NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add dtrace static probes in libvirtd

Browse Source 
Adds initial support for dtrace static probes in libvirtd
daemon, assuming use of systemtap dtrace compat shim on
Linux. The probes are inserted for network client connect,
disconnect, TLS handshake states and authentication protocol
states.

This can be tested by running the xample program and then
attempting to connect with any libvirt client (virsh,
virt-manager, etc).

 # stap examples/systemtap/client.stp
  Client fd=44 connected readonly=0
  Client fd=44 auth polkit deny pid:24997,uid:500
  Client fd=44 disconnected
  Client fd=46 connected readonly=1
  Client fd=46 auth sasl allow test
  Client fd=46 disconnected

The libvirtd.stp file should also really not be required,
since it is duplicated info that is already available in
the main probes.d definition file. A script to autogenerate
the .stp file is needed, either in libvirtd tree, or better
as part of systemtap itself.

* Makefile.am: Add examples/systemtap subdir
* autobuild.sh: Disable dtrace for mingw32
* configure.ac: Add check for dtrace
* daemon/.gitignore: Ignore generated dtrace probe file
* daemon/Makefile.am: Build dtrace probe header & object
  files
* daemon/libvirtd.stp: SystemTAP convenience probeset
* daemon/libvirtd.c: Add connect/disconnect & TLS probes
* daemon/remote.c: Add SASL and PolicyKit auth probes
* daemon/probes.d: Master probe definition
* daemon/libvirtd.h: Add convenience macro for probes
  so that compilation is a no-op when dtrace is not available
* examples/systemtap/Makefile.am, examples/systemtap/client.stp
  Example systemtap script using dtrace probe markers
* libvirt.spec.in: Enable dtrace on F13/RHEL6
* mingw32-libvirt.spec.in: Force disable dtrace
This commit is contained in:
Daniel P. Berrange
2010-09-14 17:30:32 +01:00
parent 9afa006082
commit 968eb4e5cd
14 changed files with 222 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
daemon/remote.c
View File

@@ -3791,6 +3791,7 @@ remoteDispatchAuthSaslInit (struct qemud_server *server,
authfail:
remoteDispatchAuthError(rerr);
error:
PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_SASL);
virMutexUnlock(&client->lock);
return -1;
}
@@ -3977,6 +3978,8 @@ remoteDispatchAuthSaslStart (struct qemud_server *server,
}
REMOTE_DEBUG("Authentication successful %d", client->fd);
PROBE(CLIENT_AUTH_ALLOW, "fd=%d, auth=%d, username=%s",
client->fd, REMOTE_AUTH_SASL, client->saslUsername);
ret->complete = 1;
client->auth = REMOTE_AUTH_NONE;
}
@@ -3985,10 +3988,13 @@ remoteDispatchAuthSaslStart (struct qemud_server *server,
return 0;
authfail:
PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_SASL);
remoteDispatchAuthError(rerr);
goto error;
authdeny:
PROBE(CLIENT_AUTH_DENY, "fd=%d, auth=%d, username=%s",
client->fd, REMOTE_AUTH_SASL, client->saslUsername);
goto error;
error:
@@ -4073,6 +4079,8 @@ remoteDispatchAuthSaslStep (struct qemud_server *server,
}
REMOTE_DEBUG("Authentication successful %d", client->fd);
PROBE(CLIENT_AUTH_ALLOW, "fd=%d, auth=%d, username=%s",
client->fd, REMOTE_AUTH_SASL, client->saslUsername);
ret->complete = 1;
client->auth = REMOTE_AUTH_NONE;
}
@@ -4081,10 +4089,13 @@ remoteDispatchAuthSaslStep (struct qemud_server *server,
return 0;
authfail:
PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_SASL);
remoteDispatchAuthError(rerr);
goto error;
authdeny:
PROBE(CLIENT_AUTH_DENY, "fd=%d, auth=%d, username=%s",
client->fd, REMOTE_AUTH_SASL, client->saslUsername);
goto error;
error:
@@ -4104,6 +4115,7 @@ remoteDispatchAuthSaslInit (struct qemud_server *server ATTRIBUTE_UNUSED,
remote_auth_sasl_init_ret *ret ATTRIBUTE_UNUSED)
{
VIR_ERROR0(_("client tried unsupported SASL init request"));
PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_SASL);
remoteDispatchAuthError(rerr);
return -1;
}
@@ -4118,6 +4130,7 @@ remoteDispatchAuthSaslStart (struct qemud_server *server ATTRIBUTE_UNUSED,
remote_auth_sasl_start_ret *ret ATTRIBUTE_UNUSED)
{
VIR_ERROR0(_("client tried unsupported SASL start request"));
PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_SASL);
remoteDispatchAuthError(rerr);
return -1;
}
@@ -4132,6 +4145,7 @@ remoteDispatchAuthSaslStep (struct qemud_server *server ATTRIBUTE_UNUSED,
remote_auth_sasl_step_ret *ret ATTRIBUTE_UNUSED)
{
VIR_ERROR0(_("client tried unsupported SASL step request"));
PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_SASL);
remoteDispatchAuthError(rerr);
return -1;
}
@@ -4208,6 +4222,8 @@ remoteDispatchAuthPolkit (struct qemud_server *server,
action, callerPid, callerUid, status);
goto authdeny;
}
PROBE(CLIENT_AUTH_ALLOW, "fd=%d, auth=%d, username=%s",
client->fd, REMOTE_AUTH_POLKIT, ident);
VIR_INFO(_("Policy allowed action %s from pid %d, uid %d"),
action, callerPid, callerUid);
ret->complete = 1;
@@ -4217,9 +4233,12 @@ remoteDispatchAuthPolkit (struct qemud_server *server,
return 0;
authfail:
PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_POLKIT);
goto error;
authdeny:
PROBE(CLIENT_AUTH_DENY, "fd=%d, auth=%d, username=%s",
client->fd, REMOTE_AUTH_POLKIT, ident);
goto error;
error:
@@ -4333,6 +4352,8 @@ remoteDispatchAuthPolkit (struct qemud_server *server,
polkit_result_to_string_representation(pkresult));
goto authdeny;
}
PROBE(CLIENT_AUTH_ALLOW, "fd=%d, auth=%d, username=%s",
client->fd, REMOTE_AUTH_POLKIT, ident);
VIR_INFO(_("Policy allowed action %s from pid %d, uid %d, result %s"),
action, callerPid, callerUid,
polkit_result_to_string_representation(pkresult));
@@ -4343,9 +4364,12 @@ remoteDispatchAuthPolkit (struct qemud_server *server,
return 0;
authfail:
PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_POLKIT);
goto error;
authdeny:
PROBE(CLIENT_AUTH_DENY, "fd=%d, auth=%d, username=%s",
client->fd, REMOTE_AUTH_POLKIT, ident);
goto error;
error: