src: remove WITH_GNUTLS usage

Since commit <60d9ad6f1e42618fce10baeb0f02c35e5ebd5b24> we require
GnuTLS and since commit <ac0d21c762351f58dd5d2dafa2014ed48a8b49f3>
we can actually drop the usage of WITH_GNUTLS.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/libvirt.c b/src/libvirt.c
index f1ffc97261e2f295aa27646f89f808fc051a9620..86bb6551ed486587fcf1c910beb8c978176f096e 100644 (file)
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -45,9 +45,7 @@
 #include "viralloc.h"
 #include "configmake.h"
 #include "virconf.h"
-#if WITH_GNUTLS
-# include "rpc/virnettlscontext.h"
-#endif
+#include "rpc/virnettlscontext.h"
 #include "vircommand.h"
 #include "virfile.h"
 #include "virrandom.h"
@@ -233,9 +231,7 @@ virGlobalInit(void)
 
     virLogSetFromEnv();
 
-#ifdef WITH_GNUTLS
     virNetTLSInit();
-#endif
 
 #if WITH_CURL
     curl_global_init(CURL_GLOBAL_DEFAULT);

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 66472a6cc186539c536a62d9d897c9dc0ec9fe8e..f6e725dcbf9a96a4626127d786803d7397182d08 100644 (file)
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -124,9 +124,7 @@ struct private_data {
 
     int counter; /* Serial number for RPC */
 
-#ifdef WITH_GNUTLS
     virNetTLSContextPtr tls;
-#endif
 
     int is_secure;              /* Secure if TLS or SASL or UNIX sockets */
     char *type;                 /* Cached return from remoteType. */
@@ -1132,7 +1130,6 @@ doRemoteOpen(virConnectPtr conn,
             virConfGetValueString(conf, "tls_priority", &tls_priority) < 0)
             goto failed;
 
-#ifdef WITH_GNUTLS
         priv->tls = virNetTLSContextNewClientPath(pkipath,
                                                   geteuid() != 0 ? true : false,
                                                   tls_priority,
@@ -1141,27 +1138,17 @@ doRemoteOpen(virConnectPtr conn,
             goto failed;
         priv->is_secure = 1;
         G_GNUC_FALLTHROUGH;
-#else
-        (void)tls_priority;
-        (void)sanity;
-        (void)verify;
-        virReportError(VIR_ERR_INVALID_ARG, "%s",
-                       _("GNUTLS support not available in this build"));
-        goto failed;
-#endif
 
     case REMOTE_DRIVER_TRANSPORT_TCP:
         priv->client = virNetClientNewTCP(priv->hostname, port, AF_UNSPEC);
         if (!priv->client)
             goto failed;
 
-#ifdef WITH_GNUTLS
         if (priv->tls) {
             VIR_DEBUG("Starting TLS session");
             if (virNetClientSetTLSSession(priv->client, priv->tls) < 0)
                 goto failed;
         }
-#endif
 
         break;
 
@@ -1388,10 +1375,8 @@ doRemoteOpen(virConnectPtr conn,
     priv->client = NULL;
     virObjectUnref(priv->closeCallback);
     priv->closeCallback = NULL;
-#ifdef WITH_GNUTLS
     virObjectUnref(priv->tls);
     priv->tls = NULL;
-#endif
 
     VIR_FREE(priv->hostname);
     return VIR_DRV_OPEN_ERROR;
@@ -1533,10 +1518,8 @@ doRemoteClose(virConnectPtr conn, struct private_data *priv)
              (xdrproc_t) xdr_void, (char *) NULL) == -1)
         ret = -1;
 
-#ifdef WITH_GNUTLS
     virObjectUnref(priv->tls);
     priv->tls = NULL;
-#endif
 
     virNetClientSetCloseCallback(priv->client,
                                  NULL,
@@ -4271,7 +4254,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
     /* saslcb is now owned by sasl */
     saslcb = NULL;
 
