Re: [libvirt] [PATCH v9 4/5] qemu: Add a secret object to/for a chardev tcp with secret
On 10/17/2016 10:11 AM, Pavel Hrdina wrote: > On Fri, Oct 14, 2016 at 04:23:07PM -0400, John Ferlan wrote: >> Add the secret object prior to the chardev tcp so the 'passwordid=' can >> be added if the domain XML has a for the chardev TLS. >> >> Signed-off-by: John Ferlan>> --- >> src/qemu/qemu_command.c| 32 ++- >> src/qemu/qemu_command.h| 1 + >> src/qemu/qemu_domain.c | 99 >> +- >> src/qemu/qemu_domain.h | 16 +++- >> src/qemu/qemu_hotplug.c| 1 + >> src/qemu/qemu_process.c| 6 +- >> ...xml2argv-serial-tcp-tlsx509-secret-chardev.args | 38 + >> ...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml | 50 +++ >> tests/qemuxml2argvtest.c | 18 >> 9 files changed, 252 insertions(+), 9 deletions(-) >> create mode 100644 >> tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args >> create mode 100644 >> tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml >> >> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c >> index aaf7018..b2dfee0 100644 >> --- a/src/qemu/qemu_command.c >> +++ b/src/qemu/qemu_command.c >> @@ -695,6 +695,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf, >> * @tlspath: path to the TLS credentials >> * @listen: boolen listen for client or server setting >> * @verifypeer: boolean to enable peer verification (form of authorization) >> + * @secalias: if one exists, the alias of the security object for passwordid >> * @qemuCaps: capabilities >> * @propsret: json properties to return >> * >> @@ -706,6 +707,7 @@ int >> qemuBuildTLSx509BackendProps(const char *tlspath, >> bool isListen, >> bool verifypeer, >> + const char *secalias, >> virQEMUCapsPtr qemuCaps, >> virJSONValuePtr *propsret) >> { >> @@ -731,6 +733,10 @@ qemuBuildTLSx509BackendProps(const char *tlspath, >> NULL) < 0) >> goto cleanup; >> >> +if (secalias && >> +virJSONValueObjectAdd(*propsret, "s:passwordid", secalias, NULL) < >> 0) >> +goto cleanup; >> + >> ret = 0; >> >> cleanup: >> @@ -745,6 +751,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath, >> * @tlspath: path to the TLS credentials >> * @listen: boolen listen for client or server setting >> * @verifypeer: boolean to enable peer verification (form of authorization) >> + * @addpasswordid: boolean to handle adding passwordid to object >> * @inalias: Alias for the parent to generate object alias >> * @qemuCaps: capabilities >> * >> @@ -757,6 +764,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, >> const char *tlspath, >> bool isListen, >> bool verifypeer, >> +bool addpasswordid, >> const char *inalias, >> virQEMUCapsPtr qemuCaps) >> { >> @@ -764,11 +772,16 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, >> char *objalias = NULL; >> virJSONValuePtr props = NULL; >> char *tmp = NULL; >> +char *secalias = NULL; >> >> -if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, >> - qemuCaps, ) < 0) >> +if (addpasswordid && >> +!(secalias = qemuDomainGetSecretAESAlias(inalias, false))) >> return -1; >> >> +if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, >> secalias, >> + qemuCaps, ) < 0) >> +goto cleanup; >> + >> if (!(objalias = qemuAliasTLSObjFromChardevAlias(inalias))) >> goto cleanup; >> >> @@ -784,6 +797,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, >> virJSONValueFree(props); >> VIR_FREE(objalias); >> VIR_FREE(tmp); >> +VIR_FREE(secalias); >> return ret; >> } >> >> @@ -4946,6 +4960,7 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager, >> if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir, >> dev->data.tcp.listen, >> cfg->chardevTLSx509verify, >> +!!cfg->chardevTLSx509secretUUID, >> alias, qemuCaps) < 0) >> goto error; >> >> @@ -8542,6 +8557,19 @@ qemuBuildSerialCommandLine(virLogManagerPtr >> logManager, >> >> /* Use -chardev with -device if they are available */ >> if (virQEMUCapsSupportsChardev(def, qemuCaps, serial)) { >> +qemuDomainChardevPrivatePtr chardevPriv = >> +
Re: [libvirt] [PATCH v9 4/5] qemu: Add a secret object to/for a chardev tcp with secret
On Fri, Oct 14, 2016 at 04:23:07PM -0400, John Ferlan wrote: > Add the secret object prior to the chardev tcp so the 'passwordid=' can > be added if the domain XML has a for the chardev TLS. > > Signed-off-by: John Ferlan> --- > src/qemu/qemu_command.c| 32 ++- > src/qemu/qemu_command.h| 1 + > src/qemu/qemu_domain.c | 99 > +- > src/qemu/qemu_domain.h | 16 +++- > src/qemu/qemu_hotplug.c| 1 + > src/qemu/qemu_process.c| 6 +- > ...xml2argv-serial-tcp-tlsx509-secret-chardev.args | 38 + > ...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml | 50 +++ > tests/qemuxml2argvtest.c | 18 > 9 files changed, 252 insertions(+), 9 deletions(-) > create mode 100644 > tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args > create mode 100644 > tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml > > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c > index aaf7018..b2dfee0 100644 > --- a/src/qemu/qemu_command.c > +++ b/src/qemu/qemu_command.c > @@ -695,6 +695,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf, > * @tlspath: path to the TLS credentials > * @listen: boolen listen for client or server setting > * @verifypeer: boolean to enable peer verification (form of authorization) > + * @secalias: if one exists, the alias of the security object for passwordid > * @qemuCaps: capabilities > * @propsret: json properties to return > * > @@ -706,6 +707,7 @@ int > qemuBuildTLSx509BackendProps(const char *tlspath, > bool isListen, > bool verifypeer, > + const char *secalias, > virQEMUCapsPtr qemuCaps, > virJSONValuePtr *propsret) > { > @@ -731,6 +733,10 @@ qemuBuildTLSx509BackendProps(const char *tlspath, > NULL) < 0) > goto cleanup; > > +if (secalias && > +virJSONValueObjectAdd(*propsret, "s:passwordid", secalias, NULL) < 0) > +goto cleanup; > + > ret = 0; > > cleanup: > @@ -745,6 +751,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath, > * @tlspath: path to the TLS credentials > * @listen: boolen listen for client or server setting > * @verifypeer: boolean to enable peer verification (form of authorization) > + * @addpasswordid: boolean to handle adding passwordid to object > * @inalias: Alias for the parent to generate object alias > * @qemuCaps: capabilities > * > @@ -757,6 +764,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, > const char *tlspath, > bool isListen, > bool verifypeer, > +bool addpasswordid, > const char *inalias, > virQEMUCapsPtr qemuCaps) > { > @@ -764,11 +772,16 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, > char *objalias = NULL; > virJSONValuePtr props = NULL; > char *tmp = NULL; > +char *secalias = NULL; > > -if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, > - qemuCaps, ) < 0) > +if (addpasswordid && > +!(secalias = qemuDomainGetSecretAESAlias(inalias, false))) > return -1; > > +if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, secalias, > + qemuCaps, ) < 0) > +goto cleanup; > + > if (!(objalias = qemuAliasTLSObjFromChardevAlias(inalias))) > goto cleanup; > > @@ -784,6 +797,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, > virJSONValueFree(props); > VIR_FREE(objalias); > VIR_FREE(tmp); > +VIR_FREE(secalias); > return ret; > } > > @@ -4946,6 +4960,7 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager, > if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir, > dev->data.tcp.listen, > cfg->chardevTLSx509verify, > +!!cfg->chardevTLSx509secretUUID, > alias, qemuCaps) < 0) > goto error; > > @@ -8542,6 +8557,19 @@ qemuBuildSerialCommandLine(virLogManagerPtr logManager, > > /* Use -chardev with -device if they are available */ > if (virQEMUCapsSupportsChardev(def, qemuCaps, serial)) { > +qemuDomainChardevPrivatePtr chardevPriv = > +QEMU_DOMAIN_CHARDEV_PRIVATE(serial); > +qemuDomainSecretInfoPtr secinfo = chardevPriv->secinfo; > + > +/* Add the secret object first if
