Re: [libvirt] [PATCH v9 5/5] qemu: Add the ability to hotplug a secret object for TCP chardev TLS

2016-10-17 Thread Pavel Hrdina 
On Fri, Oct 14, 2016 at 04:23:08PM -0400, John Ferlan wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1300776
> 
> Complete the implementation of support for TLS encryption on
> chardev TCP transports by adding the hotplug ability of a secret
> to generate the passwordid for the TLS object
> 
> Likewise, add the ability to hot unplug that secret object as well
> 
> Signed-off-by: John Ferlan 
> ---
>  src/qemu/qemu_driver.c  |  2 +-
>  src/qemu/qemu_hotplug.c | 62 
> +
>  src/qemu/qemu_hotplug.h |  3 ++-
>  tests/qemuhotplugtest.c |  2 +-
>  4 files changed, 61 insertions(+), 8 deletions(-)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 8789c9d..5a1cf7b 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -7567,7 +7567,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
>  break;
>  
>  case VIR_DOMAIN_DEVICE_CHR:
> -ret = qemuDomainAttachChrDevice(driver, vm,
> +ret = qemuDomainAttachChrDevice(conn, driver, vm,
>  dev->data.chr);
>  if (!ret) {
>  alias = dev->data.chr->info.alias;
> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
> index aad7fa1..69d562f 100644
> --- a/src/qemu/qemu_hotplug.c
> +++ b/src/qemu/qemu_hotplug.c
> @@ -1690,7 +1690,8 @@ qemuDomainAttachChrDeviceAssignAddr(virDomainDefPtr def,
>  return ret;
>  }
>  
> -int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
> +int qemuDomainAttachChrDevice(virConnectPtr conn,
> +  virQEMUDriverPtr driver,
>virDomainObjPtr vm,
>virDomainChrDefPtr chr)
>  {
> @@ -1704,8 +1705,11 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
>  char *charAlias = NULL;
>  bool chardevAttached = false;
>  bool tlsobjAdded = false;
> +bool secobjAdded = false;
>  virJSONValuePtr tlsProps = NULL;
>  char *tlsAlias = NULL;
> +virJSONValuePtr secProps = NULL;
> +char *secAlias = NULL;
>  bool need_release = false;
>  
>  if (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
> @@ -1729,12 +1733,30 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
>  if (qemuDomainChrPreInsert(vmdef, chr) < 0)
>  goto cleanup;
>  
> +if (qemuDomainSecretChardevPrepare(conn, driver, priv, chr) < 0)
> +goto cleanup;
> +
>  if (cfg->chardevTLS &&
>  dev->data.tcp.haveTLS != VIR_TRISTATE_BOOL_NO) {
> +qemuDomainChardevPrivatePtr chardevPriv =
> +QEMU_DOMAIN_CHARDEV_PRIVATE(chr);
> +qemuDomainSecretInfoPtr secinfo = chardevPriv->secinfo;
> +
> +/* Add a secret object in order to access the TLS environment.
> + * The secinfo will only be created for serial TCP device. */
> +if (secinfo) {
> +if (qemuBuildSecretInfoProps(secinfo, ) < 0)
> +goto cleanup;
> +
> +if (!(secAlias = qemuDomainGetSecretAESAlias(chr->info.alias,
> + false)))
> +goto cleanup;
> +}
> +
>  if (qemuBuildTLSx509BackendProps(cfg->chardevTLSx509certdir,
>   dev->data.tcp.listen,
>   cfg->chardevTLSx509verify,
> - NULL,
> + secAlias,
>   priv->qemuCaps,
>   ) < 0)
>  goto cleanup;
> @@ -1745,6 +1767,15 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
>  }
>  
>  qemuDomainObjEnterMonitor(driver, vm);
> +if (secAlias) {
> +rc = qemuMonitorAddObject(priv->mon, "secret",
> +  secAlias, secProps);
> +secProps = NULL;
> +if (rc < 0)
> +goto exit_monitor;
> +secobjAdded = true;
> +}
> +
>  if (tlsAlias) {
>  rc = qemuMonitorAddObject(priv->mon, "tls-creds-x509",
>tlsAlias, tlsProps);
> @@ -1775,6 +1806,8 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
>  qemuDomainReleaseDeviceAddress(vm, >info, NULL);
>  VIR_FREE(tlsAlias);
>  virJSONValueFree(tlsProps);
> +VIR_FREE(secAlias);
> +virJSONValueFree(secProps);
>  VIR_FREE(charAlias);
>  VIR_FREE(devstr);
>  virObjectUnref(cfg);
> @@ -1782,6 +1815,8 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
>  
>   exit_monitor:
>  orig_err = virSaveLastError();
> +if (secobjAdded)
> +ignore_value(qemuMonitorDelObject(priv->mon, secAlias));
>  if (tlsobjAdded)
>  ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
>  /* detach associated chardev on error */
> @@ -4387,6 +4422,7 @@ int

[libvirt] [PATCH v9 5/5] qemu: Add the ability to hotplug a secret object for TCP chardev TLS

2016-10-14 Thread John Ferlan 
https://bugzilla.redhat.com/show_bug.cgi?id=1300776

Complete the implementation of support for TLS encryption on
chardev TCP transports by adding the hotplug ability of a secret
to generate the passwordid for the TLS object

Likewise, add the ability to hot unplug that secret object as well

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_driver.c  |  2 +-
 src/qemu/qemu_hotplug.c | 62 +
 src/qemu/qemu_hotplug.h |  3 ++-
 tests/qemuhotplugtest.c |  2 +-
 4 files changed, 61 insertions(+), 8 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 8789c9d..5a1cf7b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7567,7 +7567,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
 break;
 
 case VIR_DOMAIN_DEVICE_CHR:
-ret = qemuDomainAttachChrDevice(driver, vm,
+ret = qemuDomainAttachChrDevice(conn, driver, vm,
 dev->data.chr);
 if (!ret) {
 alias = dev->data.chr->info.alias;
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index aad7fa1..69d562f 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1690,7 +1690,8 @@ qemuDomainAttachChrDeviceAssignAddr(virDomainDefPtr def,
 return ret;
 }
 
-int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
+int qemuDomainAttachChrDevice(virConnectPtr conn,
+  virQEMUDriverPtr driver,
   virDomainObjPtr vm,
   virDomainChrDefPtr chr)
 {
@@ -1704,8 +1705,11 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 char *charAlias = NULL;
 bool chardevAttached = false;
 bool tlsobjAdded = false;
+bool secobjAdded = false;
 virJSONValuePtr tlsProps = NULL;
 char *tlsAlias = NULL;
+virJSONValuePtr secProps = NULL;
+char *secAlias = NULL;
 bool need_release = false;
 
 if (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
@@ -1729,12 +1733,30 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 if (qemuDomainChrPreInsert(vmdef, chr) < 0)
 goto cleanup;
 
+if (qemuDomainSecretChardevPrepare(conn, driver, priv, chr) < 0)
+goto cleanup;
+
 if (cfg->chardevTLS &&
 dev->data.tcp.haveTLS != VIR_TRISTATE_BOOL_NO) {
+qemuDomainChardevPrivatePtr chardevPriv =
+QEMU_DOMAIN_CHARDEV_PRIVATE(chr);
+qemuDomainSecretInfoPtr secinfo = chardevPriv->secinfo;
+
+/* Add a secret object in order to access the TLS environment.
+ * The secinfo will only be created for serial TCP device. */
+if (secinfo) {
+if (qemuBuildSecretInfoProps(secinfo, ) < 0)
+goto cleanup;
+
+if (!(secAlias = qemuDomainGetSecretAESAlias(chr->info.alias,
+ false)))
+goto cleanup;
+}
+
 if (qemuBuildTLSx509BackendProps(cfg->chardevTLSx509certdir,
  dev->data.tcp.listen,
  cfg->chardevTLSx509verify,
- NULL,
+ secAlias,
  priv->qemuCaps,
  ) < 0)
 goto cleanup;
@@ -1745,6 +1767,15 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 }
 
 qemuDomainObjEnterMonitor(driver, vm);
+if (secAlias) {
+rc = qemuMonitorAddObject(priv->mon, "secret",
+  secAlias, secProps);
+secProps = NULL;
+if (rc < 0)
+goto exit_monitor;
+secobjAdded = true;
+}
+
 if (tlsAlias) {
 rc = qemuMonitorAddObject(priv->mon, "tls-creds-x509",
   tlsAlias, tlsProps);
@@ -1775,6 +1806,8 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 qemuDomainReleaseDeviceAddress(vm, >info, NULL);
 VIR_FREE(tlsAlias);
 virJSONValueFree(tlsProps);
+VIR_FREE(secAlias);
+virJSONValueFree(secProps);
 VIR_FREE(charAlias);
 VIR_FREE(devstr);
 virObjectUnref(cfg);
@@ -1782,6 +1815,8 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 
  exit_monitor:
 orig_err = virSaveLastError();
+if (secobjAdded)
+ignore_value(qemuMonitorDelObject(priv->mon, secAlias));
 if (tlsobjAdded)
 ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
 /* detach associated chardev on error */
@@ -4387,6 +4422,7 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
 virDomainDefPtr vmdef = vm->def;
 virDomainChrDefPtr tmpChr;
 char *objAlias = NULL;
+char *secAlias = NULL;
 char *devstr = NULL;
 
 if (!(tmpChr = virDomainChrFind(vmdef, chr))) {
@@ -4400,9 +4436,21 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,