- 29 1月, 2020 4 次提交
-
-
由 Daniel P. Berrangé 提交于
The EAI_ADDRFAMILY constant has been removed from FreeBSD headers, supposedly because it is deprecated by new RFC drafts. Previously GNULIB was providing a replacement because MinGW lacked it too. The replacement provided for MinGW was thus being used on FreeBSD too, but with a completely bogus integer value. Reviewed-by: NPavel Hrdina <phrdina@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
There are a large number of different header files that are related to the sockets APIs. The virsocket.h header includes all of the relevant headers for Windows and UNIX in one convenient place. If virsocketaddr.h is already included, then there's no need for virsocket.h Reviewed-by: NPavel Hrdina <phrdina@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The F_DUPFD_CLOEXEC functionality is not available on some platformms. We must thus explicitly call the virSetCloexec function once we remove GNULIB's equiv fix for this. Reviewed-by: NPavel Hrdina <phrdina@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
This is a simplified variant of gnulib's passfd module without the portability code that we do not require. Reviewed-by: NPavel Hrdina <phrdina@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 23 1月, 2020 1 次提交
-
-
由 Pavel Hrdina 提交于
Since commit <60d9ad6f> we require GnuTLS and since commit <ac0d21c7> we can actually drop the usage of WITH_GNUTLS. Signed-off-by: NPavel Hrdina <phrdina@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 17 1月, 2020 1 次提交
-
-
由 Daniel P. Berrangé 提交于
Convert to use socket wrappers. Aside from the header file include change, this requires changing close -> closesocket since our portability isn't trying to replace the close function. Reviewed-by: NPavel Hrdina <phrdina@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 03 1月, 2020 1 次提交
-
-
由 Daniel P. Berrangé 提交于
The last_component() method is a GNULIB custom function that returns a pointer to the base name in the path. This is similar to g_path_get_basename() but without the malloc. The extra malloc is no trouble for libvirt's needs so we can use g_path_get_basename(). Reviewed-by: NFabiano Fidêncio <fidencio@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 20 12月, 2019 1 次提交
-
-
由 Fabiano Fidêncio 提交于
virGetUserRuntimeDirectory() *never* *ever* returns NULL, making the checks for it completely unnecessary. Signed-off-by: NFabiano Fidêncio <fidencio@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 10 12月, 2019 1 次提交
-
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
- 14 11月, 2019 1 次提交
-
-
由 Peter Krempa 提交于
When parsing allowed authentication methods for the native ssh lib transports we used strsep. Since we have virStringSplit helper let's use that one. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 13 11月, 2019 1 次提交
-
-
由 Daniel Henrique Barboza 提交于
Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 12 11月, 2019 1 次提交
-
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
- 25 10月, 2019 1 次提交
-
-
由 Peter Krempa 提交于
The function now does not return an error so we can drop it fully. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 21 10月, 2019 1 次提交
-
-
由 Ján Tomko 提交于
Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 15 10月, 2019 1 次提交
-
-
由 Ján Tomko 提交于
Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 14 10月, 2019 1 次提交
-
-
由 Daniel P. Berrangé 提交于
The usleep function was missing on older mingw versions, but we can rely on it existing everywhere these days. It may only support times upto 1 second in duration though, so we'll prefer to use g_usleep instead. The commandhelper program is not changed since that can't link to glib. Fortunately it doesn't need to build on Windows platforms either. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 01 10月, 2019 1 次提交
-
-
由 Daniel P. Berrangé 提交于
Consider having a nc binary in the path with a space in its name, for example '/tmp/fo o/nc' This results in libvirt running SSH with the following arg value "'if ''/tmp/fo o/nc'' -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then ARG=-q0; else ARG=;fi;''/tmp/fo o/nc'' $ARG -U /var/run/libvirt/libvirt-sock'" The use of the single quote escaping was introduced by commit 6ac6238d Author: Guido Günther <agx@sigxcpu.org> Date: Thu Oct 13 21:49:01 2011 +0200 Use virBufferEscapeShell in virNetSocketNewConnectSSH to escape the netcat command since it's passed to the shell. Adjust expected test case output accordingly. While the intention of this change was good, the result is broken as it is still underquoted. On the SSH server side, SSH itself runs the command via the shell. Our command is then invoking the shell again. Thus we see $ virsh -c qemu+ssh://root@domokun/system?netcat=%2Ftmp%2Ffo%20o%2Fnc list error: failed to connect to the hypervisor error: End of file while reading data: sh: /tmp/fo: No such file or directory: Input/output error With the second level of escaping added we can now successfully use a nc binary with a space in the path. The original test case added was misleading as it illustrated using a binary path of 'nc -4' which is not a path, it is a command with a separate argument, which is getting interpreted as a path. Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 07 8月, 2019 1 次提交
-
-
由 Daniel P. Berrangé 提交于
Now that 100% of libvirt code is forbidden in a SUID environment, we no longer need to worry about whether env variables are trustworthy or not. The virt-login-shell setuid program, which does not link to any libvirt code, will purge all environment variables, except $TERM, before invoking the virt-login-shell-helper program which uses libvirt. Thus we only need one API for env passthrough in virCommand. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 19 7月, 2019 1 次提交
-
-
由 Daniel P. Berrangé 提交于
Shutting down the daemon after 30 seconds of being idle is a little bit too aggressive. Especially when using 'virsh' in single-shot mode, as opposed to interactive shell mode, it would not be unusual to have more than 30 seconds between commands. This will lead to the daemon shutting down and starting up between a series of commands. Increasing the shutdown timer to 2 minutes will make it less likely that the daemon will shutdown while the user is in the middle of a series of commands. Reviewed-by: NJim Fehlig <jfehlig@suse.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 12 7月, 2019 2 次提交
-
-
由 Daniel P. Berrangé 提交于
Currently the socket code will unlink any UNIX socket path which is associated with a server socket. This is not fine grained enough, as we need to avoid unlinking server sockets we were passed by systemd. To deal with this we must explicitly track whether each socket needs to be unlinked when closed, separately of the client vs server state. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
When the service passed to getaddrinfo is NULL the kernel will choose a free port to bind to. In a dual stack though we will get separate sockets for IPv4 and IPv6 and we need them to bind to the same port number. Thus once the kerel has auto-selected a port for the first socket, we must disable auto-select for subsequent IP sockets and force reuse of the first port. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 11 7月, 2019 2 次提交
-
-
由 Daniel P. Berrangé 提交于
Way back in the past, the "no_tty=1" option was added for the remote driver to disable local password prompting by disabling use of the local tty: commit b32f4298 Author: Daniel P. Berrange <berrange@redhat.com> Date: Fri Sep 21 20:17:09 2007 +0000 Added a no_tty param to remote URIs to stop SSH prompting for password This was done by adding "-T -o BatchMode=yes -e none" args to ssh. This achieved the desired results but is none the less semantically flawed because it is mixing up config parameters for the local tty vs the remote tty. The "-T" arg stops allocation of a TTY on the remote host. This is good for all libvirt SSH tunnels as we never require a TTY for our usage model, so we should have just passed this unconditionally. The "-e none" option disables the escape character for sessions with a TTY. If we pass "-T" this is not required, but it also not harmful to add it, so we should just pass it unconditionally too. Only the "-o BatchMode=yes" option is related to disabling local password prompts and thus needs control via the no_tty URI param. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 04 2月, 2019 1 次提交
-
-
由 Cole Robinson 提交于
Missing semicolon at the end of macros can confuse some analyzers (like cppcheck <filename>). VIR_ONCE_GLOBAL_INIT is almost exclusively called without an ending semicolon, but let's standardize on using one like the other macros. Add a dummy struct definition at the end of the macro, so the compiler will require callers to add a semicolon. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
- 14 12月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
In many files there are header comments that contain an Author: statement, supposedly reflecting who originally wrote the code. In a large collaborative project like libvirt, any non-trivial file will have been modified by a large number of different contributors. IOW, the Author: comments are quickly out of date, omitting people who have made significant contribitions. In some places Author: lines have been added despite the person merely being responsible for creating the file by moving existing code out of another file. IOW, the Author: lines give an incorrect record of authorship. With this all in mind, the comments are useless as a means to identify who to talk to about code in a particular file. Contributors will always be better off using 'git log' and 'git blame' if they need to find the author of a particular bit of code. This commit thus deletes all Author: comments from the source and adds a rule to prevent them reappearing. The Copyright headers are similarly misleading and inaccurate, however, we cannot delete these as they have legal meaning, despite being largely inaccurate. In addition only the copyright holder is permitted to change their respective copyright statement. Reviewed-by: NErik Skultety <eskultet@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 25 7月, 2018 2 次提交
-
-
由 Daniel P. Berrangé 提交于
Consider creating a listener socket from a hostname that resolves to multiple addresses. It might be the case that the hostname resolves to both an IPv4 and IPv6 address because it is reachable over both protocols, but the IPv6 connectivity is provided off-host. In such a case no local NIC will have IPv6 and so bind() would fail with the EADDRNOTAVAIL errno. Thus it should be treated as non-fatal as long as at least one socket was succesfully bound. Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
When reporting socket/bind failures we want to ensure any fatal error reported is as accurate as possible. We'll prefer reporting a bind() errno over a socket() errno, because if socket() works but bind() fails that is a more significant event. Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 23 7月, 2018 1 次提交
-
-
由 Andrea Bolognani 提交于
Currently, the functions return a pointer to the destination buffer on success or NULL on failure. Not only does this kind of error handling look quite alien in the context of libvirt, where most functions return zero on success and a negative int on failure, but it's also somewhat pointless because unless there's been a failure the returned pointer will be the same one passed in by the user, thus offering no additional value. Change the functions so that they return an int instead. Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
-
- 04 5月, 2018 1 次提交
-
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 18 4月, 2018 1 次提交
-
-
由 Michal Privoznik 提交于
So far we are repeating the following lines over and over: if (!(virSomeObjectClass = virClassNew(virClassForObject(), "virSomeObject", sizeof(virSomeObject), virSomeObjectDispose))) return -1; While this works, it is impossible to do some checking. Firstly, the class name (the 2nd argument) doesn't match the name in the code in all cases (the 3rd argument). Secondly, the current style is needlessly verbose. This commit turns example into following: if (!(VIR_CLASS_NEW(virSomeObject, virClassForObject))) return -1; Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 06 4月, 2018 1 次提交
-
-
由 Jim Fehlig 提交于
When preparing for migration, the libxl driver creates a new TCP listen socket for the incoming migration by calling virNetSocketNewListenTCP, passing the destination host name. virNetSocketNewListenTCP calls virSocketAddrParse to check if the host name is a wildcard address, in which case it avoids adding the AI_ADDRCONFIG flag to the hints passed to getaddrinfo. If the host name is not an IP address, virSocketAddrParse reports an error error : virSocketAddrParseInternal:121 : Cannot parse socket address 'myhost.example.com': Name or service not known But virNetSocketNewListenTCP succeeds regardless and the overall migration operation succeeds. Introduce virSocketAddrParseAny and use it when simply testing if a host name/addr is parsable. Signed-off-by: NJim Fehlig <jfehlig@suse.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 26 1月, 2018 1 次提交
-
-
由 Daniel P. Berrange 提交于
The virNetSocketWriteSASL method has to encode the buffer it is given and then write it to the underlying socket. This write is not guaranteed to send the full amount of data that was encoded by SASL. We cache the SASL encoded data so that on the next invocation of virNetSocketWriteSASL we carry on sending it. The subtle problem is that the 'len' value passed into virNetSocketWriteSASL on the 2nd call may be larger than the original value. So when we've completed sending the SASL encoded data we previously cached, we must return the original length we encoded, not the new length. This flaw means we could potentially have been discarded queued data without sending it. This would have exhibited itself as a libvirt client never receiving the reply to a method it invokes, async events silently going missing, or worse stream data silently getting dropped. For this to be a problem libvirtd would have to be queued data to send to the client, while at the same time the TCP socket send buffer is full (due to a very slow client). This is quite unlikely so if this bug was ever triggered by a real world user it would be almost impossible to reproduce or diagnose, if indeed it was ever noticed at all. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 30 8月, 2017 1 次提交
-
-
由 Daniel P. Berrange 提交于
Inspired by the recent GIT / Mercurial security flaws (http://blog.recurity-labs.com/2017-08-10/scm-vulns), consider someone/something manages to feed libvirt a bogus URI such as: virsh -c qemu+ssh://-oProxyCommand=gnome-calculator/system In this case, the hosname "-oProxyCommand=gnome-calculator" will get interpreted as an argument to ssh, not a hostname. Fortunately, due to the set of args we have following the hostname, SSH will then interpret our bit of shell script that runs 'nc' on the remote host as a cipher name, which is clearly invalid. This makes ssh exit during argv parsing and so it never tries to run gnome-calculator. We are lucky this time, but lets be more paranoid, by using '--' to explicitly tell SSH when it has finished seeing command line options. This forces it to interpret "-oProxyCommand=gnome-calculator" as a hostname, and thus see a fail from hostname lookup. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 18 3月, 2017 1 次提交
-
-
由 Peter Krempa 提交于
In some cases a read error due to connection hangup is expected. This patch adds a flag that removes the logging of a virError in such case.
-
- 15 11月, 2016 2 次提交
-
-
由 Pino Toscano 提交于
Implement in virtNetClient and VirNetSocket the needed functions to expose a new libssh transport, providing all the options that the libssh2 transport supports.
-
由 Pino Toscano 提交于
Add an internal variable to mark the FD as "not owned" by the virNetSocket, in case the internal implementation takes the actual ownership of the descriptor; this avoids a warning when closing the socket, as the FD would be invalid.
-
- 24 6月, 2016 4 次提交
-
-
由 Ján Tomko 提交于
Rename them to virNetSocket{Local,Remote}AddrStringSASL to make their format more obvious.
-
由 Ján Tomko 提交于
Make it more obvious that these are in the SASL format.
-
由 Ján Tomko 提交于
It will return the socket address and port in a URI-like format: [::1]:1234 Add a test case to virnetsockettest.
-
由 Ján Tomko 提交于
This partially reverts commit 9b45c9f0. It changed the default format of socket address from the one SASL requires, but did not adjust all the callers. It also removed the test coverage for it. Revert most of the changes except the virSocketAddrFormatFull support for URI-formatted strings. This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1345743 while reverting the format used by virt-admin's client-info command from the URI one to the SASL one. https://bugzilla.redhat.com/show_bug.cgi?id=1345743
-