-# ifdef WITH_GNUTLS
     /* Initialize some connection props we care about */
     if (priv->tls) {
         if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0)
@@ -4283,7 +4265,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
         if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
             goto cleanup;
     }
-# endif
 
     /* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */
     /* If we're not secure, then forbid any anonymous or trivially crackable auth */

diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index 50489b754cdee1ef48b5e7f7407011d3ed24a03e..000b937cddc8fc0434a4229ab3bd342273b85ab2 100644 (file)
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -70,9 +70,7 @@ struct _virNetClient {
     virNetSocketPtr sock;
     bool asyncIO;
 
-#if WITH_GNUTLS
     virNetTLSSessionPtr tls;
-#endif
     char *hostname;
 
     virNetClientProgramPtr *programs;
@@ -708,9 +706,7 @@ void virNetClientDispose(void *obj)
     if (client->sock)
         virNetSocketRemoveIOCallback(client->sock);
     virObjectUnref(client->sock);
-#if WITH_GNUTLS
     virObjectUnref(client->tls);
-#endif
 #if WITH_SASL
     virObjectUnref(client->sasl);
 #endif
@@ -750,10 +746,8 @@ virNetClientCloseLocked(virNetClientPtr client)
 
     virObjectUnref(client->sock);
     client->sock = NULL;
-#if WITH_GNUTLS
     virObjectUnref(client->tls);
     client->tls = NULL;
-#endif
 #if WITH_SASL
     virObjectUnref(client->sasl);
     client->sasl = NULL;
@@ -837,7 +831,6 @@ void virNetClientSetSASLSession(virNetClientPtr client,
 #endif
 
 
-#if WITH_GNUTLS
 int virNetClientSetTLSSession(virNetClientPtr client,
                               virNetTLSContextPtr tls)
 {
@@ -848,12 +841,12 @@ int virNetClientSetTLSSession(virNetClientPtr client,
     sigset_t oldmask, blockedsigs;
 
     sigemptyset(&blockedsigs);
-# ifdef SIGWINCH
+#ifdef SIGWINCH
     sigaddset(&blockedsigs, SIGWINCH);
-# endif
-# ifdef SIGCHLD
+#endif
+#ifdef SIGCHLD
     sigaddset(&blockedsigs, SIGCHLD);
-# endif
+#endif
     sigaddset(&blockedsigs, SIGPIPE);
 
     virObjectLock(client);
@@ -940,16 +933,13 @@ int virNetClientSetTLSSession(virNetClientPtr client,
     virObjectUnlock(client);
     return -1;
 }
-#endif
 
 bool virNetClientIsEncrypted(virNetClientPtr client)
 {
     bool ret = false;
     virObjectLock(client);
-#if WITH_GNUTLS
     if (client->tls)
         ret = true;
-#endif
 #if WITH_SASL
     if (client->sasl)
         ret = true;
@@ -1041,7 +1031,6 @@ const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client)
     return virNetSocketRemoteAddrStringSASL(client->sock);
 }
 
-#if WITH_GNUTLS
 int virNetClientGetTLSKeySize(virNetClientPtr client)
 {
     int ret = 0;
@@ -1051,7 +1040,6 @@ int virNetClientGetTLSKeySize(virNetClientPtr client)
     virObjectUnlock(client);
     return ret;
 }
-#endif
 
 static int
 virNetClientCallDispatchReply(virNetClientPtr client)

diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h
index 07b399c1a9707c88d433407e0c08d9f48478e2b0..778910b575def83ea7cd7d0b32e35b7510b5d823 100644 (file)
--- a/src/rpc/virnetclient.h
+++ b/src/rpc/virnetclient.h
@@ -20,9 +20,7 @@
 
