1. 07 8月, 2012 1 次提交
  2. 23 7月, 2012 1 次提交
    • O
      Desert the FSF address in copyright · f9ce7dad
      Osier Yang 提交于
      Per the FSF address could be changed from time to time, and GNU
      recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)
      
        You should have received a copy of the GNU General Public License
        along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
      
      This patch removes the explicit FSF address, and uses above instead
      (of course, with inserting 'Lesser' before 'General').
      
      Except a bunch of files for security driver, all others are changed
      automatically, the copyright for securify files are not complete,
      that's why to do it manually:
      
        src/security/security_selinux.h
        src/security/security_driver.h
        src/security/security_selinux.c
        src/security/security_apparmor.h
        src/security/security_apparmor.c
        src/security/security_driver.c
      f9ce7dad
  3. 18 7月, 2012 1 次提交
  4. 28 5月, 2012 1 次提交
  5. 10 4月, 2012 1 次提交
  6. 11 10月, 2011 3 次提交
    • D
      Rewrite all the DTrace/SystemTAP probing · ddf3bd32
      Daniel P. Berrange 提交于
      The libvirtd daemon had a few crude system tap probes. Some of
      these were broken during the RPC rewrite. The new modular RPC
      code is structured in a way that allows much more effective
      tracing. Instead of trying to hook up the original probes,
      define a new set of probes for the RPC and event code.
      
      The master probes file is now src/probes.d.  This contains
      probes for virNetServerClientPtr, virNetClientPtr, virSocketPtr
      virNetTLSContextPtr and virNetTLSSessionPtr modules. Also add
      probes for the poll event loop.
      
      The src/dtrace2systemtap.pl script can convert the probes.d
      file into a libvirt_probes.stp file to make use from systemtap
      much simpler.
      
      The src/rpc/gensystemtap.pl script can generate a set of
      systemtap functions for translating RPC enum values into
      printable strings. This works for all RPC header enums (program,
      type, status, procedure) and also the authentication enum
      
      The PROBE macro will automatically generate a VIR_DEBUG
      statement, so any place with a PROBE can remove any existing
      manual DEBUG statements.
      
      * daemon/libvirtd.stp, daemon/probes.d: Remove obsolete probing
      * daemon/libvirtd.h: Remove probe macros
      * daemon/Makefile.am: Remove all probe buildings/install
      * daemon/remote.c: Update authentication probes
      * src/dtrace2systemtap.pl, src/rpc/gensystemtap.pl: Scripts
        to generate STP files
      * src/internal.h: Add probe macros
      * src/probes.d: Master list of probes
      * src/rpc/virnetclient.c, src/rpc/virnetserverclient.c,
        src/rpc/virnetsocket.c, src/rpc/virnettlscontext.c,
        src/util/event_poll.c: Insert probe points, removing any
        DEBUG statements that duplicate the info
      ddf3bd32
    • D
      Fix missing lock calls on virNetTLSContextRef · bc7b8c7e
      Daniel P. Berrange 提交于
      The virNetTLSContextRef API forgot to acquire/release the lock
      while changing ctxt->refs
      
      * src/rpc/virnettlscontext.c: Add lock calls
      bc7b8c7e
    • D
      Refactor TLS to facilitate dynamic probing · 5bcbb390
      Daniel P. Berrange 提交于
      Pull the call to gnutls_x509_crt_get_dn up into a higher function
      so that the 'dname' variable will be available for probe points
      
      * src/rpc/virnettlscontext.c: Pull gnutls_x509_crt_get_dn up
        one level
      5bcbb390
  7. 27 9月, 2011 1 次提交
  8. 08 9月, 2011 1 次提交
    • A
      rpc: avoid memory leak on virNetTLSContextValidCertificate · db8ffc2d
      Alex Jia 提交于
      * src/rpc/virnettlscontext.c: fix memory leak on
        virNetTLSContextValidCertificate.
      
