Re: [PATCHv2 1/5] virnetserver: Introduce virNetServerUpdateTlsFiles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Mar 07, 2020 at 07:31:00PM +0800, Zhang Bo wrote:
> Add an API to update server's tls context.
> ---
>  src/libvirt_remote.syms    |  1 +
>  src/rpc/virnetserver.c     | 51 ++++++++++++++++++++++++++++++++++++++
>  src/rpc/virnetserver.h     |  2 ++
>  src/rpc/virnettlscontext.c | 46 ++++++++++++++++++++++++++++++++++
>  src/rpc/virnettlscontext.h |  3 +++
>  5 files changed, 103 insertions(+)
> 
> diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms
> index 0493467f46..0018a0c41d 100644
> --- a/src/libvirt_remote.syms
> +++ b/src/libvirt_remote.syms
> @@ -137,6 +137,7 @@ virNetServerSetClientLimits;
>  virNetServerSetThreadPoolParameters;
>  virNetServerSetTLSContext;
>  virNetServerUpdateServices;
> +virNetServerUpdateTlsFiles;
>  
>  
>  # rpc/virnetserverclient.h
> diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
> index 072ffdf5a3..0bfe94d3f8 100644
> --- a/src/rpc/virnetserver.c
> +++ b/src/rpc/virnetserver.c
> @@ -21,6 +21,9 @@
>  
>  #include <config.h>
>  
> +#include <sys/types.h>
> +#include <unistd.h>

We use  virutil.h for geteuid() definition.

> +
>  #include "virnetserver.h"
>  #include "virlog.h"
>  #include "viralloc.h"
> @@ -1205,3 +1208,51 @@ virNetServerSetClientLimits(virNetServerPtr srv,
>      virObjectUnlock(srv);
>      return ret;
>  }
> +
> +static virNetTLSContextPtr
> +virNetServerGetTLSContext(virNetServerPtr srv)
> +{
> +    size_t i;
> +    virNetTLSContextPtr ctxt = NULL;
> +    virNetServerServicePtr svc = NULL;
> +
> +    /* find svcTLS from srv, get svcTLS->tls */
> +    for (i = 0; i < srv->nservices; i++) {
> +        svc = srv->services[i];
> +        ctxt = virNetServerServiceGetTLSContext(svc);
> +        if (ctxt != NULL)
> +            break;
> +    }
> +
> +    return ctxt;
> +}
> +
> +int
> +virNetServerUpdateTlsFiles(virNetServerPtr srv)
> +{
> +    int ret = -1;
> +    virNetTLSContextPtr ctxt = NULL;
> +    bool privileged = geteuid() == 0 ? true : false;
> +
> +    ctxt = virNetServerGetTLSContext(srv);
> +    if (!ctxt) {
> +        VIR_ERROR(_("no tls svc found, unable to update tls files"));

Should be a virReportError

> +        return -1;
> +    }
> +
> +    virObjectLock(srv);
> +    virObjectLock(ctxt);
> +
> +    if (virNetTLSContextReloadForServer(ctxt, !privileged)) {
> +        VIR_ERROR(_("failed to reload server's tls context"));

VIR_DEBUG is sufficient

> +        goto cleanup;
> +    }
> +
> +    VIR_INFO("update tls files success");
> +    ret = 0;
> +
> + cleanup:
> +    virObjectUnlock(ctxt);
> +    virObjectUnlock(srv);
> +    return ret;
> +}


Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux