[libvirt] VMware ESX: Add no_verify query parameter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Adds a no_verify query parameter to stop libcurl from verifying the
server certificate for the https transport.

Idea from Tom Hughes.

Regards,
  Matthias

diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
index aa73e46..8f1ebfb 100644
--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
@@ -70,8 +70,21 @@ typedef struct _esxPrivate {
 
 
 /*
- * URI format: esx://[<user>@]<server>[?transport={http|https}][&vcenter=<vcenter>]
+ * URI format: esx://[<user>@]<server>[?transport={http|https}][&vcenter=<vcenter>][&no_verify={0|1}]
  *             esx:///phantom
+ *
+ * If no transport parameter is specified https is used.
+ *
+ * The vcenter parameter is only necessary for migration, because the vCenter
+ * server is in charge to initiate a migration between two ESX hosts.
+ *
+ * If the no_verify parameter is set to 1, this disables libcurl client checks
+ * of the server's certificate.
+ *
+ * The esx:///phantom URI may be used for tasks that don't require an actual
+ * connection to the hypervisor like domxml-{from,to}-native:
+ *
+ * virsh -c esx:///phantom domxml-from-native vmware-vmx dummy.vmx
  */
 static virDrvOpenStatus
 esxOpen(virConnectPtr conn, virConnectAuthPtr auth, int flags ATTRIBUTE_UNUSED)
@@ -80,9 +93,10 @@ esxOpen(virConnectPtr conn, virConnectAuthPtr auth, int flags ATTRIBUTE_UNUSED)
     char dummy_string[NI_MAXHOST] = "";
     char *url = NULL;
     char *vcenter = NULL;
+    int noVerify = 0; // boolean
     char *username = NULL;
     char *password = NULL;
-    int phantom = 0;
+    int phantom = 0; // boolean
 
     /* Decline if the URI is NULL or the scheme is not 'esx' */
     if (conn->uri == NULL || conn->uri->scheme == NULL ||
@@ -120,7 +134,8 @@ esxOpen(virConnectPtr conn, virConnectAuthPtr auth, int flags ATTRIBUTE_UNUSED)
 
     /* Request credentials and login to non-phantom host/vCenter */
     if (! phantom) {
-        if (esxUtil_ParseQuery(conn, &priv->transport, &vcenter) < 0) {
+        if (esxUtil_ParseQuery(conn, &priv->transport, &vcenter,
+                               &noVerify) < 0) {
             goto failure;
         }
 
@@ -169,7 +184,7 @@ esxOpen(virConnectPtr conn, virConnectAuthPtr auth, int flags ATTRIBUTE_UNUSED)
         }
 
         if (esxVI_Context_Connect(conn, priv->host, url, username,
-                                  password) < 0) {
+                                  password, noVerify) < 0) {
             goto failure;
         }
 
@@ -205,7 +220,7 @@ esxOpen(virConnectPtr conn, virConnectAuthPtr auth, int flags ATTRIBUTE_UNUSED)
             }
 
             if (esxVI_Context_Connect(conn, priv->vcenter, url, username,
-                                      password) < 0) {
+                                      password, noVerify) < 0) {
                 goto failure;
             }
 
@@ -2547,7 +2562,7 @@ esxDomainMigratePrepare(virConnectPtr dconn,
     char *transport = NULL;
 
     if (uri_in == NULL) {
-        if (esxUtil_ParseQuery(dconn, &transport, NULL) < 0) {
+        if (esxUtil_ParseQuery(dconn, &transport, NULL, NULL) < 0) {
             return -1;
         }
 
diff --git a/src/esx/esx_util.c b/src/esx/esx_util.c
index bd931bf..5c87ea3 100644
--- a/src/esx/esx_util.c
+++ b/src/esx/esx_util.c
@@ -127,7 +127,8 @@ esxUtil_RequestPassword(virConnectAuthPtr auth, const char *username,
 
