daemonSetupNetworking(virNetServerPtr srv, virNetServerPtr srvAdm, struct daemonConfig *config, const char *sock_path, const char *sock_path_ro, const char *sock_path_adm, bool ipsock, bool privileged) { virNetServerServicePtr svc = NULL; virNetServerServicePtr svcAdm = NULL; virNetServerServicePtr svcRO = NULL; virNetServerServicePtr svcTCP = NULL; #if WITH_GNUTLS virNetServerServicePtr svcTLS = NULL; #endif gid_t unix_sock_gid = 0; int unix_sock_ro_mask = 0; int unix_sock_rw_mask = 0; int unix_sock_adm_mask = 0; int ret = -1; unsigned int cur_fd = STDERR_FILENO + 1; unsigned int nfds = virGetListenFDs(); if (config->unix_sock_group) { if (virGetGroupID(config->unix_sock_group, &unix_sock_gid) < 0) return ret; } if (nfds > (sock_path_ro ? 2 : 1)) { VIR_ERROR(_("Too many (%u) FDs passed from caller"), nfds); return ret; } if (virStrToLong_i(config->unix_sock_ro_perms, NULL, 8, &unix_sock_ro_mask) != 0) { VIR_ERROR(_("Failed to parse mode '%s'"), config->unix_sock_ro_perms); goto cleanup; } if (virStrToLong_i(config->unix_sock_admin_perms, NULL, 8, &unix_sock_adm_mask) != 0) { VIR_ERROR(_("Failed to parse mode '%s'"), config->unix_sock_admin_perms); goto cleanup; } if (virStrToLong_i(config->unix_sock_rw_perms, NULL, 8, &unix_sock_rw_mask) != 0) { VIR_ERROR(_("Failed to parse mode '%s'"), config->unix_sock_rw_perms); goto cleanup; } if (!(svc = virNetServerServiceNewFDOrUNIX(sock_path, unix_sock_rw_mask, unix_sock_gid, config->auth_unix_rw, #if WITH_GNUTLS NULL, #endif false, config->max_queued_clients, config->max_client_requests, nfds, &cur_fd))) goto cleanup; if (sock_path_ro) { if (!(svcRO = virNetServerServiceNewFDOrUNIX(sock_path_ro, unix_sock_ro_mask, unix_sock_gid, config->auth_unix_ro, #if WITH_GNUTLS NULL, #endif true, config->max_queued_clients, config->max_client_requests, nfds, &cur_fd))) goto cleanup; } if (virNetServerAddService(srv, svc, config->mdns_adv && !ipsock ? "_libvirt._tcp" : NULL) < 0) goto cleanup; if (svcRO && virNetServerAddService(srv, svcRO, NULL) < 0) goto cleanup; /* Temporarily disabled */ if (sock_path_adm && false) { VIR_DEBUG("Registering unix socket %s", sock_path_adm); if (!(svcAdm = virNetServerServiceNewUNIX(sock_path_adm, unix_sock_adm_mask, unix_sock_gid, REMOTE_AUTH_NONE, #if WITH_GNUTLS NULL, #endif true, config->admin_max_queued_clients, config->admin_max_client_requests))) goto cleanup; if (virNetServerAddService(srvAdm, svcAdm, NULL) < 0) goto cleanup; } if (ipsock) { if (config->listen_tcp) { VIR_DEBUG("Registering TCP socket %s:%s", config->listen_addr, config->tcp_port); if (!(svcTCP = virNetServerServiceNewTCP(config->listen_addr, config->tcp_port, AF_UNSPEC, config->auth_tcp, #if WITH_GNUTLS NULL, #endif false, config->max_queued_clients, config->max_client_requests))) goto cleanup; if (virNetServerAddService(srv, svcTCP, config->mdns_adv ? "_libvirt._tcp" : NULL) < 0) goto cleanup; } #if WITH_GNUTLS if (config->listen_tls) { virNetTLSContextPtr ctxt = NULL; if (config->ca_file || config->cert_file || config->key_file) { if (!(ctxt = virNetTLSContextNewServer(config->ca_file, config->crl_file, config->cert_file, config->key_file, (const char *const*)config->tls_allowed_dn_list, config->tls_no_sanity_certificate ? false : true, config->tls_no_verify_certificate ? false : true))) goto cleanup; } else { if (!(ctxt = virNetTLSContextNewServerPath(NULL, !privileged, (const char *const*)config->tls_allowed_dn_list, config->tls_no_sanity_certificate ? false : true, config->tls_no_verify_certificate ? false : true))) goto cleanup; } VIR_DEBUG("Registering TLS socket %s:%s", config->listen_addr, config->tls_port); if (!(svcTLS = virNetServerServiceNewTCP(config->listen_addr, config->tls_port, AF_UNSPEC, config->auth_tls, ctxt, false, config->max_queued_clients, config->max_client_requests))) { virObjectUnref(ctxt); goto cleanup; } if (virNetServerAddService(srv, svcTLS, config->mdns_adv && !config->listen_tcp ? "_libvirt._tcp" : NULL) < 0) goto cleanup; virObjectUnref(ctxt); } #else (void)privileged; if (config->listen_tls) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("This libvirtd build does not support TLS")); goto cleanup; } #endif } #if WITH_SASL if (config->auth_unix_rw == REMOTE_AUTH_SASL || config->auth_unix_ro == REMOTE_AUTH_SASL || # if WITH_GNUTLS config->auth_tls == REMOTE_AUTH_SASL || # endif config->auth_tcp == REMOTE_AUTH_SASL) { saslCtxt = virNetSASLContextNewServer( (const char *const*)config->sasl_allowed_username_list); if (!saslCtxt) goto cleanup; } #endif ret = 0; cleanup: #if WITH_GNUTLS virObjectUnref(svcTLS); #endif virObjectUnref(svcTCP); virObjectUnref(svcRO); virObjectUnref(svcAdm); virObjectUnref(svc); return ret; }
/* * * We don't free stuff here, merely disconnect the client's * network socket & resources. * * Full free of the client is done later in a safe point * where it can be guaranteed it is no longer in use */ void virNetServerClientClose(virNetServerClientPtr client) { virNetServerClientCloseFunc cf; virKeepAlivePtr ka; virObjectLock(client); VIR_DEBUG("client=%p", client); if (!client->sock) { virObjectUnlock(client); return; } if (client->keepalive) { virKeepAliveStop(client->keepalive); ka = client->keepalive; client->keepalive = NULL; virObjectRef(client); virObjectUnlock(client); virObjectUnref(ka); virObjectLock(client); virObjectUnref(client); } if (client->privateDataCloseFunc) { cf = client->privateDataCloseFunc; virObjectRef(client); virObjectUnlock(client); (cf)(client); virObjectLock(client); virObjectUnref(client); } /* Do now, even though we don't close the socket * until end, to ensure we don't get invoked * again due to tls shutdown */ if (client->sock) virNetSocketRemoveIOCallback(client->sock); #if WITH_GNUTLS if (client->tls) { virObjectUnref(client->tls); client->tls = NULL; } #endif client->wantClose = true; while (client->rx) { virNetMessagePtr msg = virNetMessageQueueServe(&client->rx); virNetMessageFree(msg); } while (client->tx) { virNetMessagePtr msg = virNetMessageQueueServe(&client->tx); virNetMessageFree(msg); } if (client->sock) { virObjectUnref(client->sock); client->sock = NULL; } virObjectUnlock(client); }
/** * virLXCProcessCleanup: * @driver: pointer to driver structure * @vm: pointer to VM to clean up * @reason: reason for switching the VM to shutoff state * * Cleanout resources associated with the now dead VM * */ static void virLXCProcessCleanup(virLXCDriverPtr driver, virDomainObjPtr vm, virDomainShutoffReason reason) { virCgroupPtr cgroup; int i; virLXCDomainObjPrivatePtr priv = vm->privateData; virNetDevVPortProfilePtr vport = NULL; VIR_DEBUG("Stopping VM name=%s pid=%d reason=%d", vm->def->name, (int)vm->pid, (int)reason); /* now that we know it's stopped call the hook if present */ if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { char *xml = virDomainDefFormat(vm->def, 0); /* we can't stop the operation even if the script raised an error */ virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, VIR_HOOK_LXC_OP_STOPPED, VIR_HOOK_SUBOP_END, NULL, xml, NULL); VIR_FREE(xml); } /* Stop autodestroy in case guest is restarted */ virLXCProcessAutoDestroyRemove(driver, vm); if (priv->monitor) { virLXCMonitorClose(priv->monitor); virObjectUnref(priv->monitor); priv->monitor = NULL; } virPidFileDelete(driver->stateDir, vm->def->name); virDomainDeleteConfig(driver->stateDir, NULL, vm); virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, reason); vm->pid = -1; vm->def->id = -1; driver->nactive--; if (!driver->nactive && driver->inhibitCallback) driver->inhibitCallback(false, driver->inhibitOpaque); virLXCDomainReAttachHostDevices(driver, vm->def); for (i = 0 ; i < vm->def->nnets ; i++) { virDomainNetDefPtr iface = vm->def->nets[i]; vport = virDomainNetGetActualVirtPortProfile(iface); if (iface->ifname) { ignore_value(virNetDevSetOnline(iface->ifname, false)); if (vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) ignore_value(virNetDevOpenvswitchRemovePort( virDomainNetGetActualBridgeName(iface), iface->ifname)); ignore_value(virNetDevVethDelete(iface->ifname)); } networkReleaseActualDevice(iface); } virDomainConfVMNWFilterTeardown(vm); if (driver->cgroup && virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0) == 0) { virCgroupRemove(cgroup); virCgroupFree(&cgroup); } /* now that we know it's stopped call the hook if present */ if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { char *xml = virDomainDefFormat(vm->def, 0); /* we can't stop the operation even if the script raised an error */ virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, VIR_HOOK_LXC_OP_RELEASE, VIR_HOOK_SUBOP_END, NULL, xml, NULL); VIR_FREE(xml); } if (vm->newDef) { virDomainDefFree(vm->def); vm->def = vm->newDef; vm->def->id = -1; vm->newDef = NULL; } }
