h: Track and unregister
  callbacks based on callback ID, instead of function pointer
* daemon/remote.c: Switch over to using virConnectDomainEventRegisterAny
  instead of legacy virConnectDomainEventRegister function. Refactor
  remoteDispatchDomainEventSend() to cope with arbitrary event types
* src/driver.h, src/driver.c: Move verify() call into source file
  instead of header, to avoid polluting the global namespace with
  the verify function name
* src/remote/remote_driver.c: Implement new APIs for event
  registration. Refactor processCallDispatchMessage() to cope
  with arbitrary incoming event types. Merge remoteDomainQueueEvent()
  into processCallDispatchMessage() to avoid duplication of code.
  Rename remoteDomainReadEvent() to remoteDomainReadEventLifecycle()
* src/remote/remote_protocol.x: Define wire format for the new
  virConnectDomainEventRegisterAny and virConnectDomainEventDeregisterAny
  functions

* global: patch created by running:
for f in $(git ls-files '*.[ch]') ; do
    cppi $f > $f.t && mv $f.t $f
done

* daemon/libvirtd.c (qemudWorker): Rewrite loop to silence a
warning.

* daemon/libvirtd.c (qemudListenUnix): Diagnose and fail upon
failure to set or restore group-ID.

If I toggle enable_tcp in libvirtd.conf and add --listen in
/etc/init.d/libvirtd, I get the unhelpful error:

Starting libvirtd daemon: error: Unable to initialize network sockets.

Running without --daemon provides much more useful info:

sudo libvirtd --listen
11:29:26.117: error : remoteCheckCertFile:270 : Cannot access CA certificate '/etc/pki/CA/cacert.pem': No such file or directory

The daemon architecture makes it difficult to report this useful
info if daemonized, so point users to /var/log/messages and
dropping the --daemon flag if they want more info.

It was used for error reporting only.

* daemon/libvirtd.c (qemudListenUnix): Close socket only if non-negative.

I noticed some debug messages are printed with an empty lines after
them. This patch removes these empty lines from all invocations of the
following macros:
    VIR_DEBUG
    VIR_DEBUG0
    VIR_ERROR
    VIR_ERROR0
    VIR_INFO
    VIR_WARN
    VIR_WARN0
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

The daemon will attempt to unregister domain events on client disconnect,
even if no events were ever registered. This raises an unneeded error.

Track in the qemu_client structure if events have been registered, and
check this when performing cleanup.

All other stateful drivers are linked directly to libvirtd
instead of libvirt.so. Link the secret driver to libvirtd too.

* daemon/Makefile.am: link the secret driver to libvirtd
* daemon/libvirtd.c: add #ifdef WITH_SECRETS blocks
* src/Makefile.am: don't link the secret driver to libvirt.so
* src/libvirt_private.syms: remove the secretRegister symbol

This appeases a new gnulib-provided "syntax-check".
* daemon/libvirtd.c (main): Use EXIT_FAILURE, not 1.
* proxy/libvirt_proxy.c (main): Likewise, and EXIT_SUCCESS, not 0.
* tests/conftest.c (main): Likewise.
* tests/reconnect.c (main): Likewise.
* tests/testutils.h (EXIT_AM_SKIP): Define.
* tests/nodeinfotest.c (mymain): Use EXIT_AM_SKIP, not 77.
* tests/qemuargv2xmltest.c: Likewise.
* tests/qemuxml2xmltest.c: Likewise.
* tests/virshtest.c (mymain): Likewise.

* daemon/libvirtd.c (qemudDispatchServer): Since "client" may be
NULL in the "cleanup:" block, free client->rx only when it's not.

Replace free(virBufferContentAndReset()) with virBufferFreeAndReset().
Update documentation and replace all remaining calls to free() with
calls to VIR_FREE(). Also add missing calls to virBufferFreeAndReset()
and virReportOOMError() in OOM error cases.

The configuration file setting is overriden by -f or --config, but
not with -c
Signed-off-by: NWolfgang Mauerer <wolfgang.mauerer@siemens.com>

* daemon/libvirtd.c: Fix incorrect goto label causing cleanup to
  be missed when state driver init fails

* configure.in: add new --with-udev, disabled by default, and requiring
  libudev > 145
* src/node_device/node_device_udev.c src/node_device/node_device_udev.h:
  the new node device backend
* src/node_device/node_device_linux_sysfs.c: moved node_device_hal_linux.c
  to a better file name
* src/conf/node_device_conf.c src/conf/node_device_conf.h: add a couple
  of fields in node device definitions, and an API to look them up,
  remove a couple of unused fields from previous patch.
* src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
  plug the new driver
* po/POTFILES.in src/Makefile.am src/libvirt_private.syms: add the new
  files and symbols
* src/util/util.h src/util/util.c: add a new convenience macro
  virBuildPath and virBuildPathInternal() function

Sometimes getaddrinfo returns IPv4 addresses before IPv6 addresses.
IPv6 sockets default to attempting to bind to IPv4 addresses too.
So if the IPv4 address is activated first, then binding to IPv6
will unneccessarily fail.

* daemon/libvirtd.c: Bind to IPv6 and IPv4 addresses separately

* daemon/libvirtd.c tools/virsh.c: Steve Grubb <sgrubb@redhat.com> found
  a few more issues