 
 int
-esxUtil_ParseQuery(virConnectPtr conn, char **transport, char **vcenter)
+esxUtil_ParseQuery(virConnectPtr conn, char **transport, char **vcenter,
+                   int *noVerify)
 {
     int result = 0;
     int i;
@@ -176,6 +177,15 @@ esxUtil_ParseQuery(virConnectPtr conn, char **transport, char **vcenter)
                 virReportOOMError(conn);
                 goto failure;
             }
+        } else if (STRCASEEQ(queryParam->name, "no_verify") &&
+                   noVerify != NULL) {
+            if (virStrToLong_i(queryParam->value, NULL, 10, noVerify) < 0 ||
+                (*noVerify != 0 && *noVerify != 1)) {
+                ESX_ERROR(conn, VIR_ERR_INVALID_ARG,
+                          "Query parameter 'no_verify' has unexpected value "
+                          "'%s' (should be 0 or 1)", queryParam->value);
+                goto failure;
+            }
         } else {
             VIR_WARN("Ignoring unexpected query parameter '%s'",
                      queryParam->name);
diff --git a/src/esx/esx_util.h b/src/esx/esx_util.h
index f746231..7e39717 100644
--- a/src/esx/esx_util.h
+++ b/src/esx/esx_util.h
@@ -35,7 +35,8 @@ char *esxUtil_RequestUsername(virConnectAuthPtr auth,
 char *esxUtil_RequestPassword(virConnectAuthPtr auth, const char *username,
                               const char *server);
 
-int esxUtil_ParseQuery(virConnectPtr conn, char **transport, char **vcenter);
+int esxUtil_ParseQuery(virConnectPtr conn, char **transport, char **vcenter,
+                       int *noVerify);
 
 int esxUtil_ParseVirtualMachineIDString(const char *id_string, int *id);
 
diff --git a/src/esx/esx_vi.c b/src/esx/esx_vi.c
index 4b083c6..18e11e7 100644
--- a/src/esx/esx_vi.c
+++ b/src/esx/esx_vi.c
@@ -188,7 +188,7 @@ _esxVI_CURL_Debug(CURL *curl ATTRIBUTE_UNUSED, curl_infotype type,
 
 int
 esxVI_Context_Connect(virConnectPtr conn, esxVI_Context *ctx, const char *url,
-                      const char *username, const char *password)
+                      const char *username, const char *password, int noVerify)
 {
     int result = 0;
     esxVI_String *propertyNameList = NULL;
@@ -238,6 +238,7 @@ esxVI_Context_Connect(virConnectPtr conn, esxVI_Context *ctx, const char *url,
     curl_easy_setopt(ctx->curl_handle, CURLOPT_USERAGENT, "libvirt-esx");
     curl_easy_setopt(ctx->curl_handle, CURLOPT_HEADER, 0);
     curl_easy_setopt(ctx->curl_handle, CURLOPT_FOLLOWLOCATION, 1);
+    curl_easy_setopt(ctx->curl_handle, CURLOPT_SSL_VERIFYPEER, noVerify ? 0 : 1);
     curl_easy_setopt(ctx->curl_handle, CURLOPT_COOKIEFILE, "");
     curl_easy_setopt(ctx->curl_handle, CURLOPT_HTTPHEADER, ctx->curl_headers);
     curl_easy_setopt(ctx->curl_handle, CURLOPT_WRITEFUNCTION,
diff --git a/src/esx/esx_vi.h b/src/esx/esx_vi.h
index a9343fb..efef101 100644
--- a/src/esx/esx_vi.h
+++ b/src/esx/esx_vi.h
@@ -63,7 +63,7 @@ int esxVI_Context_Alloc(virConnectPtr conn, esxVI_Context **ctx);
 void esxVI_Context_Free(esxVI_Context **ctx);
 int esxVI_Context_Connect(virConnectPtr conn, esxVI_Context *ctx,
                           const char *url, const char *username,
-                          const char *password);
+                          const char *password, int noVerify);
 int esxVI_Context_Download(virConnectPtr conn, esxVI_Context *ctx,
                            const char *url, char **content);
 

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]