      * Detected in valgrind run:
      
      ==25667==
      ==25667== 6,085 (44 direct, 6,041 indirect) bytes in 1 blocks are definitely
      lost in loss record 326 of 351
      ==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
      ==25667==    by 0x4F2791F3: _asn1_add_node_only (structure.c:53)
      ==25667==    by 0x4F27997A: _asn1_copy_structure3 (structure.c:421)
      ==25667==    by 0x4F276A50: _asn1_append_sequence_set (element.c:144)
      ==25667==    by 0x4F2743FF: asn1_der_decoding (decoding.c:1194)
      ==25667==    by 0x4F22B9CC: gnutls_x509_crt_import (x509.c:229)
      ==25667==    by 0x805274B: virNetTLSContextCheckCertificate
      (virnettlscontext.c:1009)
      ==25667==    by 0x804DE32: testTLSSessionInit (virnettlscontexttest.c:693)
      ==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
      ==25667==
      ==25667== 23,188 (88 direct, 23,100 indirect) bytes in 11 blocks are definitely
      lost in loss record 346 of 351
      ==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
      ==25667==    by 0x4F22B841: gnutls_x509_crt_init (x509.c:50)
      ==25667==    by 0x805272B: virNetTLSContextCheckCertificate
      (virnettlscontext.c:1003)
      ==25667==    by 0x804DDD1: testTLSSessionInit (virnettlscontexttest.c:673)
      ==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
      
      * How to reproduce?
      % cd libvirt && ./configure && make && make -C tests valgrind
      or
      % valgrind -v --leak-check=full ./tests/virnettlscontexttest
      Signed-off-by: NAlex Jia <ajia@redhat.com>
      db8ffc2d
  9. 25 8月, 2011 1 次提交
  10. 19 8月, 2011 1 次提交
    • M
      daemon: initialize GnuTLS · 74c75671
      Michal Privoznik 提交于
      When spice_tls is set but listen_tls is not, we don't initialize
      GnuTLS library. So any later gnutls call (e.g. during migration,
      where we initialize a certificate) will access uninitialized GnuTLS
      internal structs and throws an error.
      
      Although, we might now initialize GnuTLS twice, it is safe according
      to the documentation:
      
          This function can be called many times,
          but will only do something the first time.
      
      This patch creates 2 functions: virNetTLSInit and virNetTLSDeinit
      with respect to written above.
      74c75671
  11. 03 8月, 2011 2 次提交
    • E
      rpc: avoid crash on error · ed246fbb
      Eric Blake 提交于
      Detected by Coverity.  Freeing the wrong variable results in both
      a memory leak and the likelihood of the caller dereferencing through
      a freed pointer.
      
      * src/rpc/virnettlscontext.c (virNetTLSSessionNew): Free correct
      variable.
      ed246fbb
    • E
      rpc: avoid uninitialized memory use · 3157d78f
      Eric Blake 提交于
      Spotted by Coverity.  Gnutls documents that buffer must be NULL
      if gnutls_x509_crt_get_key_purpose_oid is to be used to determine
      the correct size needed for allocating a buffer.
      
      * src/rpc/virnettlscontext.c
      (virNetTLSContextCheckCertKeyPurpose): Initialize buffer.
      3157d78f
  12. 26 7月, 2011 2 次提交
    • D
      Fix build with gnutls 1.0.x branch · 4d349ef7
      Daniel P. Berrange 提交于
      4d349ef7
    • D
      Add mutex protection to SASL and TLS modules · 5622830c
      Daniel P. Berrange 提交于
      The virNetSASLContext, virNetSASLSession, virNetTLSContext and
      virNetTLSSession classes previously relied in their owners
      (virNetClient / virNetServer / virNetServerClient) to provide
      locking protection for concurrent usage. When virNetSocket
      gained its own locking code, this invalidated the implicit
      safety the SASL/TLS modules relied on. Thus we need to give
      them all explicit locking of their own via new mutexes.
      
      * src/rpc/virnetsaslcontext.c, src/rpc/virnettlscontext.c: Add
        a mutex per object
      5622830c
  13. 22 7月, 2011 3 次提交
    • D
      Allow certificate sanity checking to be disabled · 07f9b6f0
      Daniel P. Berrange 提交于
      When libvirtd starts it it will sanity check its own certs,
      and before libvirt clients connect to a remote server they
      will sanity check their own certs. This patch allows such
      sanity checking to be skipped. There is no strong reason to
      need to do this, other than to bypass possible libvirt bugs
      in sanity checking, or for testing purposes.
      
      libvirt.conf gains tls_no_sanity_certificate parameter to
      go along with tls_no_verify_certificate. The remote driver
      client URIs gain a no_sanity URI parameter
      
