The DAC security driver uses the virStrToLong_ui function to
parse the uid/gid out of the seclabel string. This works on
Linux where 'uid_t' is an unsigned int, but on Mingw32 it is
just an 'int'. This causes compiler warnings about signed/
unsigned int pointer mis-match.

To avoid this, use explicit 'unsigned int ouruid' local
vars to pass into virStrToLong_ui, and then simply assign
to the 'uid_t' type after parsing
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

This patch adds URI options to support libssh2 transport in the remote
driver.

A new transport sceme is introduced eg. "qemu+libssh2://..." that
utilizes the libssh2 code added in previous patches.

The libssh2 code requires the authentication callback to be able to
perform keyboard-interactive authentication or to ask t passprhases or
add host keys to known hosts database.

Added URI components:
- known_hosts -  path to a knownHosts file in OpenSSH format to check
                 for known ssh host keys
- known_hosts_verify - how to deal with server key verification:
                            * "normal" (default) - ask to add new keys
                            * "auto" - automaticaly add new keys
                            * "ignore" - don't validate host keys
- sshauth - authentication methods to use. Default is
            "agent,privkey,keyboard-interactive". It's a comma separated
            string of methods to try while authenticating. The order is
            preserved. Some of the methods may require additional
            parameters.

Locations of the known_hosts file and private keys are set to default
values if they're present. (~/.ssh/known_hosts, ~/.ssh/id_rsa,
                            ~/.ssh/id_dsa)

This patch adds a glue layer to enable using libssh2 code with the
network client code.

As in the original client implementation, shell code is sent to the
server to detect correct options for netcat and connect to libvirt's
unix socket.

This patch enables virNetSocket to be used as an ssh client when
properly configured.

This patch adds function virNetSocketNewConnectLibSSH2() that takes all
needed parameters and creates a libssh2 session and performs steps
needed to open the connection and then create a virNetSocket that
seamlesly encapsulates the communication.

This patch adds helper functions that enable us to use libssh2 in
conjunction with libvirt's virNetSockets for ssh transport instead of
spawning "ssh" client process.

This implemetation supports tunneled plaintext, keyboard-interactive,
private key, ssh agent based and null authentication. Libvirt's Auth
callback is used for interaction with the user. (Keyboard interactive
authentication, adding of host keys, private key passphrases). This
enables seamless integration into the application using libvirt. No
helpers as "ssh-askpass" are needed.

Reading and writing of OpenSSH style "known_hosts" files is supported.

Communication is done using SSH exec channel, where the user may specify
arbitrary command to be executed on the remote side and reads and writes
to/from stdin/out are sent through the ssh channel. Usage of stderr is
not (yet) supported.

This test case validates the correct generation of SELinux labels
for VMs, wrt the current process label. Since we can't actually
change the label of the test program process, we create a shared
library libsecurityselinuxhelper.so which overrides the getcon()
and setcon() libselinux.so functions. When started the test case
will check to see if LD_PRELOAD is set, and if not, it will
re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Currently the dynamic label generation code will create labels
with a sensitivity of s0, and a category pair in the range
0-1023. This is fine when running a standard MCS policy because
libvirtd will run with a label

  system_u:system_r:virtd_t:s0-s0:c0.c1023

With custom policies though, it is possible for libvirtd to have
a different sensitivity, or category range. For example

  system_u:system_r:virtd_t:s2-s3:c512.c1023

In this case we must assign the VM a sensitivity matching the
current lower sensitivity value, and categories in the range
512-1023
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The code to refactor sec label handling accidentally changed the
SELinux driver to use the 'domain_context' when generating the
image label instead of the 'file_context'
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

After the cleanup of remote display port allocation, I noticed some
messages that didn't make a lot of sense the way they were written. So
I rephrased them.

The defines QEMU_REMOTE_PORT_MIN and QEMU_REMOTE_PORT_MAX were used to
find free port when starting domains. As this was hard-coded to the
same ports as default VNC servers, there were races with these other
programs. This patch includes the possibility to change the default
starting port as well as the maximum port (mostly for completeness) in
qemu config file.

Support for two new config options in qemu.conf is added:
 - remote_port_min (defaults to QEMU_REMOTE_PORT_MIN and
   must be >= than this value)
 - remote_port_max (defaults to QEMU_REMOTE_PORT_MAX and
   must be <= than this value)

Port allocations for SPICE and VNC behave almost the same (with
default ports), but there is some mess in the code. This patch clears
these inconsistencies and makes sure the same behavior will be used
when ports for remote displays are changed.

Changes:
 - hard-coded number 5900 removed (handled elsewhere like with VNC)
 - reservedVNCPorts renamed to reservedRemotePorts (it's not just for
   VNC anymore)
 - QEMU_VNC_PORT_{MIN,MAX} renamed to QEMU_REMOTE_PORT_{MIN,MAX}
 - port allocation unified for VNC and SPICE

Commit 350583c8 broke development on a RHEL 5 box, where the
ancient Autoconf 2.59 lacks AS_VERSION_STRING.  Rather than
backport the complex awk script that newer autoconf uses for
true strverscmp comparisons from the shell, it was easier to
just open-code a shell case statement.