 #pragma once
 
-#ifdef WITH_GNUTLS
-# include "virnettlscontext.h"
-#endif
+#include "virnettlscontext.h"
 #include "virnetmessage.h"
 #ifdef WITH_SASL
 # include "virnetsaslcontext.h"
@@ -120,10 +118,8 @@ void virNetClientSetSASLSession(virNetClientPtr client,
                                 virNetSASLSessionPtr sasl);
 #endif
 
-#ifdef WITH_GNUTLS
 int virNetClientSetTLSSession(virNetClientPtr client,
                               virNetTLSContextPtr tls);
-#endif
 
 bool virNetClientIsEncrypted(virNetClientPtr client);
 bool virNetClientIsOpen(virNetClientPtr client);
@@ -131,9 +127,7 @@ bool virNetClientIsOpen(virNetClientPtr client);
 const char *virNetClientLocalAddrStringSASL(virNetClientPtr client);
 const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client);
 
-#ifdef WITH_GNUTLS
 int virNetClientGetTLSKeySize(virNetClientPtr client);
-#endif
 
 void virNetClientClose(virNetClientPtr client);
 

diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 973827ebdea36d2b1d93f25754556b5921732b67..23384e5250511a8496ee1ede6547d01e089751ad 100644 (file)
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -93,9 +93,7 @@ struct _virNetSocket {
     char *remoteAddrStrSASL;
     char *remoteAddrStrURI;
 
-#if WITH_GNUTLS
     virNetTLSSessionPtr tlsSession;
-#endif
 #if WITH_SASL
     virNetSASLSessionPtr saslSession;
 
@@ -1288,13 +1286,11 @@ virJSONValuePtr virNetSocketPreExecRestart(virNetSocketPtr sock)
         goto error;
     }
 #endif
-#if WITH_GNUTLS
     if (sock->tlsSession) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s",
                        _("Unable to save socket state when TLS session is active"));
         goto error;
     }
-#endif
 
     if (!(object = virJSONValueNewObject()))
         goto error;
@@ -1358,12 +1354,10 @@ void virNetSocketDispose(void *obj)
         unlink(sock->localAddr.data.un.sun_path);
 #endif
 
-#if WITH_GNUTLS
     /* Make sure it can't send any more I/O during shutdown */
     if (sock->tlsSession)
         virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL);
     virObjectUnref(sock->tlsSession);
-#endif
 #if WITH_SASL
     virObjectUnref(sock->saslSession);
 #endif
@@ -1660,7 +1654,6 @@ const char *virNetSocketRemoteAddrStringURI(virNetSocketPtr sock)
     return sock->remoteAddrStrURI;
 }
 
-#if WITH_GNUTLS
 static ssize_t virNetSocketTLSSessionWrite(const char *buf,
                                            size_t len,
                                            void *opaque)
@@ -1691,7 +1684,6 @@ void virNetSocketSetTLSSession(virNetSocketPtr sock,
                                    sock);
     virObjectUnlock(sock);
 }
-#endif
 
 #if WITH_SASL
 void virNetSocketSetSASLSession(virNetSocketPtr sock,
@@ -1789,17 +1781,13 @@ static ssize_t virNetSocketReadWire(virNetSocketPtr sock, char *buf, size_t len)
 #endif
 
  reread:
-#if WITH_GNUTLS
     if (sock->tlsSession &&
         virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
         VIR_NET_TLS_HANDSHAKE_COMPLETE) {
         ret = virNetTLSSessionRead(sock->tlsSession, buf, len);
     } else {
-#endif
         ret = read(sock->fd, buf, len);
-#if WITH_GNUTLS
     }
-#endif
 
     if ((ret < 0) && (errno == EINTR))
         goto reread;
@@ -1862,17 +1850,13 @@ static ssize_t virNetSocketWriteWire(virNetSocketPtr sock, const char *buf, size
 #endif
 
  rewrite:
-#if WITH_GNUTLS
     if (sock->tlsSession &&
         virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
         VIR_NET_TLS_HANDSHAKE_COMPLETE) {
         ret = virNetTLSSessionWrite(sock->tlsSession, buf, len);
     } else {
-#endif
         ret = write(sock->fd, buf, len);
-#if WITH_GNUTLS
     }
-#endif
 
     if (ret < 0) {
         if (errno == EINTR)

diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h
index 8d075464cbad3b51bf00b9474b89e96663733bc2..f2b74f3ccbc6cab6094427e07ec70eaf3d2e0ef9 100644 (file)
--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -23,9 +23,7 @@
 