/* * Read data until we get a complete message to process */ static void virNetServerClientDispatchRead(virNetServerClientPtr client) { readmore: if (client->rx->nfds == 0) { if (virNetServerClientRead(client) < 0) { client->wantClose = true; return; /* Error */ } } if (client->rx->bufferOffset < client->rx->bufferLength) return; /* Still not read enough */ /* Either done with length word header */ if (client->rx->bufferLength == VIR_NET_MESSAGE_LEN_MAX) { if (virNetMessageDecodeLength(client->rx) < 0) { client->wantClose = true; return; } virNetServerClientUpdateEvent(client); /* Try and read payload immediately instead of going back into poll() because chances are the data is already waiting for us */ goto readmore; } else { /* Grab the completed message */ virNetMessagePtr msg = client->rx; virNetMessagePtr response = NULL; virNetServerClientFilterPtr filter; size_t i; /* Decode the header so we can use it for routing decisions */ if (virNetMessageDecodeHeader(msg) < 0) { virNetMessageQueueServe(&client->rx); virNetMessageFree(msg); client->wantClose = true; return; } /* Now figure out if we need to read more data to get some * file descriptors */ if (msg->header.type == VIR_NET_CALL_WITH_FDS && virNetMessageDecodeNumFDs(msg) < 0) { virNetMessageQueueServe(&client->rx); virNetMessageFree(msg); client->wantClose = true; return; /* Error */ } /* Try getting the file descriptors (may fail if blocking) */ for (i = msg->donefds; i < msg->nfds; i++) { int rv; if ((rv = virNetSocketRecvFD(client->sock, &(msg->fds[i]))) < 0) { virNetMessageQueueServe(&client->rx); virNetMessageFree(msg); client->wantClose = true; return; } if (rv == 0) /* Blocking */ break; msg->donefds++; } /* Need to poll() until FDs arrive */ if (msg->donefds < msg->nfds) { /* Because DecodeHeader/NumFDs reset bufferOffset, we * put it back to what it was, so everything works * again next time we run this method */ client->rx->bufferOffset = client->rx->bufferLength; return; } /* Definitely finished reading, so remove from queue */ virNetMessageQueueServe(&client->rx); PROBE(RPC_SERVER_CLIENT_MSG_RX, "client=%p len=%zu prog=%u vers=%u proc=%u type=%u status=%u serial=%u", client, msg->bufferLength, msg->header.prog, msg->header.vers, msg->header.proc, msg->header.type, msg->header.status, msg->header.serial); if (virKeepAliveCheckMessage(client->keepalive, msg, &response)) { virNetMessageFree(msg); client->nrequests--; msg = NULL; if (response && virNetServerClientSendMessageLocked(client, response) < 0) virNetMessageFree(response); } /* Maybe send off for queue against a filter */ if (msg) { filter = client->filters; while (filter) { int ret = filter->func(client, msg, filter->opaque); if (ret < 0) { virNetMessageFree(msg); msg = NULL; if (ret < 0) client->wantClose = true; break; } if (ret > 0) { msg = NULL; break; } filter = filter->next; } } /* Send off to for normal dispatch to workers */ if (msg) { virObjectRef(client); if (!client->dispatchFunc || client->dispatchFunc(client, msg, client->dispatchOpaque) < 0) { virNetMessageFree(msg); client->wantClose = true; virObjectUnref(client); return; } } /* Possibly need to create another receive buffer */ if (client->nrequests < client->nrequests_max) { if (!(client->rx = virNetMessageNew(true))) { client->wantClose = true; } else { client->rx->bufferLength = VIR_NET_MESSAGE_LEN_MAX; if (VIR_ALLOC_N(client->rx->buffer, client->rx->bufferLength) < 0) { client->wantClose = true; } else { client->nrequests++; } } } virNetServerClientUpdateEvent(client); } }
virNetServerClientPtr virNetServerClientNewPostExecRestart(virJSONValuePtr object, virNetServerClientPrivNewPostExecRestart privNew, virNetServerClientPrivPreExecRestart privPreExecRestart, virFreeCallback privFree, void *privOpaque) { virJSONValuePtr child; virNetServerClientPtr client = NULL; virNetSocketPtr sock; int auth; bool readonly; unsigned int nrequests_max; if (virJSONValueObjectGetNumberInt(object, "auth", &auth) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing auth field in JSON state document")); return NULL; } if (virJSONValueObjectGetBoolean(object, "readonly", &readonly) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing readonly field in JSON state document")); return NULL; } if (virJSONValueObjectGetNumberUint(object, "nrequests_max", (unsigned int *)&nrequests_max) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing nrequests_client_max field in JSON state document")); return NULL; } if (!(child = virJSONValueObjectGet(object, "sock"))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing sock field in JSON state document")); return NULL; } if (!(sock = virNetSocketNewPostExecRestart(child))) { virObjectUnref(sock); return NULL; } if (!(client = virNetServerClientNewInternal(sock, auth, #ifdef WITH_GNUTLS NULL, #endif readonly, nrequests_max))) { virObjectUnref(sock); return NULL; } virObjectUnref(sock); if (privNew) { if (!(child = virJSONValueObjectGet(object, "privateData"))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing privateData field in JSON state document")); goto error; } if (!(client->privateData = privNew(client, child, privOpaque))) { goto error; } client->privateDataFreeFunc = privFree; client->privateDataPreExecRestart = privPreExecRestart; } return client; error: virObjectUnref(client); return NULL; }
virCapsPtr virQEMUDriverCreateCapabilities(virQEMUDriverPtr driver) { size_t i, j; virCapsPtr caps; virSecurityManagerPtr *sec_managers = NULL; /* Security driver data */ const char *doi, *model, *lbl, *type; virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); const int virtTypes[] = {VIR_DOMAIN_VIRT_KVM, VIR_DOMAIN_VIRT_QEMU,}; /* Basic host arch / guest machine capabilities */ if (!(caps = virQEMUCapsInit(driver->qemuCapsCache))) goto error; if (virGetHostUUID(caps->host.host_uuid)) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot get the host uuid")); goto error; } /* access sec drivers and create a sec model for each one */ if (!(sec_managers = virSecurityManagerGetNested(driver->securityManager))) goto error; /* calculate length */ for (i = 0; sec_managers[i]; i++) ; caps->host.nsecModels = i; if (VIR_ALLOC_N(caps->host.secModels, caps->host.nsecModels) < 0) goto error; for (i = 0; sec_managers[i]; i++) { virCapsHostSecModelPtr sm = &caps->host.secModels[i]; doi = virSecurityManagerGetDOI(sec_managers[i]); model = virSecurityManagerGetModel(sec_managers[i]); if (VIR_STRDUP(sm->model, model) < 0 || VIR_STRDUP(sm->doi, doi) < 0) goto error; for (j = 0; j < ARRAY_CARDINALITY(virtTypes); j++) { lbl = virSecurityManagerGetBaseLabel(sec_managers[i], virtTypes[j]); type = virDomainVirtTypeToString(virtTypes[j]); if (lbl && virCapabilitiesHostSecModelAddBaseLabel(sm, type, lbl) < 0) goto error; } VIR_DEBUG("Initialized caps for security driver \"%s\" with " "DOI \"%s\"", model, doi); } VIR_FREE(sec_managers); virObjectUnref(cfg); return caps; error: VIR_FREE(sec_managers); virObjectUnref(caps); virObjectUnref(cfg); return NULL; }
int vmwareLoadDomains(struct vmware_driver *driver) { virDomainDefPtr vmdef = NULL; virDomainObjPtr vm = NULL; char *vmxPath = NULL; char *vmx = NULL; vmwareDomainPtr pDomain; char *directoryName = NULL; char *fileName = NULL; int ret = -1; virVMXContext ctx; char *outbuf = NULL; char *str; char *saveptr = NULL; virCommandPtr cmd; ctx.parseFileName = vmwareCopyVMXFileName; ctx.formatFileName = NULL; ctx.autodetectSCSIControllerModel = NULL; ctx.datacenterPath = NULL; cmd = virCommandNewArgList(driver->vmrun, "-T", vmwareDriverTypeToString(driver->type), "list", NULL); virCommandSetOutputBuffer(cmd, &outbuf); if (virCommandRun(cmd, NULL) < 0) goto cleanup; for (str = outbuf; (vmxPath = strtok_r(str, "\n", &saveptr)) != NULL; str = NULL) { if (vmxPath[0] != '/') continue; if (virFileReadAll(vmxPath, 10000, &vmx) < 0) goto cleanup; if ((vmdef = virVMXParseConfig(&ctx, driver->xmlopt, driver->caps, vmx)) == NULL) { goto cleanup; } if (!(vm = virDomainObjListAdd(driver->domains, vmdef, driver->xmlopt, 0, NULL))) goto cleanup; pDomain = vm->privateData; if (VIR_STRDUP(pDomain->vmxPath, vmxPath) < 0) goto cleanup; vmwareDomainConfigDisplay(pDomain, vmdef); if ((vm->def->id = vmwareExtractPid(vmxPath)) < 0) goto cleanup; /* vmrun list only reports running vms */ virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, VIR_DOMAIN_RUNNING_UNKNOWN); vm->persistent = 1; virObjectUnlock(vm); vmdef = NULL; vm = NULL; } ret = 0; cleanup: virCommandFree(cmd); VIR_FREE(outbuf); virDomainDefFree(vmdef); VIR_FREE(directoryName); VIR_FREE(fileName); VIR_FREE(vmx); virObjectUnref(vm); return ret; }
static int testCompareFiles(const char *xml, const char *sexpr, int xendConfigVersion) { char *xmlData = NULL; char *sexprData = NULL; char *gotxml = NULL; int id; char * tty; int vncport; int ret = -1; virDomainDefPtr def = NULL; virConnectPtr conn; struct _xenUnifiedPrivate priv; conn = virGetConnect(); if (!conn) goto fail; if (virtTestLoadFile(xml, &xmlData) < 0) goto fail; if (virtTestLoadFile(sexpr, &sexprData) < 0) goto fail; memset(&priv, 0, sizeof(priv)); /* Many puppies died to bring you this code. */ priv.xendConfigVersion = xendConfigVersion; priv.caps = caps; conn->privateData = &priv; if (virMutexInit(&priv.lock) < 0) goto fail; if (xenGetDomIdFromSxprString(sexprData, xendConfigVersion, &id) < 0) goto fail; xenUnifiedLock(&priv); tty = xenStoreDomainGetConsolePath(conn, id); vncport = xenStoreDomainGetVNCPort(conn, id); xenUnifiedUnlock(&priv); if (!(def = xenParseSxprString(sexprData, xendConfigVersion, tty, vncport))) goto fail; if (!virDomainDefCheckABIStability(def, def)) { fprintf(stderr, "ABI stability check failed on %s", xml); goto fail; } if (!(gotxml = virDomainDefFormat(def, 0))) goto fail; if (STRNEQ(xmlData, gotxml)) { virtTestDifference(stderr, xmlData, gotxml); goto fail; } ret = 0; fail: VIR_FREE(xmlData); VIR_FREE(sexprData); VIR_FREE(gotxml); virDomainDefFree(def); virObjectUnref(conn); return ret; }
int lxctoolsLoadDomains(struct lxctools_driver *driver) { int i,flags; virDomainObjPtr dom = NULL; virDomainDefPtr def = NULL; int cret_len; struct lxc_container** cret; char** names; virDomainXMLOptionPtr xmlopt; if ((cret_len = list_all_containers(driver->path, &names, &cret)) < 0) goto cleanup; for (i=0; i < cret_len; ++i) { if (!(def = virDomainDefNew())) goto cleanup; def->virtType = VIR_DOMAIN_VIRT_LXCTOOLS; if (!cret[i]->is_running(cret[i])) { def->id = -1; } else { def->id = cret[i]->init_pid(cret[i]); } if (lxctoolsReadUUID(cret[i], def->uuid) < 0) { virReportError(VIR_ERR_OPERATION_FAILED, "%s", "could not parse UUID"); goto cleanup; } def->os.type = VIR_DOMAIN_OSTYPE_EXE; def->name = names[i]; if (lxctoolsReadConfig(cret[i], def) < 0){ goto cleanup; } flags = VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE; if (def->id != -1) flags |= VIR_DOMAIN_OBJ_LIST_ADD_LIVE; if (!(xmlopt = virDomainXMLOptionNew(NULL, NULL, NULL, NULL, NULL))) goto cleanup; if (!(dom = virDomainObjListAdd(driver->domains, def, xmlopt, flags, NULL))) goto cleanup; if (!cret[i]->is_running(cret[i])) { virDomainObjSetState(dom, VIR_DOMAIN_SHUTOFF, VIR_DOMAIN_SHUTOFF_UNKNOWN); dom->pid = -1; } else { virDomainObjSetState(dom, VIR_DOMAIN_RUNNING, VIR_DOMAIN_RUNNING_UNKNOWN); dom->pid = cret[i]->init_pid(cret[i]); } dom->persistent = 1; dom->privateData = cret[i]; dom->privateDataFreeFunc = &container_cleaner; virObjectUnlock(dom); dom = NULL; def = NULL; } return 0; cleanup: VIR_FREE(cret); virObjectUnref(dom); virDomainDefFree(def); return -1; }