* configure.ac (qemu_version): Open-code a replacement for
AS_VERSION_CHECK.

Last of the file splits.

* tools/virsh-volume.h: New file.
* tools/Makefile.am (virsh_SOURCES): Build it.
* tools/virsh.c: Use new header.
* tools/virsh-volume.c: Likewise.
(vshCommandOptVolBy): Fix flag usage.

Almost done with the splits.

* tools/virsh-snapshot.h: New file.
* tools/Makefile.am (virsh_SOURCES): Build it.
* tools/virsh.c: Use new header.
* tools/virsh-snapshot.c: Likewise.

One of the simpler splits.

* tools/virsh-secret.h: New file.
* tools/Makefile.am (virsh_SOURCES): Build it.
* tools/virsh.c: Use new header.
* tools/virsh-secret.c: Likewise.

More in a series of file splits.

* tools/virsh-pool.h: New file.
* tools/Makefile.am (virsh_SOURCES): Build it.
* tools/virsh.c: Use new header.
* tools/virsh-pool.c: Likewise.
(virCommandOptPoolBy): Fix flag usage.

Yet another split file.

* tools/virsh-nwfilter.h: New file.
* tools/Makefile.am (virsh_SOURCES): Build it.
* tools/virsh.c: Use new header.
* tools/virsh-nwfilter.c: Likewise.

Another worthwhile split, needed one more public function.

* tools/virsh-nodedev.h: New file.
* tools/Makefile.am (virsh_SOURCES): Build it.
* tools/virsh-nodedev.c: Use new header.
* tools/virsh.c: Likewise.
(vshTreePrint): Export.
* tools/virsh.h (vshTreePrint): Declare.

Another relatively easy file split.

* tools/virsh-network.h: New file.
* tools/Makefile.am (virsh_SOURCES): Build it.
* tools/virsh.c: Use new header.
* tools/virsh-network.c: Likewise.
(vshCommandOptNetworkBy): Update signature.

Another relatively easy split, since helper functions were fixed
in the previous patch.

* tools/virsh-interface.h: New file.
* tools/Makefile.am (virsh_SOURCES): Build it.
* tools/virsh.c: Use new header.
* tools/virsh-interface.c: Likewise.
(vshCommandOptInterfaceBy): Check flags.

In preparation for splitting virsh-interface.c, I found these
functions need to be declared in virsh.h, as well as one that
belongs more properly in virsh-domain.h.  Also, since we
use the VSH_BY* flags in more than one function, I improved
how they are used.

* tools/virsh.h (vshNameSorter, vshCmdHasOption): Declare.
(VSH_BYID): Turn into enum.
(vshCommandOptDomainBy): Move...
* tools/virsh-domain.h): ...here.
* tools/virsh.c: (vshNameSorter): Export.
(cmd_has_option): Rename...
(vshCmdHasOption): ...and export.
(vshCommandOptDomainBy): Move...
* tools/virsh-domain.c (vshCommandOptDomainBy): ...here, adjust
signature, and check flags.
* tools/virsh-network.c (vshCommandOptNetworkBy): Update callers.
* tools/virsh-nwfilter.c (vshCommandOptNWFilterBy): Likewise.
* tools/virsh-secret.c (vshCommandOptSecret): Likewise.
* tools/virsh-domain-monitor.c (includes): Likewise.
* tools/virsh-host.c (includes): Likewise.

The splits are getting easier, with fewer cleanups needed in virsh.h.

* tools/virsh-host.h: New file.
* tools/Makefile.am (virsh_SOURCES): Build it.
* tools/virsh-host.c: Use new header.
* tools/virsh.c: Likewise.

Another file worth compiling on its own instead of by .c inclusion.

* tools/virsh-domain-monitor.h: New file.
* tools/Makefile.am (virsh_SOURCES): Build it.
* tools/virsh.h (vshGetDomainDescription): Move to correct
header.
* tools/virsh-domain-monitor.c: Use new header.
* tools/virsh.c: Likewise.
* tools/virsh-domain.c: Likewise.

This patch updates libvirt's API to allow applications to inspect the
full list of security labels of a domain.
Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>

This patch updates the key "security_driver" in QEMU config to suport
both a sigle default driver or a list of default drivers. This ensures
that it will remain compatible with older versions of the config file.
Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>

These changes make the security drivers able to find and handle the
correct security label information when more than one label is
available. They also update the DAC driver to be used as an usual
security driver.
Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>

This patch updates the domain and capability XML parser and formatter to
support more than one "seclabel" element for each domain and device. The
RNG schema and the tests related to this are also updated by this patch.
Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>

This patch updates the structures that store information about each
domain and each hypervisor to support multiple security labels and
drivers. It also updates all the remaining code to use the new fields.
Signed-off-by: NMarcelo Cerri <mhcerri@linux.vnet.ibm.com>

This is a fix for the object label generation. It uses a new flag for
virSecuritySELinuxGenNewContext that specifies whether the context is
for an object. If so the context role remains unchanged.
Without this fix it is not possible to start domains with image file or
block device backed storage when selinux is enabled.
Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

The previous commit now trips up 'make syntax-check' due to a useless
use of <signal.h>.