      * daemon/test_libvirtd.aug, daemon/libvirtd.conf,
        daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to
        allow cert sanity checks to be skipped
      * src/remote/remote_driver.c: Add no_sanity parameter to
        skip cert checks
      * src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h:
        Add new parameter for skipping sanity checks independantly
        of skipping session cert validation checks
      07f9b6f0
    • D
      Refactor the certification validation code · 637711cb
      Daniel P. Berrange 提交于
      There is some commonality between the code for sanity checking
      certs when initializing libvirt and the code for validating
      certs during a live TLS session handshake. This patchset splits
      up the sanity checking function into several smaller functions
      each doing a specific type of check. The cert validation code
      is then updated to also call into these functions
      
      * src/rpc/virnettlscontext.c: Refactor cert validation code
      637711cb
    • D
      Remove call to deprecated gnutls_certificate_type_set_priority (again) · 3b8061c7
      Daniel P. Berrange 提交于
      The gnutls_certificate_type_set_priority method is deprecated.
      Since we already set the default gnutls priority, it was not
      serving any useful purpose and can be removed
      
      * src/rpc/virnettlscontext.c: Remove gnutls_certificate_type_set_priority
        call
      3b8061c7
  14. 20 7月, 2011 3 次提交
  15. 19 7月, 2011 2 次提交
    • D
      Add sanity checking of basic constraints, key purpose & key usage · 79591d4f
      Daniel P. Berrange 提交于
      Gnutls requires that certificates have basic constraints present
      to be used as a CA certificate. OpenSSL doesn't add this data
      by default, so add a sanity check to catch this situation. Also
      validate that the key usage and key purpose constraints contain
      correct data
      
      * src/rpc/virnettlscontext.c: Add sanity checking of certificate
        constraints
      79591d4f
    • D
      Add some basic sanity checking of certificates before use · 543c266d
      Daniel P. Berrange 提交于
      If the libvirt daemon or libvirt client is configured with bogus
      certificates, it is very unhelpful to only find out about this
      when a TLS connection is actually attempted. Not least because
      the error messages you get back for failures are incredibly
      obscure.
      
      This adds some basic sanity checking of certificates at the
      time the virNetTLSContext object is created. This is at libvirt
      startup, or when creating a virNetClient instance.
      
      This checks that the certificate expiry/start dates are valid
      and that the certificate is actually signed by the CA that is
      loaded.
      
      * src/rpc/virnettlscontext.c: Add certificate sanity checks
      543c266d
  16. 15 7月, 2011 2 次提交
    • D
      Fix error message for missing TLS write function · c8771867
      Daniel P. Berrange 提交于
      * src/rpc/virnettlscontext.c: s/read/write/
      c8771867
    • D
      Fix reporting of cert validation failures · f2845177
      Daniel P. Berrange 提交于
      If the server succesfully validates the client cert, it will send
      back a single byte, under TLS. If it fails, it will close the
      connection. In this case, we were just reporting the standard
      I/O error. The original RPC code had a special case hack for the
      GNUTLS_E_UNEXPECTED_PACKET_LENGTH error code to make us report
      a more useful error message
      
      * src/rpc/virnetclient.c: Return ENOMSG if we get
        GNUTLS_E_UNEXPECTED_PACKET_LENGTH
      * src/rpc/virnettlscontext.c: Report cert failure if we
        see ENOMSG
      f2845177
  17. 08 7月, 2011 1 次提交
    • D
      Fix mistaken order of server cert/key parameters in constructor · c2ddd536
      Daniel P. Berrange 提交于
      The virNetTLSContextNew was being passed key/cert parameters in
      the wrong order. This wasn't immediately visible because if
      virNetTLSContextNewPath was used, a second bug reversed the order
      of those parameters again.
      
      Only if the paths were manually specified in /etc/libvirt/libvirtd.conf
      did the bug appear
      
      * src/rpc/virnettlscontext.c: Fix order of params passed to
        virNetTLSContextNew
      c2ddd536
  18. 24 6月, 2011 1 次提交
    • D
      Generic module for handling TLS encryption and x509 certs · 30fd0bbb
      Daniel P. Berrange 提交于
      This provides two modules for handling TLS
      
       * virNetTLSContext provides the process-wide state, in particular
         all the x509 credentials, DH params and x509 whitelists
       * virNetTLSSession provides the per-connection state, ie the
         TLS session itself.
      
      The virNetTLSContext provides APIs for validating a TLS session's
      x509 credentials. The virNetTLSSession includes APIs for performing
      the initial TLS handshake and sending/recving encrypted data
      
      * src/Makefile.am: Add to libvirt-net-rpc.la
      * src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h: Generic
        TLS handling code
      30fd0bbb