2007-02-14 04:40:09 +03:00
/*
* qemud . c : daemon start of day , guest process & i / o management
*
* Copyright ( C ) 2006 , 2007 Red Hat , Inc .
* Copyright ( C ) 2006 Daniel P . Berrange
*
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation ; either
* version 2.1 of the License , or ( at your option ) any later version .
*
* This library is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
* Lesser General Public License for more details .
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library ; if not , write to the Free Software
* Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
*
* Author : Daniel P . Berrange < berrange @ redhat . com >
*/
2007-11-26 14:56:41 +03:00
# include "config.h"
2007-02-14 18:42:55 +03:00
2007-06-11 16:04:54 +04:00
# define _GNU_SOURCE /* for asprintf */
2007-02-14 04:40:09 +03:00
# include <sys/types.h>
# include <sys/wait.h>
# include <sys/stat.h>
# include <unistd.h>
# include <fcntl.h>
# include <paths.h>
# include <limits.h>
# include <sys/socket.h>
# include <sys/un.h>
# include <sys/poll.h>
# include <netinet/in.h>
2007-06-11 16:04:54 +04:00
# include <netinet/tcp.h>
2007-02-14 04:40:09 +03:00
# include <netdb.h>
# include <stdlib.h>
# include <pwd.h>
# include <stdio.h>
2007-02-16 21:30:55 +03:00
# include <stdarg.h>
# include <syslog.h>
2007-02-14 04:40:09 +03:00
# include <string.h>
# include <errno.h>
# include <getopt.h>
2007-06-11 16:04:54 +04:00
# include <assert.h>
# include <fnmatch.h>
2007-09-19 06:28:01 +04:00
# include <grp.h>
2007-04-11 03:17:46 +04:00
Wed Dec 5 13:48:00 UTC 2007 Richard W.M. Jones <rjones@redhat.com>
* python/libvir.c, python/libvirt_wrap.h, qemud/qemud.c,
qemud/remote.c, src/internal.h, src/openvz_conf.c,
src/openvz_driver.c, src/proxy_internal.h, src/qemu_conf.c,
src/qemu_driver.c, src/remote_internal.h, src/test.h, src/util.c,
src/xen_unified.c, src/xen_unified.h, tests/nodeinfotest.c,
tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c, tests/reconnect.c,
tests/sexpr2xmltest.c, tests/virshtest.c, tests/xencapstest.c,
tests/xmconfigtest.c, tests/xml2sexprtest.c:
Change #include <> to #include "" for local includes.
Removed many includes from src/internal.h and put them in
the C files which actually use them.
Removed <ansidecl.h> - unused.
Added a comment around __func__.
Removed a clashing redefinition of VERSION symbol.
All limits (PATH_MAX etc) now done in src/internal.h, so we
don't need to include those headers in other files.
2007-12-05 16:56:22 +03:00
# include "libvirt/virterror.h"
2007-02-14 04:40:09 +03:00
# include "internal.h"
2007-06-27 02:56:14 +04:00
# include "../src/internal.h"
2007-06-11 16:04:54 +04:00
# include "../src/remote_internal.h"
# include "../src/conf.h"
2007-06-26 23:11:00 +04:00
# include "event.h"
2007-09-19 05:56:55 +04:00
# ifdef HAVE_AVAHI
# include "mdns.h"
# endif
2007-02-14 04:40:09 +03:00
2007-06-11 16:04:54 +04:00
static int godaemon = 0 ; /* -d: Be a daemon */
static int verbose = 0 ; /* -v: Verbose mode */
2007-06-27 03:48:46 +04:00
static int timeout = - 1 ; /* -t: Shutdown timeout */
2007-06-11 16:04:54 +04:00
static int sigwrite = - 1 ; /* Signal handler pipe */
2007-06-27 03:48:46 +04:00
static int ipsock = 0 ; /* -l Listen for TCP/IP */
2007-06-11 16:04:54 +04:00
2007-06-27 03:48:46 +04:00
/* Defaults for configuration file elements */
2007-06-11 16:04:54 +04:00
static int listen_tls = 1 ;
static int listen_tcp = 0 ;
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
static char * tls_port = ( char * ) LIBVIRTD_TLS_PORT ;
static char * tcp_port = ( char * ) LIBVIRTD_TCP_PORT ;
2007-06-11 16:04:54 +04:00
2007-09-19 06:28:01 +04:00
static gid_t unix_sock_gid = 0 ; /* Only root by default */
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
static int unix_sock_rw_mask = 0700 ; /* Allow user only */
static int unix_sock_ro_mask = 0777 ; /* Allow world */
2007-09-19 06:28:01 +04:00
2007-12-05 21:21:27 +03:00
# if HAVE_POLKIT
static int auth_unix_rw = REMOTE_AUTH_POLKIT ;
static int auth_unix_ro = REMOTE_AUTH_POLKIT ;
# else
2007-12-05 18:34:05 +03:00
static int auth_unix_rw = REMOTE_AUTH_NONE ;
static int auth_unix_ro = REMOTE_AUTH_NONE ;
2007-12-05 21:21:27 +03:00
# endif /* HAVE_POLKIT */
2007-12-05 18:34:05 +03:00
# if HAVE_SASL
static int auth_tcp = REMOTE_AUTH_SASL ;
# else
static int auth_tcp = REMOTE_AUTH_NONE ;
# endif
static int auth_tls = REMOTE_AUTH_NONE ;
2007-09-19 05:56:55 +04:00
static int mdns_adv = 1 ;
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
static char * mdns_name = NULL ;
2007-09-19 05:56:55 +04:00
2007-06-11 16:04:54 +04:00
static int tls_no_verify_certificate = 0 ;
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
static char * * tls_allowed_dn_list = NULL ;
2007-06-11 16:04:54 +04:00
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
static char * key_file = ( char * ) LIBVIRT_SERVERKEY ;
static char * cert_file = ( char * ) LIBVIRT_SERVERCERT ;
static char * ca_file = ( char * ) LIBVIRT_CACERT ;
static char * crl_file = ( char * ) " " ;
2007-06-11 16:04:54 +04:00
static gnutls_certificate_credentials_t x509_cred ;
static gnutls_dh_params_t dh_params ;
# define DH_BITS 1024
2007-02-16 21:28:17 +03:00
2007-03-27 14:28:45 +04:00
static sig_atomic_t sig_errors = 0 ;
static int sig_lasterrno = 0 ;
2007-02-16 21:28:17 +03:00
static void sig_handler ( int sig ) {
unsigned char sigc = sig ;
int origerrno ;
2007-03-27 14:28:45 +04:00
int r ;
2007-02-16 21:28:17 +03:00
if ( sig = = SIGCHLD ) /* We explicitly waitpid the child later */
return ;
origerrno = errno ;
2007-03-27 14:28:45 +04:00
r = write ( sigwrite , & sigc , 1 ) ;
if ( r = = - 1 ) {
sig_errors + + ;
sig_lasterrno = errno ;
}
2007-02-16 21:28:17 +03:00
errno = origerrno ;
2007-02-14 04:40:09 +03:00
}
2007-02-16 21:28:17 +03:00
2007-06-26 23:11:00 +04:00
static void qemudDispatchClientEvent ( int fd , int events , void * opaque ) ;
static void qemudDispatchServerEvent ( int fd , int events , void * opaque ) ;
static int qemudRegisterClientEvent ( struct qemud_server * server ,
struct qemud_client * client ,
2007-08-07 17:02:35 +04:00
int removeFirst ) ;
2007-06-26 23:11:00 +04:00
2007-07-12 18:54:45 +04:00
static int
remoteCheckCertFile ( const char * type , const char * file )
{
struct stat sb ;
if ( stat ( file , & sb ) < 0 ) {
qemudLog ( QEMUD_ERR , " Cannot access %s '%s': %s (%d) " ,
type , file , strerror ( errno ) , errno ) ;
return - 1 ;
}
return 0 ;
}
2007-06-11 16:04:54 +04:00
static int
remoteInitializeGnuTLS ( void )
{
int err ;
/* Initialise GnuTLS. */
gnutls_global_init ( ) ;
err = gnutls_certificate_allocate_credentials ( & x509_cred ) ;
if ( err ) {
qemudLog ( QEMUD_ERR , " gnutls_certificate_allocate_credentials: %s " ,
gnutls_strerror ( err ) ) ;
return - 1 ;
}
if ( ca_file & & ca_file [ 0 ] ! = ' \0 ' ) {
2007-07-12 18:54:45 +04:00
if ( remoteCheckCertFile ( " CA certificate " , ca_file ) < 0 )
return - 1 ;
2007-06-11 16:04:54 +04:00
qemudDebug ( " loading CA cert from %s " , ca_file ) ;
err = gnutls_certificate_set_x509_trust_file ( x509_cred , ca_file ,
GNUTLS_X509_FMT_PEM ) ;
if ( err < 0 ) {
qemudLog ( QEMUD_ERR , " gnutls_certificate_set_x509_trust_file: %s " ,
gnutls_strerror ( err ) ) ;
return - 1 ;
}
}
if ( crl_file & & crl_file [ 0 ] ! = ' \0 ' ) {
2007-11-22 02:16:11 +03:00
if ( remoteCheckCertFile ( " CA revocation list " , crl_file ) < 0 )
2007-07-12 18:54:45 +04:00
return - 1 ;
2007-06-11 16:04:54 +04:00
qemudDebug ( " loading CRL from %s " , crl_file ) ;
err = gnutls_certificate_set_x509_crl_file ( x509_cred , crl_file ,
GNUTLS_X509_FMT_PEM ) ;
if ( err < 0 ) {
qemudLog ( QEMUD_ERR , " gnutls_certificate_set_x509_crl_file: %s " ,
gnutls_strerror ( err ) ) ;
return - 1 ;
}
}
if ( cert_file & & cert_file [ 0 ] ! = ' \0 ' & & key_file & & key_file [ 0 ] ! = ' \0 ' ) {
2007-07-12 18:54:45 +04:00
if ( remoteCheckCertFile ( " server certificate " , cert_file ) < 0 )
return - 1 ;
if ( remoteCheckCertFile ( " server key " , key_file ) < 0 )
return - 1 ;
2007-06-11 16:04:54 +04:00
qemudDebug ( " loading cert and key from %s and %s " ,
cert_file , key_file ) ;
err =
gnutls_certificate_set_x509_key_file ( x509_cred ,
cert_file , key_file ,
GNUTLS_X509_FMT_PEM ) ;
if ( err < 0 ) {
qemudLog ( QEMUD_ERR , " gnutls_certificate_set_x509_key_file: %s " ,
gnutls_strerror ( err ) ) ;
return - 1 ;
}
}
/* Generate Diffie Hellman parameters - for use with DHE
* kx algorithms . These should be discarded and regenerated
* once a day , once a week or once a month . Depending on the
* security requirements .
