LIBS="$old_libs"
dnl GnuTLS library
-GNUTLS_CFLAGS=
-GNUTLS_LIBS=
-GNUTLS_FOUND=no
-if test -x "$PKG_CONFIG" ; then
- PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED,
- [GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])
-fi
-if test "$GNUTLS_FOUND" = "no"; then
+AC_ARG_WITH([gnutls],
+ AC_HELP_STRING([--with-gnutls], [use GNUTLS for encryption @<:@default=check@:>@]),
+ [],
+ [with_gnutls=check])
+
+
+if test "x$with_gnutls" != "xno"; then
+ if test "x$with_gnutls" != "xyes" && test "x$with_gnutls" != "xcheck"; then
+ GNUTLS_CFLAGS="-I$with_gnutls/include"
+ GNUTLS_LIBS="-L$with_gnutls/lib"
+ fi
fail=0
+ old_cflags="$CFLAGS"
old_libs="$LIBS"
- AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1])
- AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt])
+ CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
+ LIBS="$LIBS $GNUTLS_LIBS"
- test $fail = 1 &&
- AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])
+ GNUTLS_FOUND=no
+ if test -x "$PKG_CONFIG" ; then
+ PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED,
+ [GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])
+ fi
+ if test "$GNUTLS_FOUND" = "no"; then
+ fail=0
+ AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1])
+ AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt])
+
+ test $fail = 0 && GNUTLS_FOUND=yes
+
+ GNUTLS_LIBS="$GNUTLS_LIBS -lgnutls"
+ fi
+ if test "$GNUTLS_FOUND" = "no"; then
+ if test "$with_gnutls" = "check"; then
+ with_gnutls=no
+ GNUTLS_LIBS=
+ GNUTLS_CFLAGS=
+ else
+ AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])
+ fi
+ else
+ dnl Not all versions of gnutls include -lgcrypt, and so we add
+ dnl it explicitly for the calls to gcry_control/check_version
+ GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
+
+ with_gnutls=yes
+ fi
- dnl Not all versions of gnutls include -lgcrypt, and so we add
- dnl it explicitly for the calls to gcry_control/check_version
- GNUTLS_LIBS="$LIBS -lgcrypt"
LIBS="$old_libs"
-else
- GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
+ CFLAGS="$old_CFLAGS"
fi
+if test "x$with_gnutls" = "xyes" ; then
+ AC_DEFINE_UNQUOTED([HAVE_GNUTLS], 1,
+ [whether GNUTLS is available for encryption])
+fi
+AM_CONDITIONAL([HAVE_GNUTLS], [test "x$with_gnutls" = "xyes"])
AC_SUBST([GNUTLS_CFLAGS])
AC_SUBST([GNUTLS_LIBS])
else
AC_MSG_NOTICE([ libssh2: no])
fi
+if test "$with_gnutls" != "no" ; then
AC_MSG_NOTICE([ gnutls: $GNUTLS_CFLAGS $GNUTLS_LIBS])
+else
+AC_MSG_NOTICE([ gnutls: no])
+fi
if test "$with_sasl" != "no" ; then
AC_MSG_NOTICE([ sasl: $SASL_CFLAGS $SASL_LIBS])
else
virNetServerServicePtr svc = NULL;
virNetServerServicePtr svcRO = NULL;
virNetServerServicePtr svcTCP = NULL;
+#if HAVE_GNUTLS
virNetServerServicePtr svcTLS = NULL;
+#endif
gid_t unix_sock_gid = 0;
int unix_sock_ro_mask = 0;
int unix_sock_rw_mask = 0;
unix_sock_rw_mask,
unix_sock_gid,
config->auth_unix_rw,
+#if HAVE_GNUTLS
+ NULL,
+#endif
false,
- config->max_client_requests,
- NULL)))
+ config->max_client_requests)))
goto error;
if (sock_path_ro) {
VIR_DEBUG("Registering unix socket %s", sock_path_ro);
unix_sock_ro_mask,
unix_sock_gid,
config->auth_unix_ro,
+#if HAVE_GNUTLS
+ NULL,
+#endif
true,
- config->max_client_requests,
- NULL)))
+ config->max_client_requests)))
goto error;
}
if (!(svcTCP = virNetServerServiceNewTCP(config->listen_addr,
config->tcp_port,
config->auth_tcp,
+#if HAVE_GNUTLS
+ NULL,
+#endif
false,
- config->max_client_requests,
- NULL)))
+ config->max_client_requests)))
