Fix SSH tunnelling

Fix crash when no auth callback
2008-01-19 02:20:33 +00:00 · 2008-01-14 04:15:37 +00:00 · 2008-01-14 04:15:37 +00:00 · 2008-01-02 21:58:20 +00:00 · 2007-12-18 11:48:23 +00:00
6 changed files with 214 additions and 4 deletions
--- a/libvirt-0.4.0-auth-null-cb-2.patch
+++ b/libvirt-0.4.0-auth-null-cb-2.patch
@@ -0,0 +1,83 @@
+diff -rupN libvirt-0.4.0.orig/src/remote_internal.c libvirt-0.4.0.new/src/remote_internal.c
+--- libvirt-0.4.0.orig/src/remote_internal.c	2008-01-11 10:39:34.000000000 -0500
+++ libvirt-0.4.0.new/src/remote_internal.c	2008-01-11 10:43:12.000000000 -0500
+@@ -3054,8 +3054,12 @@ remoteAuthSASL (virConnectPtr conn, stru
+     if ((remoteAddr = addrToString(&sa, salen)) == NULL)
+         goto cleanup;
+ 
+-    if ((saslcb = remoteAuthMakeCallbacks(auth->credtype, auth->ncredtype)) == NULL)
+-        goto cleanup;
+    if (auth) {
+        if ((saslcb = remoteAuthMakeCallbacks(auth->credtype, auth->ncredtype)) == NULL)
+            goto cleanup;
+    } else {
+        saslcb = NULL;
+    }
+ 
+     /* Setup a handle for being a client */
+     err = sasl_client_new("libvirt",
+@@ -3168,15 +3172,21 @@ remoteAuthSASL (virConnectPtr conn, stru
+             goto cleanup;
+         }
+         /* Run the authentication callback */
+-        if ((*(auth->cb))(cred, ncred, auth->cbdata) < 0) {
+        if (auth && auth->cb) {
+            if ((*(auth->cb))(cred, ncred, auth->cbdata) < 0) {
+                __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
+                                 VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
+                                 "Failed to collect auth credentials");
+                goto cleanup;
+            }
+            remoteAuthFillInteract(cred, interact);
+            goto restart;
+        } else {
+             __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
+                              VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
+-                             "Failed to collect auth credentials");
+                             "No authentication callback available");
+             goto cleanup;
+-            return -1;
+         }
+-        remoteAuthFillInteract(cred, interact);
+-        goto restart;
+     }
+     free(iret.mechlist);
+ 
+@@ -3240,15 +3250,22 @@ remoteAuthSASL (virConnectPtr conn, stru
+                 return -1;
+             }
+             /* Run the authentication callback */
+-            if ((*(auth->cb))(cred, ncred, auth->cbdata) < 0) {
+            if (auth && auth->cb) {
+                if ((*(auth->cb))(cred, ncred, auth->cbdata) < 0) {
+                    __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
+                                     VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
+                                     "Failed to collect auth credentials");
+                    goto cleanup;
+                    return -1;
+                }
+                remoteAuthFillInteract(cred, interact);
+                goto restep;
+            } else {
+                 __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
+                                  VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
+-                                 "Failed to collect auth credentials");
+                                 "No authentication callback available");
+                 goto cleanup;
+-                return -1;
+             }
+-            remoteAuthFillInteract(cred, interact);
+-            goto restep;
+         }
+ 
+         if (serverin) {
+@@ -3319,7 +3336,8 @@ remoteAuthSASL (virConnectPtr conn, stru
+     if (remoteAddr) free(remoteAddr);
+     if (serverin) free(serverin);
+ 
+-    free(saslcb);
+    if (saslcb)
+        free(saslcb);
+     remoteAuthFreeCredentials(cred, ncred);
+     if (ret != 0 && saslconn)
+         sasl_dispose(&saslconn);
--- a/libvirt-0.4.0-auth-null-cb.patch
+++ b/libvirt-0.4.0-auth-null-cb.patch
@@ -0,0 +1,44 @@
+diff -rup libvirt-0.4.0.orig/src/remote_internal.c libvirt-0.4.0.new/src/remote_internal.c
+--- libvirt-0.4.0.orig/src/remote_internal.c	2007-12-17 16:51:09.000000000 -0500
+++ libvirt-0.4.0.new/src/remote_internal.c	2008-01-02 16:28:44.000000000 -0500
+@@ -3347,24 +3347,26 @@ remoteAuthPolkit (virConnectPtr conn, st
+     };
+     remoteDebug(priv, "Client initialize PolicyKit authentication");
+ 
+-    for (i = 0 ; i < auth->ncredtype ; i++) {
+-        if (auth->credtype[i] == VIR_CRED_EXTERNAL)
+-            allowcb = 1;
+-    }
+    if (auth && auth->cb) {
+        /* Check if the neccessary credential type for PolicyKit is supported */
+        for (i = 0 ; i < auth->ncredtype ; i++) {
+            if (auth->credtype[i] == VIR_CRED_EXTERNAL)
+                allowcb = 1;
+        }
+ 
+-    /* Run the authentication callback */
+-    if (allowcb) {
+-        if (auth && auth->cb &&
+-            (*(auth->cb))(&cred, 1, auth->cbdata) < 0) {
+-            __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
+-                             VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
+-                             "Failed to collect auth credentials");
+-            return -1;
+        if (allowcb) {
+            /* Run the authentication callback */
+            if ((*(auth->cb))(&cred, 1, auth->cbdata) < 0) {
+                __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
+                                 VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
+                                 "Failed to collect auth credentials");
+                return -1;
+            }
+         } else {
+-            remoteDebug(priv, "No auth callback provided for PolicyKit");
+            remoteDebug(priv, "Client auth callback does not support PolicyKit");
+         }
+     } else {
+-        remoteDebug(priv, "Client auth callback does not support PolicyKit");
+        remoteDebug(priv, "No auth callback provided");
+     }
+ 
+     memset (&ret, 0, sizeof ret);
--- a/libvirt-0.4.0-conffile-size.patch
+++ b/libvirt-0.4.0-conffile-size.patch
@@ -0,0 +1,12 @@
+diff -rup libvirt-0.4.0.orig/src/conf.c libvirt-0.4.0.new/src/conf.c
+--- libvirt-0.4.0.orig/src/conf.c	2007-12-12 08:30:49.000000000 -0500
+++ libvirt-0.4.0.new/src/conf.c	2008-01-02 16:30:12.000000000 -0500
+@@ -705,7 +705,7 @@ error:
+ virConfPtr
+ __virConfReadFile(const char *filename)
+ {
+-    char content[4096];
+    char content[8192];
+     int fd;
+     int len;
+ 
--- a/libvirt-0.4.0-remote-ssh.patch
+++ b/libvirt-0.4.0-remote-ssh.patch
@@ -0,0 +1,17 @@
+diff -rup libvirt-0.4.0.orig/src/remote_internal.c libvirt-0.4.0.new/src/remote_internal.c
+--- libvirt-0.4.0.orig/src/remote_internal.c	2008-01-14 19:32:25.000000000 -0500
+++ libvirt-0.4.0.new/src/remote_internal.c	2008-01-14 19:32:42.000000000 -0500
+@@ -677,11 +677,12 @@ doRemoteOpen (virConnectPtr conn,
+         cmd_argv[j++] = strdup (sockname ? sockname : LIBVIRTD_PRIV_UNIX_SOCKET);
+         cmd_argv[j++] = 0;
+         assert (j == nr_args);
+-        for (j = 0; j < nr_args; j++)
+        for (j = 0; j < (nr_args-1); j++) {
+             if (cmd_argv[j] == NULL) {
+                 error (conn, VIR_ERR_SYSTEM_ERROR, strerror (ENOMEM));
+                 goto failed;
+             }
+        }
+     }
+ 
+         /*FALLTHROUGH*/
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -1,12 +1,24 @@
 # -*- rpm-spec -*-