int openvzLoadDomains(struct openvz_driver *driver) { int veid, ret; char *status; char uuidstr[VIR_UUID_STRING_BUFLEN]; virDomainObjPtr dom = NULL; virDomainDefPtr def = NULL; char *temp = NULL; char *outbuf = NULL; char *line; virCommandPtr cmd = NULL; if (openvzAssignUUIDs() < 0) return -1; cmd = virCommandNewArgList(VZLIST, "-a", "-ovpsid,status", "-H", NULL); virCommandSetOutputBuffer(cmd, &outbuf); if (virCommandRun(cmd, NULL) < 0) goto cleanup; line = outbuf; while (line[0] != '\0') { unsigned int flags = 0; if (virStrToLong_i(line, &status, 10, &veid) < 0 || *status++ != ' ' || (line = strchr(status, '\n')) == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to parse vzlist output")); goto cleanup; } *line++ = '\0'; if (VIR_ALLOC(def) < 0) goto no_memory; def->virtType = VIR_DOMAIN_VIRT_OPENVZ; if (STREQ(status, "stopped")) def->id = -1; else def->id = veid; if (virAsprintf(&def->name, "%i", veid) < 0) goto no_memory; openvzGetVPSUUID(veid, uuidstr, sizeof(uuidstr)); ret = virUUIDParse(uuidstr, def->uuid); if (ret == -1) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("UUID in config file malformed")); goto cleanup; } if (!(def->os.type = strdup("exe"))) goto no_memory; if (!(def->os.init = strdup("/sbin/init"))) goto no_memory; ret = openvzReadVPSConfigParam(veid, "CPUS", &temp); if (ret < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Could not read config for container %d"), veid); goto cleanup; } else if (ret > 0) { def->maxvcpus = strtoI(temp); } if (ret == 0 || def->maxvcpus == 0) def->maxvcpus = openvzGetNodeCPUs(); def->vcpus = def->maxvcpus; /* XXX load rest of VM config data .... */ openvzReadNetworkConf(def, veid); openvzReadFSConf(def, veid); openvzReadMemConf(def, veid); virUUIDFormat(def->uuid, uuidstr); flags = VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE; if (STRNEQ(status, "stopped")) flags |= VIR_DOMAIN_OBJ_LIST_ADD_LIVE; if (!(dom = virDomainObjListAdd(driver->domains, def, driver->xmlopt, flags, NULL))) goto cleanup; if (STREQ(status, "stopped")) { virDomainObjSetState(dom, VIR_DOMAIN_SHUTOFF, VIR_DOMAIN_SHUTOFF_UNKNOWN); dom->pid = -1; } else { virDomainObjSetState(dom, VIR_DOMAIN_RUNNING, VIR_DOMAIN_RUNNING_UNKNOWN); dom->pid = veid; } /* XXX OpenVZ doesn't appear to have concept of a transient domain */ dom->persistent = 1; virObjectUnlock(dom); dom = NULL; def = NULL; } virCommandFree(cmd); VIR_FREE(temp); VIR_FREE(outbuf); return 0; no_memory: virReportOOMError(); cleanup: virCommandFree(cmd); VIR_FREE(temp); VIR_FREE(outbuf); virObjectUnref(dom); virDomainDefFree(def); return -1; }
static int mymain(void) { int ret = 0; if (!(caps = testXenCapsInit())) return EXIT_FAILURE; #define DO_TEST(in, out, version) \ do { \ struct testInfo info = { in, out, version }; \ virResetLastError(); \ if (virtTestRun("Xen SEXPR-2-XML " in " -> " out, \ testCompareHelper, &info) < 0) \ ret = -1; \ } while (0) DO_TEST("pv", "pv", 1); DO_TEST("fv", "fv", 1); DO_TEST("pv", "pv", 2); DO_TEST("fv-v2", "fv-v2", 2); DO_TEST("pv-vfb-orig", "pv-vfb-orig", 2); DO_TEST("pv-vfb-new", "pv-vfb-new", 3); DO_TEST("pv-vfb-new-vncdisplay", "pv-vfb-new-vncdisplay", 3); DO_TEST("pv-vfb-type-crash", "pv-vfb-type-crash", 3); DO_TEST("fv-autoport", "fv-autoport", 3); DO_TEST("pv-bootloader", "pv-bootloader", 1); DO_TEST("pv-bootloader-cmdline", "pv-bootloader-cmdline", 1); DO_TEST("pv-vcpus", "pv-vcpus", 1); DO_TEST("disk-file", "disk-file", 2); DO_TEST("disk-block", "disk-block", 2); DO_TEST("disk-block-shareable", "disk-block-shareable", 2); DO_TEST("disk-drv-blktap-raw", "disk-drv-blktap-raw", 2); DO_TEST("disk-drv-blktap-qcow", "disk-drv-blktap-qcow", 2); DO_TEST("disk-drv-blktap2-raw", "disk-drv-blktap2-raw", 2); DO_TEST("curmem", "curmem", 2); DO_TEST("net-routed", "net-routed", 2); DO_TEST("net-bridged", "net-bridged", 2); DO_TEST("net-e1000", "net-e1000", 2); DO_TEST("bridge-ipaddr", "bridge-ipaddr", 3); DO_TEST("no-source-cdrom", "no-source-cdrom", 2); DO_TEST("pv-localtime", "pv-localtime", 2); DO_TEST("pci-devs", "pci-devs", 2); DO_TEST("fv-utc", "fv-utc", 1); DO_TEST("fv-localtime", "fv-localtime", 1); DO_TEST("fv-usbmouse", "fv-usbmouse", 1); DO_TEST("fv-usbtablet", "fv-usbtablet", 1); DO_TEST("fv-kernel", "fv-kernel", 1); DO_TEST("fv-force-hpet", "fv-force-hpet", 1); DO_TEST("fv-force-nohpet", "fv-force-nohpet", 1); DO_TEST("fv-serial-null", "fv-serial-null", 1); DO_TEST("fv-serial-file", "fv-serial-file", 1); DO_TEST("fv-serial-dev-2-ports", "fv-serial-dev-2-ports", 1); DO_TEST("fv-serial-dev-2nd-port", "fv-serial-dev-2nd-port", 1); DO_TEST("fv-serial-stdio", "fv-serial-stdio", 1); DO_TEST("fv-serial-pty", "fv-serial-pty", 1); DO_TEST("fv-serial-pipe", "fv-serial-pipe", 1); DO_TEST("fv-serial-tcp", "fv-serial-tcp", 1); DO_TEST("fv-serial-udp", "fv-serial-udp", 1); DO_TEST("fv-serial-tcp-telnet", "fv-serial-tcp-telnet", 1); DO_TEST("fv-serial-unix", "fv-serial-unix", 1); DO_TEST("fv-parallel-tcp", "fv-parallel-tcp", 1); DO_TEST("fv-sound", "fv-sound", 1); DO_TEST("fv-sound-all", "fv-sound-all", 1); DO_TEST("fv-net-ioemu", "fv-net-ioemu", 1); DO_TEST("fv-net-netfront", "fv-net-netfront", 1); DO_TEST("fv-empty-kernel", "fv-empty-kernel", 1); DO_TEST("boot-grub", "boot-grub", 1); virObjectUnref(caps); return ret==0 ? EXIT_SUCCESS : EXIT_FAILURE; }
int virNetSocketNewListenTCP(const char *nodename, const char *service, virNetSocketPtr **retsocks, size_t *nretsocks) { virNetSocketPtr *socks = NULL; size_t nsocks = 0; struct addrinfo *ai = NULL; struct addrinfo hints; int fd = -1; int i; int addrInUse = false; *retsocks = NULL; *nretsocks = 0; memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG; hints.ai_socktype = SOCK_STREAM; int e = getaddrinfo(nodename, service, &hints, &ai); if (e != 0) { virReportError(VIR_ERR_SYSTEM_ERROR, _("Unable to resolve address '%s' service '%s': %s"), nodename, service, gai_strerror(e)); return -1; } struct addrinfo *runp = ai; while (runp) { virSocketAddr addr; memset(&addr, 0, sizeof(addr)); if ((fd = socket(runp->ai_family, runp->ai_socktype, runp->ai_protocol)) < 0) { virReportSystemError(errno, "%s", _("Unable to create socket")); goto error; } int opt = 1; if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) < 0) { virReportSystemError(errno, "%s", _("Unable to enable port reuse")); goto error; } #ifdef IPV6_V6ONLY if (runp->ai_family == PF_INET6) { int on = 1; /* * Normally on Linux an INET6 socket will bind to the INET4 * address too. If getaddrinfo returns results with INET4 * first though, this will result in INET6 binding failing. * We can trivially cope with multiple server sockets, so * we force it to only listen on IPv6 */ if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, (void*)&on, sizeof(on)) < 0) { virReportSystemError(errno, "%s", _("Unable to force bind to IPv6 only")); goto error; } } #endif if (bind(fd, runp->ai_addr, runp->ai_addrlen) < 0) { if (errno != EADDRINUSE) { virReportSystemError(errno, "%s", _("Unable to bind to port")); goto error; } addrInUse = true; VIR_FORCE_CLOSE(fd); runp = runp->ai_next; continue; } addr.len = sizeof(addr.data); if (getsockname(fd, &addr.data.sa, &addr.len) < 0) { virReportSystemError(errno, "%s", _("Unable to get local socket name")); goto error; } VIR_DEBUG("%p f=%d f=%d", &addr, runp->ai_family, addr.data.sa.sa_family); if (VIR_EXPAND_N(socks, nsocks, 1) < 0) { virReportOOMError(); goto error; } if (!(socks[nsocks-1] = virNetSocketNew(&addr, NULL, false, fd, -1, 0))) goto error; runp = runp->ai_next; fd = -1; } if (nsocks == 0 && addrInUse) { virReportSystemError(EADDRINUSE, "%s", _("Unable to bind to port")); goto error; } freeaddrinfo(ai); *retsocks = socks; *nretsocks = nsocks; return 0; error: for (i = 0 ; i < nsocks ; i++) virObjectUnref(socks[i]); VIR_FREE(socks); freeaddrinfo(ai); VIR_FORCE_CLOSE(fd); return -1; }
static virNetSocketPtr virNetSocketNew(virSocketAddrPtr localAddr, virSocketAddrPtr remoteAddr, bool isClient, int fd, int errfd, pid_t pid) { virNetSocketPtr sock; int no_slow_start = 1; if (virNetSocketInitialize() < 0) return NULL; VIR_DEBUG("localAddr=%p remoteAddr=%p fd=%d errfd=%d pid=%lld", localAddr, remoteAddr, fd, errfd, (long long) pid); if (virSetCloseExec(fd) < 0) { virReportSystemError(errno, "%s", _("Unable to set close-on-exec flag")); return NULL; } if (virSetNonBlock(fd) < 0) { virReportSystemError(errno, "%s", _("Unable to enable non-blocking flag")); return NULL; } if (!(sock = virObjectNew(virNetSocketClass))) return NULL; if (virMutexInit(&sock->lock) < 0) { virReportSystemError(errno, "%s", _("Unable to initialize mutex")); VIR_FREE(sock); return NULL; } if (localAddr) sock->localAddr = *localAddr; if (remoteAddr) sock->remoteAddr = *remoteAddr; sock->fd = fd; sock->errfd = errfd; sock->pid = pid; /* Disable nagle for TCP sockets */ if (sock->localAddr.data.sa.sa_family == AF_INET || sock->localAddr.data.sa.sa_family == AF_INET6) { if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &no_slow_start, sizeof(no_slow_start)) < 0) { virReportSystemError(errno, "%s", _("Unable to disable nagle algorithm")); goto error; } } if (localAddr && !(sock->localAddrStr = virSocketAddrFormatFull(localAddr, true, ";"))) goto error; if (remoteAddr && !(sock->remoteAddrStr = virSocketAddrFormatFull(remoteAddr, true, ";"))) goto error; sock->client = isClient; PROBE(RPC_SOCKET_NEW, "sock=%p fd=%d errfd=%d pid=%lld localAddr=%s, remoteAddr=%s", sock, fd, errfd, (long long) pid, NULLSTR(sock->localAddrStr), NULLSTR(sock->remoteAddrStr)); return sock; error: sock->fd = sock->errfd = -1; /* Caller owns fd/errfd on failure */ virObjectUnref(sock); return NULL; }