goto error;
if (virNetServerAddService(srv, svcTCP,
goto error;
}
+#if HAVE_GNUTLS
if (config->listen_tls) {
virNetTLSContextPtr ctxt = NULL;
virNetServerServiceNewTCP(config->listen_addr,
config->tls_port,
config->auth_tls,
+ ctxt,
false,
- config->max_client_requests,
- ctxt))) {
+ config->max_client_requests))) {
virObjectUnref(ctxt);
goto error;
}
virObjectUnref(ctxt);
}
+#else
+ (void)privileged;
+ if (config->listen_tls) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("This libvirtd build does not support TLS"));
+ goto error;
+ }
+#endif
}
#if HAVE_SASL
if (config->auth_unix_rw == REMOTE_AUTH_SASL ||
config->auth_unix_ro == REMOTE_AUTH_SASL ||
- config->auth_tcp == REMOTE_AUTH_SASL ||
- config->auth_tls == REMOTE_AUTH_SASL) {
+# if HAVE_GNUTLS
+ config->auth_tls == REMOTE_AUTH_SASL ||
+# endif
+ config->auth_tcp == REMOTE_AUTH_SASL) {
saslCtxt = virNetSASLContextNewServer(
(const char *const*)config->sasl_allowed_username_list);
if (!saslCtxt)
return 0;
error:
+#if HAVE_GNUTLS
virObjectUnref(svcTLS);
+#endif
virObjectUnref(svcTCP);
virObjectUnref(svc);
virObjectUnref(svcRO);
if (!sasl)
goto authfail;
+# if HAVE_GNUTLS
/* Inform SASL that we've got an external SSF layer from TLS */
if (virNetServerClientHasTLSSession(client)) {
int ssf;
if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
goto authfail;
}
+# endif
if (virNetServerClientIsSecure(client))
/* If we've got TLS or UNIX domain sock, we don't care about SSF */
rpc/virnetmessage.h rpc/virnetmessage.c \
rpc/virnetprotocol.h rpc/virnetprotocol.c \
rpc/virnetsocket.h rpc/virnetsocket.c \
- rpc/virnettlscontext.h rpc/virnettlscontext.c \
rpc/virkeepaliveprotocol.h rpc/virkeepaliveprotocol.c \
rpc/virkeepalive.h rpc/virkeepalive.c
if HAVE_LIBSSH2
EXTRA_DIST += \
rpc/virnetsshsession.h rpc/virnetsshsession.c
endif
+if HAVE_GNUTLS
+libvirt_net_rpc_la_SOURCES += \
+ rpc/virnettlscontext.h rpc/virnettlscontext.c
+else
+EXTRA_DIST += \
+ rpc/virnettlscontext.h rpc/virnettlscontext.c
+endif
if HAVE_SASL
libvirt_net_rpc_la_SOURCES += \
rpc/virnetsaslcontext.h rpc/virnetsaslcontext.c
#include "configmake.h"
#include "intprops.h"
#include "virconf.h"
-#include "rpc/virnettlscontext.h"
+#if HAVE_GNUTLS
+# include "rpc/virnettlscontext.h"
+#endif
#include "vircommand.h"
#include "virrandom.h"
#include "viruri.h"
}
#endif
+
+#ifdef HAVE_GNUTLS
static int virTLSMutexInit(void **priv)
{
virMutexPtr lock = NULL;
static struct gcry_thread_cbs virTLSThreadImpl = {
/* GCRY_THREAD_OPTION_VERSION was added in gcrypt 1.4.2 */
-#ifdef GCRY_THREAD_OPTION_VERSION
+# ifdef GCRY_THREAD_OPTION_VERSION
(GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)),
-#else
+# else
GCRY_THREAD_OPTION_PTHREAD,
-#endif
+# endif
NULL,
virTLSMutexInit,
virTLSMutexDestroy,
virTLSMutexUnlock,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
+#endif
/* Helper macros to implement VIR_DOMAIN_DEBUG using just C99. This
* assumes you pass fewer than 15 arguments to VIR_DOMAIN_DEBUG, but
virErrorInitialize() < 0)
goto error;
+#ifdef HAVE_GNUTLS
gcry_control(GCRYCTL_SET_THREAD_CBS, &virTLSThreadImpl);
gcry_check_version(NULL);
+#endif
virLogSetFromEnv();
+#ifdef HAVE_GNUTLS
virNetTLSInit();
+#endif
#if HAVE_LIBCURL
curl_global_init(CURL_GLOBAL_DEFAULT);
/* Systemd passes FDs, starting immediately after stderr,
* so the first FD we'll get is '3'. */
- if (!(svc = virNetServerServiceNewFD(3, 0, false, 1, NULL)))
+ if (!(svc = virNetServerServiceNewFD(3, 0,
+#if HAVE_GNUTLS