*/
err = gnutls_dh_params_init ( & dh_params ) ;
if ( err < 0 ) {
qemudLog ( QEMUD_ERR , " gnutls_dh_params_init: %s " ,
gnutls_strerror ( err ) ) ;
return - 1 ;
}
err = gnutls_dh_params_generate2 ( dh_params , DH_BITS ) ;
if ( err < 0 ) {
qemudLog ( QEMUD_ERR , " gnutls_dh_params_generate2: %s " ,
gnutls_strerror ( err ) ) ;
return - 1 ;
}
gnutls_certificate_set_dh_params ( x509_cred , dh_params ) ;
return 0 ;
}
2007-06-26 23:11:00 +04:00
static void qemudDispatchSignalEvent ( int fd ATTRIBUTE_UNUSED ,
int events ATTRIBUTE_UNUSED ,
void * opaque ) {
struct qemud_server * server = ( struct qemud_server * ) opaque ;
2007-02-16 21:28:17 +03:00
unsigned char sigc ;
int ret ;
2007-02-16 21:30:55 +03:00
if ( read ( server - > sigread , & sigc , 1 ) ! = 1 ) {
qemudLog ( QEMUD_ERR , " Failed to read from signal pipe: %s " ,
strerror ( errno ) ) ;
2007-06-26 23:11:00 +04:00
return ;
2007-02-16 21:30:55 +03:00
}
2007-02-16 21:28:17 +03:00
ret = 0 ;
switch ( sigc ) {
case SIGHUP :
2007-02-19 20:00:05 +03:00
qemudLog ( QEMUD_INFO , " Reloading configuration on SIGHUP " ) ;
2007-06-27 02:56:14 +04:00
if ( virStateReload ( ) < 0 )
qemudLog ( QEMUD_WARN , " Error while reloading drivers " ) ;
2007-02-16 21:28:17 +03:00
break ;
case SIGINT :
2007-02-19 19:59:15 +03:00
case SIGQUIT :
2007-02-16 21:28:17 +03:00
case SIGTERM :
2007-02-16 21:30:55 +03:00
qemudLog ( QEMUD_WARN , " Shutting down on signal %d " , sigc ) ;
2007-02-16 21:28:17 +03:00
server - > shutdown = 1 ;
break ;
default :
break ;
}
2007-06-26 23:11:00 +04:00
if ( ret ! = 0 )
server - > shutdown = 1 ;
2007-02-16 21:28:17 +03:00
}
2007-02-14 04:40:09 +03:00
static int qemudSetCloseExec ( int fd ) {
int flags ;
2007-02-16 21:30:55 +03:00
if ( ( flags = fcntl ( fd , F_GETFD ) ) < 0 )
goto error ;
2007-02-14 04:40:09 +03:00
flags | = FD_CLOEXEC ;
2007-02-16 21:30:55 +03:00
if ( ( fcntl ( fd , F_SETFD , flags ) ) < 0 )
goto error ;
2007-02-14 04:40:09 +03:00
return 0 ;
2007-02-16 21:30:55 +03:00
error :
qemudLog ( QEMUD_ERR , " Failed to set close-on-exec file descriptor flag " ) ;
return - 1 ;
2007-02-14 04:40:09 +03:00
}
static int qemudSetNonBlock ( int fd ) {
int flags ;
2007-02-16 21:30:55 +03:00
if ( ( flags = fcntl ( fd , F_GETFL ) ) < 0 )
goto error ;
2007-02-14 04:40:09 +03:00
flags | = O_NONBLOCK ;
2007-02-16 21:30:55 +03:00
if ( ( fcntl ( fd , F_SETFL , flags ) ) < 0 )
goto error ;
2007-02-14 04:40:09 +03:00
return 0 ;
2007-02-16 21:30:55 +03:00
error :
qemudLog ( QEMUD_ERR , " Failed to set non-blocking file descriptor flag " ) ;
return - 1 ;
}
void qemudLog ( int priority , const char * fmt , . . . )
{
va_list args ;
va_start ( args , fmt ) ;
if ( godaemon ) {
int sysprio = - 1 ;
switch ( priority ) {
case QEMUD_ERR :
sysprio = LOG_ERR ;
break ;
case QEMUD_WARN :
sysprio = LOG_WARNING ;
break ;
case QEMUD_INFO :
if ( verbose )
sysprio = LOG_INFO ;
break ;
# ifdef ENABLE_DEBUG
case QEMUD_DEBUG :
if ( verbose )
sysprio = LOG_DEBUG ;
break ;
# endif
default :
break ;
}
if ( sysprio ! = - 1 )
vsyslog ( sysprio , fmt , args ) ;
} else {
switch ( priority ) {
case QEMUD_ERR :
case QEMUD_WARN :
vfprintf ( stderr , fmt , args ) ;
fputc ( ' \n ' , stderr ) ;
break ;
case QEMUD_INFO :
if ( verbose ) {
vprintf ( fmt , args ) ;
fputc ( ' \n ' , stdout ) ;
}
break ;
# ifdef ENABLE_DEBUG
case QEMUD_DEBUG :
if ( verbose ) {
vprintf ( fmt , args ) ;
fputc ( ' \n ' , stdout ) ;
}
break ;
# endif
default :
break ;
}
}
va_end ( args ) ;
2007-02-14 04:40:09 +03:00
}
static int qemudGoDaemon ( void ) {
int pid = fork ( ) ;
switch ( pid ) {
case 0 :
{
int stdinfd = - 1 ;
int stdoutfd = - 1 ;
2007-02-16 21:26:18 +03:00
int nextpid ;
2007-02-14 04:40:09 +03:00
if ( ( stdinfd = open ( _PATH_DEVNULL , O_RDONLY ) ) < 0 )
goto cleanup ;
if ( ( stdoutfd = open ( _PATH_DEVNULL , O_WRONLY ) ) < 0 )
goto cleanup ;
if ( dup2 ( stdinfd , STDIN_FILENO ) ! = STDIN_FILENO )
goto cleanup ;
if ( dup2 ( stdoutfd , STDOUT_FILENO ) ! = STDOUT_FILENO )
goto cleanup ;
if ( dup2 ( stdoutfd , STDERR_FILENO ) ! = STDERR_FILENO )
goto cleanup ;
if ( close ( stdinfd ) < 0 )
goto cleanup ;
stdinfd = - 1 ;
if ( close ( stdoutfd ) < 0 )
goto cleanup ;
stdoutfd = - 1 ;
if ( setsid ( ) < 0 )
goto cleanup ;
nextpid = fork ( ) ;
switch ( nextpid ) {
case 0 :
return 0 ;
case - 1 :
return - 1 ;
default :
return nextpid ;
}
cleanup :
if ( stdoutfd ! = - 1 )
close ( stdoutfd ) ;
if ( stdinfd ! = - 1 )
close ( stdinfd ) ;
return - 1 ;
}
case - 1 :
return - 1 ;
default :
{
int got , status = 0 ;
/* We wait to make sure the next child forked
successfully */
if ( ( got = waitpid ( pid , & status , 0 ) ) < 0 | |
got ! = pid | |
status ! = 0 ) {
return - 1 ;
}
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
2007-02-14 04:40:09 +03:00
return pid ;
}
}
}
2007-02-23 15:48:36 +03:00
static int qemudWritePidFile ( const char * pidFile ) {
int fd ;
FILE * fh ;
if ( pidFile [ 0 ] = = ' \0 ' )
return 0 ;
if ( ( fd = open ( pidFile , O_WRONLY | O_CREAT | O_EXCL , 0644 ) ) < 0 ) {
qemudLog ( QEMUD_ERR , " Failed to open pid file '%s' : %s " ,
pidFile , strerror ( errno ) ) ;
return - 1 ;
}
if ( ! ( fh = fdopen ( fd , " w " ) ) ) {
qemudLog ( QEMUD_ERR , " Failed to fdopen pid file '%s' : %s " ,
pidFile , strerror ( errno ) ) ;
close ( fd ) ;
return - 1 ;
}
if ( fprintf ( fh , " %lu \n " , ( unsigned long ) getpid ( ) ) < 0 ) {
qemudLog ( QEMUD_ERR , " Failed to write to pid file '%s' : %s " ,
pidFile , strerror ( errno ) ) ;
close ( fd ) ;
return - 1 ;
}
if ( fclose ( fh ) = = EOF ) {
qemudLog ( QEMUD_ERR , " Failed to close pid file '%s' : %s " ,
pidFile , strerror ( errno ) ) ;
return - 1 ;
}
return 0 ;
}
2007-02-14 04:40:09 +03:00
static int qemudListenUnix ( struct qemud_server * server ,
2007-12-05 18:34:05 +03:00
const char * path , int readonly , int auth ) {
2007-02-14 04:40:09 +03:00
struct qemud_socket * sock = calloc ( 1 , sizeof ( struct qemud_socket ) ) ;
struct sockaddr_un addr ;
mode_t oldmask ;
2007-09-19 06:28:01 +04:00
gid_t oldgrp ;
2007-02-14 04:40:09 +03:00
2007-02-16 21:30:55 +03:00
if ( ! sock ) {
qemudLog ( QEMUD_ERR , " Failed to allocate memory for struct qemud_socket " ) ;
2007-02-14 04:40:09 +03:00
return - 1 ;
2007-02-16 21:30:55 +03:00
}
2007-02-14 04:40:09 +03:00
sock - > readonly = readonly ;
2007-09-19 05:56:55 +04:00
sock - > port = - 1 ;
2007-12-05 18:27:08 +03:00
sock - > type = QEMUD_SOCK_TYPE_UNIX ;
2007-12-05 18:34:05 +03:00
sock - > auth = auth ;
2007-02-14 04:40:09 +03:00
2007-02-16 21:30:55 +03:00
if ( ( sock - > fd = socket ( PF_UNIX , SOCK_STREAM , 0 ) ) < 0 ) {
qemudLog ( QEMUD_ERR , " Failed to create socket: %s " ,
strerror ( errno ) ) ;
2007-06-26 23:11:00 +04:00
goto cleanup ;
2007-02-16 21:30:55 +03:00
}
2007-02-14 04:40:09 +03:00
2007-02-16 21:30:55 +03:00
if ( qemudSetCloseExec ( sock - > fd ) < 0 | |
qemudSetNonBlock ( sock - > fd ) < 0 )
2007-06-26 23:11:00 +04:00
goto cleanup ;
2007-02-14 04:40:09 +03:00
memset ( & addr , 0 , sizeof ( addr ) ) ;
addr . sun_family = AF_UNIX ;
strncpy ( addr . sun_path , path , sizeof ( addr . sun_path ) - 1 ) ;
if ( addr . sun_path [ 0 ] = = ' @ ' )
addr . sun_path [ 0 ] = ' \0 ' ;
2007-09-19 06:28:01 +04:00
oldgrp = getgid ( ) ;
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
oldmask = umask ( readonly ? ~ unix_sock_ro_mask : ~ unix_sock_rw_mask ) ;
2007-09-19 06:28:01 +04:00
if ( getuid ( ) = = 0 )
setgid ( unix_sock_gid ) ;
2007-02-16 21:30:55 +03:00
if ( bind ( sock - > fd , ( struct sockaddr * ) & addr , sizeof ( addr ) ) < 0 ) {
qemudLog ( QEMUD_ERR , " Failed to bind socket to '%s': %s " ,
path , strerror ( errno ) ) ;
2007-06-26 23:11:00 +04:00
goto cleanup ;
2007-02-16 21:30:55 +03:00
}
2007-02-14 04:40:09 +03:00
umask ( oldmask ) ;
2007-09-19 06:28:01 +04:00
if ( getuid ( ) = = 0 )
setgid ( oldgrp ) ;
2007-02-14 04:40:09 +03:00
2007-02-16 21:30:55 +03:00
if ( listen ( sock - > fd , 30 ) < 0 ) {
qemudLog ( QEMUD_ERR , " Failed to listen for connections on '%s': %s " ,
path , strerror ( errno ) ) ;
2007-06-26 23:11:00 +04:00
goto cleanup ;
}
2007-06-27 02:51:01 +04:00
if ( virEventAddHandleImpl ( sock - > fd ,
POLLIN | POLLERR | POLLHUP ,
qemudDispatchServerEvent ,
server ) < 0 ) {
2007-06-26 23:11:00 +04:00
qemudLog ( QEMUD_ERR , " Failed to add server event callback " ) ;
goto cleanup ;
2007-02-16 21:30:55 +03:00
}
2007-02-14 04:40:09 +03:00
2007-06-26 23:11:00 +04:00
sock - > next = server - > sockets ;
server - > sockets = sock ;
server - > nsockets + + ;
2007-02-14 04:40:09 +03:00
return 0 ;
2007-06-26 23:11:00 +04:00
cleanup :
if ( sock - > fd )
close ( sock - > fd ) ;
free ( sock ) ;
return - 1 ;
2007-02-14 04:40:09 +03:00
}
2007-06-11 16:04:54 +04:00
// See: http://people.redhat.com/drepper/userapi-ipv6.html
static int
remoteMakeSockets ( int * fds , int max_fds , int * nfds_r , const char * service )
{
struct addrinfo * ai ;
struct addrinfo hints ;
memset ( & hints , 0 , sizeof hints ) ;
hints . ai_flags = AI_PASSIVE | AI_ADDRCONFIG ;
hints . ai_socktype = SOCK_STREAM ;
int e = getaddrinfo ( NULL , service , & hints , & ai ) ;
if ( e ! = 0 ) {
qemudLog ( QEMUD_ERR , " getaddrinfo: %s \n " , gai_strerror ( e ) ) ;
return - 1 ;
}
struct addrinfo * runp = ai ;
while ( runp & & * nfds_r < max_fds ) {
fds [ * nfds_r ] = socket ( runp - > ai_family , runp - > ai_socktype ,
runp - > ai_protocol ) ;
if ( fds [ * nfds_r ] = = - 1 ) {
qemudLog ( QEMUD_ERR , " socket: %s " , strerror ( errno ) ) ;
return - 1 ;
}
int opt = 1 ;
setsockopt ( fds [ * nfds_r ] , SOL_SOCKET , SO_REUSEADDR , & opt , sizeof opt ) ;
if ( bind ( fds [ * nfds_r ] , runp - > ai_addr , runp - > ai_addrlen ) = = - 1 ) {
if ( errno ! = EADDRINUSE ) {
qemudLog ( QEMUD_ERR , " bind: %s " , strerror ( errno ) ) ;
return - 1 ;
}
close ( fds [ * nfds_r ] ) ;
}
else {
if ( listen ( fds [ * nfds_r ] , SOMAXCONN ) = = - 1 ) {
qemudLog ( QEMUD_ERR , " listen: %s " , strerror ( errno ) ) ;
return - 1 ;
}
+ + * nfds_r ;
}
runp = runp - > ai_next ;
}
2007-02-23 12:10:28 +03:00
2007-06-11 16:04:54 +04:00
freeaddrinfo ( ai ) ;
return 0 ;
}
/* Listen on the named/numbered TCP port. On a machine with IPv4 and
* IPv6 interfaces this may generate several sockets .
*/
static int
remoteListenTCP ( struct qemud_server * server ,
const char * port ,
2007-12-05 18:27:08 +03:00
int type ,
2007-12-05 18:24:15 +03:00
int auth )
2007-06-11 16:04:54 +04:00
{
int fds [ 2 ] ;
int nfds = 0 ;
2007-02-23 12:10:28 +03:00
int i ;
2007-06-11 16:04:54 +04:00
struct qemud_socket * sock ;
if ( remoteMakeSockets ( fds , 2 , & nfds , port ) = = - 1 )
return - 1 ;
for ( i = 0 ; i < nfds ; + + i ) {
2007-09-19 05:56:55 +04:00
struct sockaddr_storage sa ;
socklen_t salen = sizeof ( sa ) ;
2007-06-11 16:04:54 +04:00
sock = calloc ( 1 , sizeof * sock ) ;
2007-02-20 12:04:27 +03:00
2007-06-11 16:04:54 +04:00
if ( ! sock ) {
qemudLog ( QEMUD_ERR ,
" remoteListenTCP: calloc: %s " , strerror ( errno ) ) ;
return - 1 ;
}
sock - > readonly = 0 ;
sock - > next = server - > sockets ;
server - > sockets = sock ;
server - > nsockets + + ;
sock - > fd = fds [ i ] ;
2007-12-05 18:27:08 +03:00
sock - > type = type ;
2007-12-05 18:24:15 +03:00
sock - > auth = auth ;
2007-02-14 04:40:09 +03:00
2007-09-19 05:56:55 +04:00
if ( getsockname ( sock - > fd , ( struct sockaddr * ) ( & sa ) , & salen ) < 0 )
return - 1 ;
if ( sa . ss_family = = AF_INET )
sock - > port = htons ( ( ( struct sockaddr_in * ) & sa ) - > sin_port ) ;
2007-11-26 14:56:41 +03:00
# ifdef AF_INET6
2007-09-19 05:56:55 +04:00
else if ( sa . ss_family = = AF_INET6 )
sock - > port = htons ( ( ( struct sockaddr_in6 * ) & sa ) - > sin6_port ) ;
2007-11-26 14:56:41 +03:00
# endif
2007-09-19 05:56:55 +04:00
else
sock - > port = - 1 ;
2007-06-11 16:04:54 +04:00
if ( qemudSetCloseExec ( sock - > fd ) < 0 | |
qemudSetNonBlock ( sock - > fd ) < 0 )
return - 1 ;
if ( listen ( sock - > fd , 30 ) < 0 ) {
qemudLog ( QEMUD_ERR ,
" remoteListenTCP: listen: %s " , strerror ( errno ) ) ;
2007-02-20 12:04:27 +03:00
return - 1 ;
}
2007-06-26 23:11:00 +04:00
2007-06-27 02:51:01 +04:00
if ( virEventAddHandleImpl ( sock - > fd ,
POLLIN | POLLERR | POLLHUP ,
qemudDispatchServerEvent ,
server ) < 0 ) {
2007-06-26 23:11:00 +04:00
qemudLog ( QEMUD_ERR , " Failed to add server event callback " ) ;
return - 1 ;
}
2007-06-11 16:04:54 +04:00
}
return 0 ;
}
static int qemudInitPaths ( struct qemud_server * server ,
char * sockname ,
char * roSockname ,
int maxlen ) {
char * base = 0 ;
2007-06-27 03:48:46 +04:00
uid_t uid = geteuid ( ) ;
2007-06-11 16:04:54 +04:00
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
2007-06-27 03:48:46 +04:00
if ( ! uid ) {
2007-06-11 16:04:54 +04:00
if ( snprintf ( sockname , maxlen , " %s/run/libvirt/libvirt-sock " ,
LOCAL_STATE_DIR ) > = maxlen )
2007-02-16 21:30:55 +03:00
goto snprintf_error ;
2007-02-14 04:40:09 +03:00
unlink ( sockname ) ;
2007-06-11 16:04:54 +04:00
if ( snprintf ( roSockname , maxlen , " %s/run/libvirt/libvirt-sock-ro " ,
LOCAL_STATE_DIR ) > = maxlen )
2007-02-16 21:30:55 +03:00
goto snprintf_error ;
2007-02-14 04:40:09 +03:00
2007-03-06 19:51:48 +03:00
unlink ( roSockname ) ;
2007-05-18 22:36:24 +04:00
2007-06-27 03:48:46 +04:00
if ( snprintf ( server - > logDir , PATH_MAX , " %s/log/libvirt/ " , LOCAL_STATE_DIR ) > = PATH_MAX )
2007-05-18 22:36:24 +04:00
goto snprintf_error ;
2007-02-14 04:40:09 +03:00
} else {
2007-06-11 16:04:54 +04:00
struct passwd * pw ;
2007-06-27 03:48:46 +04:00
if ( ! ( pw = getpwuid ( uid ) ) ) {
qemudLog ( QEMUD_ERR , " Failed to find user record for uid '%d': %s " ,
uid , strerror ( errno ) ) ;
return - 1 ;
}
2007-06-11 16:04:54 +04:00
2007-06-27 03:48:46 +04:00
if ( snprintf ( sockname , maxlen , " @%s/.libvirt/libvirt-sock " , pw - > pw_dir ) > = maxlen )
goto snprintf_error ;
2007-06-11 16:04:54 +04:00
2007-06-27 03:48:46 +04:00
if ( snprintf ( server - > logDir , PATH_MAX , " %s/.libvirt/log " , pw - > pw_dir ) > = PATH_MAX )
goto snprintf_error ;
2007-06-27 02:13:21 +04:00
2007-06-27 03:48:46 +04:00
if ( asprintf ( & base , " %s/.libvirt " , pw - > pw_dir ) = = - 1 ) {
qemudLog ( QEMUD_ERR , " out of memory in asprintf " ) ;
return - 1 ;
2007-02-14 04:40:09 +03:00
}
2007-06-11 16:04:54 +04:00
} /* !remote */
if ( base ) free ( base ) ;
2007-02-20 12:04:27 +03:00
2007-02-14 04:40:09 +03:00
return 0 ;
2007-02-16 21:30:55 +03:00
snprintf_error :
2007-02-20 12:04:27 +03:00
qemudLog ( QEMUD_ERR , " Resulting path to long for buffer in qemudInitPaths() " ) ;
2007-02-16 21:30:55 +03:00
return - 1 ;
2007-02-14 04:40:09 +03:00
}
2007-06-11 16:04:54 +04:00
static struct qemud_server * qemudInitialize ( int sigread ) {
2007-02-14 04:40:09 +03:00
struct qemud_server * server ;
2007-02-16 21:30:55 +03:00
if ( ! ( server = calloc ( 1 , sizeof ( struct qemud_server ) ) ) ) {
qemudLog ( QEMUD_ERR , " Failed to allocate struct qemud_server " ) ;
2007-02-14 04:40:09 +03:00
return NULL ;
2007-02-16 21:30:55 +03:00
}
2007-02-14 04:40:09 +03:00
2007-02-16 21:28:17 +03:00
server - > sigread = sigread ;
2007-02-14 04:40:09 +03:00
2007-06-27 03:48:46 +04:00
__virEventRegisterImpl ( virEventAddHandleImpl ,
2007-09-19 05:27:32 +04:00
virEventUpdateHandleImpl ,
2007-06-27 03:48:46 +04:00
virEventRemoveHandleImpl ,
virEventAddTimeoutImpl ,
2007-09-19 05:27:32 +04:00
virEventUpdateTimeoutImpl ,
2007-06-27 03:48:46 +04:00
virEventRemoveTimeoutImpl ) ;
2007-06-27 02:56:14 +04:00
virStateInitialize ( ) ;
2007-12-05 18:34:05 +03:00
return server ;
}
static struct qemud_server * qemudNetworkInit ( struct qemud_server * server ) {
struct qemud_socket * sock ;
char sockname [ PATH_MAX ] ;
char roSockname [ PATH_MAX ] ;
2007-12-05 18:24:15 +03:00
# if HAVE_SASL
2007-12-05 18:34:05 +03:00
int err ;
# endif /* HAVE_SASL */
roSockname [ 0 ] = ' \0 ' ;
if ( qemudInitPaths ( server , sockname , roSockname , PATH_MAX ) < 0 )
goto cleanup ;
if ( qemudListenUnix ( server , sockname , 0 , auth_unix_rw ) < 0 )
2007-12-05 18:24:15 +03:00
goto cleanup ;
2007-12-05 18:34:05 +03:00
if ( roSockname [ 0 ] ! = ' \0 ' & & qemudListenUnix ( server , roSockname , 1 , auth_unix_ro ) < 0 )
goto cleanup ;
# if HAVE_SASL
if ( auth_unix_rw = = REMOTE_AUTH_SASL | |
auth_unix_ro = = REMOTE_AUTH_SASL | |
auth_tcp = = REMOTE_AUTH_SASL | |
auth_tls = = REMOTE_AUTH_SASL ) {
if ( ( err = sasl_server_init ( NULL , " libvirt " ) ) ! = SASL_OK ) {
qemudLog ( QEMUD_ERR , " Failed to initialize SASL authentication %s " ,
sasl_errstring ( err , NULL , NULL ) ) ;
goto cleanup ;
}
2007-12-05 18:24:15 +03:00
}
# endif
2007-12-05 21:21:27 +03:00
# ifdef HAVE_POLKIT
if ( auth_unix_rw = = REMOTE_AUTH_POLKIT | |
auth_unix_ro = = REMOTE_AUTH_POLKIT ) {
DBusError derr ;
dbus_error_init ( & derr ) ;
server - > sysbus = dbus_bus_get ( DBUS_BUS_SYSTEM , & derr ) ;
if ( ! ( server - > sysbus ) ) {
qemudLog ( QEMUD_ERR , " Failed to connect to system bus for PolicyKit auth: %s " ,
derr . message ) ;
dbus_error_free ( & derr ) ;
goto cleanup ;
}
}
# endif
2007-06-27 03:48:46 +04:00
if ( ipsock ) {
2007-12-05 18:34:05 +03:00
if ( listen_tcp & & remoteListenTCP ( server , tcp_port , QEMUD_SOCK_TYPE_TCP , auth_tcp ) < 0 )
2007-06-11 16:04:54 +04:00
goto cleanup ;
if ( listen_tls ) {
if ( remoteInitializeGnuTLS ( ) < 0 )
goto cleanup ;
2007-12-05 18:34:05 +03:00
if ( remoteListenTCP ( server , tls_port , QEMUD_SOCK_TYPE_TLS , auth_tls ) < 0 )
2007-06-11 16:04:54 +04:00
