Re: [libvirt] [PATCH v9 4/5] qemu: Add a secret object to/for a chardev tcp with secret

2016-10-17 Thread John Ferlan 


On 10/17/2016 10:11 AM, Pavel Hrdina wrote:
> On Fri, Oct 14, 2016 at 04:23:07PM -0400, John Ferlan wrote:
>> Add the secret object prior to the chardev tcp so the 'passwordid=' can
>> be added if the domain XML has a  for the chardev TLS.
>>
>> Signed-off-by: John Ferlan 
>> ---
>>  src/qemu/qemu_command.c| 32 ++-
>>  src/qemu/qemu_command.h|  1 +
>>  src/qemu/qemu_domain.c | 99 
>> +-
>>  src/qemu/qemu_domain.h | 16 +++-
>>  src/qemu/qemu_hotplug.c|  1 +
>>  src/qemu/qemu_process.c|  6 +-
>>  ...xml2argv-serial-tcp-tlsx509-secret-chardev.args | 38 +
>>  ...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml | 50 +++
>>  tests/qemuxml2argvtest.c   | 18 
>>  9 files changed, 252 insertions(+), 9 deletions(-)
>>  create mode 100644 
>> tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
>>  create mode 100644 
>> tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml
>>
>> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>> index aaf7018..b2dfee0 100644
>> --- a/src/qemu/qemu_command.c
>> +++ b/src/qemu/qemu_command.c
>> @@ -695,6 +695,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
>>   * @tlspath: path to the TLS credentials
>>   * @listen: boolen listen for client or server setting
>>   * @verifypeer: boolean to enable peer verification (form of authorization)
>> + * @secalias: if one exists, the alias of the security object for passwordid
>>   * @qemuCaps: capabilities
>>   * @propsret: json properties to return
>>   *
>> @@ -706,6 +707,7 @@ int
>>  qemuBuildTLSx509BackendProps(const char *tlspath,
>>   bool isListen,
>>   bool verifypeer,
>> + const char *secalias,
>>   virQEMUCapsPtr qemuCaps,
>>   virJSONValuePtr *propsret)
>>  {
>> @@ -731,6 +733,10 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
>>   NULL) < 0)
>>  goto cleanup;
>>  
>> +if (secalias &&
>> +virJSONValueObjectAdd(*propsret, "s:passwordid", secalias, NULL) < 
>> 0)
>> +goto cleanup;
>> +
>>  ret = 0;
>>  
>>   cleanup:
>> @@ -745,6 +751,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
>>   * @tlspath: path to the TLS credentials
>>   * @listen: boolen listen for client or server setting
>>   * @verifypeer: boolean to enable peer verification (form of authorization)
>> + * @addpasswordid: boolean to handle adding passwordid to object
>>   * @inalias: Alias for the parent to generate object alias
>>   * @qemuCaps: capabilities
>>   *
>> @@ -757,6 +764,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
>>  const char *tlspath,
>>  bool isListen,
>>  bool verifypeer,
>> +bool addpasswordid,
>>  const char *inalias,
>>  virQEMUCapsPtr qemuCaps)
>>  {
>> @@ -764,11 +772,16 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
>>  char *objalias = NULL;
>>  virJSONValuePtr props = NULL;
>>  char *tmp = NULL;
>> +char *secalias = NULL;
>>  
>> -if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer,
>> - qemuCaps, ) < 0)
>> +if (addpasswordid &&
>> +!(secalias = qemuDomainGetSecretAESAlias(inalias, false)))
>>  return -1;
>>  
>> +if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, 
>> secalias,
>> + qemuCaps, ) < 0)
>> +goto cleanup;
>> +
>>  if (!(objalias = qemuAliasTLSObjFromChardevAlias(inalias)))
>>  goto cleanup;
>>  
>> @@ -784,6 +797,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
>>  virJSONValueFree(props);
>>  VIR_FREE(objalias);
>>  VIR_FREE(tmp);
>> +VIR_FREE(secalias);
>>  return ret;
>>  }
>>  
>> @@ -4946,6 +4960,7 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager,
>>  if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir,
>>  dev->data.tcp.listen,
>>  cfg->chardevTLSx509verify,
>> +!!cfg->chardevTLSx509secretUUID,
>>  alias, qemuCaps) < 0)
>>  goto error;
>>  
>> @@ -8542,6 +8557,19 @@ qemuBuildSerialCommandLine(virLogManagerPtr 
>> logManager,
>>  
>>  /* Use -chardev with -device if they are available */
>>  if (virQEMUCapsSupportsChardev(def, qemuCaps, serial)) {
>> +qemuDomainChardevPrivatePtr chardevPriv =
>> +