static int mymain(void) { int ret = 0; if (!(caps = virTestGenericCapsInit())) return EXIT_FAILURE; if (!(xmlopt = virTestGenericDomainXMLConfInit())) return EXIT_FAILURE; #define DO_TEST_FULL(name, is_different, inactive, expectResult) \ do { \ const struct testInfo info = {name, is_different, inactive, \ expectResult}; \ if (virTestRun("GENERIC XML-2-XML " name, \ testCompareXMLToXMLHelper, &info) < 0) \ ret = -1; \ } while (0) #define DO_TEST(name) \ DO_TEST_FULL(name, 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_SUCCESS) #define DO_TEST_DIFFERENT(name) \ DO_TEST_FULL(name, 1, false, TEST_COMPARE_DOM_XML2XML_RESULT_SUCCESS) DO_TEST_DIFFERENT("disk-virtio"); DO_TEST_DIFFERENT("graphics-vnc-minimal"); DO_TEST_DIFFERENT("graphics-vnc-manual-port"); DO_TEST_DIFFERENT("graphics-vnc-socket"); DO_TEST_DIFFERENT("graphics-vnc-socket-listen"); DO_TEST_DIFFERENT("graphics-listen-back-compat"); DO_TEST_FULL("graphics-listen-back-compat-mismatch", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_DIFFERENT("graphics-vnc-listen-attr-only"); DO_TEST_DIFFERENT("graphics-vnc-listen-element-minimal"); DO_TEST_DIFFERENT("graphics-vnc-listen-element-with-address"); DO_TEST_DIFFERENT("graphics-vnc-socket-attr-listen-address"); DO_TEST_DIFFERENT("graphics-vnc-socket-attr-listen-socket"); DO_TEST_FULL("graphics-vnc-socket-attr-listen-socket-mismatch", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST("graphics-vnc-autoport-no"); DO_TEST_FULL("name-slash-fail", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST("perf"); DO_TEST("vcpus-individual"); DO_TEST("disk-network-http"); DO_TEST("cpu-cache-emulate"); DO_TEST("cpu-cache-passthrough"); DO_TEST("cpu-cache-disable"); DO_TEST_DIFFERENT("chardev-tcp"); DO_TEST_FULL("chardev-tcp-missing-host", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_FULL("chardev-tcp-missing-service", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_FULL("chardev-tcp-multiple-source", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_DIFFERENT("chardev-udp"); DO_TEST_FULL("chardev-udp-missing-connect-service", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_FULL("chardev-udp-multiple-source", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_DIFFERENT("chardev-unix"); DO_TEST_FULL("chardev-unix-smartcard-missing-path", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_FULL("chardev-unix-redirdev-missing-path", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_FULL("chardev-unix-rng-missing-path", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_DIFFERENT("chardev-reconnect"); DO_TEST_FULL("chardev-reconnect-missing-timeout", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_FULL("chardev-reconnect-invalid-mode", 0, false, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST("cachetune"); DO_TEST("cachetune-small"); DO_TEST("cachetune-cdp"); DO_TEST_DIFFERENT("cachetune-extra-tunes"); DO_TEST_FULL("cachetune-colliding-allocs", false, true, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_FULL("cachetune-colliding-tunes", false, true, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_FULL("cachetune-colliding-types", false, true, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_FULL("cachetune-colliding-monitor", false, true, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST("memorytune"); DO_TEST_FULL("memorytune-colliding-allocs", false, true, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST_FULL("memorytune-colliding-cachetune", false, true, TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE); DO_TEST("tseg"); DO_TEST("launch-security-sev"); DO_TEST_DIFFERENT("cputune"); virObjectUnref(caps); virObjectUnref(xmlopt); return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; }
static int mymain(void) { int ret = 0; if ((driver.caps = testQemuCapsInit()) == NULL) return EXIT_FAILURE; # define DO_TEST_FULL(name, is_different, when) \ do { \ const struct testInfo info = {name, is_different, when}; \ if (virtTestRun("QEMU XML-2-XML " name, \ 1, testCompareXMLToXMLHelper, &info) < 0) \ ret = -1; \ } while (0) # define DO_TEST(name) \ DO_TEST_FULL(name, false, WHEN_EITHER) # define DO_TEST_DIFFERENT(name) \ DO_TEST_FULL(name, true, WHEN_EITHER) /* Unset or set all envvars here that are copied in qemudBuildCommandLine * using ADD_ENV_COPY, otherwise these tests may fail due to unexpected * values for these envvars */ setenv("PATH", "/bin", 1); DO_TEST("minimal"); DO_TEST("machine-core-on"); DO_TEST("machine-core-off"); DO_TEST("boot-cdrom"); DO_TEST("boot-network"); DO_TEST("boot-floppy"); DO_TEST("boot-multi"); DO_TEST("boot-menu-disable"); DO_TEST("boot-order"); DO_TEST("bootloader"); DO_TEST("reboot-timeout-enabled"); DO_TEST("reboot-timeout-disabled"); DO_TEST("clock-utc"); DO_TEST("clock-localtime"); DO_TEST("cpu-kvmclock"); DO_TEST("cpu-host-kvmclock"); DO_TEST("kvmclock"); DO_TEST("cpu-eoi-disabled"); DO_TEST("cpu-eoi-enabled"); DO_TEST("eoi-disabled"); DO_TEST("eoi-enabled"); DO_TEST("hyperv"); DO_TEST("hugepages"); DO_TEST("disk-aio"); DO_TEST("disk-cdrom"); DO_TEST("disk-floppy"); DO_TEST("disk-many"); DO_TEST("disk-xenvbd"); DO_TEST("disk-usb"); DO_TEST("disk-virtio"); DO_TEST("floppy-drive-fat"); DO_TEST("disk-drive-fat"); DO_TEST("disk-drive-fmt-qcow"); DO_TEST("disk-drive-cache-v1-wt"); DO_TEST("disk-drive-cache-v1-wb"); DO_TEST("disk-drive-cache-v1-none"); DO_TEST("disk-scsi-device"); DO_TEST("disk-scsi-vscsi"); DO_TEST("disk-scsi-virtio-scsi"); DO_TEST_FULL("disk-mirror", false, WHEN_ACTIVE); DO_TEST_FULL("disk-mirror", true, WHEN_INACTIVE); DO_TEST("graphics-listen-network"); DO_TEST("graphics-vnc"); DO_TEST("graphics-vnc-sasl"); DO_TEST("graphics-vnc-tls"); DO_TEST("graphics-sdl"); DO_TEST("graphics-sdl-fullscreen"); DO_TEST("graphics-spice"); DO_TEST("graphics-spice-compression"); DO_TEST("graphics-spice-qxl-vga"); DO_TEST("input-usbmouse"); DO_TEST("input-usbtablet"); DO_TEST("input-xen"); DO_TEST("misc-acpi"); DO_TEST("misc-disable-s3"); DO_TEST("misc-disable-suspends"); DO_TEST("misc-enable-s4"); DO_TEST("misc-no-reboot"); DO_TEST("net-user"); DO_TEST("net-virtio"); DO_TEST("net-virtio-device"); DO_TEST("net-eth"); DO_TEST("net-eth-ifname"); DO_TEST("net-virtio-network-portgroup"); DO_TEST("net-hostdev"); DO_TEST("net-openvswitch"); DO_TEST("sound"); DO_TEST("sound-device"); DO_TEST("net-bandwidth"); DO_TEST("serial-vc"); DO_TEST("serial-pty"); DO_TEST("serial-dev"); DO_TEST("serial-file"); DO_TEST("serial-unix"); DO_TEST("serial-tcp"); DO_TEST("serial-udp"); DO_TEST("serial-tcp-telnet"); DO_TEST("serial-many"); DO_TEST("parallel-tcp"); DO_TEST("console-compat"); DO_TEST("console-virtio-many"); DO_TEST("channel-guestfwd"); DO_TEST("channel-virtio"); DO_TEST("hostdev-usb-address"); DO_TEST("hostdev-pci-address"); DO_TEST("pci-rom"); DO_TEST("encrypted-disk"); DO_TEST_DIFFERENT("memtune"); DO_TEST("blkiotune"); DO_TEST("blkiotune-device"); DO_TEST("cputune"); DO_TEST("smp"); DO_TEST("lease"); DO_TEST("event_idx"); DO_TEST("virtio-lun"); DO_TEST("usb-redir"); DO_TEST("blkdeviotune"); DO_TEST_FULL("seclabel-dynamic-baselabel", false, WHEN_INACTIVE); DO_TEST_FULL("seclabel-dynamic-override", false, WHEN_INACTIVE); DO_TEST("seclabel-static"); DO_TEST("seclabel-none"); DO_TEST("numad-static-vcpu-no-numatune"); DO_TEST("disk-scsi-lun-passthrough-sgio"); DO_TEST("disk-scsi-disk-vpd"); DO_TEST("virtio-rng-random"); DO_TEST("virtio-rng-egd"); /* These tests generate different XML */ DO_TEST_DIFFERENT("balloon-device-auto"); DO_TEST_DIFFERENT("channel-virtio-auto"); DO_TEST_DIFFERENT("console-compat-auto"); DO_TEST_DIFFERENT("disk-scsi-device-auto"); DO_TEST_DIFFERENT("console-virtio"); DO_TEST_DIFFERENT("serial-target-port-auto"); DO_TEST_DIFFERENT("graphics-listen-network2"); DO_TEST_DIFFERENT("graphics-spice-timeout"); DO_TEST_DIFFERENT("numad-auto-vcpu-no-numatune"); DO_TEST_DIFFERENT("numad-auto-memory-vcpu-no-cpuset-and-placement"); DO_TEST_DIFFERENT("numad-auto-memory-vcpu-cpuset"); DO_TEST_DIFFERENT("usb-ich9-ehci-addr"); DO_TEST_DIFFERENT("metadata"); virObjectUnref(driver.caps); return ret==0 ? EXIT_SUCCESS : EXIT_FAILURE; }
static int qemuSetupDevicesCgroup(virQEMUDriverPtr driver, virDomainObjPtr vm) { qemuDomainObjPrivatePtr priv = vm->privateData; virQEMUDriverConfigPtr cfg = NULL; const char *const *deviceACL = NULL; int rv = -1; int ret = -1; size_t i; if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) return 0; rv = virCgroupDenyAllDevices(priv->cgroup); virDomainAuditCgroup(vm, priv->cgroup, "deny", "all", rv == 0); if (rv < 0) { if (virLastErrorIsSystemErrno(EPERM)) { virResetLastError(); VIR_WARN("Group devices ACL is not accessible, disabling whitelisting"); return 0; } goto cleanup; } if (qemuSetupFirmwareCgroup(vm) < 0) goto cleanup; for (i = 0; i < vm->def->ndisks; i++) { if (qemuSetupDiskCgroup(vm, vm->def->disks[i]) < 0) goto cleanup; } rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_PTY_MAJOR, -1, VIR_CGROUP_DEVICE_RW); virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_PTY_MAJOR, "pty", "rw", rv == 0); if (rv < 0) goto cleanup; cfg = virQEMUDriverGetConfig(driver); deviceACL = cfg->cgroupDeviceACL ? (const char *const *)cfg->cgroupDeviceACL : defaultDeviceACL; if (vm->def->nsounds && ((!vm->def->ngraphics && cfg->nogfxAllowHostAudio) || (vm->def->graphics && ((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC && cfg->vncAllowHostAudio) || (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL))))) { rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_SND_MAJOR, -1, VIR_CGROUP_DEVICE_RW); virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_SND_MAJOR, "sound", "rw", rv == 0); if (rv < 0) goto cleanup; } for (i = 0; deviceACL[i] != NULL; i++) { if (!virFileExists(deviceACL[i])) { VIR_DEBUG("Ignoring non-existent device %s", deviceACL[i]); continue; } rv = virCgroupAllowDevicePath(priv->cgroup, deviceACL[i], VIR_CGROUP_DEVICE_RW, false); virDomainAuditCgroupPath(vm, priv->cgroup, "allow", deviceACL[i], "rw", rv == 0); if (rv < 0 && !virLastErrorIsSystemErrno(ENOENT)) goto cleanup; } if (virDomainChrDefForeach(vm->def, true, qemuSetupChardevCgroup, vm) < 0) goto cleanup; if (vm->def->tpm && qemuSetupTPMCgroup(vm) < 0) goto cleanup; for (i = 0; i < vm->def->nhostdevs; i++) { if (qemuSetupHostdevCgroup(vm, vm->def->hostdevs[i]) < 0) goto cleanup; } for (i = 0; i < vm->def->ninputs; i++) { if (qemuSetupInputCgroup(vm, vm->def->inputs[i]) < 0) goto cleanup; } for (i = 0; i < vm->def->nrngs; i++) { if (vm->def->rngs[i]->backend == VIR_DOMAIN_RNG_BACKEND_RANDOM) { VIR_DEBUG("Setting Cgroup ACL for RNG device"); rv = virCgroupAllowDevicePath(priv->cgroup, vm->def->rngs[i]->source.file, VIR_CGROUP_DEVICE_RW, false); virDomainAuditCgroupPath(vm, priv->cgroup, "allow", vm->def->rngs[i]->source.file, "rw", rv == 0); if (rv < 0 && !virLastErrorIsSystemErrno(ENOENT)) goto cleanup; } } ret = 0; cleanup: virObjectUnref(cfg); return ret; }
virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged) { virQEMUDriverConfigPtr cfg; if (virQEMUConfigInitialize() < 0) return NULL; if (!(cfg = virObjectNew(virQEMUDriverConfigClass))) return NULL; cfg->privileged = privileged; cfg->uri = privileged ? "qemu:///system" : "qemu:///session"; if (privileged) { if (virGetUserID(QEMU_USER, &cfg->user) < 0) goto error; if (virGetGroupID(QEMU_GROUP, &cfg->group) < 0) goto error; } else { cfg->user = (uid_t)-1; cfg->group = (gid_t)-1; } cfg->dynamicOwnership = privileged; cfg->cgroupControllers = -1; /* -1 == auto-detect */ if (privileged) { if (virAsprintf(&cfg->logDir, "%s/log/libvirt/qemu", LOCALSTATEDIR) < 0) goto error; if (VIR_STRDUP(cfg->configBaseDir, SYSCONFDIR "/libvirt") < 0) goto error; if (virAsprintf(&cfg->stateDir, "%s/run/libvirt/qemu", LOCALSTATEDIR) < 0) goto error; if (virAsprintf(&cfg->libDir, "%s/lib/libvirt/qemu", LOCALSTATEDIR) < 0) goto error; if (virAsprintf(&cfg->cacheDir, "%s/cache/libvirt/qemu", LOCALSTATEDIR) < 0) goto error; if (virAsprintf(&cfg->saveDir, "%s/lib/libvirt/qemu/save", LOCALSTATEDIR) < 0) goto error; if (virAsprintf(&cfg->snapshotDir, "%s/lib/libvirt/qemu/snapshot", LOCALSTATEDIR) < 0) goto error; if (virAsprintf(&cfg->autoDumpPath, "%s/lib/libvirt/qemu/dump", LOCALSTATEDIR) < 0) goto error; } else { char *rundir; char *cachedir; cachedir = virGetUserCacheDirectory(); if (!cachedir) goto error; if (virAsprintf(&cfg->logDir, "%s/qemu/log", cachedir) < 0) { VIR_FREE(cachedir); goto error; } if (virAsprintf(&cfg->cacheDir, "%s/qemu/cache", cachedir) < 0) { VIR_FREE(cachedir); goto error; } VIR_FREE(cachedir); rundir = virGetUserRuntimeDirectory(); if (!rundir) goto error; if (virAsprintf(&cfg->stateDir, "%s/qemu/run", rundir) < 0) { VIR_FREE(rundir); goto error; } VIR_FREE(rundir); if (!(cfg->configBaseDir = virGetUserConfigDirectory())) goto error; if (virAsprintf(&cfg->libDir, "%s/qemu/lib", cfg->configBaseDir) < 0) goto error; if (virAsprintf(&cfg->saveDir, "%s/qemu/save", cfg->configBaseDir) < 0) goto error; if (virAsprintf(&cfg->snapshotDir, "%s/qemu/snapshot", cfg->configBaseDir) < 0) goto error; if (virAsprintf(&cfg->autoDumpPath, "%s/qemu/dump", cfg->configBaseDir) < 0) goto error; } if (virAsprintf(&cfg->configDir, "%s/qemu", cfg->configBaseDir) < 0) goto error; if (virAsprintf(&cfg->autostartDir, "%s/qemu/autostart", cfg->configBaseDir) < 0) goto error; if (VIR_STRDUP(cfg->vncListen, "127.0.0.1") < 0) goto error; if (VIR_STRDUP(cfg->vncTLSx509certdir, SYSCONFDIR "/pki/libvirt-vnc") < 0) goto error; if (VIR_STRDUP(cfg->spiceListen, "127.0.0.1") < 0) goto error; if (VIR_STRDUP(cfg->spiceTLSx509certdir , SYSCONFDIR "/pki/libvirt-spice") < 0) goto error; cfg->remotePortMin = QEMU_REMOTE_PORT_MIN; cfg->remotePortMax = QEMU_REMOTE_PORT_MAX; cfg->webSocketPortMin = QEMU_WEBSOCKET_PORT_MIN; cfg->webSocketPortMax = QEMU_WEBSOCKET_PORT_MAX; cfg->migrationPortMin = QEMU_MIGRATION_PORT_MIN; cfg->migrationPortMax = QEMU_MIGRATION_PORT_MAX; #if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R /* For privileged driver, try and find hugepage mount automatically. * Non-privileged driver requires admin to create a dir for the * user, chown it, and then let user configure it manually */ if (privileged && !(cfg->hugetlbfsMount = virFileFindMountPoint("hugetlbfs"))) { if (errno != ENOENT) { virReportSystemError(errno, "%s", _("unable to find hugetlbfs mountpoint")); goto error; } } #endif if (VIR_STRDUP(cfg->bridgeHelperName, "/usr/libexec/qemu-bridge-helper") < 0) goto error; cfg->clearEmulatorCapabilities = true; cfg->securityDefaultConfined = true; cfg->securityRequireConfined = false; cfg->keepAliveInterval = 5; cfg->keepAliveCount = 5; cfg->seccompSandbox = -1; return cfg; error: virObjectUnref(cfg); return NULL; }
static int qemuInitCgroup(virQEMUDriverPtr driver, virDomainObjPtr vm, size_t nnicindexes, int *nicindexes) { int ret = -1; qemuDomainObjPrivatePtr priv = vm->privateData; virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); if (!virQEMUDriverIsPrivileged(driver)) goto done; if (!virCgroupAvailable()) goto done; virCgroupFree(&priv->cgroup); if (!vm->def->resource) { virDomainResourceDefPtr res; if (VIR_ALLOC(res) < 0) goto cleanup; if (VIR_STRDUP(res->partition, "/machine") < 0) { VIR_FREE(res); goto cleanup; } vm->def->resource = res; } if (vm->def->resource->partition[0] != '/') { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Resource partition '%s' must start with '/'"), vm->def->resource->partition); goto cleanup; } /* * We need to do this because of systemd-machined, because * CreateMachine requires the name to be a valid hostname. */ priv->machineName = virSystemdMakeMachineName("qemu", vm->def->id, vm->def->name, virQEMUDriverIsPrivileged(driver)); if (!priv->machineName) goto cleanup; if (virCgroupNewMachine(priv->machineName, "qemu", vm->def->uuid, NULL, vm->pid, false, nnicindexes, nicindexes, vm->def->resource->partition, cfg->cgroupControllers, &priv->cgroup) < 0) { if (virCgroupNewIgnoreError()) goto done; goto cleanup; } done: ret = 0; cleanup: virObjectUnref(cfg); return ret; }
static int testCompareStatusXMLToXMLFiles(const void *opaque) { const struct testInfo *data = opaque; virBuffer buf = VIR_BUFFER_INITIALIZER; xmlDocPtr xml = NULL; virDomainObjPtr obj = NULL; char *expect = NULL; char *actual = NULL; char *source = NULL; int ret = -1; int keepBlanksDefault = xmlKeepBlanksDefault(0); /* construct faked source status XML */ virBufferAdd(&buf, testStatusXMLPrefix, -1); virBufferAdjustIndent(&buf, 2); virBufferAddStr(&buf, data->inFile); virBufferAdjustIndent(&buf, -2); virBufferAdd(&buf, testStatusXMLSuffix, -1); if (!(source = virBufferContentAndReset(&buf))) { fprintf(stderr, "Failed to create the source XML"); goto cleanup; } /* construct the expect string */ virBufferAdd(&buf, testStatusXMLPrefix, -1); virBufferAdjustIndent(&buf, 2); virBufferAddStr(&buf, data->outActiveFile); virBufferAdjustIndent(&buf, -2); virBufferAdd(&buf, testStatusXMLSuffix, -1); if (!(expect = virBufferContentAndReset(&buf))) { fprintf(stderr, "Failed to create the expect XML"); goto cleanup; } /* parse the fake source status XML */ if (!(xml = virXMLParseString(source, "(domain_status_test_XML)")) || !(obj = virDomainObjParseNode(xml, xmlDocGetRootElement(xml), driver.caps, driver.xmlopt, VIR_DOMAIN_DEF_PARSE_STATUS | VIR_DOMAIN_DEF_PARSE_ACTUAL_NET | VIR_DOMAIN_DEF_PARSE_PCI_ORIG_STATES))) { fprintf(stderr, "Failed to parse domain status XML:\n%s", source); goto cleanup; } /* format it back */ if (!(actual = virDomainObjFormat(driver.xmlopt, obj, VIR_DOMAIN_DEF_FORMAT_SECURE))) { fprintf(stderr, "Failed to format domain status XML"); goto cleanup; } if (STRNEQ(actual, expect)) { virtTestDifferenceFull(stderr, expect, data->outActiveName, actual, data->inName); goto cleanup; } ret = 0; cleanup: xmlKeepBlanksDefault(keepBlanksDefault); xmlFreeDoc(xml); virObjectUnref(obj); VIR_FREE(expect); VIR_FREE(actual); VIR_FREE(source); return ret; }
static int mymain(void) { int ret = 0; bool json = false; abs_top_srcdir = getenv("abs_top_srcdir"); if (!abs_top_srcdir) abs_top_srcdir = abs_srcdir "/.."; if (!(driver.config = virQEMUDriverConfigNew(false))) return EXIT_FAILURE; if ((driver.caps = testQemuCapsInit()) == NULL) return EXIT_FAILURE; if (!(driver.xmlopt = virQEMUDriverCreateXMLConf(&driver))) return EXIT_FAILURE; # define DO_TEST_FULL(name, migrateFrom, migrateFd, expectError, ...) \ do { \ struct testInfo info = { \ name, NULL, migrateFrom, migrateFd, json, expectError \ }; \ if (!(info.extraFlags = virQEMUCapsNew())) \ return EXIT_FAILURE; \ virQEMUCapsSetList(info.extraFlags, __VA_ARGS__, QEMU_CAPS_LAST);\ if (virtTestRun("QEMU XML-2-ARGV " name, \ testCompareXMLToArgvHelper, &info) < 0) \ ret = -1; \ virObjectUnref(info.extraFlags); \ } while (0) # define DO_TEST(name, expectError, ...) \ DO_TEST_FULL(name, NULL, -1, expectError, __VA_ARGS__) # define NONE QEMU_CAPS_LAST /* Unset or set all envvars here that are copied in qemudBuildCommandLine * using ADD_ENV_COPY, otherwise these tests may fail due to unexpected * values for these envvars */ setenv("PATH", "/bin", 1); setenv("USER", "test", 1); setenv("LOGNAME", "test", 1); setenv("HOME", "/home/test", 1); unsetenv("TMPDIR"); unsetenv("LD_PRELOAD"); unsetenv("LD_LIBRARY_PATH"); unsetenv("QEMU_AUDIO_DRV"); unsetenv("SDL_AUDIODRIVER"); DO_TEST("qemu-ns-domain", false, NONE); DO_TEST("qemu-ns-domain-ns0", false, NONE); DO_TEST("qemu-ns-domain-commandline", false, NONE); DO_TEST("qemu-ns-domain-commandline-ns0", false, NONE); DO_TEST("qemu-ns-commandline", false, NONE); DO_TEST("qemu-ns-commandline-ns0", false, NONE); DO_TEST("qemu-ns-commandline-ns1", false, NONE); virObjectUnref(driver.config); virObjectUnref(driver.caps); virObjectUnref(driver.xmlopt); return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; }
