From nobody Wed Nov 27 14:39:45 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1547624544452305.2612316758101;
 Tue, 15 Jan 2019 23:42:24 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id E5E633A267;
	Wed, 16 Jan 2019 07:42:21 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8D8CF101963A;
	Wed, 16 Jan 2019 07:42:21 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3F0F6180339B;
	Wed, 16 Jan 2019 07:42:21 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
	[10.5.11.14])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x0G7fwDh013930 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 16 Jan 2019 02:41:58 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id CE7C75D96E; Wed, 16 Jan 2019 07:41:58 +0000 (UTC)
Received: from lpt.brq.redhat.com (unknown [10.43.2.68])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 55CDE5D967
	for <libvir-list@redhat.com>; Wed, 16 Jan 2019 07:41:58 +0000 (UTC)
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
To: libvir-list@redhat.com
Date: Wed, 16 Jan 2019 08:41:46 +0100
Message-Id: 
 <686c80e9d9f4f5342007adbb5b70f068d9189157.1547624106.git.jtomko@redhat.com>
In-Reply-To: <cover.1547624106.git.jtomko@redhat.com>
References: <cover.1547624106.git.jtomko@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 4/8] qemu: prepare secret for the graphics upfront
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
 Wed, 16 Jan 2019 07:42:23 +0000 (UTC)

Instead of hardcoding the TLS creds alias in
qemuBuildGraphicsVNCCommandLine, store it
in the domain private data.

Given that we only support one VNC graphics
and thus have only one alias per-domain,
this is overengineered, but it will allow us
to prepare the secret upfront when we start
supporting encrypted server TLS keys.

Note that the alias is not formatted anywhere
since we won't need to access it after domain
startup.

Signed-off-by: J=C3=A1n Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_command.c |  8 ++++----
 src/qemu/qemu_domain.c  | 44 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 822d5f8669..d130d0463c 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8035,18 +8035,18 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfig=
Ptr cfg,
         virBufferAddLit(&opt, ",password");
=20
     if (cfg->vncTLS) {
-        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
-            const char *alias =3D "vnc-tls-creds0";
+        qemuDomainGraphicsPrivatePtr gfxPriv =3D QEMU_DOMAIN_GRAPHICS_PRIV=
ATE(graphics);
+        if (gfxPriv->tlsAlias) {
             if (qemuBuildTLSx509CommandLine(cmd,
                                             cfg->vncTLSx509certdir,
                                             true,
                                             cfg->vncTLSx509verify,
                                             NULL,
-                                            alias,
+                                            gfxPriv->tlsAlias,
                                             qemuCaps) < 0)
                 goto error;
=20
-            virBufferAsprintf(&opt, ",tls-creds=3D%s", alias);
+            virBufferAsprintf(&opt, ",tls-creds=3D%s", gfxPriv->tlsAlias);
         } else {
             virBufferAddLit(&opt, ",tls");
             if (cfg->vncTLSx509verify) {
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 63e739b778..6960f0569b 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1741,6 +1741,42 @@ qemuDomainSecretChardevPrepare(virQEMUDriverConfigPt=
r cfg,
 }
=20
=20
+static void
+qemuDomainSecretGraphicsDestroy(virDomainGraphicsDefPtr graphics)
+{
+    qemuDomainGraphicsPrivatePtr gfxPriv =3D QEMU_DOMAIN_GRAPHICS_PRIVATE(=
graphics);
+
+    if (!gfxPriv)
+        return;
+
+    VIR_FREE(gfxPriv->tlsAlias);
+}
+
+
+static int
+qemuDomainSecretGraphicsPrepare(virQEMUDriverConfigPtr cfg,
+                                qemuDomainObjPrivatePtr priv,
+                                virDomainGraphicsDefPtr graphics)
+{
+    virQEMUCapsPtr qemuCaps =3D priv->qemuCaps;
+    qemuDomainGraphicsPrivatePtr gfxPriv =3D QEMU_DOMAIN_GRAPHICS_PRIVATE(=
graphics);
+
+    if (graphics->type !=3D VIR_DOMAIN_GRAPHICS_TYPE_VNC)
+        return 0;
+
+    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509))
+        return 0;
+
+    if (!cfg->vncTLS)
+        return 0;
+
+    if (VIR_STRDUP(gfxPriv->tlsAlias, "vnc-tls-creds0") < 0)
+        return -1;
+
+    return 0;
+}
+
+
 /* qemuDomainSecretDestroy:
  * @vm: Domain object
  *
@@ -1782,6 +1818,9 @@ qemuDomainSecretDestroy(virDomainObjPtr vm)
=20
     for (i =3D 0; i < vm->def->nredirdevs; i++)
         qemuDomainSecretChardevDestroy(vm->def->redirdevs[i]->source);
+
+    for (i =3D 0; i < vm->def->ngraphics; i++)
+        qemuDomainSecretGraphicsDestroy(vm->def->graphics[i]);
 }
=20
=20
@@ -1865,6 +1904,11 @@ qemuDomainSecretPrepare(virQEMUDriverPtr driver,
             goto cleanup;
     }
=20
+    for (i =3D 0; i < vm->def->ngraphics; i++) {
+        if (qemuDomainSecretGraphicsPrepare(cfg, priv, vm->def->graphics[i=
]) < 0)
+            goto cleanup;
+    }
+
     ret =3D 0;
=20
  cleanup:
--=20
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list