src/libvirt.c | 6 +----- src/remote/remote_driver.c | 19 ------------------- src/rpc/virnetclient.c | 20 ++++---------------- src/rpc/virnetclient.h | 8 +------- src/rpc/virnetsocket.c | 16 ---------------- src/rpc/virnetsocket.h | 6 +----- src/util/virrandom.c | 36 ++---------------------------------- 7 files changed, 9 insertions(+), 102 deletions(-)
Since commit <60d9ad6f1e42618fce10baeb0f02c35e5ebd5b24> we require
GnuTLS so it doesn't make sense to ifdef the code.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
src/libvirt.c | 6 +-----
src/remote/remote_driver.c | 19 -------------------
src/rpc/virnetclient.c | 20 ++++----------------
src/rpc/virnetclient.h | 8 +-------
src/rpc/virnetsocket.c | 16 ----------------
src/rpc/virnetsocket.h | 6 +-----
src/util/virrandom.c | 36 ++----------------------------------
7 files changed, 9 insertions(+), 102 deletions(-)
diff --git a/src/libvirt.c b/src/libvirt.c
index f1ffc97261..86bb6551ed 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -45,9 +45,7 @@
#include "viralloc.h"
#include "configmake.h"
#include "virconf.h"
-#if WITH_GNUTLS
-# include "rpc/virnettlscontext.h"
-#endif
+#include "rpc/virnettlscontext.h"
#include "vircommand.h"
#include "virfile.h"
#include "virrandom.h"
@@ -233,9 +231,7 @@ virGlobalInit(void)
virLogSetFromEnv();
-#ifdef WITH_GNUTLS
virNetTLSInit();
-#endif
#if WITH_CURL
curl_global_init(CURL_GLOBAL_DEFAULT);
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 66472a6cc1..f6e725dcbf 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -124,9 +124,7 @@ struct private_data {
int counter; /* Serial number for RPC */
-#ifdef WITH_GNUTLS
virNetTLSContextPtr tls;
-#endif
int is_secure; /* Secure if TLS or SASL or UNIX sockets */
char *type; /* Cached return from remoteType. */
@@ -1132,7 +1130,6 @@ doRemoteOpen(virConnectPtr conn,
virConfGetValueString(conf, "tls_priority", &tls_priority) < 0)
goto failed;
-#ifdef WITH_GNUTLS
priv->tls = virNetTLSContextNewClientPath(pkipath,
geteuid() != 0 ? true : false,
tls_priority,
@@ -1141,27 +1138,17 @@ doRemoteOpen(virConnectPtr conn,
goto failed;
priv->is_secure = 1;
G_GNUC_FALLTHROUGH;
-#else
- (void)tls_priority;
- (void)sanity;
- (void)verify;
- virReportError(VIR_ERR_INVALID_ARG, "%s",
- _("GNUTLS support not available in this build"));
- goto failed;
-#endif
case REMOTE_DRIVER_TRANSPORT_TCP:
priv->client = virNetClientNewTCP(priv->hostname, port, AF_UNSPEC);
if (!priv->client)
goto failed;
-#ifdef WITH_GNUTLS
if (priv->tls) {
VIR_DEBUG("Starting TLS session");
if (virNetClientSetTLSSession(priv->client, priv->tls) < 0)
goto failed;
}
-#endif
break;
@@ -1388,10 +1375,8 @@ doRemoteOpen(virConnectPtr conn,
priv->client = NULL;
virObjectUnref(priv->closeCallback);
priv->closeCallback = NULL;
-#ifdef WITH_GNUTLS
virObjectUnref(priv->tls);
priv->tls = NULL;
-#endif
VIR_FREE(priv->hostname);
return VIR_DRV_OPEN_ERROR;
@@ -1533,10 +1518,8 @@ doRemoteClose(virConnectPtr conn, struct private_data *priv)
(xdrproc_t) xdr_void, (char *) NULL) == -1)
ret = -1;
-#ifdef WITH_GNUTLS
virObjectUnref(priv->tls);
priv->tls = NULL;
-#endif
virNetClientSetCloseCallback(priv->client,
NULL,
@@ -4271,7 +4254,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
/* saslcb is now owned by sasl */
saslcb = NULL;
-# ifdef WITH_GNUTLS
/* Initialize some connection props we care about */
if (priv->tls) {
if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0)
@@ -4283,7 +4265,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