virCapsPtr vmwareCapsInit(void) { virCapsPtr caps = NULL; virCapsGuestPtr guest = NULL; virCPUDefPtr cpu = NULL; virCPUDataPtr data = NULL; if ((caps = virCapabilitiesNew(virArchFromHost(), false, false)) == NULL) goto error; if (nodeCapsInitNUMA(caps) < 0) goto error; /* i686 guests are always supported */ if ((guest = virCapabilitiesAddGuest(caps, VIR_DOMAIN_OSTYPE_HVM, VIR_ARCH_I686, NULL, NULL, 0, NULL)) == NULL) goto error; if (virCapabilitiesAddGuestDomain(guest, VIR_DOMAIN_VIRT_VMWARE, NULL, NULL, 0, NULL) == NULL) goto error; if (VIR_ALLOC(cpu) < 0) goto error; cpu->arch = caps->host.arch; cpu->type = VIR_CPU_TYPE_HOST; if (!(data = cpuNodeData(cpu->arch)) || cpuDecode(cpu, data, NULL, 0, NULL) < 0) { goto error; } /* x86_64 guests are supported if * - Host arch is x86_64 * Or * - Host CPU is x86_64 with virtualization extensions */ if (caps->host.arch == VIR_ARCH_X86_64 || (virCPUDataCheckFeature(data, "lm") && (virCPUDataCheckFeature(data, "vmx") || virCPUDataCheckFeature(data, "svm")))) { if ((guest = virCapabilitiesAddGuest(caps, VIR_DOMAIN_OSTYPE_HVM, VIR_ARCH_X86_64, NULL, NULL, 0, NULL)) == NULL) goto error; if (virCapabilitiesAddGuestDomain(guest, VIR_DOMAIN_VIRT_VMWARE, NULL, NULL, 0, NULL) == NULL) goto error; } cleanup: virCPUDefFree(cpu); cpuDataFree(data); return caps; error: virObjectUnref(caps); goto cleanup; }
static int testCompareXMLToArgvFiles(const char *xml, const char *cmdline, virQEMUCapsPtr extraFlags, const char *migrateFrom, int migrateFd, bool json, bool expectError) { char *expectargv = NULL; int len; char *actualargv = NULL; int ret = -1; virDomainDefPtr vmdef = NULL; virDomainChrSourceDef monitor_chr; virConnectPtr conn; char *log = NULL; char *emulator = NULL; virCommandPtr cmd = NULL; if (!(conn = virGetConnect())) goto fail; len = virtTestLoadFile(cmdline, &expectargv); if (len < 0) goto fail; if (len && expectargv[len - 1] == '\n') expectargv[len - 1] = '\0'; if (!(vmdef = virDomainDefParseFile(xml, driver.caps, driver.xmlopt, QEMU_EXPECTED_VIRT_TYPES, VIR_DOMAIN_DEF_PARSE_INACTIVE))) goto fail; if (!virDomainDefCheckABIStability(vmdef, vmdef)) { fprintf(stderr, "ABI stability check failed on %s", xml); goto fail; } /* * For test purposes, we may want to fake emulator's output by providing * our own script instead of a real emulator. For this to work we need to * specify a relative path in <emulator/> element, which, however, is not * allowed by RelaxNG schema for domain XML. To work around it we add an * extra '/' at the beginning of relative emulator path so that it looks * like, e.g., "/./qemu.sh" or "/../emulator/qemu.sh" instead of * "./qemu.sh" or "../emulator/qemu.sh" respectively. The following code * detects such paths, strips the extra '/' and makes the path absolute. */ if (vmdef->emulator && STRPREFIX(vmdef->emulator, "/.")) { if (VIR_STRDUP(emulator, vmdef->emulator + 1) < 0) goto fail; VIR_FREE(vmdef->emulator); vmdef->emulator = NULL; if (virAsprintf(&vmdef->emulator, "%s/qemuxml2argvdata/%s", abs_srcdir, emulator) < 0) goto fail; } if (virQEMUCapsGet(extraFlags, QEMU_CAPS_DOMID)) vmdef->id = 6; else vmdef->id = -1; memset(&monitor_chr, 0, sizeof(monitor_chr)); monitor_chr.type = VIR_DOMAIN_CHR_TYPE_UNIX; monitor_chr.data.nix.path = (char *)"/tmp/test-monitor"; monitor_chr.data.nix.listen = true; virQEMUCapsSetList(extraFlags, QEMU_CAPS_VNC_COLON, QEMU_CAPS_NO_REBOOT, QEMU_CAPS_NO_ACPI, QEMU_CAPS_LAST); if (virQEMUCapsGet(extraFlags, QEMU_CAPS_DEVICE)) qemuDomainAssignAddresses(vmdef, extraFlags, NULL); log = virtTestLogContentAndReset(); VIR_FREE(log); virResetLastError(); if (vmdef->os.arch == VIR_ARCH_X86_64 || vmdef->os.arch == VIR_ARCH_I686) { virQEMUCapsSet(extraFlags, QEMU_CAPS_PCI_MULTIBUS); } if (qemuAssignDeviceAliases(vmdef, extraFlags) < 0) goto fail; if (!(cmd = qemuBuildCommandLine(conn, &driver, vmdef, &monitor_chr, json, extraFlags, migrateFrom, migrateFd, NULL, VIR_NETDEV_VPORT_PROFILE_OP_NO_OP, &testCallbacks, false, false, NULL))) goto fail; if (!virtTestOOMActive()) { if (!!virGetLastError() != expectError) { if (virTestGetDebug() && (log = virtTestLogContentAndReset())) fprintf(stderr, "\n%s", log); goto fail; } if (expectError) { /* need to suppress the errors */ virResetLastError(); } } if (!(actualargv = virCommandToString(cmd))) goto fail; if (emulator) { /* Skip the abs_srcdir portion of replacement emulator. */ char *start_skip = strstr(actualargv, abs_srcdir); char *end_skip = strstr(actualargv, emulator); if (!start_skip || !end_skip) goto fail; memmove(start_skip, end_skip, strlen(end_skip) + 1); } if (STRNEQ(expectargv, actualargv)) { virtTestDifference(stderr, expectargv, actualargv); goto fail; } ret = 0; fail: VIR_FREE(log); VIR_FREE(emulator); VIR_FREE(expectargv); VIR_FREE(actualargv); virCommandFree(cmd); virDomainDefFree(vmdef); virObjectUnref(conn); return ret; }
/* * Process all queued client->tx messages until * we would block on I/O */ static void virNetServerClientDispatchWrite(virNetServerClientPtr client) { while (client->tx) { if (client->tx->bufferOffset < client->tx->bufferLength) { ssize_t ret; ret = virNetServerClientWrite(client); if (ret < 0) { client->wantClose = true; return; } if (ret == 0) return; /* Would block on write EAGAIN */ } if (client->tx->bufferOffset == client->tx->bufferLength) { virNetMessagePtr msg; size_t i; for (i = client->tx->donefds; i < client->tx->nfds; i++) { int rv; if ((rv = virNetSocketSendFD(client->sock, client->tx->fds[i])) < 0) { client->wantClose = true; return; } if (rv == 0) /* Blocking */ return; client->tx->donefds++; } #if WITH_SASL /* Completed this 'tx' operation, so now read for all * future rx/tx to be under a SASL SSF layer */ if (client->sasl) { virNetSocketSetSASLSession(client->sock, client->sasl); virObjectUnref(client->sasl); client->sasl = NULL; } #endif /* Get finished msg from head of tx queue */ msg = virNetMessageQueueServe(&client->tx); if (msg->tracked) { client->nrequests--; /* See if the recv queue is currently throttled */ if (!client->rx && client->nrequests < client->nrequests_max) { /* Ready to recv more messages */ virNetMessageClear(msg); msg->bufferLength = VIR_NET_MESSAGE_LEN_MAX; if (VIR_ALLOC_N(msg->buffer, msg->bufferLength) < 0) { virNetMessageFree(msg); return; } client->rx = msg; msg = NULL; client->nrequests++; } } virNetMessageFree(msg); virNetServerClientUpdateEvent(client); if (client->delayedClose) client->wantClose = true; } } }
static int testHelpStrParsing(const void *data) { const struct testInfo *info = data; char *path = NULL; char *help = NULL; unsigned int version, kvm_version; bool is_kvm; virQEMUCapsPtr flags = NULL; int ret = -1; char *got = NULL; char *expected = NULL; if (virAsprintf(&path, "%s/qemuhelpdata/%s", abs_srcdir, info->name) < 0) return -1; if (virtTestLoadFile(path, &help) < 0) goto cleanup; if (!(flags = virQEMUCapsNew())) goto cleanup; if (virQEMUCapsParseHelpStr("QEMU", help, flags, &version, &is_kvm, &kvm_version, false, NULL) == -1) { if (info->error && virGetLastError()->code == info->error) ret = 0; goto cleanup; } # ifndef WITH_YAJL if (virQEMUCapsGet(info->flags, QEMU_CAPS_MONITOR_JSON)) virQEMUCapsSet(flags, QEMU_CAPS_MONITOR_JSON); # endif if (virQEMUCapsGet(info->flags, QEMU_CAPS_DEVICE)) { VIR_FREE(path); VIR_FREE(help); if (virAsprintf(&path, "%s/qemuhelpdata/%s-device", abs_srcdir, info->name) < 0) goto cleanup; if (virtTestLoadFile(path, &help) < 0) goto cleanup; if (virQEMUCapsParseDeviceStr(flags, help) < 0) goto cleanup; } got = virQEMUCapsFlagsString(flags); expected = virQEMUCapsFlagsString(info->flags); if (!got || !expected) goto cleanup; if (STRNEQ(got, expected)) { VIR_TEST_DEBUG("%s: computed flags do not match: got %s, expected %s\n", info->name, got, expected); if (virTestGetDebug()) printMismatchedFlags(flags, info->flags); goto cleanup; } if (version != info->version) { fprintf(stderr, "%s: parsed versions do not match: got %u, expected %u\n", info->name, version, info->version); goto cleanup; } if (is_kvm != info->is_kvm) { fprintf(stderr, "%s: parsed is_kvm flag does not match: got %u, expected %u\n", info->name, is_kvm, info->is_kvm); goto cleanup; } if (kvm_version != info->kvm_version) { fprintf(stderr, "%s: parsed KVM versions do not match: got %u, expected %u\n", info->name, kvm_version, info->kvm_version); goto cleanup; } ret = 0; cleanup: VIR_FREE(path); VIR_FREE(help); virObjectUnref(flags); VIR_FREE(got); VIR_FREE(expected); return ret; }
static virIdentityPtr virNetServerClientCreateIdentity(virNetServerClientPtr client) { char *processid = NULL; char *processtime = NULL; char *username = NULL; char *userid = NULL; char *groupname = NULL; char *groupid = NULL; #if WITH_SASL char *saslname = NULL; #endif char *x509dname = NULL; char *seccontext = NULL; virIdentityPtr ret = NULL; if (client->sock && virNetSocketIsLocal(client->sock)) { gid_t gid; uid_t uid; pid_t pid; unsigned long long timestamp; if (virNetSocketGetUNIXIdentity(client->sock, &uid, &gid, &pid, ×tamp) < 0) goto cleanup; if (!(username = virGetUserName(uid))) goto cleanup; if (virAsprintf(&userid, "%d", (int)uid) < 0) goto cleanup; if (!(groupname = virGetGroupName(gid))) goto cleanup; if (virAsprintf(&groupid, "%d", (int)gid) < 0) goto cleanup; if (virAsprintf(&processid, "%llu", (unsigned long long)pid) < 0) goto cleanup; if (virAsprintf(&processtime, "%llu", timestamp) < 0) goto cleanup; } #if WITH_SASL if (client->sasl) { const char *identity = virNetSASLSessionGetIdentity(client->sasl); if (VIR_STRDUP(saslname, identity) < 0) goto cleanup; } #endif #if WITH_GNUTLS if (client->tls) { const char *identity = virNetTLSSessionGetX509DName(client->tls); if (VIR_STRDUP(x509dname, identity) < 0) goto cleanup; } #endif if (client->sock && virNetSocketGetSELinuxContext(client->sock, &seccontext) < 0) goto cleanup; if (!(ret = virIdentityNew())) goto cleanup; if (username && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_USER_NAME, username) < 0) goto error; if (userid && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_USER_ID, userid) < 0) goto error; if (groupname && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, groupname) < 0) goto error; if (groupid && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_GROUP_ID, groupid) < 0) goto error; if (processid && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, processid) < 0) goto error; if (processtime && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, processtime) < 0) goto error; #if HAVE_SASL if (saslname && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SASL_USER_NAME, saslname) < 0) goto error; #endif if (x509dname && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, x509dname) < 0) goto error; if (seccontext && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SELINUX_CONTEXT, seccontext) < 0) goto error; cleanup: VIR_FREE(username); VIR_FREE(userid); VIR_FREE(groupname); VIR_FREE(groupid); VIR_FREE(processid); VIR_FREE(processtime); VIR_FREE(seccontext); #if HAVE_SASL VIR_FREE(saslname); #endif VIR_FREE(x509dname); return ret; error: virObjectUnref(ret); ret = NULL; goto cleanup; }