+%if "%{fedora}" >= "8"
+%define with_polkit 1
+%define with_proxy no
+%else
+%define with_polkit 0
+%define with_proxy yes
+%endif
+
 Summary: Library providing a simple API virtualization
 Name: libvirt
-Version: 0.3.3
-Release: 1%{?dist}%{?extra_release}
+Version: 0.4.0
+Release: 4%{?dist}%{?extra_release}
 License: LGPL
 Group: Development/Libraries
 Source: libvirt-%{version}.tar.gz
+Patch1: libvirt-%{version}-auth-null-cb.patch
+Patch2: libvirt-%{version}-conffile-size.patch
+Patch3: libvirt-%{version}-auth-null-cb-2.patch
+Patch4: libvirt-%{version}-remote-ssh.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 URL: http://libvirt.org/
 BuildRequires: python python-devel
@@ -16,6 +28,17 @@ Requires: ncurses
 Requires: dnsmasq
 Requires: bridge-utils
 Requires: iptables
+# So remote clients can access libvirt over SSH tunnel
+# (client invokes 'nc' against the UNIX socket on the server)
+Requires: nc
+Requires: cyrus-sasl
+# Not technically required, but makes 'out-of-box' config
+# work correctly & doesn't have onerous dependancies
+Requires: cyrus-sasl-md5
+%if %{with_polkit}
+Requires: PolicyKit >= 0.6
+%endif
+
 BuildRequires: xen-devel
 BuildRequires: libxml2-devel
 BuildRequires: readline-devel
@@ -25,6 +48,10 @@ BuildRequires: gnutls-devel
 BuildRequires: avahi-devel
 BuildRequires: dnsmasq
 BuildRequires: bridge-utils
+BuildRequires: cyrus-sasl-devel
+%if %{with_polkit}
+BuildRequires: PolicyKit-devel >= 0.6
+%endif
 Obsoletes: libvir
 ExclusiveArch: i386 x86_64 ia64