+ NULL,
+#endif
+ false, 1)))
return -1;
if (virNetServerAddService(srv, svc, NULL) < 0) {
VIR_DEBUG("Setting up networking natively");
- if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0, false, 1, NULL)))
+ if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0,
+#if HAVE_GNUTLS
+ NULL,
+#endif
+ false, 1)))
return -1;
if (virNetServerAddService(srv, svc, NULL) < 0) {
0700,
0,
0,
+#if HAVE_GNUTLS
+ NULL,
+#endif
false,
- 5,
- NULL)))
+ 5)))
goto error;
if (virNetServerAddService(ctrl->server, svc, NULL) < 0)
#include <config.h>
#include <sys/time.h>
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
+#ifdef HAVE_GNUTLS
+# include <gnutls/gnutls.h>
+# include <gnutls/x509.h>
+#endif
#include <fcntl.h>
#include <poll.h>
}
+#ifdef HAVE_GNUTLS
static char *
qemuDomainExtractTLSSubject(const char *certdir)
{
VIR_FREE(pemdata);
return NULL;
}
-
+#endif
static qemuMigrationCookieGraphicsPtr
qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver,
if (!listenAddr)
listenAddr = driver->vncListen;
+#ifdef HAVE_GNUTLS
if (driver->vncTLS &&
!(mig->tlsSubject = qemuDomainExtractTLSSubject(driver->vncTLSx509certdir)))
goto error;
+#endif
} else {
mig->port = def->data.spice.port;
if (driver->spiceTLS)
if (!listenAddr)
listenAddr = driver->spiceListen;
+#ifdef HAVE_GNUTLS
if (driver->spiceTLS &&
!(mig->tlsSubject = qemuDomainExtractTLSSubject(driver->spiceTLSx509certdir)))
goto error;
+#endif
}
if (!(mig->listen = strdup(listenAddr)))
goto no_memory;
no_memory:
virReportOOMError();
+#ifdef HAVE_GNUTLS
error:
+#endif
qemuMigrationCookieGraphicsFree(mig);
return NULL;
}
int counter; /* Serial number for RPC */
+#ifdef HAVE_GNUTLS
virNetTLSContextPtr tls;
+#endif
int is_secure; /* Secure if TLS or SASL or UNIX sockets */
char *type; /* Cached return from remoteType. */
/* Connect to the remote service. */
switch (transport) {
case trans_tls:
+#ifdef HAVE_GNUTLS
priv->tls = virNetTLSContextNewClientPath(pkipath,
geteuid() != 0 ? true : false,
sanity, verify);
if (!priv->tls)
goto failed;
priv->is_secure = 1;
+#else
+ (void)sanity;
+ virReportError(VIR_ERR_INVALID_ARG, "%s",
+ _("GNUTLS support not available in this build"));
+ goto failed;
+#endif
/*FALLTHROUGH*/
case trans_tcp:
if (!priv->client)
goto failed;
+#ifdef HAVE_GNUTLS
if (priv->tls) {
VIR_DEBUG("Starting TLS session");
if (virNetClientSetTLSSession(priv->client, priv->tls) < 0)
goto failed;
}
+#endif
break;
(xdrproc_t) xdr_void, (char *) NULL) == -1)
ret = -1;
+#ifdef HAVE_GNUTLS
virObjectUnref(priv->tls);
priv->tls = NULL;
+#endif
virNetClientSetCloseCallback(priv->client,
NULL,
NULL,
saslcb)))
goto cleanup;
+# ifdef HAVE_GNUTLS
/* Initialize some connection props we care about */
if (priv->tls) {
if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0)
if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
goto cleanup;
}
+# endif
/* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */
/* If we're not secure, then forbid any anonymous or trivially crackable auth */
virNetSocketPtr sock;
bool asyncIO;
+#if HAVE_GNUTLS
virNetTLSSessionPtr tls;
+#endif
char *hostname;
virNetClientProgramPtr *programs;
if (client->sock)
virNetSocketRemoveIOCallback(client->sock);
virObjectUnref(client->sock);
+#if HAVE_GNUTLS
virObjectUnref(client->tls);
+#endif
#if HAVE_SASL
virObjectUnref(client->sasl);
#endif
virObjectUnref(client->sock);
client->sock = NULL;
+#if HAVE_GNUTLS
virObjectUnref(client->tls);
client->tls = NULL;
+#endif
#if HAVE_SASL