goto cleanup ;
}
2007-02-14 04:40:09 +03:00
}
2007-09-19 05:56:55 +04:00
# ifdef HAVE_AVAHI
if ( getuid ( ) = = 0 & & mdns_adv ) {
struct libvirtd_mdns_group * group ;
int port = 0 ;
server - > mdns = libvirtd_mdns_new ( ) ;
if ( ! mdns_name ) {
char groupname [ 64 ] , localhost [ HOST_NAME_MAX + 1 ] , * tmp ;
/* Extract the host part of the potentially FQDN */
gethostname ( localhost , HOST_NAME_MAX ) ;
localhost [ HOST_NAME_MAX ] = ' \0 ' ;
if ( ( tmp = strchr ( localhost , ' . ' ) ) )
* tmp = ' \0 ' ;
snprintf ( groupname , sizeof ( groupname ) - 1 , " Virtualization Host %s " , localhost ) ;
groupname [ sizeof ( groupname ) - 1 ] = ' \0 ' ;
group = libvirtd_mdns_add_group ( server - > mdns , groupname ) ;
} else {
group = libvirtd_mdns_add_group ( server - > mdns , mdns_name ) ;
}
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
/*
2007-09-19 05:56:55 +04:00
* See if there ' s a TLS enabled port we can advertise . Cowardly
* don ' t bother to advertise TCP since we don ' t want people using
* them for real world apps
*/
sock = server - > sockets ;
while ( sock ) {
2007-12-05 18:27:08 +03:00
if ( sock - > port ! = - 1 & & sock - > type = = QEMUD_SOCK_TYPE_TLS ) {
2007-09-19 05:56:55 +04:00
port = sock - > port ;
break ;
}
sock = sock - > next ;
}
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
2007-09-19 05:56:55 +04:00
/*
* Add the primary entry - we choose SSH because its most likely to always
* be available
*/
libvirtd_mdns_add_entry ( group , " _libvirt._tcp " , port ) ;
libvirtd_mdns_start ( server - > mdns ) ;
}
# endif
2007-02-14 04:40:09 +03:00
return server ;
cleanup :
if ( server ) {
2007-09-19 05:56:55 +04:00
sock = server - > sockets ;
2007-02-14 04:40:09 +03:00
while ( sock ) {
close ( sock - > fd ) ;
sock = sock - > next ;
}
2007-12-05 21:21:27 +03:00
# ifdef HAVE_POLKIT
if ( server - > sysbus )
dbus_connection_unref ( server - > sysbus ) ;
# endif
2007-02-14 04:40:09 +03:00
free ( server ) ;
}
return NULL ;
}
2007-06-11 16:04:54 +04:00
static gnutls_session_t
remoteInitializeTLSSession ( void )
{
gnutls_session_t session ;
int err ;
err = gnutls_init ( & session , GNUTLS_SERVER ) ;
if ( err ! = 0 ) goto failed ;
/* avoid calling all the priority functions, since the defaults
* are adequate .
*/
err = gnutls_set_default_priority ( session ) ;
if ( err ! = 0 ) goto failed ;
err = gnutls_credentials_set ( session , GNUTLS_CRD_CERTIFICATE , x509_cred ) ;
if ( err ! = 0 ) goto failed ;
/* request client certificate if any.
*/
gnutls_certificate_server_set_request ( session , GNUTLS_CERT_REQUEST ) ;
gnutls_dh_set_prime_bits ( session , DH_BITS ) ;
return session ;
failed :
qemudLog ( QEMUD_ERR , " remoteInitializeTLSSession: %s " ,
gnutls_strerror ( err ) ) ;
return NULL ;
}
/* Check DN is on tls_allowed_dn_list. */
static int
remoteCheckDN ( gnutls_x509_crt_t cert )
{
char name [ 256 ] ;
size_t namesize = sizeof name ;
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
char * * wildcards ;
2007-06-11 16:04:54 +04:00
int err ;
err = gnutls_x509_crt_get_dn ( cert , name , & namesize ) ;
if ( err ! = 0 ) {
qemudLog ( QEMUD_ERR ,
" remoteCheckDN: gnutls_x509_cert_get_dn: %s " ,
gnutls_strerror ( err ) ) ;
return 0 ;
}
/* If the list is not set, allow any DN. */
wildcards = tls_allowed_dn_list ;
if ( ! wildcards )
return 1 ;
while ( * wildcards ) {
if ( fnmatch ( * wildcards , name , 0 ) = = 0 )
return 1 ;
wildcards + + ;
}
2007-06-11 17:24:45 +04:00
# ifdef ENABLE_DEBUG
2007-06-11 16:04:54 +04:00
/* Print the client's DN. */
qemudLog ( QEMUD_DEBUG ,
" remoteCheckDN: failed: client DN is %s " , name ) ;
2007-06-11 17:24:45 +04:00
# endif
2007-06-11 16:04:54 +04:00
return 0 ; // Not found.
}
static int
remoteCheckCertificate ( gnutls_session_t session )
{
int ret ;
unsigned int status ;
const gnutls_datum_t * certs ;
unsigned int nCerts , i ;
time_t now ;
if ( ( ret = gnutls_certificate_verify_peers2 ( session , & status ) ) < 0 ) {
qemudLog ( QEMUD_ERR , " remoteCheckCertificate: verify failed: %s " ,
gnutls_strerror ( ret ) ) ;
return - 1 ;
}
if ( status ! = 0 ) {
if ( status & GNUTLS_CERT_INVALID )
qemudLog ( QEMUD_ERR , " remoteCheckCertificate: the client certificate is not trusted. " ) ;
if ( status & GNUTLS_CERT_SIGNER_NOT_FOUND )
qemudLog ( QEMUD_ERR , " remoteCheckCertificate: the client certificate hasn't got a known issuer. " ) ;
if ( status & GNUTLS_CERT_REVOKED )
qemudLog ( QEMUD_ERR , " remoteCheckCertificate: the client certificate has been revoked. " ) ;
2007-08-07 17:02:35 +04:00
# ifndef GNUTLS_1_0_COMPAT
2007-06-11 16:04:54 +04:00
if ( status & GNUTLS_CERT_INSECURE_ALGORITHM )
qemudLog ( QEMUD_ERR , " remoteCheckCertificate: the client certificate uses an insecure algorithm. " ) ;
2007-08-07 17:02:35 +04:00
# endif
2007-06-11 16:04:54 +04:00
return - 1 ;
}
if ( gnutls_certificate_type_get ( session ) ! = GNUTLS_CRT_X509 ) {
qemudLog ( QEMUD_ERR , " remoteCheckCertificate: certificate is not X.509 " ) ;
return - 1 ;
}
if ( ! ( certs = gnutls_certificate_get_peers ( session , & nCerts ) ) ) {
qemudLog ( QEMUD_ERR , " remoteCheckCertificate: no peers " ) ;
return - 1 ;
}
now = time ( NULL ) ;
for ( i = 0 ; i < nCerts ; i + + ) {
gnutls_x509_crt_t cert ;
if ( gnutls_x509_crt_init ( & cert ) < 0 ) {
qemudLog ( QEMUD_ERR , " remoteCheckCertificate: gnutls_x509_crt_init failed " ) ;
return - 1 ;
}
if ( gnutls_x509_crt_import ( cert , & certs [ i ] , GNUTLS_X509_FMT_DER ) < 0 ) {
gnutls_x509_crt_deinit ( cert ) ;
return - 1 ;
}
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
2007-06-11 16:04:54 +04:00
if ( gnutls_x509_crt_get_expiration_time ( cert ) < now ) {
qemudLog ( QEMUD_ERR , " remoteCheckCertificate: the client certificate has expired " ) ;
gnutls_x509_crt_deinit ( cert ) ;
return - 1 ;
}
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
2007-06-11 16:04:54 +04:00
if ( gnutls_x509_crt_get_activation_time ( cert ) > now ) {
qemudLog ( QEMUD_ERR , " remoteCheckCertificate: the client certificate is not yet activated " ) ;
gnutls_x509_crt_deinit ( cert ) ;
return - 1 ;
}
if ( i = = 0 ) {
if ( ! remoteCheckDN ( cert ) ) {
/* This is the most common error: make it informative. */
qemudLog ( QEMUD_ERR , " remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list). Use 'openssl x509 -in clientcert.pem -text' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option. " ) ;
gnutls_x509_crt_deinit ( cert ) ;
return - 1 ;
}
}
}
return 0 ;
}
/* Check the client's access. */
static int
remoteCheckAccess ( struct qemud_client * client )
{
/* Verify client certificate. */
2007-12-05 18:27:08 +03:00
if ( remoteCheckCertificate ( client - > tlssession ) = = - 1 ) {
2007-06-11 16:04:54 +04:00
qemudLog ( QEMUD_ERR , " remoteCheckCertificate: failed to verify client's certificate " ) ;
if ( ! tls_no_verify_certificate ) return - 1 ;
else qemudLog ( QEMUD_INFO , " remoteCheckCertificate: tls_no_verify_certificate is set so the bad certificate is ignored " ) ;
}
/* Checks have succeeded. Write a '\1' byte back to the client to
* indicate this ( otherwise the socket is abruptly closed ) .
* ( NB . The ' \1 ' byte is sent in an encrypted record ) .
