From nobody Sun Feb  8 22:08:38 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 205.139.110.61 as permitted sender) client-ip=205.139.110.61;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1593701113; cv=none;
	d=zohomail.com; s=zohoarc;
	b=AY8gXO4drzr6jvBBvtb6U93VHqfPJS6v0k5C1w+3mkCkuYSYfAE8/mwociXhADcNoaZ/spRspy0sxjQPHyTib4184JsBBxAC2YmDUQ9V9gK6K4C0Z0iSOpcD3b8B9WPmWrlj2+3PJORNWykptCD1K307lr2AXCugguTY4Z3wJyQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1593701113;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=G9/A8Z2lcZbYKu6toUcb1qNUG56J0EYlsl8bAW1Hc6M=;
	b=biRNjf5eDd9JNOUMvHR6S3EFEo57/T3GjZoVKo6ftfNR2G+VkCZV2JZbS5e1p6iMQc5MU/spxxP96MhoVf4lR8YW6O1wi4CRY47Ztr7LPGfwfmGj08OOBMAoN2tYxUqWyOBqiqA4T50WfOnDxGS7fl8IiXpsK87/XFotVOZ4FRA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<pkrempa@redhat.com> (p=none dis=none)
 header.from=<pkrempa@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61]) by mx.zohomail.com
	with SMTPS id 1593701113890596.8374029304052;
 Thu, 2 Jul 2020 07:45:13 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-268-s-tyVsnUOwake4l4aG_FKQ-1; Thu, 02 Jul 2020 10:45:10 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 00A3E879511;
	Thu,  2 Jul 2020 14:45:03 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D10941002397;
	Thu,  2 Jul 2020 14:45:02 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9D8166C9D1;
	Thu,  2 Jul 2020 14:45:02 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 062EeebJ011922 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 2 Jul 2020 10:40:40 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id DFB5F1002397; Thu,  2 Jul 2020 14:40:40 +0000 (UTC)
Received: from speedmetal.redhat.com (unknown [10.40.208.18])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5C9BF10013D2
	for <libvir-list@redhat.com>; Thu,  2 Jul 2020 14:40:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1593701112;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=G9/A8Z2lcZbYKu6toUcb1qNUG56J0EYlsl8bAW1Hc6M=;
	b=MoV4HqAeNKPcRV4PhbUemxRnh+jBzmwd5n+AmpToOqRG1CZVWN6nK2CZg4DiPaJut6ptbY
	Pc5v8CRs3iRWqYkyy3Jn2/tahK3tsl3ydkGSvGJNpDFpkamoor25ghjZ1tZ+OjaeIH0+Pd
	xT5cxsYTi3XA8bgjr4M6W2+YzV2Jbr4=
X-MC-Unique: s-tyVsnUOwake4l4aG_FKQ-1
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 23/24] conf: backup: Add 'tls' attribute for 'server' element
Date: Thu,  2 Jul 2020 16:40:09 +0200
Message-Id: 
 <ae29987d9bf04f780682ca2daf116cce3fa074f1.1593700474.git.pkrempa@redhat.com>
In-Reply-To: <cover.1593700473.git.pkrempa@redhat.com>
References: <cover.1593700473.git.pkrempa@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

Allow enabling TLS for the NBD server used to do pull-mode backups. Note
that documentation already mentions 'tls', so this just implements the
schema and XML bits.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
---
 docs/schemas/domainbackup.rng                   |  9 ++++++++-
 src/conf/backup_conf.c                          | 17 +++++++++++++++++
 src/conf/backup_conf.h                          |  1 +
 .../backup-pull-encrypted.xml                   |  2 +-
 .../backup-pull-internal-invalid.xml            |  2 +-
 .../backup-pull-encrypted.xml                   |  2 +-
 6 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/docs/schemas/domainbackup.rng b/docs/schemas/domainbackup.rng
index 650f5cd4c3..c0ca3c3038 100644
--- a/docs/schemas/domainbackup.rng
+++ b/docs/schemas/domainbackup.rng
@@ -51,6 +51,14 @@
             </attribute>
             <interleave>
               <element name=3D'server'>
+                <optional>
+                  <attribute name=3D'tls'>
+                    <choice>
+                      <value>yes</value>
+                      <value>no</value>
+                    </choice>
+                  </attribute>
+                </optional>
                 <choice>
                   <group>
                     <optional>
@@ -69,7 +77,6 @@
                         <ref name=3D'unsignedInt'/>
                       </attribute>
                     </optional>
-                    <!-- add tls? -->
                   </group>
                   <group>
                     <attribute name=3D'transport'>
diff --git a/src/conf/backup_conf.c b/src/conf/backup_conf.c
index 74f6e4b020..59d7e1dfaf 100644
--- a/src/conf/backup_conf.c
+++ b/src/conf/backup_conf.c
@@ -260,6 +260,8 @@ virDomainBackupDefParse(xmlXPathContextPtr ctxt,
     def->incremental =3D virXPathString("string(./incremental)", ctxt);