virObjectUnref(client->sasl);
client->sasl = NULL;
#endif
+#if HAVE_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls)
{
sigset_t oldmask, blockedsigs;
sigemptyset(&blockedsigs);
-#ifdef SIGWINCH
+# ifdef SIGWINCH
sigaddset(&blockedsigs, SIGWINCH);
-#endif
-#ifdef SIGCHLD
+# endif
+# ifdef SIGCHLD
sigaddset(&blockedsigs, SIGCHLD);
-#endif
+# endif
sigaddset(&blockedsigs, SIGPIPE);
virNetClientLock(client);
virNetClientUnlock(client);
return -1;
}
+#endif
bool virNetClientIsEncrypted(virNetClientPtr client)
{
bool ret = false;
virNetClientLock(client);
+#if HAVE_GNUTLS
if (client->tls)
ret = true;
+#endif
#if HAVE_SASL
if (client->sasl)
ret = true;
return virNetSocketRemoteAddrString(client->sock);
}
+#if HAVE_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client)
{
int ret = 0;
virNetClientUnlock(client);
return ret;
}
+#endif
static int
virNetClientCallDispatchReply(virNetClientPtr client)
#ifndef __VIR_NET_CLIENT_H__
# define __VIR_NET_CLIENT_H__
-# include "virnettlscontext.h"
+# ifdef HAVE_GNUTLS
+# include "virnettlscontext.h"
+# endif
# include "virnetmessage.h"
# ifdef HAVE_SASL
# include "virnetsaslcontext.h"
virNetSASLSessionPtr sasl);
# endif
+# ifdef HAVE_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls);
+# endif
bool virNetClientIsEncrypted(virNetClientPtr client);
bool virNetClientIsOpen(virNetClientPtr client);
const char *virNetClientLocalAddrString(virNetClientPtr client);
const char *virNetClientRemoteAddrString(virNetClientPtr client);
+# ifdef HAVE_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client);
+# endif
void virNetClientClose(virNetClientPtr client);
unsigned int quit :1;
+#ifdef HAVE_GNUTLS
virNetTLSContextPtr tls;
+#endif
unsigned int autoShutdownTimeout;
size_t autoShutdownInhibitions;
virNetServerServiceGetAuth(svc),
virNetServerServiceIsReadonly(svc),
virNetServerServiceGetMaxRequests(svc),
+#if HAVE_GNUTLS
virNetServerServiceGetTLSContext(svc),
+#endif
srv->clientPrivNew,
srv->clientPrivPreExecRestart,
srv->clientPrivFree,
return -1;
}
+#if HAVE_GNUTLS
int virNetServerSetTLSContext(virNetServerPtr srv,
virNetTLSContextPtr tls)
{
srv->tls = virObjectRef(tls);
return 0;
}
+#endif
static void virNetServerAutoShutdownTimer(int timerid ATTRIBUTE_UNUSED,
# include <signal.h>
-# include "virnettlscontext.h"
+# ifdef HAVE_GNUTLS
+# include "virnettlscontext.h"
+# endif
# include "virnetserverprogram.h"
# include "virnetserverclient.h"
# include "virnetserverservice.h"
int virNetServerAddProgram(virNetServerPtr srv,
virNetServerProgramPtr prog);
+# if HAVE_GNUTLS
int virNetServerSetTLSContext(virNetServerPtr srv,
virNetTLSContextPtr tls);
+# endif
void virNetServerUpdateServices(virNetServerPtr srv,
bool enabled);
int auth;
bool readonly;
char *identity;
+#if HAVE_GNUTLS
virNetTLSContextPtr tlsCtxt;
virNetTLSSessionPtr tls;
+#endif
#if HAVE_SASL
virNetSASLSessionPtr sasl;
#endif
VIR_DEBUG("tls=%p hs=%d, rx=%p tx=%p",
+#ifdef HAVE_GNUTLS
client->tls,
client->tls ? virNetTLSSessionGetHandshakeStatus(client->tls) : -1,
+#else
+ NULL, -1,
+#endif
client->rx,
client->tx);
if (!client->sock || client->wantClose)
return 0;
+#if HAVE_GNUTLS
if (client->tls) {
switch (virNetTLSSessionGetHandshakeStatus(client->tls)) {
case VIR_NET_TLS_HANDSHAKE_RECVING:
mode |= VIR_EVENT_HANDLE_WRITABLE;
}
} else {
+#endif
/* If there is a message on the rx queue, and
* we're not in middle of a delayedClose, then
* we're wanting more input */
then monitor for writability on socket */