*/
client - > bufferLength = 1 ;
client - > bufferOffset = 0 ;
client - > buffer [ 0 ] = ' \1 ' ;
client - > mode = QEMUD_MODE_TX_PACKET ;
return 0 ;
}
2007-02-14 04:40:09 +03:00
static int qemudDispatchServer ( struct qemud_server * server , struct qemud_socket * sock ) {
int fd ;
struct sockaddr_storage addr ;
2007-06-11 16:04:54 +04:00
socklen_t addrlen = ( socklen_t ) ( sizeof addr ) ;
2007-02-14 04:40:09 +03:00
struct qemud_client * client ;
2007-06-11 16:04:54 +04:00
int no_slow_start = 1 ;
2007-02-14 04:40:09 +03:00
if ( ( fd = accept ( sock - > fd , ( struct sockaddr * ) & addr , & addrlen ) ) < 0 ) {
if ( errno = = EAGAIN )
return 0 ;
2007-02-16 21:30:55 +03:00
qemudLog ( QEMUD_ERR , " Failed to accept connection: %s " , strerror ( errno ) ) ;
2007-02-14 04:40:09 +03:00
return - 1 ;
}
2007-06-11 16:04:54 +04:00
/* Disable Nagle. Unix sockets will ignore this. */
setsockopt ( fd , IPPROTO_TCP , TCP_NODELAY , ( void * ) & no_slow_start ,
sizeof no_slow_start ) ;
2007-02-16 21:30:55 +03:00
if ( qemudSetCloseExec ( fd ) < 0 | |
qemudSetNonBlock ( fd ) < 0 ) {
2007-02-14 04:40:09 +03:00
close ( fd ) ;
return - 1 ;
}
client = calloc ( 1 , sizeof ( struct qemud_client ) ) ;
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
if ( client = = NULL )
goto cleanup ;
2007-06-11 16:04:54 +04:00
client - > magic = QEMUD_CLIENT_MAGIC ;
2007-02-14 04:40:09 +03:00
client - > fd = fd ;
client - > readonly = sock - > readonly ;
2007-12-05 18:27:08 +03:00
client - > type = sock - > type ;
2007-12-05 18:24:15 +03:00
client - > auth = sock - > auth ;
2007-06-11 16:04:54 +04:00
memcpy ( & client - > addr , & addr , sizeof addr ) ;
client - > addrlen = addrlen ;
2007-12-05 18:27:08 +03:00
if ( client - > type ! = QEMUD_SOCK_TYPE_TLS ) {
2007-06-11 16:04:54 +04:00
client - > mode = QEMUD_MODE_RX_HEADER ;
2007-11-17 14:17:48 +03:00
client - > bufferLength = REMOTE_MESSAGE_HEADER_XDR_LEN ;
2007-06-26 23:11:00 +04:00
if ( qemudRegisterClientEvent ( server , client , 0 ) < 0 )
goto cleanup ;
2007-06-11 16:04:54 +04:00
} else {
int ret ;
2007-12-05 18:27:08 +03:00
client - > tlssession = remoteInitializeTLSSession ( ) ;
if ( client - > tlssession = = NULL )
2007-06-26 23:11:00 +04:00
goto cleanup ;
2007-06-11 16:04:54 +04:00
2007-12-05 18:27:08 +03:00
gnutls_transport_set_ptr ( client - > tlssession ,
2007-06-11 16:04:54 +04:00
( gnutls_transport_ptr_t ) ( long ) fd ) ;
/* Begin the TLS handshake. */
2007-12-05 18:27:08 +03:00
ret = gnutls_handshake ( client - > tlssession ) ;
2007-06-11 16:04:54 +04:00
if ( ret = = 0 ) {
/* Unlikely, but ... Next step is to check the certificate. */
if ( remoteCheckAccess ( client ) = = - 1 )
2007-06-26 23:11:00 +04:00
goto cleanup ;
if ( qemudRegisterClientEvent ( server , client , 0 ) < 0 )
goto cleanup ;
2007-06-11 16:04:54 +04:00
} else if ( ret = = GNUTLS_E_INTERRUPTED | | ret = = GNUTLS_E_AGAIN ) {
/* Most likely. */
client - > mode = QEMUD_MODE_TLS_HANDSHAKE ;
client - > bufferLength = - 1 ;
2007-06-26 23:11:00 +04:00
if ( qemudRegisterClientEvent ( server , client , 0 ) < 0 )
goto cleanup ;
2007-06-11 16:04:54 +04:00
} else {
qemudLog ( QEMUD_ERR , " TLS handshake failed: %s " ,
gnutls_strerror ( ret ) ) ;
2007-06-26 23:11:00 +04:00
goto cleanup ;
2007-06-11 16:04:54 +04:00
}
}
2007-02-14 04:40:09 +03:00
client - > next = server - > clients ;
server - > clients = client ;
server - > nclients + + ;
return 0 ;
2007-06-11 16:04:54 +04:00
2007-06-26 23:11:00 +04:00
cleanup :
2007-12-05 18:27:08 +03:00
if ( client - > tlssession ) gnutls_deinit ( client - > tlssession ) ;
2007-06-11 16:04:54 +04:00
close ( fd ) ;
free ( client ) ;
return - 1 ;
2007-02-14 04:40:09 +03:00
}
static void qemudDispatchClientFailure ( struct qemud_server * server , struct qemud_client * client ) {
struct qemud_client * tmp = server - > clients ;
struct qemud_client * prev = NULL ;
while ( tmp ) {
if ( tmp = = client ) {
if ( prev = = NULL )
server - > clients = client - > next ;
else
prev - > next = client - > next ;
server - > nclients - - ;
break ;
}
prev = tmp ;
tmp = tmp - > next ;
}
2007-06-11 16:04:54 +04:00
2007-06-27 02:51:01 +04:00
virEventRemoveHandleImpl ( client - > fd ) ;
2007-06-26 23:11:00 +04:00
2007-07-12 19:04:05 +04:00
if ( client - > conn )
virConnectClose ( client - > conn ) ;
2007-12-05 18:24:15 +03:00
# if HAVE_SASL
if ( client - > saslconn ) sasl_dispose ( & client - > saslconn ) ;
2007-12-05 18:34:05 +03:00
if ( client - > saslUsername ) free ( client - > saslUsername ) ;
2007-12-05 18:24:15 +03:00
# endif
2007-12-05 18:27:08 +03:00
if ( client - > tlssession ) gnutls_deinit ( client - > tlssession ) ;
2007-02-14 04:40:09 +03:00
close ( client - > fd ) ;
free ( client ) ;
}
2007-12-05 18:27:08 +03:00
static int qemudClientReadBuf ( struct qemud_server * server ,
struct qemud_client * client ,
char * data , unsigned len ) {
int ret ;
2007-06-11 16:04:54 +04:00
/*qemudDebug ("qemudClientRead: len = %d", len);*/
2007-12-05 18:27:08 +03:00
if ( ! client - > tlssession ) {
2007-06-11 16:04:54 +04:00
if ( ( ret = read ( client - > fd , data , len ) ) < = 0 ) {
if ( ret = = 0 | | errno ! = EAGAIN ) {
if ( ret ! = 0 )
qemudLog ( QEMUD_ERR , " read: %s " , strerror ( errno ) ) ;
qemudDispatchClientFailure ( server , client ) ;
}
return - 1 ;
}
} else {
2007-12-05 18:27:08 +03:00
ret = gnutls_record_recv ( client - > tlssession , data , len ) ;
2007-06-26 23:11:00 +04:00
if ( qemudRegisterClientEvent ( server , client , 1 ) < 0 )
qemudDispatchClientFailure ( server , client ) ;
2007-07-12 19:04:05 +04:00
else if ( ret < = 0 ) {
2007-06-11 16:04:54 +04:00
if ( ret = = 0 | | ( ret ! = GNUTLS_E_AGAIN & &
ret ! = GNUTLS_E_INTERRUPTED ) ) {
if ( ret ! = 0 )
qemudLog ( QEMUD_ERR , " gnutls_record_recv: %s " ,
gnutls_strerror ( ret ) ) ;
qemudDispatchClientFailure ( server , client ) ;
}
return - 1 ;
}
2007-02-14 04:40:09 +03:00
}
2007-06-11 16:04:54 +04:00
2007-12-05 18:27:08 +03:00
return ret ;
}
static int qemudClientReadPlain ( struct qemud_server * server ,
struct qemud_client * client ) {
int ret ;
ret = qemudClientReadBuf ( server , client ,
client - > buffer + client - > bufferOffset ,
client - > bufferLength - client - > bufferOffset ) ;
if ( ret < 0 )
return ret ;
2007-06-11 16:04:54 +04:00
client - > bufferOffset + = ret ;
return 0 ;
2007-02-14 04:40:09 +03:00
}
2007-12-05 18:27:08 +03:00
# if HAVE_SASL
static int qemudClientReadSASL ( struct qemud_server * server ,
struct qemud_client * client ) {
int got , want ;
/* We're doing a SSF data read, so now its times to ensure
* future writes are under SSF too .
*
* cf remoteSASLCheckSSF in remote . c
*/
client - > saslSSF | = QEMUD_SASL_SSF_WRITE ;
/* Need to read some more data off the wire */
if ( client - > saslDecoded = = NULL ) {
char encoded [ 8192 ] ;
int encodedLen = sizeof ( encoded ) ;
encodedLen = qemudClientReadBuf ( server , client , encoded , encodedLen ) ;
if ( encodedLen < 0 )
return - 1 ;
sasl_decode ( client - > saslconn , encoded , encodedLen ,
& client - > saslDecoded , & client - > saslDecodedLength ) ;
client - > saslDecodedOffset = 0 ;
}
/* Some buffered decoded data to return now */
got = client - > saslDecodedLength - client - > saslDecodedOffset ;
want = client - > bufferLength - client - > bufferOffset ;
if ( want > got )
want = got ;
memcpy ( client - > buffer + client - > bufferOffset ,
client - > saslDecoded + client - > saslDecodedOffset , want ) ;
client - > saslDecodedOffset + = want ;
client - > bufferOffset + = want ;
if ( client - > saslDecodedOffset = = client - > saslDecodedLength ) {
client - > saslDecoded = NULL ;
client - > saslDecodedOffset = client - > saslDecodedLength = 0 ;
}
return 0 ;
}
# endif
static int qemudClientRead ( struct qemud_server * server ,
struct qemud_client * client ) {
# if HAVE_SASL
if ( client - > saslSSF & QEMUD_SASL_SSF_READ )
return qemudClientReadSASL ( server , client ) ;
else
# endif
return qemudClientReadPlain ( server , client ) ;
}
2007-02-14 04:40:09 +03:00
static void qemudDispatchClientRead ( struct qemud_server * server , struct qemud_client * client ) {
2007-06-11 16:04:54 +04:00
/*qemudDebug ("qemudDispatchClientRead: mode = %d", client->mode);*/
2007-02-14 04:40:09 +03:00
2007-06-11 16:04:54 +04:00
switch ( client - > mode ) {
case QEMUD_MODE_RX_HEADER : {
XDR x ;
2007-11-17 14:17:48 +03:00
unsigned int len ;
2007-06-11 16:04:54 +04:00
if ( qemudClientRead ( server , client ) < 0 )
return ; /* Error, or blocking */
if ( client - > bufferOffset < client - > bufferLength )
return ; /* Not read enough */
xdrmem_create ( & x , client - > buffer , client - > bufferLength , XDR_DECODE ) ;
2007-11-17 14:17:48 +03:00
if ( ! xdr_u_int ( & x , & len ) ) {
xdr_destroy ( & x ) ;
qemudDebug ( " Failed to decode packet length " ) ;
2007-02-14 04:40:09 +03:00
qemudDispatchClientFailure ( server , client ) ;
return ;
}
2007-11-17 14:17:48 +03:00
xdr_destroy ( & x ) ;
2007-06-11 16:04:54 +04:00
2007-11-17 14:17:48 +03:00
if ( len > REMOTE_MESSAGE_MAX ) {
qemudDebug ( " Packet length %u too large " , len ) ;
2007-06-11 16:04:54 +04:00
qemudDispatchClientFailure ( server , client ) ;
return ;
2007-02-14 04:40:09 +03:00
}
2007-06-11 16:04:54 +04:00
2007-11-17 14:17:48 +03:00
/* Length include length of the length field itself, so
* check minimum size requirements */
if ( len < = REMOTE_MESSAGE_HEADER_XDR_LEN ) {
qemudDebug ( " Packet length %u too small " , len ) ;
2007-06-11 16:04:54 +04:00
qemudDispatchClientFailure ( server , client ) ;
return ;
}
client - > mode = QEMUD_MODE_RX_PAYLOAD ;
2007-11-17 14:17:48 +03:00
client - > bufferLength = len - REMOTE_MESSAGE_HEADER_XDR_LEN ;
client - > bufferOffset = 0 ;
2007-06-11 16:04:54 +04:00
2007-06-26 23:11:00 +04:00
if ( qemudRegisterClientEvent ( server , client , 1 ) < 0 ) {
qemudDispatchClientFailure ( server , client ) ;
return ;
}
2007-06-11 16:04:54 +04:00
/* Fall through */
2007-02-14 04:40:09 +03:00
}
2007-06-11 16:04:54 +04:00
case QEMUD_MODE_RX_PAYLOAD : {
if ( qemudClientRead ( server , client ) < 0 )
return ; /* Error, or blocking */
if ( client - > bufferOffset < client - > bufferLength )
return ; /* Not read enough */
2007-11-17 14:17:48 +03:00
remoteDispatchClientRequest ( server , client ) ;
if ( qemudRegisterClientEvent ( server , client , 1 ) < 0 )
2007-06-11 16:04:54 +04:00
qemudDispatchClientFailure ( server , client ) ;
break ;
}
case QEMUD_MODE_TLS_HANDSHAKE : {
int ret ;
/* Continue the handshake. */
2007-12-05 18:27:08 +03:00
ret = gnutls_handshake ( client - > tlssession ) ;
2007-06-11 16:04:54 +04:00
if ( ret = = 0 ) {
/* Finished. Next step is to check the certificate. */