 #include "virsocketaddr.h"
 #include "vircommand.h"
-#ifdef WITH_GNUTLS
-# include "virnettlscontext.h"
-#endif
+#include "virnettlscontext.h"
 #include "virobject.h"
 #ifdef WITH_SASL
 # include "virnetsaslcontext.h"
@@ -152,10 +150,8 @@ ssize_t virNetSocketWrite(virNetSocketPtr sock, const char *buf, size_t len);
 int virNetSocketSendFD(virNetSocketPtr sock, int fd);
 int virNetSocketRecvFD(virNetSocketPtr sock, int *fd);
 
-#ifdef WITH_GNUTLS
 void virNetSocketSetTLSSession(virNetSocketPtr sock,
                                virNetTLSSessionPtr sess);
-#endif
 
 #ifdef WITH_SASL
 void virNetSocketSetSASLSession(virNetSocketPtr sock,

diff --git a/src/util/virrandom.c b/src/util/virrandom.c
index 39ac36a76e0a2b217b5a4ac1f6c2bfc98f2e606a..227480352d6fc03bfe4a1b3adc691fb6285bf2ef 100644 (file)
--- a/src/util/virrandom.c
+++ b/src/util/virrandom.c
@@ -24,10 +24,8 @@
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
-#ifdef WITH_GNUTLS
-# include <gnutls/gnutls.h>
-# include <gnutls/crypto.h>
-#endif
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
 
 #include "virrandom.h"
 #include "virthread.h"
@@ -41,8 +39,6 @@
 
 VIR_LOG_INIT("util.random");
 
-#define RANDOM_SOURCE "/dev/urandom"
-
 /**
  * virRandomBits:
  * @nbits: Number of bits of randomness required
@@ -107,7 +103,7 @@ uint32_t virRandomInt(uint32_t max)
  * @buf: Pointer to location to store bytes
  * @buflen: Number of bytes to store
  *
- * Generate a stream of random bytes from RANDOM_SOURCE
+ * Generate a stream of random bytes using gnutls_rnd()
  * into @buf of size @buflen
  *
  * Returns 0 on success or -1 (with error reported)
@@ -116,10 +112,8 @@ int
 virRandomBytes(unsigned char *buf,
                size_t buflen)
 {
-#if WITH_GNUTLS
     int rv;
 
-    /* Generate the byte stream using gnutls_rnd() if possible */
     if ((rv = gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("failed to generate byte stream: %s"),
@@ -127,35 +121,6 @@ virRandomBytes(unsigned char *buf,
         return -1;
     }
 
-#else /* !WITH_GNUTLS */
-
-    int fd;
-
-    if ((fd = open(RANDOM_SOURCE, O_RDONLY)) < 0) {
-        virReportSystemError(errno,
-                             _("unable to open %s"),
-                             RANDOM_SOURCE);
-        return -1;
-    }
-
-    while (buflen > 0) {
-        ssize_t n;
-
-        if ((n = saferead(fd, buf, buflen)) <= 0) {
-            virReportSystemError(errno,
-                                 _("unable to read from %s"),
-                                 RANDOM_SOURCE);
-            VIR_FORCE_CLOSE(fd);
-            return n < 0 ? -errno : -ENODATA;
-        }
-
-        buf += n;
-        buflen -= n;
-    }
-
-    VIR_FORCE_CLOSE(fd);
-#endif /* !WITH_GNUTLS */
-
     return 0;
 }