if (client->tx)
mode |= VIR_EVENT_HANDLE_WRITABLE;
+#if HAVE_GNUTLS
}
+#endif
VIR_DEBUG("mode=%o", mode);
return mode;
}
}
+#ifdef HAVE_GNUTLS
/* Check the client's access. */
static int
virNetServerClientCheckAccess(virNetServerClientPtr client)
return 0;
}
+#endif
+
static void virNetServerClientSockTimerFunc(int timer,
void *opaque)
static virNetServerClientPtr
virNetServerClientNewInternal(virNetSocketPtr sock,
int auth,
+#ifdef HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+#endif
bool readonly,
- size_t nrequests_max,
- virNetTLSContextPtr tls)
+ size_t nrequests_max)
{
virNetServerClientPtr client;
client->sock = virObjectRef(sock);
client->auth = auth;
client->readonly = readonly;
+#ifdef HAVE_GNUTLS
client->tlsCtxt = virObjectRef(tls);
+#endif
client->nrequests_max = nrequests_max;
client->sockTimer = virEventAddTimeout(-1, virNetServerClientSockTimerFunc,
int auth,
bool readonly,
size_t nrequests_max,
+#ifdef HAVE_GNUTLS
virNetTLSContextPtr tls,
+#endif
virNetServerClientPrivNew privNew,
virNetServerClientPrivPreExecRestart privPreExecRestart,
virFreeCallback privFree,
{
virNetServerClientPtr client;
- VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth, tls);
+ VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth,
+#ifdef HAVE_GNUTLS
+ tls
+#else
+ NULL
+#endif
+ );
- if (!(client = virNetServerClientNewInternal(sock, auth, readonly, nrequests_max, tls)))
+ if (!(client = virNetServerClientNewInternal(sock, auth,
+#ifdef HAVE_GNUTLS
+ tls,
+#endif
+ readonly, nrequests_max)))
return NULL;
if (privNew) {
if (!(client = virNetServerClientNewInternal(sock,
auth,
+#ifdef HAVE_GNUTLS
+ NULL,
+#endif
readonly,
- nrequests_max,
- NULL))) {
+ nrequests_max))) {
virObjectUnref(sock);
return NULL;
}
}
+#ifdef HAVE_GNUTLS
bool virNetServerClientHasTLSSession(virNetServerClientPtr client)
{
bool has;
virNetServerClientUnlock(client);
return size;
}
+#endif
int virNetServerClientGetFD(virNetServerClientPtr client)
{
{
bool secure = false;
virNetServerClientLock(client);
+#if HAVE_GNUTLS
if (client->tls)
secure = true;
+#endif
#if HAVE_SASL
if (client->sasl)
secure = true;
}
+
#if HAVE_SASL
void virNetServerClientSetSASLSession(virNetServerClientPtr client,
virNetSASLSessionPtr sasl)
#endif
if (client->sockTimer > 0)
virEventRemoveTimeout(client->sockTimer);
+#if HAVE_GNUTLS
virObjectUnref(client->tls);
virObjectUnref(client->tlsCtxt);
+#endif
virObjectUnref(client->sock);
virNetServerClientUnlock(client);
virMutexDestroy(&client->lock);
if (client->sock)
virNetSocketRemoveIOCallback(client->sock);
+#if HAVE_GNUTLS
if (client->tls) {
virObjectUnref(client->tls);
client->tls = NULL;
}
+#endif
client->wantClose = true;
while (client->rx) {
{
virNetServerClientLock(client);
+#if HAVE_GNUTLS
if (!client->tlsCtxt) {
+#endif
/* Plain socket, so prepare to read first message */
if (virNetServerClientRegisterEvent(client) < 0)
goto error;
+#if HAVE_GNUTLS
} else {
int ret;
goto error;
}
}
+#endif
virNetServerClientUnlock(client);
return 0;
}
}
+
+#if HAVE_GNUTLS
static void
virNetServerClientDispatchHandshake(virNetServerClientPtr client)
{
client->wantClose = true;
}
}
+#endif
static void
virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque)
if (events & (VIR_EVENT_HANDLE_WRITABLE |
VIR_EVENT_HANDLE_READABLE)) {
+#if HAVE_GNUTLS
if (client->tls &&
virNetTLSSessionGetHandshakeStatus(client->tls) !=
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
virNetServerClientDispatchHandshake(client);
