- 24 9月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The fix for CVE-2013-4311 had a pre-requisite enhancement to the identity code commit db7a5688 Author: Daniel P. Berrange <berrange@redhat.com> Date: Thu Aug 22 16:00:01 2013 +0100 Also store user & group ID values in virIdentity This had a typo which caused the group ID to overwrite the user ID string. This meant any checks using this would have the wrong ID value. This only affected the ACL code, not the initial polkit auth. It also leaked memory. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 18 9月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Future improvements to the polkit code will require access to the numeric user ID, not merely user name. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 10 7月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 30 5月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Compilation on cygwin failed due to a bug in the sasl headers present on that platform (libsasl2-devel 2.1.26): In file included from rpc/virnetserverclient.c:27:0: /usr/include/sasl/sasl.h:230:38: error: expected declaration specifiers or '...' before 'size_t' Upstream is aware of their bug: https://bugzilla.cyrusimap.org/show_bug.cgi?id=3759 * src/rpc/virnetserverclient.c (includes): Ensure size_t is defined before using sasl.h. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 23 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 21 5月, 2013 1 次提交
-
-
由 Osier Yang 提交于
-
- 08 5月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Since PIDs can be reused, polkit prefers to be given a (PID,start time) pair. If given a PID on its own, it will attempt to lookup the start time in /proc/pid/stat, though this is subject to races. It is safer if the client app resolves the PID start time itself, because as long as the app has the client socket open, the client PID won't be reused. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
There are various methods named "virXXXXSecurityContext", which are specific to SELinux. Rename them all to "virXXXXSELinuxContext". They will still raise errors at runtime if SELinux is not compiled in Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 02 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
The source code base needs to be adapted as well. Some files include virutil.h just for the string related functions (here, the include is substituted to match the new file), some include virutil.h without any need (here, the include is removed), and some require both.
-
- 20 3月, 2013 1 次提交
-
-
由 Olivia Yin 提交于
Compilation error when WITH_GNUTLS is 0, introduced in commit d5e83ad9.
-
- 19 3月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Add APIs which allow creation of a virIdentity from the info associated with a virNetServerClientPtr instance. This is done based on the results of client authentication processes like TLS, x509, SASL, SO_PEERCRED Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
A socket object has various pieces of security data associated with it, such as the SELinux context, the SASL username and the x509 distinguished name. Add new APIs to virNetServerClient and related modules to access this data. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
When converting to virObject, the probes on the 'Free' functions were removed on the basis that there is a probe on virObjectFree that suffices. This puts a burden on people writing probe scripts to identify which object is being dispose. This adds back probes in the 'Dispose' functions and updates the rpc monitor systemtap example to use them Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 13 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Currently the server determines whether authentication of clients is complete, by checking whether an identity is set. This patch removes that lame hack and replaces it with an explicit method for changing the client auth code * daemon/remote.c: Update for new APis * src/libvirt_private.syms, src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h: Remove virNetServerClientGetIdentity and virNetServerClientSetIdentity, adding a new method virNetServerClientSetAuth. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 29 1月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
This patch resolves CVE-2013-0170: https://bugzilla.redhat.com/show_bug.cgi?id=893450 When reading and dispatching of a message failed the message was freed but wasn't removed from the message queue. After that when the connection was about to be closed the pointer for the message was still present in the queue and it was passed to virNetMessageFree which tried to call the callback function from an uninitialized pointer. This patch removes the message from the queue before it's freed. * rpc/virnetserverclient.c: virNetServerClientDispatchRead: - avoid use after free of RPC messages
-
- 22 1月, 2013 1 次提交
-
-
由 John Ferlan 提交于
The code is not reachable as of commit id: bb85f229. Removed virKeepAliveStop() and virObjectUnref() because 'ka' cannot be anything but NULL at the cleanup label.
-
- 16 1月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
Currently all classes must directly inherit from virObject. This allows for arbitrarily deep hierarchy. There's not much to this aside from chaining up the 'dispose' handlers from each class & providing APIs to check types. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 1月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 11 1月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 09 1月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add checks for existence of GNUTLS and automatically disable it if not found. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 12月, 2012 4 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
- 02 11月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirt coding standard is to use 'function(...args...)' instead of 'function (...args...)'. A non-trivial number of places did not follow this rule and are fixed in this patch. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 16 10月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add two new APIs virNetServerClientNewPostExecRestart and virNetServerClientPreExecRestart which allow a virNetServerClientPtr object to be created from a JSON object and saved to a JSON object, for the purpose of re-exec'ing a process. This includes serialization of the connected socket associated with the client Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
-
- 20 8月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
In preparation for adding further constructors, refactor the virNetServerClientNew method to move most of the code into a common virNetServerClientNewInternal helper API. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 15 8月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
Currently there is a hook function that is invoked when a new client connection comes in, which allows an app to setup private data. This setup will make it difficult to serialize client state during process re-exec(). Change to a model where the app registers a callback when creating the virNetServerPtr instance, which is used to allocate the client private data immediately during virNetClientPtr construction. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently the virNetServerServicePtr is responsible for creating the virNetServerClientPtr instance when accepting a new connection. Change this so that the virNetServerServicePtr merely gives virNetServerPtr a virNetSocketPtr instance. The virNetServerPtr can then create the virNetServerClientPtr as it desires Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 07 8月, 2012 5 次提交
-
-
由 Daniel P. Berrange 提交于
Make all the virNetServer* objects use the virObject APIs for reference counting Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Make virSocket use the virObject APIs for reference counting Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Make virKeepAlive use the virObject APIs for reference counting Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Make virNetSASLContext and virNetSASLSession use virObject APIs for reference counting Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Make virNetTLSContext and virNetTLSSession use the virObject APIs for reference counting Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 23 7月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
-
- 19 7月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
In the delayed close mode, we're just waiting for final data to be written back to the client. While waiting, we should not bother to read more data from the client. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 18 7月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
This rmoves all the per-file error reporting macros from the code in src/rpc/ Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 13 6月, 2012 1 次提交
-
-
由 Jiri Denemark 提交于
We don't need to add or remove filters when client object is already locked anymore. There's no reason to keep the *Locked variants of those APIs.
-