[libvirt] [PATCH v9 4/5] qemu: Add a secret object to/for a chardev tcp with secret
Add the secret object prior to the chardev tcp so the 'passwordid=' can be added if the domain XML has a for the chardev TLS. Signed-off-by: John Ferlan--- src/qemu/qemu_command.c| 32 ++- src/qemu/qemu_command.h| 1 + src/qemu/qemu_domain.c | 99 +- src/qemu/qemu_domain.h | 16 +++- src/qemu/qemu_hotplug.c| 1 + src/qemu/qemu_process.c| 6 +- ...xml2argv-serial-tcp-tlsx509-secret-chardev.args | 38 + ...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml | 50 +++ tests/qemuxml2argvtest.c | 18 9 files changed, 252 insertions(+), 9 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index aaf7018..b2dfee0 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -695,6 +695,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf, * @tlspath: path to the TLS credentials * @listen: boolen listen for client or server setting * @verifypeer: boolean to enable peer verification (form of authorization) + * @secalias: if one exists, the alias of the security object for passwordid * @qemuCaps: capabilities * @propsret: json properties to return * @@ -706,6 +707,7 @@ int qemuBuildTLSx509BackendProps(const char *tlspath, bool isListen, bool verifypeer, + const char *secalias, virQEMUCapsPtr qemuCaps, virJSONValuePtr *propsret) { @@ -731,6 +733,10 @@ qemuBuildTLSx509BackendProps(const char *tlspath, NULL) < 0) goto cleanup; +if (secalias && +virJSONValueObjectAdd(*propsret, "s:passwordid", secalias, NULL) < 0) +goto cleanup; + ret = 0; cleanup: @@ -745,6 +751,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath, * @tlspath: path to the TLS credentials * @listen: boolen listen for client or server setting * @verifypeer: boolean to enable peer verification (form of authorization) + * @addpasswordid: boolean to handle adding passwordid to object * @inalias: Alias for the parent to generate object alias * @qemuCaps: capabilities * @@ -757,6 +764,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, const char *tlspath, bool isListen, bool verifypeer, +bool addpasswordid, const char *inalias, virQEMUCapsPtr qemuCaps) { @@ -764,11 +772,16 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, char *objalias = NULL; virJSONValuePtr props = NULL; char *tmp = NULL; +char *secalias = NULL; -if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, - qemuCaps, ) < 0) +if (addpasswordid && +!(secalias = qemuDomainGetSecretAESAlias(inalias, false))) return -1; +if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, secalias, + qemuCaps, ) < 0) +goto cleanup; + if (!(objalias = qemuAliasTLSObjFromChardevAlias(inalias))) goto cleanup; @@ -784,6 +797,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, virJSONValueFree(props); VIR_FREE(objalias); VIR_FREE(tmp); +VIR_FREE(secalias); return ret; } @@ -4946,6 +4960,7 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager, if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir, dev->data.tcp.listen, cfg->chardevTLSx509verify, +!!cfg->chardevTLSx509secretUUID, alias, qemuCaps) < 0) goto error; @@ -8542,6 +8557,19 @@ qemuBuildSerialCommandLine(virLogManagerPtr logManager, /* Use -chardev with -device if they are available */ if (virQEMUCapsSupportsChardev(def, qemuCaps, serial)) { +qemuDomainChardevPrivatePtr chardevPriv = +QEMU_DOMAIN_CHARDEV_PRIVATE(serial); +qemuDomainSecretInfoPtr secinfo = chardevPriv->secinfo; + +/* Add the secret object first if necessary. The + * secinfo is added only to a TCP serial device during + * qemuDomainSecretChardevPrepare. Subsequent called + * functions can just check the config fields */ +if (cfg->chardevTLS && cfg->chardevTLSx509secretUUID && +