} else {
+#endif
if (events & VIR_EVENT_HANDLE_WRITABLE)
virNetServerClientDispatchWrite(client);
if (events & VIR_EVENT_HANDLE_READABLE &&
client->rx)
virNetServerClientDispatchRead(client);
+#if HAVE_GNUTLS
}
+#endif
}
/* NB, will get HANGUP + READABLE at same time upon
int auth,
bool readonly,
size_t nrequests_max,
+# ifdef HAVE_GNUTLS
virNetTLSContextPtr tls,
+# endif
virNetServerClientPrivNew privNew,
virNetServerClientPrivPreExecRestart privPreExecRestart,
virFreeCallback privFree,
int virNetServerClientGetAuth(virNetServerClientPtr client);
bool virNetServerClientGetReadonly(virNetServerClientPtr client);
+# ifdef HAVE_GNUTLS
bool virNetServerClientHasTLSSession(virNetServerClientPtr client);
int virNetServerClientGetTLSKeySize(virNetServerClientPtr client);
+# endif
# ifdef HAVE_SASL
void virNetServerClientSetSASLSession(virNetServerClientPtr client,
bool readonly;
size_t nrequests_client_max;
+#if HAVE_GNUTLS
virNetTLSContextPtr tls;
+#endif
virNetServerServiceDispatchFunc dispatchFunc;
void *dispatchOpaque;
virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename,
const char *service,
int auth,
+#if HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+#endif
bool readonly,
- size_t nrequests_client_max,
- virNetTLSContextPtr tls)
+ size_t nrequests_client_max)
{
virNetServerServicePtr svc;
size_t i;
svc->auth = auth;
svc->readonly = readonly;
svc->nrequests_client_max = nrequests_client_max;
+#if HAVE_GNUTLS
svc->tls = virObjectRef(tls);
+#endif
if (virNetSocketNewListenTCP(nodename,
service,
mode_t mask,
gid_t grp,
int auth,
+#if HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+#endif
bool readonly,
- size_t nrequests_client_max,
- virNetTLSContextPtr tls)
+ size_t nrequests_client_max)
{
virNetServerServicePtr svc;
int i;
svc->auth = auth;
svc->readonly = readonly;
svc->nrequests_client_max = nrequests_client_max;
+#if HAVE_GNUTLS
svc->tls = virObjectRef(tls);
+#endif
svc->nsocks = 1;
if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0)
virNetServerServicePtr virNetServerServiceNewFD(int fd,
int auth,
+#if HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+#endif
bool readonly,
- size_t nrequests_client_max,
- virNetTLSContextPtr tls)
+ size_t nrequests_client_max)
{
virNetServerServicePtr svc;
int i;
svc->auth = auth;
svc->readonly = readonly;
svc->nrequests_client_max = nrequests_client_max;
+#if HAVE_GNUTLS
svc->tls = virObjectRef(tls);
+#endif
svc->nsocks = 1;
if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0)
return svc->nrequests_client_max;
}
+#if HAVE_GNUTLS
virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc)
{
return svc->tls;
}
-
+#endif
void virNetServerServiceSetDispatcher(virNetServerServicePtr svc,
virNetServerServiceDispatchFunc func,
virObjectUnref(svc->socks[i]);
VIR_FREE(svc->socks);
+#if HAVE_GNUTLS
virObjectUnref(svc->tls);
+#endif
}
void virNetServerServiceToggle(virNetServerServicePtr svc,
virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename,
const char *service,
int auth,
+# if HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+# endif
bool readonly,
- size_t nrequests_client_max,
- virNetTLSContextPtr tls);
+ size_t nrequests_client_max);
virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
mode_t mask,
gid_t grp,
int auth,
+# if HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+# endif
bool readonly,
- size_t nrequests_client_max,
- virNetTLSContextPtr tls);
+ size_t nrequests_client_max);
