- 19 12月, 2015 2 次提交
-
-
由 Daniel P. Berrange 提交于
Introduce a new QCryptoSecret object class which will be used for providing passwords and keys to other objects which need sensitive credentials. The new object can provide secret values directly as properties, or indirectly via a file. The latter includes support for file descriptor passing syntax on UNIX platforms. Ordinarily passing secret values directly as properties is insecure, since they are visible in process listings, or in log files showing the CLI args / QMP commands. It is possible to use AES-256-CBC to encrypt the secret values though, in which case all that is visible is the ciphertext. For ad hoc developer testing though, it is fine to provide the secrets directly without encryption so this is not explicitly forbidden. The anticipated scenario is that libvirtd will create a random master key per QEMU instance (eg /var/run/libvirt/qemu/$VMNAME.key) and will use that key to encrypt all passwords it provides to QEMU via '-object secret,....'. This avoids the need for libvirt (or other mgmt apps) to worry about file descriptor passing. It also makes life easier for people who are scripting the management of QEMU, for whom FD passing is significantly more complex. Providing data inline (insecure, only for ad hoc dev testing) $QEMU -object secret,id=sec0,data=letmein Providing data indirectly in raw format printf "letmein" > mypasswd.txt $QEMU -object secret,id=sec0,file=mypasswd.txt Providing data indirectly in base64 format $QEMU -object secret,id=sec0,file=mykey.b64,format=base64 Providing data with encryption $QEMU -object secret,id=master0,file=mykey.b64,format=base64 \ -object secret,id=sec0,data=[base64 ciphertext],\ keyid=master0,iv=[base64 IV],format=base64 Note that 'format' here refers to the format of the ciphertext data. The decrypted data must always be in raw byte format. More examples are shown in the updated docs. Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The standard glib provided g_base64_decode doesn't provide any kind of sensible error checking on its input. Add a QEMU custom wrapper qbase64_decode which can be used with untrustworthy input that can contain invalid base64 characters, embedded NUL characters, or not be NUL terminated at all. Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 18 12月, 2015 6 次提交
-
-
由 Daniel P. Berrange 提交于
Add a QIOChannel subclass that is capable of performing I/O to/from a memory buffer. This implementation does not attempt to support concurrent readers & writers. It is designed for serialized access where by a single thread at a time may write data, seek and then read data back out. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add a QIOChannel subclass that is capable of performing I/O to/from a separate process, via a pair of pipes. The command can be used for unidirectional or bi-directional I/O. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add a QIOChannel subclass that can run the TLS protocol over the top of another QIOChannel instance. The object provides a simplified API to perform the handshake when starting the TLS session. The layering of TLS over the underlying channel does not have to be setup immediately. It is possible to take an existing QIOChannel that has done some handshake and then swap in the QIOChannelTLS layer. This allows for use with protocols which start TLS right away, and those which start plain text and then negotiate TLS. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add a QIOChannel subclass that is capable of operating on things that are files, such as plain files, pipes, character/block devices, but notably not sockets. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Implement a QIOChannel subclass that supports sockets I/O. The implementation is able to manage a single socket file descriptor, whether a TCP/UNIX listener, TCP/UNIX connection, or a UDP datagram. It provides APIs which can listen and connect either asynchronously or synchronously. Since there is no asynchronous DNS lookup API available, it uses the QIOTask helper for spawning a background thread to ensure non-blocking operation. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
A number of I/O operations need to be performed asynchronously to avoid blocking the main loop. The caller of such APIs need to provide a callback to be invoked on completion/error and need access to the error, if any. The small QIOTask provides a simple framework for dealing with such probes. The API docs inline provide an outline of how this is to be used. Some functions don't have the ability to run asynchronously (eg getaddrinfo always blocks), so to facilitate their use, the task class provides a mechanism to run a blocking function in a thread, while triggering the completion callback in the main event loop thread. This easily allows any synchronous function to be made asynchronous, albeit at the cost of spawning a thread. In this series, the QIOTask class will be used for things like the TLS handshake, the websockets handshake and TCP connect() progress. The concept of QIOTask is inspired by the GAsyncResult interface / GTask class in the GIO libraries. The min version requirements on glib don't allow those to be used from QEMU, so QIOTask provides a facsimilie which can be easily switched to GTask in the future if the min version is increased. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 17 11月, 2015 1 次提交
-
-
由 Eric Blake 提交于
Commits 6c6f312d and bd797fc1 added new tests (test-blockjob-txn and test-timed-average, respectively), but did not mark them for exclusion in .gitignore. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Message-id: 1447386423-13160-1-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 06 11月, 2015 1 次提交
-
-
由 Eric Blake 提交于
Commit 62c39b30 added a new test, but did not mark it for exclusion in .gitignore. Signed-off-by: NEric Blake <eblake@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 12 10月, 2015 1 次提交
-
-
由 Yang Hongyang 提交于
Using qtest qmp interface to implement following cases: 1) add/remove netfilter 2) add a netfilter then delete the netdev 3) add/remove more than one netfilters 4) add more than one netfilters and then delete the netdev Signed-off-by: NYang Hongyang <yanghy@cn.fujitsu.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
- 21 9月, 2015 1 次提交
-
-
由 Markus Armbruster 提交于
qapi/introspect.json defines the introspection schema. It's designed for QMP introspection, but should do for similar uses, such as QGA. The introspection schema does not reflect all the rules and restrictions that apply to QAPI schemata. A valid QAPI schema has an introspection value conforming to the introspection schema, but the converse is not true. Introspection lowers away a number of schema details, and makes implicit things explicit: * The built-in types are declared with their JSON type. All integer types are mapped to 'int', because how many bits we use internally is an implementation detail. It could be pressed into external interface service as very approximate range information, but that's a bad idea. If we need range information, we better do it properly. * Implicit type definitions are made explicit, and given auto-generated names: - Array types, named by appending "List" to the name of their element type, like in generated C. - The enumeration types implicitly defined by simple union types, named by appending "Kind" to the name of their simple union type, like in generated C. - Types that don't occur in generated C. Their names start with ':' so they don't clash with the user's names. * All type references are by name. * The struct and union types are generalized into an object type. * Base types are flattened. * Commands take a single argument and return a single result. Dictionary argument or list result is an implicit type definition. The empty object type is used when a command takes no arguments or produces no results. The argument is always of object type, but the introspection schema doesn't reflect that. The 'gen': false directive is omitted as implementation detail. The 'success-response' directive is omitted as well for now, even though it's not an implementation detail, because it's not used by QMP. * Events carry a single data value. Implicit type definition and empty object type use, just like for commands. The value is of object type, but the introspection schema doesn't reflect that. * Types not used by commands or events are omitted. Indirect use counts as use. * Optional members have a default, which can only be null right now Instead of a mandatory "optional" flag, we have an optional default. No default means mandatory, default null means optional without default value. Non-null is available for optional with default (possible future extension). * Clients should *not* look up types by name, because type names are not ABI. Look up the command or event you're interested in, then follow the references. TODO Should we hide the type names to eliminate the temptation? New generator scripts/qapi-introspect.py computes an introspection value for its input, and generates a C variable holding it. It can generate awfully long lines. Marked TODO. A new test-qmp-input-visitor test case feeds its result for both tests/qapi-schema/qapi-schema-test.json and qapi-schema.json to a QmpInputVisitor to verify it actually conforms to the schema. New QMP command query-qmp-schema takes its return value from that variable. Its reply is some 85KiBytes for me right now. If this turns out to be too much, we have a couple of options: * We can use shorter names in the JSON. Not the QMP style. * Optionally return the sub-schema for commands and events given as arguments. Right now qmp_query_schema() sends the string literal computed by qmp-introspect.py. To compute sub-schema at run time, we'd have to duplicate parts of qapi-introspect.py in C. Unattractive. * Let clients cache the output of query-qmp-schema. It changes only on QEMU upgrades, i.e. rarely. Provide a command query-qmp-schema-hash. Clients can have a cache indexed by hash, and re-query the schema only when they don't have it cached. Even simpler: put the hash in the QMP greeting. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
- 15 9月, 2015 2 次提交
-
-
由 Daniel P. Berrange 提交于
Introduce a QCryptoTLSSession object that will encapsulate all the code for setting up and using a client/sever TLS session. This isolates the code which depends on the gnutls library, avoiding #ifdefs in the rest of the codebase, as well as facilitating any possible future port to other TLS libraries, if desired. It makes use of the previously defined QCryptoTLSCreds object to access credentials to use with the session. It also includes further unit tests to validate the correctness of the TLS session handshake and certificate validation. This is functionally equivalent to the current TLS session handling code embedded in the VNC server, and will obsolete it. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
If the administrator incorrectly sets up their x509 certificates, the errors seen at runtime during connection attempts are very obscure and difficult to diagnose. This has been a particular problem for people using openssl to generate their certificates instead of the gnutls certtool, because the openssl tools don't turn on the various x509 extensions that gnutls expects to be present by default. This change thus adds support in the TLS credentials object to sanity check the certificates when QEMU first loads them. This gives the administrator immediate feedback for the majority of common configuration mistakes, reducing the pain involved in setting up TLS. The code is derived from equivalent code that has been part of libvirt's TLS support and has been seen to be valuable in assisting admins. It is possible to disable the sanity checking, however, via the new 'sanity-check' property on the tls-creds object type, with a value of 'no'. Unit tests are included in this change to verify the correctness of the sanity checking code in all the key scenarios it is intended to cope with. As part of the test suite, the pkix_asn1_tab.c from gnutls is imported. This file is intentionally copied from the (long since obsolete) gnutls 1.6.3 source tree, since that version was still under GPLv2+, rather than the GPLv3+ of gnutls >= 2.0. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 08 7月, 2015 1 次提交
-
-
由 Daniel P. Berrange 提交于
Introduce a generic cipher API and an implementation of it that supports only the built-in AES and DES-RFB algorithms. The test suite checks the supported algorithms + modes to validate that every backend implementation is actually correctly complying with the specs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-Id: <1435770638-25715-5-git-send-email-berrange@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 07 7月, 2015 1 次提交
-
-
由 Daniel P. Berrange 提交于
Introduce a new crypto/ directory that will (eventually) contain all the cryptographic related code. This initially defines a wrapper for initializing gnutls and for computing hashes with gnutls. The former ensures that gnutls is guaranteed to be initialized exactly once in QEMU regardless of CLI args. The block quorum code currently fails to initialize gnutls so it only works by luck, if VNC server TLS is not requested. The hash APIs avoids the need to litter the rest of the code with preprocessor checks and simplifies callers by allocating the correct amount of memory for the requested hash. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-Id: <1435770638-25715-2-git-send-email-berrange@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 20 6月, 2015 1 次提交
-
-
由 Daniel P. Berrange 提交于
It is reasonably common to want to create an object, set a number of properties, register it in the hierarchy and then mark it as complete (if a user creatable type). This requires quite a lot of error prone, verbose, boilerplate code to achieve. First a pair of functions object_set_props() / object_set_propv() are added which allow for a list of objects to be set in one single API call. Then object_new_with_props() / object_new_with_propv() constructors are added which simplify the sequence of calls to create an object, populate properties, register in the object composition tree and mark the object complete, into a single method call. Usage would be: Error *err = NULL; Object *obj; obj = object_new_with_propv(TYPE_MEMORY_BACKEND_FILE, object_get_objects_root(), "hostmem0", &err, "share", "yes", "mem-path", "/dev/shm/somefile", "prealloc", "yes", "size", "1048576", NULL); Note all property values are passed in string form and will be parsed into their required data types, using normal QOM semantics for parsing from string format. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NAndreas Färber <afaerber@suse.de>
-
- 10 3月, 2015 1 次提交
-
-
由 Cole Robinson 提交于
Signed-off-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 27 9月, 2014 1 次提交
-
-
由 Eric Blake 提交于
After an in-tree build and run of 'make check-{qapi-schema,unit}', I noticed some leftover files. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NWenchao Xia <wenchaoqemu@gmail.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 27 4月, 2014 2 次提交
-
-
由 Cole Robinson 提交于
Signed-off-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
由 Laszlo Ersek 提交于
Also sort the test-* entries in the latter. Signed-off-by: NLaszlo Ersek <lersek@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 01 2月, 2014 1 次提交
-
-
由 Fam Zheng 提交于
Signed-off-by: NFam Zheng <famz@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 13 1月, 2014 1 次提交
-
-
由 Eduardo Habkost 提交于
* Basic load/save tests * Tests for loading older versions * Tests for .field_exists() handling Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
- 03 10月, 2013 1 次提交
-
-
由 Markus Armbruster 提交于
Commit 4f193e34 added the test, but screwed up in-tree builds (SRCDIR=.): the tests's output overwrites the expected output, and is thus compared to itself. Cc: qemu-stable@nongnu.org Reported-by: NLaszlo Ersek <lersek@redhat.com> Reviewed-by: NAndreas Färber <afaerber@suse.de> Reviewed-by: NLaszlo Ersek <lersek@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 01 10月, 2013 1 次提交
-
-
由 Markus Armbruster 提交于
Forgotten in commit 6046c620 and 3464700f. Cc: qemu-stable@nongnu.org Reviewed-by: NAndreas Färber <afaerber@suse.de> Reviewed-by: NLaszlo Ersek <lersek@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 21 9月, 2013 1 次提交
-
-
由 Fam Zheng 提交于
Signed-off-by: NFam Zheng <famz@redhat.com> Reviewed-by: NBenoit Canet <benoit@irqsave.net> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 17 8月, 2013 1 次提交
-
-
由 Eduardo Habkost 提交于
This tests the qdev global-properties handling code. Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Signed-off-by: NAndreas Färber <afaerber@suse.de>
-
- 21 2月, 2013 1 次提交
-
-
由 David Gibson 提交于
These binaries are generated during make check on at least some configurations, so att them to .gitignore. Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 27 1月, 2013 1 次提交
-
-
由 Eduardo Habkost 提交于
This introduces utility functions for the APIC ID calculation, based on: Intel® 64 Architecture Processor Topology Enumeration http://software.intel.com/en-us/articles/intel-64-architecture-processor-topology-enumeration/ The code should be compatible with AMD's "Extended Method" described at: AMD CPUID Specification (Publication #25481) Section 3: Multiple Core Calcuation as long as: - nr_threads is set to 1; - OFFSET_IDX is assumed to be 0; - CPUID Fn8000_0008_ECX[ApicIdCoreIdSize[3:0]] is set to apicid_core_width(). Unit tests included. Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Signed-off-by: NAndreas Färber <afaerber@suse.de>
-
- 20 4月, 2012 1 次提交
-
-
由 David Gibson 提交于
The new autotests in tests/ generate a number of files, both executable and source, which are not caught by the existing .gitignore files. This patch adds a new .gitignore in tests/ which covers these. [Changed 'rtc-test' to '*-test' so future tests do not need to be added to .gitignore on a case-by-case basis. Stefan] Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>
-