Re: [libvirt] [PATCH v9 4/5] qemu: Add a secret object to/for a chardev tcp with secret

2016-10-17 Thread Pavel Hrdina 
On Fri, Oct 14, 2016 at 04:23:07PM -0400, John Ferlan wrote:
> Add the secret object prior to the chardev tcp so the 'passwordid=' can
> be added if the domain XML has a  for the chardev TLS.
> 
> Signed-off-by: John Ferlan 
> ---
>  src/qemu/qemu_command.c| 32 ++-
>  src/qemu/qemu_command.h|  1 +
>  src/qemu/qemu_domain.c | 99 
> +-
>  src/qemu/qemu_domain.h | 16 +++-
>  src/qemu/qemu_hotplug.c|  1 +
>  src/qemu/qemu_process.c|  6 +-
>  ...xml2argv-serial-tcp-tlsx509-secret-chardev.args | 38 +
>  ...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml | 50 +++
>  tests/qemuxml2argvtest.c   | 18 
>  9 files changed, 252 insertions(+), 9 deletions(-)
>  create mode 100644 
> tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
>  create mode 100644 
> tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml
> 
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index aaf7018..b2dfee0 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -695,6 +695,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
>   * @tlspath: path to the TLS credentials
>   * @listen: boolen listen for client or server setting
>   * @verifypeer: boolean to enable peer verification (form of authorization)
> + * @secalias: if one exists, the alias of the security object for passwordid
>   * @qemuCaps: capabilities
>   * @propsret: json properties to return
>   *
> @@ -706,6 +707,7 @@ int
>  qemuBuildTLSx509BackendProps(const char *tlspath,
>   bool isListen,
>   bool verifypeer,
> + const char *secalias,
>   virQEMUCapsPtr qemuCaps,
>   virJSONValuePtr *propsret)
>  {
> @@ -731,6 +733,10 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
>   NULL) < 0)
>  goto cleanup;
>  
> +if (secalias &&
> +virJSONValueObjectAdd(*propsret, "s:passwordid", secalias, NULL) < 0)
> +goto cleanup;
> +
>  ret = 0;
>  
>   cleanup:
> @@ -745,6 +751,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
>   * @tlspath: path to the TLS credentials
>   * @listen: boolen listen for client or server setting
>   * @verifypeer: boolean to enable peer verification (form of authorization)
> + * @addpasswordid: boolean to handle adding passwordid to object
>   * @inalias: Alias for the parent to generate object alias
>   * @qemuCaps: capabilities
>   *
> @@ -757,6 +764,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
>  const char *tlspath,
>  bool isListen,
>  bool verifypeer,
> +bool addpasswordid,
>  const char *inalias,
>  virQEMUCapsPtr qemuCaps)
>  {
> @@ -764,11 +772,16 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
>  char *objalias = NULL;
>  virJSONValuePtr props = NULL;
>  char *tmp = NULL;
> +char *secalias = NULL;
>  
> -if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer,
> - qemuCaps, ) < 0)
> +if (addpasswordid &&
> +!(secalias = qemuDomainGetSecretAESAlias(inalias, false)))
>  return -1;
>  
> +if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, secalias,
> + qemuCaps, ) < 0)
> +goto cleanup;
> +
>  if (!(objalias = qemuAliasTLSObjFromChardevAlias(inalias)))
>  goto cleanup;
>  
> @@ -784,6 +797,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
>  virJSONValueFree(props);
>  VIR_FREE(objalias);
>  VIR_FREE(tmp);
> +VIR_FREE(secalias);
>  return ret;
>  }
>  
> @@ -4946,6 +4960,7 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager,
>  if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir,
>  dev->data.tcp.listen,
>  cfg->chardevTLSx509verify,
> +!!cfg->chardevTLSx509secretUUID,
>  alias, qemuCaps) < 0)
>  goto error;
>  
> @@ -8542,6 +8557,19 @@ qemuBuildSerialCommandLine(virLogManagerPtr logManager,
>  
>  /* Use -chardev with -device if they are available */
>  if (virQEMUCapsSupportsChardev(def, qemuCaps, serial)) {
> +qemuDomainChardevPrivatePtr chardevPriv =
> +QEMU_DOMAIN_CHARDEV_PRIVATE(serial);
> +qemuDomainSecretInfoPtr secinfo = chardevPriv->secinfo;
> +
> +/* Add the secret object first if

[libvirt] [PATCH v9 4/5] qemu: Add a secret object to/for a chardev tcp with secret

2016-10-14 Thread John Ferlan 
Add the secret object prior to the chardev tcp so the 'passwordid=' can
be added if the domain XML has a  for the chardev TLS.