if ( remoteCheckAccess ( client ) = = - 1 )
qemudDispatchClientFailure ( server , client ) ;
2007-07-12 19:04:05 +04:00
else if ( qemudRegisterClientEvent ( server , client , 1 ) < 0 )
2007-06-26 23:11:00 +04:00
qemudDispatchClientFailure ( server , client ) ;
2007-06-11 16:04:54 +04:00
} else if ( ret ! = GNUTLS_E_AGAIN & & ret ! = GNUTLS_E_INTERRUPTED ) {
qemudLog ( QEMUD_ERR , " TLS handshake failed: %s " ,
gnutls_strerror ( ret ) ) ;
qemudDispatchClientFailure ( server , client ) ;
2007-06-26 23:11:00 +04:00
} else {
if ( qemudRegisterClientEvent ( server , client , 1 ) < 0 )
qemudDispatchClientFailure ( server , client ) ;
}
2007-06-11 16:04:54 +04:00
break ;
}
default :
qemudDebug ( " Got unexpected data read while in %d mode " , client - > mode ) ;
qemudDispatchClientFailure ( server , client ) ;
2007-02-14 04:40:09 +03:00
}
}
2007-12-05 18:27:08 +03:00
static int qemudClientWriteBuf ( struct qemud_server * server ,
struct qemud_client * client ,
const char * data , int len ) {
int ret ;
if ( ! client - > tlssession ) {
2007-06-11 16:04:54 +04:00
if ( ( ret = write ( client - > fd , data , len ) ) = = - 1 ) {
if ( errno ! = EAGAIN ) {
qemudLog ( QEMUD_ERR , " write: %s " , strerror ( errno ) ) ;
qemudDispatchClientFailure ( server , client ) ;
}
return - 1 ;
}
} else {
2007-12-05 18:27:08 +03:00
ret = gnutls_record_send ( client - > tlssession , data , len ) ;
2007-06-26 23:11:00 +04:00
if ( qemudRegisterClientEvent ( server , client , 1 ) < 0 )
qemudDispatchClientFailure ( server , client ) ;
2007-07-12 19:04:05 +04:00
else if ( ret < 0 ) {
2007-06-11 16:04:54 +04:00
if ( ret ! = GNUTLS_E_INTERRUPTED & & ret ! = GNUTLS_E_AGAIN ) {
qemudLog ( QEMUD_ERR , " gnutls_record_send: %s " ,
gnutls_strerror ( ret ) ) ;
qemudDispatchClientFailure ( server , client ) ;
}
return - 1 ;
}
2007-02-14 04:40:09 +03:00
}
2007-12-05 18:27:08 +03:00
return ret ;
}
2007-06-11 16:04:54 +04:00
2007-12-05 18:27:08 +03:00
static int qemudClientWritePlain ( struct qemud_server * server ,
struct qemud_client * client ) {
int ret = qemudClientWriteBuf ( server , client ,
client - > buffer + client - > bufferOffset ,
client - > bufferLength - client - > bufferOffset ) ;
if ( ret < 0 )
return - 1 ;
2007-06-11 16:04:54 +04:00
client - > bufferOffset + = ret ;
return 0 ;
2007-02-14 04:40:09 +03:00
}
2007-12-05 18:27:08 +03:00
# if HAVE_SASL
static int qemudClientWriteSASL ( struct qemud_server * server ,
struct qemud_client * client ) {
int ret ;
/* Not got any pending encoded data, so we need to encode raw stuff */
if ( client - > saslEncoded = = NULL ) {
int err ;
err = sasl_encode ( client - > saslconn ,
client - > buffer + client - > bufferOffset ,
client - > bufferLength - client - > bufferOffset ,
& client - > saslEncoded ,
& client - > saslEncodedLength ) ;
client - > saslEncodedOffset = 0 ;
}
/* Send some of the encoded stuff out on the wire */
ret = qemudClientWriteBuf ( server , client ,
client - > saslEncoded + client - > saslEncodedOffset ,
client - > saslEncodedLength - client - > saslEncodedOffset ) ;
if ( ret < 0 )
return - 1 ;
/* Note how much we sent */
client - > saslEncodedOffset + = ret ;
/* Sent all encoded, so update raw buffer to indicate completion */
if ( client - > saslEncodedOffset = = client - > saslEncodedLength ) {
client - > saslEncoded = NULL ;
client - > saslEncodedOffset = client - > saslEncodedLength = 0 ;
client - > bufferOffset = client - > bufferLength ;
}
return 0 ;
}
# endif
static int qemudClientWrite ( struct qemud_server * server ,
struct qemud_client * client ) {
# if HAVE_SASL
if ( client - > saslSSF & QEMUD_SASL_SSF_WRITE )
return qemudClientWriteSASL ( server , client ) ;
else
# endif
return qemudClientWritePlain ( server , client ) ;
}
2007-02-14 04:40:09 +03:00
static void qemudDispatchClientWrite ( struct qemud_server * server , struct qemud_client * client ) {
2007-06-11 16:04:54 +04:00
switch ( client - > mode ) {
case QEMUD_MODE_TX_PACKET : {
if ( qemudClientWrite ( server , client ) < 0 )
return ;
if ( client - > bufferOffset = = client - > bufferLength ) {
/* Done writing, switch back to receive */
client - > mode = QEMUD_MODE_RX_HEADER ;
2007-11-17 14:17:48 +03:00
client - > bufferLength = REMOTE_MESSAGE_HEADER_XDR_LEN ;
2007-06-11 16:04:54 +04:00
client - > bufferOffset = 0 ;
2007-06-26 23:11:00 +04:00
if ( qemudRegisterClientEvent ( server , client , 1 ) < 0 )
qemudDispatchClientFailure ( server , client ) ;
2007-06-11 16:04:54 +04:00
}
/* Still writing */
break ;
}
case QEMUD_MODE_TLS_HANDSHAKE : {
int ret ;
/* Continue the handshake. */
2007-12-05 18:27:08 +03:00
ret = gnutls_handshake ( client - > tlssession ) ;
2007-06-11 16:04:54 +04:00
if ( ret = = 0 ) {
/* Finished. Next step is to check the certificate. */
if ( remoteCheckAccess ( client ) = = - 1 )
qemudDispatchClientFailure ( server , client ) ;
2007-07-12 19:04:05 +04:00
else if ( qemudRegisterClientEvent ( server , client , 1 ) )
2007-06-26 23:11:00 +04:00
qemudDispatchClientFailure ( server , client ) ;
2007-06-11 16:04:54 +04:00
} else if ( ret ! = GNUTLS_E_AGAIN & & ret ! = GNUTLS_E_INTERRUPTED ) {
qemudLog ( QEMUD_ERR , " TLS handshake failed: %s " ,
gnutls_strerror ( ret ) ) ;
qemudDispatchClientFailure ( server , client ) ;
2007-06-26 23:11:00 +04:00
} else {
if ( qemudRegisterClientEvent ( server , client , 1 ) )
qemudDispatchClientFailure ( server , client ) ;
}
2007-06-11 16:04:54 +04:00
break ;
}
default :
qemudDebug ( " Got unexpected data write while in %d mode " , client - > mode ) ;
qemudDispatchClientFailure ( server , client ) ;
2007-02-14 04:40:09 +03:00
}
}
2007-06-26 23:11:00 +04:00
static void qemudDispatchClientEvent ( int fd , int events , void * opaque ) {
struct qemud_server * server = ( struct qemud_server * ) opaque ;
struct qemud_client * client = server - > clients ;
2007-02-23 11:39:49 +03:00
2007-03-05 20:15:20 +03:00
while ( client ) {
2007-06-26 23:11:00 +04:00
if ( client - > fd = = fd )
break ;
client = client - > next ;
}
2007-06-11 16:04:54 +04:00
2007-06-26 23:11:00 +04:00
if ( ! client )
return ;
2007-06-11 16:04:54 +04:00
2007-06-26 23:11:00 +04:00
if ( events = = POLLOUT )
qemudDispatchClientWrite ( server , client ) ;
else if ( events = = POLLIN )
qemudDispatchClientRead ( server , client ) ;
else
qemudDispatchClientFailure ( server , client ) ;
}
static int qemudRegisterClientEvent ( struct qemud_server * server ,
struct qemud_client * client ,
int removeFirst ) {
2007-12-05 18:27:08 +03:00
int mode ;
switch ( client - > mode ) {
case QEMUD_MODE_TLS_HANDSHAKE :
if ( gnutls_record_get_direction ( client - > tlssession ) = = 0 )
mode = POLLIN ;
else
mode = POLLOUT ;
break ;
case QEMUD_MODE_RX_HEADER :
case QEMUD_MODE_RX_PAYLOAD :
mode = POLLIN ;
break ;
case QEMUD_MODE_TX_PACKET :
mode = POLLOUT ;
break ;
default :
return - 1 ;
}
2007-06-26 23:11:00 +04:00
if ( removeFirst )
2007-06-27 02:51:01 +04:00
if ( virEventRemoveHandleImpl ( client - > fd ) < 0 )
2007-06-26 23:11:00 +04:00
return - 1 ;
2007-12-05 18:27:08 +03:00
if ( virEventAddHandleImpl ( client - > fd ,
mode | POLLERR | POLLHUP ,
qemudDispatchClientEvent ,
server ) < 0 )
2007-06-26 23:11:00 +04:00
return - 1 ;
return 0 ;
}
static void qemudDispatchServerEvent ( int fd , int events , void * opaque ) {
struct qemud_server * server = ( struct qemud_server * ) opaque ;
struct qemud_socket * sock = server - > sockets ;
2007-03-05 20:15:20 +03:00
while ( sock ) {
2007-06-26 23:11:00 +04:00
if ( sock - > fd = = fd )
break ;
sock = sock - > next ;
2007-03-05 20:15:20 +03:00
}
2007-02-14 04:40:09 +03:00
2007-06-26 23:11:00 +04:00
if ( ! sock )
return ;
if ( events )
qemudDispatchServer ( server , sock ) ;
}
2007-06-27 00:51:00 +04:00
static int qemudOneLoop ( void ) {
2007-03-27 14:28:45 +04:00
sig_atomic_t errors ;
2007-02-14 04:40:09 +03:00
2007-06-26 23:11:00 +04:00
if ( virEventRunOnce ( ) < 0 )
2007-02-14 04:40:09 +03:00
return - 1 ;
2007-03-27 14:28:45 +04:00
/* Check for any signal handling errors and log them. */
errors = sig_errors ;
if ( errors ) {
sig_errors - = errors ;
qemudLog ( QEMUD_ERR ,
" Signal handler reported %d errors: last error: %s " ,
errors , strerror ( sig_lasterrno ) ) ;
return - 1 ;
}
2007-02-14 04:40:09 +03:00
return 0 ;
}
2007-06-27 02:56:14 +04:00
static void qemudInactiveTimer ( int timer ATTRIBUTE_UNUSED , void * data ) {
struct qemud_server * server = ( struct qemud_server * ) data ;
qemudDebug ( " Got inactive timer expiry " ) ;
if ( ! virStateActive ( ) ) {
qemudDebug ( " No state active, shutting down " ) ;
server - > shutdown = 1 ;
}
}
2007-06-11 16:04:54 +04:00
static int qemudRunLoop ( struct qemud_server * server ) {
2007-06-27 02:56:14 +04:00
int timerid = - 1 ;
for ( ; ; ) {
/* A shutdown timeout is specified, so check
* if any drivers have active state , if not
* shutdown after timeout seconds
*/
if ( timeout > 0 & & ! virStateActive ( ) & & ! server - > clients ) {
timerid = virEventAddTimeoutImpl ( timeout * 1000 , qemudInactiveTimer , server ) ;
qemudDebug ( " Scheduling shutdown timer %d " , timerid ) ;
}
if ( qemudOneLoop ( ) < 0 )
break ;
2007-02-14 04:40:09 +03:00
2007-06-27 02:56:14 +04:00
/* Unregister any timeout that's active, since we
* just had an event processed
*/
if ( timerid ! = - 1 ) {
qemudDebug ( " Removing shutdown timer %d " , timerid ) ;
virEventRemoveTimeoutImpl ( timerid ) ;
timerid = - 1 ;
}
2007-02-14 04:40:09 +03:00
2007-06-27 02:56:14 +04:00
if ( server - > shutdown )
return 0 ;
}
return - 1 ;
2007-02-14 04:40:09 +03:00
}
static void qemudCleanup ( struct qemud_server * server ) {
2007-02-20 20:51:41 +03:00
struct qemud_socket * sock ;
2007-02-16 21:28:17 +03:00
close ( server - > sigread ) ;
2007-02-20 20:51:41 +03:00
sock = server - > sockets ;
2007-02-14 04:40:09 +03:00
while ( sock ) {
2007-02-20 20:51:41 +03:00
struct qemud_socket * next = sock - > next ;
2007-02-14 04:40:09 +03:00
close ( sock - > fd ) ;
2007-02-20 20:51:41 +03:00
free ( sock ) ;
sock = next ;
2007-02-14 04:40:09 +03:00
}
2007-02-20 20:51:41 +03:00
2007-12-05 18:34:05 +03:00
if ( server - > saslUsernameWhitelist ) {
char * * list = server - > saslUsernameWhitelist ;
while ( * list ) {
if ( * list )
free ( * list ) ;
list + + ;
}
}
2007-02-20 20:51:41 +03:00
2007-06-27 02:56:14 +04:00
virStateCleanup ( ) ;
2007-06-11 16:04:54 +04:00
2007-02-14 04:40:09 +03:00
free ( server ) ;
}
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
/* Allocate an array of malloc'd strings from the config file, filename
* ( used only in diagnostics ) , using handle " conf " . Upon error , return - 1
* and free any allocated memory . Otherwise , save the array in * list_arg
* and return 0.
*/
static int
remoteConfigGetStringList ( virConfPtr conf , const char * key , char * * * list_arg ,
const char * filename )
{
char * * list ;
virConfValuePtr p = virConfGetValue ( conf , key ) ;
if ( ! p )
return 0 ;
switch ( p - > type ) {
case VIR_CONF_STRING :
list = malloc ( 2 * sizeof ( * list ) ) ;
if ( list = = NULL ) {
qemudLog ( QEMUD_ERR ,
" failed to allocate memory for %s config list " , key ) ;
return - 1 ;
}
list [ 0 ] = strdup ( p - > str ) ;
list [ 1 ] = NULL ;
if ( list [ 0 ] = = NULL ) {
qemudLog ( QEMUD_ERR ,
" failed to allocate memory for %s config list value " ,
key ) ;
free ( list ) ;
return - 1 ;
}
break ;
case VIR_CONF_LIST : {
int i , len = 0 ;
virConfValuePtr pp ;
for ( pp = p - > list ; pp ; pp = pp - > next )
len + + ;
list = calloc ( 1 + len , sizeof ( * list ) ) ;
if ( list = = NULL ) {
qemudLog ( QEMUD_ERR ,
" failed to allocate memory for %s config list " , key ) ;
return - 1 ;
}
for ( i = 0 , pp = p - > list ; pp ; + + i , pp = pp - > next ) {
if ( pp - > type ! = VIR_CONF_STRING ) {
qemudLog ( QEMUD_ERR , " remoteReadConfigFile: %s: %s: "
" must be a string or list of strings \n " ,
filename , key ) ;
free ( list ) ;
return - 1 ;
}
list [ i ] = strdup ( pp - > str ) ;
if ( list [ i ] = = NULL ) {
int j ;
for ( j = 0 ; j < i ; j + + )
free ( list [ j ] ) ;
free ( list ) ;
qemudLog ( QEMUD_ERR , " failed to allocate memory "
" for %s config list value " , key ) ;
return - 1 ;
}
}
list [ i ] = NULL ;
break ;
}
default :
qemudLog ( QEMUD_ERR , " remoteReadConfigFile: %s: %s: "
" must be a string or list of strings \n " ,
filename , key ) ;
return - 1 ;
}
* list_arg = list ;
return 0 ;
}
/* A helper function used by each of the following macros. */
static int
checkType ( virConfValuePtr p , const char * filename ,
const char * key , virConfType required_type )
{
if ( p - > type ! = required_type ) {
qemudLog ( QEMUD_ERR ,
" remoteReadConfigFile: %s: %s: invalid type: "
" got %s; expected %s \n " , filename , key ,
virConfTypeName ( p - > type ) ,
virConfTypeName ( required_type ) ) ;
return - 1 ;
}
return 0 ;
}
/* If there is no config data for the key, #var_name, then do nothing.
If there is valid data of type VIR_CONF_STRING , and strdup succeeds ,
store the result in var_name . Otherwise , ( i . e . invalid type , or strdup
failure ) , give a diagnostic and " goto " the cleanup - and - fail label . */
# define GET_CONF_STR(conf, filename, var_name) \
do { \
virConfValuePtr p = virConfGetValue ( conf , # var_name ) ; \
if ( p ) { \
if ( checkType ( p , filename , # var_name , VIR_CONF_STRING ) < 0 ) \
goto free_and_fail ; \
( var_name ) = strdup ( p - > str ) ; \
if ( ( var_name ) = = NULL ) { \
qemudLog ( QEMUD_ERR , " remoteReadConfigFile: %s \n " , \
strerror ( errno ) ) ; \
goto free_and_fail ; \
} \
} \
} while ( 0 )
/* Like GET_CONF_STR, but for integral values. */
# define GET_CONF_INT(conf, filename, var_name) \
do { \
virConfValuePtr p = virConfGetValue ( conf , # var_name ) ; \
if ( p ) { \
if ( checkType ( p , filename , # var_name , VIR_CONF_LONG ) < 0 ) \
goto free_and_fail ; \
( var_name ) = p - > l ; \
} \
} while ( 0 )
2007-12-05 18:34:05 +03:00
static int remoteConfigGetAuth ( virConfPtr conf , const char * key , int * auth , const char * filename ) {
virConfValuePtr p ;
p = virConfGetValue ( conf , key ) ;
if ( ! p )
return 0 ;
if ( p - > type ! = VIR_CONF_STRING ) {
qemudLog ( QEMUD_ERR , " remoteReadConfigFile: %s: %s: should be a string \n " , filename , key ) ;
return - 1 ;
}
if ( ! p - > str )
return 0 ;
if ( STREQ ( p - > str , " none " ) ) {
* auth = REMOTE_AUTH_NONE ;
# if HAVE_SASL
} else if ( STREQ ( p - > str , " sasl " ) ) {
* auth = REMOTE_AUTH_SASL ;
2007-12-05 21:21:27 +03:00
# endif
# if HAVE_POLKIT
} else if ( STREQ ( p - > str , " polkit " ) ) {
* auth = REMOTE_AUTH_POLKIT ;
2007-12-05 18:34:05 +03:00
# endif
} else {
qemudLog ( QEMUD_ERR , " remoteReadConfigFile: %s: %s: unsupported auth %s \n " , filename , key , p - > str ) ;
return - 1 ;
}
return 0 ;
}
2007-06-11 16:04:54 +04:00
/* Read the config file if it exists.
* Only used in the remote case , hence the name .
*/
static int
2007-12-05 18:34:05 +03:00
remoteReadConfigFile ( struct qemud_server * server , const char * filename )
2007-06-11 16:04:54 +04:00
{
virConfPtr conf ;
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
/* The following variable names must match the corresponding
configuration strings . */
char * unix_sock_ro_perms = NULL ;
char * unix_sock_rw_perms = NULL ;
char * unix_sock_group = NULL ;
2007-06-11 16:04:54 +04:00
/* Just check the file is readable before opening it, otherwise
* libvirt emits an error .
*/
if ( access ( filename , R_OK ) = = - 1 ) return 0 ;
conf = virConfReadFile ( filename ) ;
if ( ! conf ) return 0 ;
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
GET_CONF_STR ( conf , filename , tls_port ) ;
GET_CONF_STR ( conf , filename , tcp_port ) ;
2007-06-11 16:04:54 +04:00
2007-12-05 18:34:05 +03:00
if ( remoteConfigGetAuth ( conf , " auth_unix_rw " , & auth_unix_rw , filename ) < 0 )
return - 1 ;
2007-12-05 21:21:27 +03:00
# if HAVE_POLKIT
/* Change default perms to be wide-open if PolicyKit is enabled.
* Admin can always override in config file
*/
if ( auth_unix_rw = = REMOTE_AUTH_POLKIT )
unix_sock_rw_mask = 0777 ;
# endif
2007-12-05 18:34:05 +03:00
if ( remoteConfigGetAuth ( conf , " auth_unix_ro " , & auth_unix_ro , filename ) < 0 )
return - 1 ;
if ( remoteConfigGetAuth ( conf , " auth_tcp " , & auth_tcp , filename ) < 0 )
return - 1 ;
if ( remoteConfigGetAuth ( conf , " auth_tls " , & auth_tls , filename ) < 0 )
return - 1 ;
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
GET_CONF_STR ( conf , filename , unix_sock_group ) ;
if ( unix_sock_group ) {
2007-09-19 06:28:01 +04:00
if ( getuid ( ) ! = 0 ) {
qemudLog ( QEMUD_WARN , " Cannot set group when not running as root " ) ;
} else {
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
struct group * grp = getgrnam ( unix_sock_group ) ;
2007-09-19 06:28:01 +04:00
if ( ! grp ) {
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
qemudLog ( QEMUD_ERR , " Failed to lookup group '%s' " ,
unix_sock_group ) ;
goto free_and_fail ;
2007-09-19 06:28:01 +04:00
}
unix_sock_gid = grp - > gr_gid ;
}
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
free ( unix_sock_group ) ;
unix_sock_group = NULL ;
2007-09-19 06:28:01 +04:00
}
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
GET_CONF_STR ( conf , filename , unix_sock_ro_perms ) ;
if ( unix_sock_ro_perms ) {
if ( xstrtol_i ( unix_sock_ro_perms , NULL , 8 , & unix_sock_ro_mask ) ! = 0 ) {
qemudLog ( QEMUD_ERR , " Failed to parse mode '%s' " ,
unix_sock_ro_perms ) ;
goto free_and_fail ;
2007-09-19 06:28:01 +04:00
}
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
free ( unix_sock_ro_perms ) ;
unix_sock_ro_perms = NULL ;
2007-09-19 06:28:01 +04:00
}
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
GET_CONF_STR ( conf , filename , unix_sock_rw_perms ) ;
if ( unix_sock_rw_perms ) {
if ( xstrtol_i ( unix_sock_rw_perms , NULL , 8 , & unix_sock_rw_mask ) ! = 0 ) {
qemudLog ( QEMUD_ERR , " Failed to parse mode '%s' " ,
unix_sock_rw_perms ) ;
goto free_and_fail ;
2007-09-19 06:28:01 +04:00
}
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
free ( unix_sock_rw_perms ) ;
unix_sock_rw_perms = NULL ;
2007-09-19 06:28:01 +04:00
}
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
GET_CONF_INT ( conf , filename , mdns_adv ) ;
GET_CONF_STR ( conf , filename , mdns_name ) ;
2007-09-19 05:56:55 +04:00
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
GET_CONF_INT ( conf , filename , tls_no_verify_certificate ) ;
2007-06-11 16:04:54 +04:00
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
GET_CONF_STR ( conf , filename , key_file ) ;
GET_CONF_STR ( conf , filename , cert_file ) ;
GET_CONF_STR ( conf , filename , ca_file ) ;
GET_CONF_STR ( conf , filename , crl_file ) ;
2007-06-11 16:04:54 +04:00
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
if ( remoteConfigGetStringList ( conf , " tls_allowed_dn_list " ,
& tls_allowed_dn_list , filename ) < 0 )
goto free_and_fail ;
2007-06-11 16:04:54 +04:00
2007-12-05 18:34:05 +03:00
if ( remoteConfigGetStringList ( conf , " sasl_allowed_username_list " ,
& server - > saslUsernameWhitelist , filename ) < 0 )
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
goto free_and_fail ;
2007-06-11 16:04:54 +04:00
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
virConfFree ( conf ) ;
return 0 ;
2007-06-11 16:04:54 +04:00
Detect heap allocation failure; factor out some duplication.
* qemud/qemud.c (tls_port, tcp_port, mdns_name, tls_allowed_ip_list):
(tls_allowed_dn_list): Remove "const", now that we free these.
(unix_sock_rw_mask): Rename from unix_sock_rw_perms, so that
the latter name can be used as a local string variable, so that the
variable name matches the config attribute name.
(unix_sock_ro_mask): Rename from unix_sock_ro_perms, likewise.
(remoteCheckDN, remoteCheckAccess): Adapt to const removal.
(qemudDispatchServer): Check for heap allocation failure.
(remoteConfigGetStringList): New function, based on code from Dan Berrangé.
(CHECK_TYPE): Remove macro.
(checkType): New function.
(GET_CONF_INT, GET_CONF_STR): New macros.
(remoteReadConfigFile): Use new macros to avoid duplication and to
check for allocation failure.
* src/conf.h (virConfTypeName): New static inline function.
2007-11-30 18:43:42 +03:00
free_and_fail :
virConfFree ( conf ) ;
free ( mdns_name ) ;
mdns_name = NULL ;
free ( unix_sock_ro_perms ) ;
free ( unix_sock_rw_perms ) ;
free ( unix_sock_group ) ;
/* Don't bother trying to free tcp_port, tls_port, key_file, cert_file,
ca_file , or crl_file , since they are initialized to non - malloc ' d
strings . Besides , these are static variables , and callers are
unlikely to call this function more than once , so there wouldn ' t
even be a real leak . */
if ( tls_allowed_dn_list ) {
int i ;
for ( i = 0 ; tls_allowed_dn_list [ i ] ; i + + )
free ( tls_allowed_dn_list [ i ] ) ;
free ( tls_allowed_dn_list ) ;
tls_allowed_dn_list = NULL ;
}
return - 1 ;
2007-06-11 16:04:54 +04:00
}
2007-04-04 13:32:00 +04:00
/* Print command-line usage. */
static void
usage ( const char * argv0 )
{
fprintf ( stderr ,
2007-06-11 16:04:54 +04:00
" \n \
Usage : \ n \
% s [ options ] \ n \
\ n \
Options : \ n \
- v | - - verbose Verbose messages . \ n \
- d | - - daemon Run as a daemon & write PID file . \ n \
2007-06-27 03:48:46 +04:00
- l | - - listen Listen for TCP / IP connections . \ n \
- t | - - timeout < secs > Exit after timeout period . \ n \
2007-08-07 17:24:22 +04:00
- f | - - config < file > Configuration file . \ n \
2007-06-11 16:04:54 +04:00
- p | - - pid - file < file > Change name of PID file . \ n \
\ n \
2007-06-27 03:48:46 +04:00
libvirt management daemon : \ n \
2007-06-11 16:04:54 +04:00
\ n \
Default paths : \ n \
\ n \
2007-06-27 03:48:46 +04:00
Configuration file ( unless overridden by - c ) : \ n \
2007-06-11 16:04:54 +04:00
" SYSCONF_DIR " / libvirt / libvirtd . conf \ n \
\ n \
2007-06-27 03:48:46 +04:00
Sockets ( as root ) : \ n \
2007-06-11 16:04:54 +04:00
" LOCAL_STATE_DIR " / run / libvirt / libvirt - sock \ n \
" LOCAL_STATE_DIR " / run / libvirt / libvirt - sock - ro \ n \
2007-06-27 03:48:46 +04:00
\ n \
Sockets ( as non - root ) : \ n \
$ HOME / . libvirt / libvirt - sock ( in UNIX abstract namespace ) \ n \
2007-06-11 16:04:54 +04:00
\ n \
TLS : \ n \
CA certificate : " LIBVIRT_CACERT " \ n \
Server certificate : " LIBVIRT_SERVERCERT " \ n \
Server private key : " LIBVIRT_SERVERKEY " \ n \
\ n \
PID file ( unless overridden by - - pid - file ) : \ n \
% s \ n \
\ n " ,
argv0 ,
REMOTE_PID_FILE [ 0 ] ! = ' \0 '
? REMOTE_PID_FILE
: " (disabled in ./configure) " ) ;
2007-04-04 13:32:00 +04:00
}
2007-02-14 04:40:09 +03:00
# define MAX_LISTEN 5
int main ( int argc , char * * argv ) {
struct qemud_server * server ;
2007-02-16 21:28:17 +03:00
struct sigaction sig_action ;
int sigpipe [ 2 ] ;
2007-06-11 16:04:54 +04:00
const char * pid_file = NULL ;
const char * remote_config_file = SYSCONF_DIR " /libvirt/libvirtd.conf " ;
2007-02-23 15:48:36 +03:00
int ret = 1 ;
2007-02-14 04:40:09 +03:00
struct option opts [ ] = {
{ " verbose " , no_argument , & verbose , 1 } ,
{ " daemon " , no_argument , & godaemon , 1 } ,
2007-06-27 03:48:46 +04:00
{ " listen " , no_argument , & ipsock , 1 } ,
2007-08-07 17:24:22 +04:00
{ " config " , required_argument , NULL , ' f ' } ,
2007-04-04 13:32:00 +04:00
{ " timeout " , required_argument , NULL , ' t ' } ,
{ " pid-file " , required_argument , NULL , ' p ' } ,
{ " help " , no_argument , NULL , ' ? ' } ,
2007-02-14 04:40:09 +03:00
{ 0 , 0 , 0 , 0 }
} ;
while ( 1 ) {
int optidx = 0 ;
int c ;
char * tmp ;
2007-08-07 17:24:22 +04:00
c = getopt_long ( argc , argv , " ldf:p:t:v " , opts , & optidx ) ;
2007-02-14 04:40:09 +03:00
if ( c = = - 1 ) {
break ;
}
switch ( c ) {
case 0 :
/* Got one of the flags */
break ;
case ' v ' :
verbose = 1 ;
break ;
case ' d ' :
godaemon = 1 ;
break ;
2007-06-27 03:48:46 +04:00
case ' l ' :
ipsock = 1 ;
2007-02-14 04:40:09 +03:00
break ;
case ' t ' :
2007-11-14 13:53:05 +03:00
if ( xstrtol_i ( optarg , & tmp , 10 , & timeout ) ! = 0
| | timeout < = 0
/* Ensure that we can multiply by 1000 without overflowing. */
| | timeout > INT_MAX / 1000 )
2007-02-14 04:40:09 +03:00
timeout = - 1 ;
break ;
2007-02-23 15:48:36 +03:00
case ' p ' :
2007-06-11 16:04:54 +04:00
pid_file = optarg ;
break ;
case ' f ' :
remote_config_file = optarg ;
2007-02-23 15:48:36 +03:00
break ;
2007-02-14 04:40:09 +03:00
case ' ? ' :
2007-04-04 13:32:00 +04:00
usage ( argv [ 0 ] ) ;
2007-02-14 04:40:09 +03:00
return 2 ;
default :
2007-08-07 17:24:22 +04:00
fprintf ( stderr , " libvirtd: internal error: unknown flag: %c \n " ,
c ) ;
exit ( 1 ) ;
2007-02-14 04:40:09 +03:00
}
}
2007-02-16 21:28:17 +03:00
if ( pipe ( sigpipe ) < 0 | |
qemudSetNonBlock ( sigpipe [ 0 ] ) < 0 | |
2007-02-16 21:30:55 +03:00
qemudSetNonBlock ( sigpipe [ 1 ] ) < 0 ) {
qemudLog ( QEMUD_ERR , " Failed to create pipe: %s " ,
strerror ( errno ) ) ;
2007-02-23 15:48:36 +03:00
goto error1 ;
2007-02-16 21:30:55 +03:00
}
2007-02-16 21:28:17 +03:00
sigwrite = sigpipe [ 1 ] ;
2007-12-05 18:34:05 +03:00
if ( ! ( server = qemudInitialize ( sigpipe [ 0 ] ) ) ) {
ret = 2 ;
goto error1 ;
}
2007-02-16 21:28:17 +03:00
2007-12-05 18:34:05 +03:00
/* Read the config file (if it exists). */
if ( remoteReadConfigFile ( server , remote_config_file ) < 0 )
goto error1 ;
2007-02-14 04:40:09 +03:00
if ( godaemon ) {
2007-12-05 18:34:05 +03:00
int pid ;
openlog ( " libvirtd " , 0 , 0 ) ;
pid = qemudGoDaemon ( ) ;
2007-02-16 21:30:55 +03:00
if ( pid < 0 ) {
qemudLog ( QEMUD_ERR , " Failed to fork as daemon: %s " ,
strerror ( errno ) ) ;
2007-02-23 15:48:36 +03:00
goto error1 ;
2007-02-16 21:30:55 +03:00
}
2007-02-14 04:40:09 +03:00
if ( pid > 0 )
2007-02-23 15:48:36 +03:00
goto out ;
2007-06-11 16:04:54 +04:00
/* Choose the name of the PID file. */
if ( ! pid_file ) {
2007-06-27 03:48:46 +04:00
if ( REMOTE_PID_FILE [ 0 ] ! = ' \0 ' )
pid_file = REMOTE_PID_FILE ;
2007-06-11 16:04:54 +04:00
}
if ( pid_file & & qemudWritePidFile ( pid_file ) < 0 )
2007-02-23 15:48:36 +03:00
goto error1 ;
2007-02-14 04:40:09 +03:00
}
2007-12-05 18:34:05 +03:00
sig_action . sa_handler = sig_handler ;
sig_action . sa_flags = 0 ;
sigemptyset ( & sig_action . sa_mask ) ;
sigaction ( SIGHUP , & sig_action , NULL ) ;
sigaction ( SIGINT , & sig_action , NULL ) ;
sigaction ( SIGQUIT , & sig_action , NULL ) ;
sigaction ( SIGTERM , & sig_action , NULL ) ;
sigaction ( SIGCHLD , & sig_action , NULL ) ;
sig_action . sa_handler = SIG_IGN ;
sigaction ( SIGPIPE , & sig_action , NULL ) ;
2007-02-14 04:40:09 +03:00
2007-06-27 02:51:01 +04:00
if ( virEventAddHandleImpl ( sigpipe [ 0 ] ,
POLLIN ,
qemudDispatchSignalEvent ,
server ) < 0 ) {
2007-06-26 23:11:00 +04:00
qemudLog ( QEMUD_ERR , " Failed to register callback for signal pipe " ) ;
ret = 3 ;
goto error2 ;
}
2007-12-05 18:34:05 +03:00
if ( ! ( server = qemudNetworkInit ( server ) ) ) {
ret = 2 ;
goto error2 ;
}
2007-06-11 16:04:54 +04:00
qemudRunLoop ( server ) ;
2007-02-14 04:40:09 +03:00
qemudCleanup ( server ) ;
2007-02-16 21:28:17 +03:00
close ( sigwrite ) ;
2007-02-16 21:30:55 +03:00
if ( godaemon )
closelog ( ) ;
2007-02-23 15:48:36 +03:00
out :
ret = 0 ;
error2 :
2007-06-11 16:04:54 +04:00
if ( godaemon & & pid_file )
unlink ( pid_file ) ;
2007-02-23 15:48:36 +03:00
error1 :
return ret ;
2007-02-14 04:40:09 +03:00
}
/*
* Local variables :
* indent - tabs - mode : nil
* c - indent - level : 4
* c - basic - offset : 4
* tab - width : 4
* End :
*/