* tools/virsh.c (includes): Drop useless includes.

Nothing in the testsuite or examples directory should be translated,
as it is not part of the normally installed binary.  We already
meet this rule, but enforcing it will make it easier to remember.

Suggested by Daniel P. Berrange.

* cfg.mk (sc_prohibit_useless_translation): Enhance rule.

On Win32 SA_SIGINFO is not defined, so virsh.c stub'd it out
to 0, but recent changes moved the usage out of virsh.c and
into virsh-domain.c

Convert the exported items in virsh.h to use a common 'vsh' prefix.

* tools/virsh.h (VIRSH_MAX_XML_FILE): Rename...
(VSH_MAX_XML_FILE): ...and parenthesize.
(DIFF_MSEC, CTRL_CLOSE_BRACKET): Delete.
(vshUsage, vshInit, vshDeinit, vshParseArgv): Remove prototype.
(editWriteToTempFile, editFile, editReadBackFile, prettyCapacity)
(virshReportError): Rename...
(vshEditWriteToTempFile, vshEditFile, vshEditReadBackFile)
(vshPrettyCapacity, vshReportError): ...into vsh namespace.
(jobWatchTimeoutFunc): Move to virsh-domain.c.
* tools/virsh.c (vshCommandRun): Inline former DIFF_MSEC.
(main): Inline former CTRL_CLOSE_BRACKET.
(vshUsage, vshInit, vshDeinit, vshParseArgv): Make static.
(prettyCapacity, virshReportError, editWriteToTempFile, editFile):
Fix naming, and adjust usage.
(vshAskReedit, vshCommandRun, vshEventLoop, vshInit): Adjust
usage.
* tools/virsh-domain.c (cmdAttachDevice, cmdCPUCompare)
(cmdCPUBaseline, cmdCreate, cmdDefine, cmdDetachDevice)
(cmdUpdateDevice, cmdDesc, cmdUndefine, cmdStart, cmdVcpucount)
(cmdAttachDevice, cmdDomjobinfo): Likewise.
* tools/virsh-edit.c (do): Likewise.
* tools/virsh-interface.c (cmdInterfaceDefine): Likewise.
* tools/virsh-network.c (cmdNetworkCreate, cmdNetworkDefine):
Likewise.
* tools/virsh-nodedev.c (cmdNodeDeviceCreate): Likewise.
* tools/virsh-nwfilter.c (cmdNWFilterDefine): Likewise.
* tools/virsh-pool.c (cmdPoolCreate, cmdPoolDefine)
(cmdPoolDiscoverSources, cmdPoolList): Likewise.
* tools/virsh-secret.c (cmdSecretDefine): Likewise.
* tools/virsh-snapshot.c (cmdSnapshotCreate, vshSnapshotCreate)
(vshLookupSnapshot, cmdSnapshotEdit, cmdSnapshotCurrent)
(vshGetSnapshotParent): Likewise.
* tools/virsh-volume.c (cmdVolCreate, cmdVolCreateFrom)
(cmdVolInfo, cmdVolList): Likewise.

In order to support systemd socket based activation, it needs to
be possible to create virNetSocketPtr and virNetServerServicePtr
instance from a pre-opened file descriptor

In preparation for adding further constructors, refactor
the virNetServerClientNew method to move most of the code
into a common virNetServerClientNewInternal helper API.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Currently the virNetServerDispatchNewClient both creates the
virNetServerClientPtr instance and registers it with the
virNetServerPtr internal state. Split the client registration
code out into a separate virNetServerAddClient method to
allow future reuse from other contexts
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The main impl of vshAskReedit is non-static, so the Win32
stub must be the same

* cfg.mk: Whitelist virsh.h instead of virsh.c for strcasecmp check
* tools/virsh-domain.h, tools/virsh.h: Fix #define indentation

C99 says that __foo naming is reserved for the compiler.  Besides,
we had several different styles in use; this consolidates things
to set up the typedefs up front then declare the types with
consistent naming.

* tools/virsh.h: Use consistent struct naming.
* tools/virsh.c (_vshCommandParser): Likewise.

The virsh-domain.c file was pretty self-contained; the only
entry point was the table of command definitions.  The bulk
of this patch is making more functions in virsh.c reusable.
A later patch will clean up poor naming choices.

* tools/Makefile.am (virsh_SOURCES): Build virsh-domain.c.
* tools/virsh-domain.h: New file.
* tools/virsh.h (virshReportError, vshResetLibvirtError)
(vshAskReedit, vshStreamSink): Declare.
* tools/virsh.c: Switch from using .c to .h.
(virshReportError, vshResetLibvirtError, vshAskReedit)
(vshStreamSink, prettyCapacity): Export.
(vshCatchInt): Move...
* tools/virsh-domain.c: ...into sole user.  Use header.