goto cleanup;
}
-# endif
/* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */
/* If we're not secure, then forbid any anonymous or trivially crackable auth */
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index 50489b754c..000b937cdd 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -70,9 +70,7 @@ struct _virNetClient {
virNetSocketPtr sock;
bool asyncIO;
-#if WITH_GNUTLS
virNetTLSSessionPtr tls;
-#endif
char *hostname;
virNetClientProgramPtr *programs;
@@ -708,9 +706,7 @@ void virNetClientDispose(void *obj)
if (client->sock)
virNetSocketRemoveIOCallback(client->sock);
virObjectUnref(client->sock);
-#if WITH_GNUTLS
virObjectUnref(client->tls);
-#endif
#if WITH_SASL
virObjectUnref(client->sasl);
#endif
@@ -750,10 +746,8 @@ virNetClientCloseLocked(virNetClientPtr client)
virObjectUnref(client->sock);
client->sock = NULL;
-#if WITH_GNUTLS
virObjectUnref(client->tls);
client->tls = NULL;
-#endif
#if WITH_SASL
virObjectUnref(client->sasl);
client->sasl = NULL;
@@ -837,7 +831,6 @@ void virNetClientSetSASLSession(virNetClientPtr client,
#endif
-#if WITH_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls)
{
@@ -848,12 +841,12 @@ int virNetClientSetTLSSession(virNetClientPtr client,
sigset_t oldmask, blockedsigs;
sigemptyset(&blockedsigs);
-# ifdef SIGWINCH
+#ifdef SIGWINCH
sigaddset(&blockedsigs, SIGWINCH);
-# endif
-# ifdef SIGCHLD
+#endif
+#ifdef SIGCHLD
sigaddset(&blockedsigs, SIGCHLD);
-# endif
+#endif
sigaddset(&blockedsigs, SIGPIPE);
virObjectLock(client);
@@ -940,16 +933,13 @@ int virNetClientSetTLSSession(virNetClientPtr client,
virObjectUnlock(client);
return -1;
}
-#endif
bool virNetClientIsEncrypted(virNetClientPtr client)
{
bool ret = false;
virObjectLock(client);
-#if WITH_GNUTLS
if (client->tls)
ret = true;
-#endif
#if WITH_SASL
if (client->sasl)
ret = true;
@@ -1041,7 +1031,6 @@ const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client)
return virNetSocketRemoteAddrStringSASL(client->sock);
}
-#if WITH_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client)
{
int ret = 0;
@@ -1051,7 +1040,6 @@ int virNetClientGetTLSKeySize(virNetClientPtr client)
virObjectUnlock(client);
return ret;
}
-#endif
static int
virNetClientCallDispatchReply(virNetClientPtr client)
diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h
index 07b399c1a9..778910b575 100644
--- a/src/rpc/virnetclient.h
+++ b/src/rpc/virnetclient.h
@@ -20,9 +20,7 @@
#pragma once
-#ifdef WITH_GNUTLS
-# include "virnettlscontext.h"
-#endif
+#include "virnettlscontext.h"
#include "virnetmessage.h"
#ifdef WITH_SASL
# include "virnetsaslcontext.h"
@@ -120,10 +118,8 @@ void virNetClientSetSASLSession(virNetClientPtr client,
virNetSASLSessionPtr sasl);
#endif
-#ifdef WITH_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls);
-#endif
bool virNetClientIsEncrypted(virNetClientPtr client);
bool virNetClientIsOpen(virNetClientPtr client);
@@ -131,9 +127,7 @@ bool virNetClientIsOpen(virNetClientPtr client);
const char *virNetClientLocalAddrStringSASL(virNetClientPtr client);
const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client);
-#ifdef WITH_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client);
-#endif
void virNetClientClose(virNetClientPtr client);
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 973827ebde..23384e5250 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -93,9 +93,7 @@ struct _virNetSocket {
char *remoteAddrStrSASL;
char *remoteAddrStrURI;
