[PATCHv2 1/5] virnetserver: Introduce virNetServerUpdateTlsFiles
Daniel P. Berrangé
berrange at redhat.com
Wed Mar 11 16:18:39 UTC 2020
On Sat, Mar 07, 2020 at 07:31:00PM +0800, Zhang Bo wrote:
> Add an API to update server's tls context.
> ---
> src/libvirt_remote.syms | 1 +
> src/rpc/virnetserver.c | 51 ++++++++++++++++++++++++++++++++++++++
> src/rpc/virnetserver.h | 2 ++
> src/rpc/virnettlscontext.c | 46 ++++++++++++++++++++++++++++++++++
> src/rpc/virnettlscontext.h | 3 +++
> 5 files changed, 103 insertions(+)
>
> diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms
> index 0493467f46..0018a0c41d 100644
> --- a/src/libvirt_remote.syms
> +++ b/src/libvirt_remote.syms
> @@ -137,6 +137,7 @@ virNetServerSetClientLimits;
> virNetServerSetThreadPoolParameters;
> virNetServerSetTLSContext;
> virNetServerUpdateServices;
> +virNetServerUpdateTlsFiles;
>
>
> # rpc/virnetserverclient.h
> diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
> index 072ffdf5a3..0bfe94d3f8 100644
> --- a/src/rpc/virnetserver.c
> +++ b/src/rpc/virnetserver.c
> @@ -21,6 +21,9 @@
>
> #include <config.h>
>
> +#include <sys/types.h>
> +#include <unistd.h>
We use virutil.h for geteuid() definition.
> +
> #include "virnetserver.h"
> #include "virlog.h"
> #include "viralloc.h"
> @@ -1205,3 +1208,51 @@ virNetServerSetClientLimits(virNetServerPtr srv,
> virObjectUnlock(srv);
> return ret;
> }
> +
> +static virNetTLSContextPtr
> +virNetServerGetTLSContext(virNetServerPtr srv)
> +{
> + size_t i;
> + virNetTLSContextPtr ctxt = NULL;
> + virNetServerServicePtr svc = NULL;
> +
> + /* find svcTLS from srv, get svcTLS->tls */
> + for (i = 0; i < srv->nservices; i++) {
> + svc = srv->services[i];
> + ctxt = virNetServerServiceGetTLSContext(svc);
> + if (ctxt != NULL)
> + break;
> + }
> +
> + return ctxt;
> +}
> +
> +int
> +virNetServerUpdateTlsFiles(virNetServerPtr srv)
> +{
> + int ret = -1;
> + virNetTLSContextPtr ctxt = NULL;
> + bool privileged = geteuid() == 0 ? true : false;
> +
> + ctxt = virNetServerGetTLSContext(srv);
> + if (!ctxt) {
> + VIR_ERROR(_("no tls svc found, unable to update tls files"));
Should be a virReportError
> + return -1;
> + }
> +
> + virObjectLock(srv);
> + virObjectLock(ctxt);
> +
> + if (virNetTLSContextReloadForServer(ctxt, !privileged)) {
> + VIR_ERROR(_("failed to reload server's tls context"));
VIR_DEBUG is sufficient
> + goto cleanup;
> + }
> +
> + VIR_INFO("update tls files success");
> + ret = 0;
> +
> + cleanup:
> + virObjectUnlock(ctxt);
> + virObjectUnlock(srv);
> + return ret;
> +}
Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list