     if ((node =3D virXPathNode("./server", ctxt))) {
+        g_autofree char *tls =3D NULL;
+
         if (def->type !=3D VIR_DOMAIN_BACKUP_TYPE_PULL) {
             virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                            _("use of <server> requires pull mode backup"));
@@ -284,6 +286,19 @@ virDomainBackupDefParse(xmlXPathContextPtr ctxt,
                            def->server->socket);
             return NULL;
         }
+
+        if ((tls =3D virXMLPropString(node, "tls"))) {
+            int tmp;
+
+            if ((tmp =3D virTristateBoolTypeFromString(tls)) <=3D 0) {
+                virReportError(VIR_ERR_XML_ERROR,
+                               _("unknown value '%s' of 'tls' attribute"),\
+                               tls);
+                return NULL;
+            }
+
+            def->tls =3D tmp;
+        }
     }

     if ((n =3D virXPathNodeSet("./disks/*", ctxt, &nodes)) < 0)
@@ -445,6 +460,8 @@ virDomainBackupDefFormat(virBufferPtr buf,
     if (def->server) {
         virBufferAsprintf(&serverAttrBuf, " transport=3D'%s'",
                           virStorageNetHostTransportTypeToString(def->serv=
er->transport));
+        if (def->tls !=3D VIR_TRISTATE_BOOL_ABSENT)
+            virBufferAsprintf(&serverAttrBuf, " tls=3D'%s'", virTristateBo=
olTypeToString(def->tls));
         virBufferEscapeString(&serverAttrBuf, " name=3D'%s'", def->server-=
>name);
         if (def->server->port)
             virBufferAsprintf(&serverAttrBuf, " port=3D'%u'", def->server-=
>port);
diff --git a/src/conf/backup_conf.h b/src/conf/backup_conf.h
index a1d1e453c1..bda2bdcfe4 100644
--- a/src/conf/backup_conf.h
+++ b/src/conf/backup_conf.h
@@ -81,6 +81,7 @@ struct _virDomainBackupDef {
     int type; /* virDomainBackupType */
     char *incremental;
     virStorageNetHostDefPtr server; /* only when type =3D=3D PULL */
+    virTristateBool tls; /* use TLS for NBD */

     size_t ndisks; /* should not exceed dom->ndisks */
     virDomainBackupDiskDef *disks;
diff --git a/tests/domainbackupxml2xmlin/backup-pull-encrypted.xml b/tests/=
domainbackupxml2xmlin/backup-pull-encrypted.xml
index 1469189a37..48232aa0fe 100644
--- a/tests/domainbackupxml2xmlin/backup-pull-encrypted.xml
+++ b/tests/domainbackupxml2xmlin/backup-pull-encrypted.xml
@@ -1,6 +1,6 @@
 <domainbackup mode=3D"pull">
   <incremental>1525889631</incremental>
-  <server transport=3D'tcp' name=3D'localhost' port=3D'10809'/>
+  <server transport=3D'tcp' tls=3D'yes' name=3D'localhost' port=3D'10809'/>
   <disks>
     <disk name=3D'vda' type=3D'file' exportname=3D'test-vda' exportbitmap=
=3D'blah'>
       <driver type=3D'qcow2'/>
diff --git a/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml b=
/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml
index 261dec0eea..ba8f7ca3ab 100644
--- a/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml
+++ b/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml
@@ -1,6 +1,6 @@
 <domainbackup mode=3D'pull'>
   <incremental>1525889631</incremental>
-  <server transport=3D'tcp' name=3D'localhost' port=3D'10809'/>
+  <server transport=3D'tcp' tls=3D'yes' name=3D'localhost' port=3D'10809'/>
   <disks>
     <disk name=3D'vda' backup=3D'yes' state=3D'running' type=3D'file' expo=
rtname=3D'test-vda' exportbitmap=3D'blah'>
       <driver type=3D'qcow2'/>
diff --git a/tests/domainbackupxml2xmlout/backup-pull-encrypted.xml b/tests=
/domainbackupxml2xmlout/backup-pull-encrypted.xml
index 81519bfcb5..ea9dcf72b9 100644
--- a/tests/domainbackupxml2xmlout/backup-pull-encrypted.xml
+++ b/tests/domainbackupxml2xmlout/backup-pull-encrypted.xml
@@ -1,6 +1,6 @@
 <domainbackup mode=3D'pull'>
   <incremental>1525889631</incremental>
-  <server transport=3D'tcp' name=3D'localhost' port=3D'10809'/>
+  <server transport=3D'tcp' tls=3D'yes' name=3D'localhost' port=3D'10809'/>
   <disks>
     <disk name=3D'vda' backup=3D'yes' type=3D'file' exportname=3D'test-vda=
' exportbitmap=3D'blah'>
       <driver type=3D'qcow2'/>
--=20
2.26.2