-#if WITH_GNUTLS
virNetTLSSessionPtr tlsSession;
-#endif
#if WITH_SASL
virNetSASLSessionPtr saslSession;
@@ -1288,13 +1286,11 @@ virJSONValuePtr virNetSocketPreExecRestart(virNetSocketPtr sock)
goto error;
}
#endif
-#if WITH_GNUTLS
if (sock->tlsSession) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("Unable to save socket state when TLS session is active"));
goto error;
}
-#endif
if (!(object = virJSONValueNewObject()))
goto error;
@@ -1358,12 +1354,10 @@ void virNetSocketDispose(void *obj)
unlink(sock->localAddr.data.un.sun_path);
#endif
-#if WITH_GNUTLS
/* Make sure it can't send any more I/O during shutdown */
if (sock->tlsSession)
virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL);
virObjectUnref(sock->tlsSession);
-#endif
#if WITH_SASL
virObjectUnref(sock->saslSession);
#endif
@@ -1660,7 +1654,6 @@ const char *virNetSocketRemoteAddrStringURI(virNetSocketPtr sock)
return sock->remoteAddrStrURI;
}
-#if WITH_GNUTLS
static ssize_t virNetSocketTLSSessionWrite(const char *buf,
size_t len,
void *opaque)
@@ -1691,7 +1684,6 @@ void virNetSocketSetTLSSession(virNetSocketPtr sock,
sock);
virObjectUnlock(sock);
}
-#endif
#if WITH_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock,
@@ -1789,17 +1781,13 @@ static ssize_t virNetSocketReadWire(virNetSocketPtr sock, char *buf, size_t len)
#endif
reread:
-#if WITH_GNUTLS
if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionRead(sock->tlsSession, buf, len);
} else {
-#endif
ret = read(sock->fd, buf, len);
-#if WITH_GNUTLS
}
-#endif
if ((ret < 0) && (errno == EINTR))
goto reread;
@@ -1862,17 +1850,13 @@ static ssize_t virNetSocketWriteWire(virNetSocketPtr sock, const char *buf, size
#endif
rewrite:
-#if WITH_GNUTLS
if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionWrite(sock->tlsSession, buf, len);
} else {
-#endif
ret = write(sock->fd, buf, len);
-#if WITH_GNUTLS
}
-#endif
if (ret < 0) {
if (errno == EINTR)
diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h
index 8d075464cb..f2b74f3ccb 100644
--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -23,9 +23,7 @@
#include "virsocketaddr.h"
#include "vircommand.h"
-#ifdef WITH_GNUTLS
-# include "virnettlscontext.h"
-#endif
+#include "virnettlscontext.h"
#include "virobject.h"
#ifdef WITH_SASL
# include "virnetsaslcontext.h"
@@ -152,10 +150,8 @@ ssize_t virNetSocketWrite(virNetSocketPtr sock, const char *buf, size_t len);
int virNetSocketSendFD(virNetSocketPtr sock, int fd);
int virNetSocketRecvFD(virNetSocketPtr sock, int *fd);
-#ifdef WITH_GNUTLS
void virNetSocketSetTLSSession(virNetSocketPtr sock,
virNetTLSSessionPtr sess);
-#endif
#ifdef WITH_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock,
diff --git a/src/util/virrandom.c b/src/util/virrandom.c
index 39ac36a76e..eae7f3db3c 100644
--- a/src/util/virrandom.c
+++ b/src/util/virrandom.c
@@ -24,10 +24,8 @@
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
-#ifdef WITH_GNUTLS
-# include <gnutls/gnutls.h>
-# include <gnutls/crypto.h>
-#endif
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
#include "virrandom.h"
#include "virthread.h"
@@ -116,7 +114,6 @@ int
virRandomBytes(unsigned char *buf,
size_t buflen)
{
-#if WITH_GNUTLS
int rv;
/* Generate the byte stream using gnutls_rnd() if possible */
@@ -127,35 +124,6 @@ virRandomBytes(unsigned char *buf,
return -1;
}
-#else /* !WITH_GNUTLS */
-
- int fd;
-
- if ((fd = open(RANDOM_SOURCE, O_RDONLY)) < 0) {
- virReportSystemError(errno,
- _("unable to open %s"),