virNetServerClientPtr virNetServerClientNewPostExecRestart(virJSONValuePtr object, virNetServerClientPrivNewPostExecRestart privNew, virNetServerClientPrivPreExecRestart privPreExecRestart, virFreeCallback privFree, void *privOpaque, void *opaque) { virJSONValuePtr child; virNetServerClientPtr client = NULL; virNetSocketPtr sock; int auth; bool readonly; unsigned int nrequests_max; unsigned long long id; long long timestamp; if (virJSONValueObjectGetNumberInt(object, "auth", &auth) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing auth field in JSON state document")); return NULL; } if (virJSONValueObjectGetBoolean(object, "readonly", &readonly) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing readonly field in JSON state document")); return NULL; } if (virJSONValueObjectGetNumberUint(object, "nrequests_max", &nrequests_max) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing nrequests_client_max field in JSON state document")); return NULL; } if (!(child = virJSONValueObjectGet(object, "sock"))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing sock field in JSON state document")); return NULL; } if (!virJSONValueObjectHasKey(object, "id")) { /* no ID found in, a new one must be generated */ id = virNetServerNextClientID((virNetServerPtr) opaque); } else { if (virJSONValueObjectGetNumberUlong(object, "id", &id) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Malformed id field in JSON state document")); return NULL; } } if (!virJSONValueObjectHasKey(object, "conn_time")) { timestamp = 0; } else { if (virJSONValueObjectGetNumberLong(object, "conn_time", ×tamp) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Malformed conn_time field in JSON " "state document")); return NULL; } } if (!(sock = virNetSocketNewPostExecRestart(child))) { virObjectUnref(sock); return NULL; } if (!(client = virNetServerClientNewInternal(id, sock, auth, #ifdef WITH_GNUTLS NULL, #endif readonly, nrequests_max, timestamp))) { virObjectUnref(sock); return NULL; } virObjectUnref(sock); if (privNew) { if (!(child = virJSONValueObjectGet(object, "privateData"))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing privateData field in JSON state document")); goto error; } if (!(client->privateData = privNew(client, child, privOpaque))) goto error; client->privateDataFreeFunc = privFree; client->privateDataPreExecRestart = privPreExecRestart; } return client; error: virObjectUnref(client); return NULL; }
/* Functions */ virCapsPtr virLXCDriverCapsInit(virLXCDriverPtr driver) { virCapsPtr caps; virCapsGuestPtr guest; virArch altArch; char *lxc_path = NULL; if ((caps = virCapabilitiesNew(virArchFromHost(), false, false)) == NULL) goto error; /* Some machines have problematic NUMA toplogy causing * unexpected failures. We don't want to break the lxc * driver in this scenario, so log errors & carry on */ if (nodeCapsInitNUMA(caps) < 0) { virCapabilitiesFreeNUMAInfo(caps); VIR_WARN("Failed to query host NUMA topology, disabling NUMA capabilities"); } /* Only probe for power management capabilities in the driver, * not in the emulator */ if (driver && virNodeSuspendGetTargetMask(&caps->host.powerMgmt) < 0) VIR_WARN("Failed to get host power management capabilities"); if (virGetHostUUID(caps->host.host_uuid)) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot get the host uuid")); goto error; } if (!(lxc_path = virFileFindResource("libvirt_lxc", "src", LIBEXECDIR))) goto error; if ((guest = virCapabilitiesAddGuest(caps, "exe", caps->host.arch, lxc_path, NULL, 0, NULL)) == NULL) goto error; if (virCapabilitiesAddGuestDomain(guest, "lxc", NULL, NULL, 0, NULL) == NULL) goto error; /* On 64-bit hosts, we can use personality() to request a 32bit process */ if ((altArch = lxcContainerGetAlt32bitArch(caps->host.arch)) != VIR_ARCH_NONE) { if ((guest = virCapabilitiesAddGuest(caps, "exe", altArch, lxc_path, NULL, 0, NULL)) == NULL) goto error; if (virCapabilitiesAddGuestDomain(guest, "lxc", NULL, NULL, 0, NULL) == NULL) goto error; } VIR_FREE(lxc_path); if (driver) { /* Security driver data */ const char *doi, *model, *label, *type; doi = virSecurityManagerGetDOI(driver->securityManager); model = virSecurityManagerGetModel(driver->securityManager); label = virSecurityManagerGetBaseLabel(driver->securityManager, VIR_DOMAIN_VIRT_LXC); type = virDomainVirtTypeToString(VIR_DOMAIN_VIRT_LXC); /* Allocate the primary security driver for LXC. */ if (VIR_ALLOC(caps->host.secModels) < 0) goto error; caps->host.nsecModels = 1; if (VIR_STRDUP(caps->host.secModels[0].model, model) < 0) goto error; if (VIR_STRDUP(caps->host.secModels[0].doi, doi) < 0) goto error; if (label && virCapabilitiesHostSecModelAddBaseLabel(&caps->host.secModels[0], type, label) < 0) goto error; VIR_DEBUG("Initialized caps for security driver \"%s\" with " "DOI \"%s\"", model, doi); } else { VIR_INFO("No driver, not initializing security driver"); } return caps; error: VIR_FREE(lxc_path); virObjectUnref(caps); return NULL; }
static virIdentityPtr virNetServerClientCreateIdentity(virNetServerClientPtr client) { char *username = NULL; char *groupname = NULL; char *seccontext = NULL; virIdentityPtr ret = NULL; if (!(ret = virIdentityNew())) goto error; if (client->sock && virNetSocketIsLocal(client->sock)) { gid_t gid; uid_t uid; pid_t pid; unsigned long long timestamp; if (virNetSocketGetUNIXIdentity(client->sock, &uid, &gid, &pid, ×tamp) < 0) goto error; if (!(username = virGetUserName(uid))) goto error; if (virIdentitySetUNIXUserName(ret, username) < 0) goto error; if (virIdentitySetUNIXUserID(ret, uid) < 0) goto error; if (!(groupname = virGetGroupName(gid))) goto error; if (virIdentitySetUNIXGroupName(ret, groupname) < 0) goto error; if (virIdentitySetUNIXGroupID(ret, gid) < 0) goto error; if (virIdentitySetUNIXProcessID(ret, pid) < 0) goto error; if (virIdentitySetUNIXProcessTime(ret, timestamp) < 0) goto error; } #if WITH_SASL if (client->sasl) { const char *identity = virNetSASLSessionGetIdentity(client->sasl); if (virIdentitySetSASLUserName(ret, identity) < 0) goto error; } #endif #if WITH_GNUTLS if (client->tls) { const char *identity = virNetTLSSessionGetX509DName(client->tls); if (virIdentitySetX509DName(ret, identity) < 0) goto error; } #endif if (client->sock && virNetSocketGetSELinuxContext(client->sock, &seccontext) < 0) goto error; if (seccontext && virIdentitySetSELinuxContext(ret, seccontext) < 0) goto error; cleanup: VIR_FREE(username); VIR_FREE(groupname); VIR_FREE(seccontext); return ret; error: virObjectUnref(ret); ret = NULL; goto cleanup; }
/** * virLXCProcessStart: * @conn: pointer to connection * @driver: pointer to driver structure * @vm: pointer to virtual machine structure * @autoDestroy: mark the domain for auto destruction * @reason: reason for switching vm to running state * * Starts a vm * * Returns 0 on success or -1 in case of error */ int virLXCProcessStart(virConnectPtr conn, virLXCDriverPtr driver, virDomainObjPtr vm, bool autoDestroy, virDomainRunningReason reason) { int rc = -1, r; size_t nttyFDs = 0; int *ttyFDs = NULL; size_t i; char *logfile = NULL; int logfd = -1; size_t nveths = 0; char **veths = NULL; int handshakefds[2] = { -1, -1 }; off_t pos = -1; char ebuf[1024]; char *timestamp; virCommandPtr cmd = NULL; virLXCDomainObjPrivatePtr priv = vm->privateData; virErrorPtr err = NULL; if (!lxc_driver->cgroup) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("The 'cpuacct', 'devices' & 'memory' cgroups controllers must be mounted")); return -1; } if (!virCgroupMounted(lxc_driver->cgroup, VIR_CGROUP_CONTROLLER_CPUACCT)) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Unable to find 'cpuacct' cgroups controller mount")); return -1; } if (!virCgroupMounted(lxc_driver->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Unable to find 'devices' cgroups controller mount")); return -1; } if (!virCgroupMounted(lxc_driver->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Unable to find 'memory' cgroups controller mount")); return -1; } if (virFileMakePath(driver->logDir) < 0) { virReportSystemError(errno, _("Cannot create log directory '%s'"), driver->logDir); return -1; } if (virAsprintf(&logfile, "%s/%s.log", driver->logDir, vm->def->name) < 0) { virReportOOMError(); return -1; } /* Do this up front, so any part of the startup process can add * runtime state to vm->def that won't be persisted. This let's us * report implicit runtime defaults in the XML, like vnc listen/socket */ VIR_DEBUG("Setting current domain def as transient"); if (virDomainObjSetDefTransient(driver->caps, vm, true) < 0) goto cleanup; /* Run an early hook to set-up missing devices */ if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { char *xml = virDomainDefFormat(vm->def, 0); int hookret; hookret = virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, VIR_HOOK_LXC_OP_PREPARE, VIR_HOOK_SUBOP_BEGIN, NULL, xml, NULL); VIR_FREE(xml); /* * If the script raised an error abort the launch */ if (hookret < 0) goto cleanup; } /* Must be run before security labelling */ VIR_DEBUG("Preparing host devices"); if (virLXCPrepareHostDevices(driver, vm->def) < 0) goto cleanup; /* Here we open all the PTYs we need on the host OS side. * The LXC controller will open the guest OS side PTYs * and forward I/O between them. */ nttyFDs = vm->def->nconsoles; if (VIR_ALLOC_N(ttyFDs, nttyFDs) < 0) { virReportOOMError(); goto cleanup; } /* If you are using a SecurityDriver with dynamic labelling, then generate a security label for isolation */ VIR_DEBUG("Generating domain security label (if required)"); if (vm->def->nseclabels && vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT) vm->def->seclabels[0]->type = VIR_DOMAIN_SECLABEL_NONE; if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) { virDomainAuditSecurityLabel(vm, false); goto cleanup; } virDomainAuditSecurityLabel(vm, true); VIR_DEBUG("Setting domain security labels"); if (virSecurityManagerSetAllLabel(driver->securityManager, vm->def, NULL) < 0) goto cleanup; for (i = 0 ; i < vm->def->nconsoles ; i++) ttyFDs[i] = -1; for (i = 0 ; i < vm->def->nconsoles ; i++) { char *ttyPath; if (vm->def->consoles[i]->source.type != VIR_DOMAIN_CHR_TYPE_PTY) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Only PTY console types are supported")); goto cleanup; } if (virFileOpenTty(&ttyFDs[i], &ttyPath, 1) < 0) { virReportSystemError(errno, "%s", _("Failed to allocate tty")); goto cleanup; } VIR_FREE(vm->def->consoles[i]->source.data.file.path); vm->def->consoles[i]->source.data.file.path = ttyPath; VIR_FREE(vm->def->consoles[i]->info.alias); if (virAsprintf(&vm->def->consoles[i]->info.alias, "console%zu", i) < 0) { virReportOOMError(); goto cleanup; } } if (virLXCProcessSetupInterfaces(conn, vm->def, &nveths, &veths) < 0) goto cleanup; /* Save the configuration for the controller */ if (virDomainSaveConfig(driver->stateDir, vm->def) < 0) goto cleanup; if ((logfd = open(logfile, O_WRONLY | O_APPEND | O_CREAT, S_IRUSR|S_IWUSR)) < 0) { virReportSystemError(errno, _("Failed to open '%s'"), logfile); goto cleanup; } if (pipe(handshakefds) < 0) { virReportSystemError(errno, "%s", _("Unable to create pipe")); goto cleanup; } if (!(cmd = virLXCProcessBuildControllerCmd(driver, vm, nveths, veths, ttyFDs, nttyFDs, handshakefds[1]))) goto cleanup; virCommandSetOutputFD(cmd, &logfd); virCommandSetErrorFD(cmd, &logfd); /* now that we know it is about to start call the hook if present */ if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { char *xml = virDomainDefFormat(vm->def, 0); int hookret; hookret = virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, VIR_HOOK_LXC_OP_START, VIR_HOOK_SUBOP_BEGIN, NULL, xml, NULL); VIR_FREE(xml); /* * If the script raised an error abort the launch */ if (hookret < 0) goto cleanup; } /* Log timestamp */ if ((timestamp = virTimeStringNow()) == NULL) { virReportOOMError(); goto cleanup; } if (safewrite(logfd, timestamp, strlen(timestamp)) < 0 || safewrite(logfd, START_POSTFIX, strlen(START_POSTFIX)) < 0) { VIR_WARN("Unable to write timestamp to logfile: %s", virStrerror(errno, ebuf, sizeof(ebuf))); } VIR_FREE(timestamp); /* Log generated command line */ virCommandWriteArgLog(cmd, logfd); if ((pos = lseek(logfd, 0, SEEK_END)) < 0) VIR_WARN("Unable to seek to end of logfile: %s", virStrerror(errno, ebuf, sizeof(ebuf))); if (virCommandRun(cmd, NULL) < 0) goto cleanup; if (VIR_CLOSE(handshakefds[1]) < 0) { virReportSystemError(errno, "%s", _("could not close handshake fd")); goto cleanup; } /* Connect to the controller as a client *first* because * this will block until the child has written their * pid file out to disk */ if (!(priv->monitor = virLXCProcessConnectMonitor(driver, vm))) goto cleanup; /* And get its pid */ if ((r = virPidFileRead(driver->stateDir, vm->def->name, &vm->pid)) < 0) { virReportSystemError(-r, _("Failed to read pid file %s/%s.pid"), driver->stateDir, vm->def->name); goto cleanup; } priv->stopReason = VIR_DOMAIN_EVENT_STOPPED_FAILED; priv->wantReboot = false; vm->def->id = vm->pid; virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, reason); priv->doneStopEvent = false; if (!driver->nactive && driver->inhibitCallback) driver->inhibitCallback(true, driver->inhibitOpaque); driver->nactive++; if (lxcContainerWaitForContinue(handshakefds[0]) < 0) { char out[1024]; if (!(virLXCProcessReadLogOutput(vm, logfile, pos, out, 1024) < 0)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("guest failed to start: %s"), out); } goto error; } if (autoDestroy && virLXCProcessAutoDestroyAdd(driver, vm, conn) < 0) goto error; if (virDomainObjSetDefTransient(driver->caps, vm, false) < 0) goto error; /* Write domain status to disk. * * XXX: Earlier we wrote the plain "live" domain XML to this * location for the benefit of libvirt_lxc. We're now overwriting * it with the live status XML instead. This is a (currently * harmless) inconsistency we should fix one day */ if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0) goto error; /* finally we can call the 'started' hook script if any */ if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { char *xml = virDomainDefFormat(vm->def, 0); int hookret; hookret = virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, VIR_HOOK_LXC_OP_STARTED, VIR_HOOK_SUBOP_BEGIN, NULL, xml, NULL); VIR_FREE(xml); /* * If the script raised an error abort the launch */ if (hookret < 0) goto error; } rc = 0; cleanup: if (rc != 0 && !err) err = virSaveLastError(); virCommandFree(cmd); if (VIR_CLOSE(logfd) < 0) { virReportSystemError(errno, "%s", _("could not close logfile")); rc = -1; } for (i = 0 ; i < nveths ; i++) { if (rc != 0) ignore_value(virNetDevVethDelete(veths[i])); VIR_FREE(veths[i]); } if (rc != 0) { if (vm->newDef) { virDomainDefFree(vm->newDef); vm->newDef = NULL; } if (priv->monitor) { virObjectUnref(priv->monitor); priv->monitor = NULL; } virDomainConfVMNWFilterTeardown(vm); virSecurityManagerRestoreAllLabel(driver->securityManager, vm->def, false); virSecurityManagerReleaseLabel(driver->securityManager, vm->def); /* Clear out dynamically assigned labels */ if (vm->def->nseclabels && vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC) { VIR_FREE(vm->def->seclabels[0]->model); VIR_FREE(vm->def->seclabels[0]->label); VIR_FREE(vm->def->seclabels[0]->imagelabel); } } for (i = 0 ; i < nttyFDs ; i++) VIR_FORCE_CLOSE(ttyFDs[i]); VIR_FREE(ttyFDs); VIR_FORCE_CLOSE(handshakefds[0]); VIR_FORCE_CLOSE(handshakefds[1]); VIR_FREE(logfile); if (err) { virSetError(err); virFreeError(err); } return rc; error: err = virSaveLastError(); virLXCProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED); goto cleanup; }
/* * This tests validation checking of peer certificates * * This is replicating the checks that are done for an * active TLS session after handshake completes. To * simulate that we create our TLS contexts, skipping * sanity checks. When then get a socketpair, and * initiate a TLS session across them. Finally do * do actual cert validation tests */ static int testTLSSessionInit(const void *opaque) { struct testTLSSessionData *data = (struct testTLSSessionData *)opaque; virNetTLSContextPtr clientCtxt = NULL; virNetTLSContextPtr serverCtxt = NULL; virNetTLSSessionPtr clientSess = NULL; virNetTLSSessionPtr serverSess = NULL; int ret = -1; int channel[2]; bool clientShake = false; bool serverShake = false; /* We'll use this for our fake client-server connection */ if (socketpair(AF_UNIX, SOCK_STREAM, 0, channel) < 0) abort(); /* * We have an evil loop to do the handshake in a single * thread, so we need these non-blocking to avoid deadlock * of ourselves */ ignore_value(virSetNonBlock(channel[0])); ignore_value(virSetNonBlock(channel[1])); /* We skip initial sanity checks here because we * want to make sure that problems are being * detected at the TLS session validation stage */ serverCtxt = virNetTLSContextNewServer(data->servercacrt, NULL, data->servercrt, KEYFILE, data->wildcards, false, true); clientCtxt = virNetTLSContextNewClient(data->clientcacrt, NULL, data->clientcrt, KEYFILE, false, true); if (!serverCtxt) { VIR_WARN("Unexpected failure loading %s against %s", data->servercacrt, data->servercrt); goto cleanup; } if (!clientCtxt) { VIR_WARN("Unexpected failure loading %s against %s", data->clientcacrt, data->clientcrt); goto cleanup; } /* Now the real part of the test, setup the sessions */ serverSess = virNetTLSSessionNew(serverCtxt, NULL); clientSess = virNetTLSSessionNew(clientCtxt, data->hostname); if (!serverSess) { VIR_WARN("Unexpected failure using %s against %s", data->servercacrt, data->servercrt); goto cleanup; } if (!clientSess) { VIR_WARN("Unexpected failure using %s against %s", data->clientcacrt, data->clientcrt); goto cleanup; } /* For handshake to work, we need to set the I/O callbacks * to read/write over the socketpair */ virNetTLSSessionSetIOCallbacks(serverSess, testWrite, testRead, &channel[0]); virNetTLSSessionSetIOCallbacks(clientSess, testWrite, testRead, &channel[1]); /* * Finally we loop around & around doing handshake on each * session until we get an error, or the handshake completes. * This relies on the socketpair being nonblocking to avoid * deadlocking ourselves upon handshake */ do { int rv; if (!serverShake) { rv = virNetTLSSessionHandshake(serverSess); if (rv < 0) goto cleanup; if (rv == VIR_NET_TLS_HANDSHAKE_COMPLETE) serverShake = true; } if (!clientShake) { rv = virNetTLSSessionHandshake(clientSess); if (rv < 0) goto cleanup; if (rv == VIR_NET_TLS_HANDSHAKE_COMPLETE) clientShake = true; } } while (!clientShake && !serverShake); /* Finally make sure the server validation does what * we were expecting */ if (virNetTLSContextCheckCertificate(serverCtxt, serverSess) < 0) { if (!data->expectServerFail) { VIR_WARN("Unexpected server cert check fail"); goto cleanup; } else { VIR_DEBUG("Got expected server cert fail"); } } else { if (data->expectServerFail) { VIR_WARN("Expected server cert check fail"); goto cleanup; } else { VIR_DEBUG("No unexpected server cert fail"); } } /* * And the same for the client validation check */ if (virNetTLSContextCheckCertificate(clientCtxt, clientSess) < 0) { if (!data->expectClientFail) { VIR_WARN("Unexpected client cert check fail"); goto cleanup; } else { VIR_DEBUG("Got expected client cert fail"); } } else { if (data->expectClientFail) { VIR_WARN("Expected client cert check fail"); goto cleanup; } else { VIR_DEBUG("No unexpected client cert fail"); } } ret = 0; cleanup: virObjectUnref(serverCtxt); virObjectUnref(clientCtxt); virObjectUnref(serverSess); virObjectUnref(clientSess); VIR_FORCE_CLOSE(channel[0]); VIR_FORCE_CLOSE(channel[1]); return ret; }