virNetServerServicePtr virNetServerServiceNewFD(int fd,
int auth,
+# if HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+# endif
bool readonly,
- size_t nrequests_client_max,
- virNetTLSContextPtr tls);
+ size_t nrequests_client_max);
virNetServerServicePtr virNetServerServiceNewPostExecRestart(virJSONValuePtr object);
int virNetServerServiceGetAuth(virNetServerServicePtr svc);
bool virNetServerServiceIsReadonly(virNetServerServicePtr svc);
size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc);
+# ifdef HAVE_GNUTLS
virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc);
+# endif
void virNetServerServiceSetDispatcher(virNetServerServicePtr svc,
virNetServerServiceDispatchFunc func,
char *localAddrStr;
char *remoteAddrStr;
+#if HAVE_GNUTLS
virNetTLSSessionPtr tlsSession;
+#endif
#if HAVE_SASL
virNetSASLSessionPtr saslSession;
goto error;
}
#endif
+#if HAVE_GNUTLS
if (sock->tlsSession) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("Unable to save socket state when TLS session is active"));
goto error;
}
+#endif
if (!(object = virJSONValueNewObject()))
goto error;
unlink(sock->localAddr.data.un.sun_path);
#endif
+#if HAVE_GNUTLS
/* Make sure it can't send any more I/O during shutdown */
if (sock->tlsSession)
virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL);
virObjectUnref(sock->tlsSession);
+#endif
#if HAVE_SASL
virObjectUnref(sock->saslSession);
#endif
}
+#if HAVE_GNUTLS
static ssize_t virNetSocketTLSSessionWrite(const char *buf,
size_t len,
void *opaque)
sock);
virMutexUnlock(&sock->lock);
}
-
+#endif
#if HAVE_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock,
#endif
reread:
+#if HAVE_GNUTLS
if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionRead(sock->tlsSession, buf, len);
} else {
+#endif
ret = read(sock->fd, buf, len);
+#if HAVE_GNUTLS
}
+#endif
if ((ret < 0) && (errno == EINTR))
goto reread;
#endif
rewrite:
+#if HAVE_GNUTLS
if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionWrite(sock->tlsSession, buf, len);
} else {
+#endif
ret = write(sock->fd, buf, len);
+#if HAVE_GNUTLS
}
+#endif
if (ret < 0) {
if (errno == EINTR)
# include "virsocketaddr.h"
# include "vircommand.h"
-# include "virnettlscontext.h"
+# ifdef HAVE_GNUTLS
+# include "virnettlscontext.h"
+# endif
# include "virobject.h"
# ifdef HAVE_SASL
# include "virnetsaslcontext.h"
int virNetSocketSendFD(virNetSocketPtr sock, int fd);
int virNetSocketRecvFD(virNetSocketPtr sock, int *fd);
+# ifdef HAVE_GNUTLS
void virNetSocketSetTLSSession(virNetSocketPtr sock,
virNetTLSSessionPtr sess);
+# endif
# ifdef HAVE_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock,
commandtest seclabeltest \
virhashtest virnetmessagetest virnetsockettest \
viratomictest \
- utiltest virnettlscontexttest shunloadtest \
+ utiltest shunloadtest \
virtimetest viruritest virkeyfiletest \
virauthconfigtest \
virbitmaptest \
sysinfotest \
$(NULL)
+if HAVE_GNUTLS
+test_programs += virnettlscontexttest
+endif
+
if WITH_SECDRIVER_SELINUX
test_programs += securityselinuxtest
endif
virnetsockettest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
virnetsockettest_LDADD = $(LDADDS)
+if HAVE_GNUTLS
virnettlscontexttest_SOURCES = \
virnettlscontexttest.c testutils.h testutils.c
virnettlscontexttest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
else
EXTRA_DIST += pkix_asn1_tab.c
endif
+else
+EXTRA_DIST += \
+ virnettlscontexttest.c testutils.h testutils.c pkix_asn1_tab.c
+endif
virtimetest_SOURCES = \
virtimetest.c testutils.h testutils.c