- RANDOM_SOURCE);
- return -1;
- }
-
- while (buflen > 0) {
- ssize_t n;
-
- if ((n = saferead(fd, buf, buflen)) <= 0) {
- virReportSystemError(errno,
- _("unable to read from %s"),
- RANDOM_SOURCE);
- VIR_FORCE_CLOSE(fd);
- return n < 0 ? -errno : -ENODATA;
- }
-
- buf += n;
- buflen -= n;
- }
-
- VIR_FORCE_CLOSE(fd);
-#endif /* !WITH_GNUTLS */
-
return 0;
}
--
2.24.1
On Wed, Jan 22, 2020 at 05:33:02PM +0100, Pavel Hrdina wrote: >Since commit <60d9ad6f1e42618fce10baeb0f02c35e5ebd5b24> we require >GnuTLS so it doesn't make sense to ifdef the code. > The important commit is ac0d21c762351f58dd5d2dafa2014ed48a8b49f3 Michal's commit 234ce7d02f4bfd4d80c1fbcd7e1545f31bae5498 specifically mentions leaving these ifdefs because of their usage in the setuid parts. >Signed-off-by: Pavel Hrdina <phrdina@redhat.com> >--- > src/libvirt.c | 6 +----- > src/remote/remote_driver.c | 19 ------------------- > src/rpc/virnetclient.c | 20 ++++---------------- > src/rpc/virnetclient.h | 8 +------- > src/rpc/virnetsocket.c | 16 ---------------- > src/rpc/virnetsocket.h | 6 +----- > src/util/virrandom.c | 36 ++---------------------------------- > 7 files changed, 9 insertions(+), 102 deletions(-) > Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
On Wed, Jan 22, 2020 at 05:33:02PM +0100, Pavel Hrdina wrote:
> Since commit <60d9ad6f1e42618fce10baeb0f02c35e5ebd5b24> we require
> GnuTLS so it doesn't make sense to ifdef the code.
>
> Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
> ---
> src/libvirt.c | 6 +-----
> src/remote/remote_driver.c | 19 -------------------
> src/rpc/virnetclient.c | 20 ++++----------------
> src/rpc/virnetclient.h | 8 +-------
> src/rpc/virnetsocket.c | 16 ----------------
> src/rpc/virnetsocket.h | 6 +-----
> src/util/virrandom.c | 36 ++----------------------------------
> 7 files changed, 9 insertions(+), 102 deletions(-)
...
> diff --git a/src/util/virrandom.c b/src/util/virrandom.c
> index 39ac36a76e..eae7f3db3c 100644
> --- a/src/util/virrandom.c
> +++ b/src/util/virrandom.c
> @@ -24,10 +24,8 @@
> #include <fcntl.h>
> #include <sys/stat.h>
> #include <sys/types.h>
> -#ifdef WITH_GNUTLS
> -# include <gnutls/gnutls.h>
> -# include <gnutls/crypto.h>
> -#endif
> +#include <gnutls/gnutls.h>
> +#include <gnutls/crypto.h>
>
> #include "virrandom.h"
> #include "virthread.h"
There's a #define of RANDOM_SOURCE that I believe you can
drop too....
> @@ -116,7 +114,6 @@ int
> virRandomBytes(unsigned char *buf,
> size_t buflen)
And the API docs for this are talking about RANDOM_SOURCE
instead of GNUTLS (pre-existing problem, but reasonabl
to fix now)
> {
> -#if WITH_GNUTLS
> int rv;
>
> /* Generate the byte stream using gnutls_rnd() if possible */
> @@ -127,35 +124,6 @@ virRandomBytes(unsigned char *buf,
> return -1;
> }
>
> -#else /* !WITH_GNUTLS */
> -
> - int fd;
> -
> - if ((fd = open(RANDOM_SOURCE, O_RDONLY)) < 0) {
> - virReportSystemError(errno,
> - _("unable to open %s"),
> - RANDOM_SOURCE);
> - return -1;
> - }
> -
> - while (buflen > 0) {
> - ssize_t n;
> -
> - if ((n = saferead(fd, buf, buflen)) <= 0) {
> - virReportSystemError(errno,
> - _("unable to read from %s"),
> - RANDOM_SOURCE);
> - VIR_FORCE_CLOSE(fd);
> - return n < 0 ? -errno : -ENODATA;
> - }
> -
> - buf += n;
> - buflen -= n;
> - }
> -
> - VIR_FORCE_CLOSE(fd);
> -#endif /* !WITH_GNUTLS */
> -
> return 0;
With the above minor changes
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
© 2016 - 2024 Red Hat, Inc.