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_command.c| 32 ++-
 src/qemu/qemu_command.h|  1 +
 src/qemu/qemu_domain.c | 99 +-
 src/qemu/qemu_domain.h | 16 +++-
 src/qemu/qemu_hotplug.c|  1 +
 src/qemu/qemu_process.c|  6 +-
 ...xml2argv-serial-tcp-tlsx509-secret-chardev.args | 38 +
 ...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml | 50 +++
 tests/qemuxml2argvtest.c   | 18 
 9 files changed, 252 insertions(+), 9 deletions(-)
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
 create mode 100644 
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index aaf7018..b2dfee0 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -695,6 +695,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
  * @tlspath: path to the TLS credentials
  * @listen: boolen listen for client or server setting
  * @verifypeer: boolean to enable peer verification (form of authorization)
+ * @secalias: if one exists, the alias of the security object for passwordid
  * @qemuCaps: capabilities
  * @propsret: json properties to return
  *
@@ -706,6 +707,7 @@ int
 qemuBuildTLSx509BackendProps(const char *tlspath,
  bool isListen,
  bool verifypeer,
+ const char *secalias,
  virQEMUCapsPtr qemuCaps,
  virJSONValuePtr *propsret)
 {
@@ -731,6 +733,10 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
  NULL) < 0)
 goto cleanup;
 
+if (secalias &&
+virJSONValueObjectAdd(*propsret, "s:passwordid", secalias, NULL) < 0)
+goto cleanup;
+
 ret = 0;
 
  cleanup:
@@ -745,6 +751,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
  * @tlspath: path to the TLS credentials
  * @listen: boolen listen for client or server setting
  * @verifypeer: boolean to enable peer verification (form of authorization)
+ * @addpasswordid: boolean to handle adding passwordid to object
  * @inalias: Alias for the parent to generate object alias
  * @qemuCaps: capabilities
  *
@@ -757,6 +764,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
 const char *tlspath,
 bool isListen,
 bool verifypeer,
+bool addpasswordid,
 const char *inalias,
 virQEMUCapsPtr qemuCaps)
 {
@@ -764,11 +772,16 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
 char *objalias = NULL;
 virJSONValuePtr props = NULL;
 char *tmp = NULL;
+char *secalias = NULL;
 
-if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer,
- qemuCaps, ) < 0)
+if (addpasswordid &&
+!(secalias = qemuDomainGetSecretAESAlias(inalias, false)))
 return -1;
 
+if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, secalias,
+ qemuCaps, ) < 0)
+goto cleanup;
+
 if (!(objalias = qemuAliasTLSObjFromChardevAlias(inalias)))
 goto cleanup;
 
@@ -784,6 +797,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
 virJSONValueFree(props);
 VIR_FREE(objalias);
 VIR_FREE(tmp);
+VIR_FREE(secalias);
 return ret;
 }
 
@@ -4946,6 +4960,7 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager,
 if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir,
 dev->data.tcp.listen,
 cfg->chardevTLSx509verify,
+!!cfg->chardevTLSx509secretUUID,
 alias, qemuCaps) < 0)
 goto error;
 
@@ -8542,6 +8557,19 @@ qemuBuildSerialCommandLine(virLogManagerPtr logManager,
 
 /* Use -chardev with -device if they are available */
 if (virQEMUCapsSupportsChardev(def, qemuCaps, serial)) {
+qemuDomainChardevPrivatePtr chardevPriv =
+QEMU_DOMAIN_CHARDEV_PRIVATE(serial);
+qemuDomainSecretInfoPtr secinfo = chardevPriv->secinfo;
+
+/* Add the secret object first if necessary. The
+ * secinfo is added only to a TCP serial device during
+ * qemuDomainSecretChardevPrepare. Subsequent called
+ * functions can just check the config fields */
+if (cfg->chardevTLS && cfg->chardevTLSx509secretUUID &&
+