- 17 10月, 2013 1 次提交
-
-
由 Brian Candler 提交于
This patch improves the error checking in the LOCAL_PEERCRED version of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX. 1. The error return paths now correctly unlock the socket. This is implemented in exactly the same way as the SO_PEERCRED version, using "goto cleanup" 2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked for negative and overlarge values. This means that if the getsockopt() call returns success but doesn't actually update the xucred structure, this is now caught. This happened previously when getsockopt was called with SOL_SOCKET instead of SOL_LOCAL, prior to commit 5a468b38, and resulted in random uids being accepted. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 11 10月, 2013 1 次提交
-
-
由 Doug Goldstein 提交于
Since 5a468b38 we use SOL_LOCAL for the 2nd argument of getsockopt() however Lion added the define SOL_LOCAL set to 0, which is the value to the 2nd argument of getsockopt() for Unix sockets on Mac OS X. So instead of using the define just pass 0 so we restore compatibility with Snow Leopard and Leopard. Reported at https://github.com/mxcl/homebrew/pull/23141
-
- 07 10月, 2013 1 次提交
-
-
由 Ryota Ozaki 提交于
This fixes the following error: error : virGetUserEnt:703 : Failed to find user record for uid '32654' '32654' (it's random and varies) comes from getsockopt with LOCAL_PEERCRED option. getsockopt returns w/o error but seems to not set any value to the buffer for uid. For Mac OS X, LOCAL_PEERCRED has to be used with SOL_LOCAL level. With SOL_LOCAL, getsockopt returns a correct uid. Note that SOL_LOCAL can be found in /System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/un.h. Signed-off-by: NRyota Ozaki <ozaki.ryota@gmail.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 28 9月, 2013 2 次提交
-
-
由 Doug Goldstein 提交于
While BSDs don't support process creation timestamp information via PEERCRED for Unix sockets, we need to actually initialize the value because it is used by the libvirt code.
-
由 Doug Goldstein 提交于
Ensure that the socket credentials we got back on BSD are valid before using them.
-
- 24 9月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
To allow creation of a virNetSocketPtr instance from a pre-opened socketpair FD, add a virNetSocketNewConnectSockFD method. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 12 7月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
This patch enables the password authentication in the libssh2 connection driver. There are a few benefits to this step: 1) Hosts with challenge response authentication will now be supported with the libssh2 connection driver. 2) Credential for hosts can now be stored in the authentication credential config file
-
- 11 7月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Convert the type of loop iterators named 'i', 'j', k', 'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or 'unsigned int', also santizing 'ii', 'jj', 'kk' to use the normal 'i', 'j', 'k' naming Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 10 7月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 23 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 21 5月, 2013 1 次提交
-
-
由 Osier Yang 提交于
-
- 08 5月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Since PIDs can be reused, polkit prefers to be given a (PID,start time) pair. If given a PID on its own, it will attempt to lookup the start time in /proc/pid/stat, though this is subject to races. It is safer if the client app resolves the PID start time itself, because as long as the app has the client socket open, the client PID won't be reused. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
There are various methods named "virXXXXSecurityContext", which are specific to SELinux. Rename them all to "virXXXXSELinuxContext". They will still raise errors at runtime if SELinux is not compiled in Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 03 5月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The F_DUPFD_CLOEXEC operation with fcntl() expects a single int argument, specifying the minimum FD number for the newly dup'd file descriptor. We were not specifying that causing random stack data to be accessed as the FD number. Sometimes that worked, sometimes it didn't. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 02 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
The source code base needs to be adapted as well. Some files include virutil.h just for the string related functions (here, the include is substituted to match the new file), some include virutil.h without any need (here, the include is removed), and some require both.
-
- 21 3月, 2013 1 次提交
-
-
由 Guido Günther 提交于
but libvirt is built with --with-selinux. In this case getpeercon returns ENOPROTOOPT so don't return an error in that case but simply don't set seccon.
-
- 20 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The virNetSocket & virIdentity classes accidentally got some conditionals using HAVE_SELINUX instead of WITH_SELINUX. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 19 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
A socket object has various pieces of security data associated with it, such as the SELinux context, the SASL username and the x509 distinguished name. Add new APIs to virNetServerClient and related modules to access this data. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
When converting to virObject, the probes on the 'Free' functions were removed on the basis that there is a probe on virObjectFree that suffices. This puts a burden on people writing probe scripts to identify which object is being dispose. This adds back probes in the 'Dispose' functions and updates the rpc monitor systemtap example to use them Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 06 2月, 2013 1 次提交
-
-
由 John Ferlan 提交于
-
- 16 1月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 John Ferlan 提交于
Check status when attempting to set SO_REUSEADDR flag on outgoing connection On failure, VIR_WARN(), but continue to connect. This code path is on the sender side where the setting is just a hint and would only take effect if the sender is overflowed with TCP connections. Inability to set doesn't mean failure to establish a connection.
-
由 Daniel P. Berrange 提交于
Currently all classes must directly inherit from virObject. This allows for arbitrarily deep hierarchy. There's not much to this aside from chaining up the 'dispose' handlers from each class & providing APIs to check types. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 1月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
- 12 1月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Commit 321a7d53 missed a spot. * src/rpc/virnetsocket.c (virNetSocketPreExecRestart): Use right conditional.
-
- 11 1月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 09 1月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add checks for existence of GNUTLS and automatically disable it if not found. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 12月, 2012 6 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
Since the event APIs are now in the public header, no internal code should include virevent.h
-
- 15 12月, 2012 1 次提交
-
-
由 Roman Bogorodskiy 提交于
This adds an implementation of virNetSocketGetUNIXIdentity() using LOCAL_PEERCRED socket option and xucred struct, defined in <sys/ucred.h> on systems that have it.
-
- 02 11月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirt coding standard is to use 'function(...args...)' instead of 'function (...args...)'. A non-trivial number of places did not follow this rule and are fixed in this patch. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 16 10月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add two new APIs virNetSocketNewPostExecRestart and virNetSocketPreExecRestart which allow a virNetSocketPtr object to be created from a JSON object and saved to a JSON object, for the purpose of re-exec'ing a process. As well as saving the state in JSON format, the second method will disable the O_CLOEXEC flag so that the open file descriptors are preserved across the process re-exec() Since it is not possible to serialize SASL or TLS encryption state, an error will be raised if attempting to perform serialization on non-raw sockets Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 26 9月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
Continue consolidation of process functions by moving some helpers out of command.{c,h} into virprocess.{c,h} Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Change "Pid" to "Process" to align with the virProcessKill API naming prefix Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
-