@@ -41,7 +68,6 @@ Group: Development/Libraries
 Requires: libvirt = %{version}
 Requires: pkgconfig
 Requires: xen-devel
-Requires: gnutls-devel
 Obsoletes: libvir-devel

 %description devel
@@ -62,6 +88,10 @@ of recent versions of Linux (and other OSes).

 %prep
 %setup -q
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1

 %build
 %configure --with-init-script=redhat --with-qemud-pid-file=%{_localstatedir}/run/libvirt_qemud.pid --with-remote-file=%{_localstatedir}/run/libvirtd.pid
@@ -134,13 +164,21 @@ fi
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/autostart
 %{_sysconfdir}/rc.d/init.d/libvirtd
 %config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
+%config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
+%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
+%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
 %dir %{_datadir}/libvirt/
 %dir %{_datadir}/libvirt/networks/
 %{_datadir}/libvirt/networks/default.xml
 %dir %{_localstatedir}/run/libvirt/
 %dir %{_localstatedir}/lib/libvirt/
+%if %{with_polkit}
+%{_datadir}/PolicyKit/policy/libvirtd.policy
+%endif
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
+%if %{with_proxy} == "yes"
 %attr(4755, root, root) %{_libexecdir}/libvirt_proxy
+%endif
 %attr(0755, root, root) %{_sbindir}/libvirtd
 %doc docs/*.rng
 %doc docs/*.xml
@@ -173,6 +211,22 @@ fi
 %doc docs/examples/python

 %changelog
+* Fri Jan 18 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.0-4.fc7
+- Fix SSH tunnelling (rhbz #428743)
+
+* Sun Jan 13 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.0-3.fc7
+- Fix crash when no auth callback
+
+* Wed Jan  2 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.0-2.fc7
+- Fix reading large config files (rhbz #426425)
+
+* Tue Dec 18 2007 Daniel Veillard <veillard@redhat.com> - 0.4.0-1.fc7
+- Release of 0.4.0
+- SASL based authentication
+- improved NUMA and statistics support
+- lots of assorted improvements, bugfixes and cleanups
+- documentation and localization improvements
+
 * Tue Oct  9 2007 Daniel Veillard <veillard@redhat.com> - 0.3.3-1.fc7
 - Release of 0.3.3
 - Avahi support
--- a/2
+++ b/2
@@ -1 +1 @@
-583fa13938df63bd404cc1b7cf553874  libvirt-0.3.3.tar.gz
+2f6c6adb62145988f0e5021e5cbd71d3  libvirt-0.4.0.tar.gz
Author	SHA1	Message	Date
Daniel P. Berrange	c332fbbcd5	Fix SSH tunnelling	2008-01-19 02:20:33 +00:00
Daniel P. Berrange	56811db0e1	Fix crash when no auth callback	2008-01-14 04:15:37 +00:00
Daniel P. Berrange	dbca8efc68	Fix crash when no auth callback	2008-01-14 04:15:37 +00:00
Daniel P. Berrange	4230864da9	Fix config file reading	2008-01-02 21:58:20 +00:00
Daniel Veillard	046121a814	Update to 0.4.0, fixes a lot of bugs, Daniel	2007-12-18 11:48:23 +00:00