[libvirt] [PATCH 6/8] qemu.conf: add vnc_tls_x509_secret_uuid

Ján Tomko posted 8 patches 5 years, 10 months ago
[libvirt] [PATCH 6/8] qemu.conf: add vnc_tls_x509_secret_uuid
Posted by Ján Tomko 5 years, 10 months ago
Add an option that lets the user specify the secret
that unlocks the server TLS key.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 src/qemu/libvirtd_qemu.aug         | 1 +
 src/qemu/qemu.conf                 | 6 ++++++
 src/qemu/qemu_conf.c               | 3 +++
 src/qemu/qemu_conf.h               | 1 +
 src/qemu/test_libvirtd_qemu.aug.in | 1 +
 5 files changed, 12 insertions(+)

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 28bd851411..b311f02da6 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -35,6 +35,7 @@ module Libvirtd_qemu =
                  | bool_entry "vnc_auto_unix_socket"
                  | bool_entry "vnc_tls"
                  | str_entry "vnc_tls_x509_cert_dir"
+                 | str_entry "vnc_tls_x509_secret_uuid"
                  | bool_entry "vnc_tls_x509_verify"
                  | str_entry "vnc_password"
                  | bool_entry "vnc_sasl"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 28e51b2c59..c1f1201134 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -95,6 +95,12 @@
 #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
 
 
+# Uncomment and use the following option to override the default secret
+# UUID provided in the default_tls_x509_secret_uuid parameter.
+#
+#vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
 # The default TLS configuration only uses certificates for the server
 # allowing the client to verify the server's identity and establish
 # an encrypted channel.
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 18ad99c173..0f74fd1716 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -457,6 +457,8 @@ virQEMUDriverConfigLoadVNCEntry(virQEMUDriverConfigPtr cfg,
         cfg->vncTLSx509verifyPresent = true;
     if (virConfGetValueString(conf, "vnc_tls_x509_cert_dir", &cfg->vncTLSx509certdir) < 0)
         return -1;
+    if (virConfGetValueString(conf, "vnc_tls_x509_secret_uuid", &cfg->vncTLSx509secretUUID) < 0)
+        return -1;
     if (virConfGetValueString(conf, "vnc_listen", &cfg->vncListen) < 0)
         return -1;
     if (virConfGetValueString(conf, "vnc_password", &cfg->vncPassword) < 0)
@@ -1184,6 +1186,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr cfg)
         } \
     } while (0)
 
+    SET_TLS_SECRET_UUID_DEFAULT(vnc);
     SET_TLS_SECRET_UUID_DEFAULT(chardev);
     SET_TLS_SECRET_UUID_DEFAULT(migrate);
 
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index bce8364c5a..14c9d15a72 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -125,6 +125,7 @@ struct _virQEMUDriverConfig {
     bool vncTLSx509verifyPresent;
     bool vncSASL;
     char *vncTLSx509certdir;
+    char *vncTLSx509secretUUID;
     char *vncListen;
     char *vncPassword;
     char *vncSASLdir;
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index f1e8806ad2..4235464530 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -9,6 +9,7 @@ module Test_libvirtd_qemu =
 { "vnc_auto_unix_socket" = "1" }
 { "vnc_tls" = "1" }
 { "vnc_tls_x509_cert_dir" = "/etc/pki/libvirt-vnc" }
+{ "vnc_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" }
 { "vnc_tls_x509_verify" = "1" }
 { "vnc_password" = "XYZ12345" }
 { "vnc_sasl" = "1" }
-- 
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 6/8] qemu.conf: add vnc_tls_x509_secret_uuid
Posted by John Ferlan 5 years, 10 months ago

On 1/16/19 2:41 AM, Ján Tomko wrote:
> Add an option that lets the user specify the secret
> that unlocks the server TLS key.
> 
> Signed-off-by: Ján Tomko <jtomko@redhat.com>
> ---
>  src/qemu/libvirtd_qemu.aug         | 1 +
>  src/qemu/qemu.conf                 | 6 ++++++
>  src/qemu/qemu_conf.c               | 3 +++
>  src/qemu/qemu_conf.h               | 1 +
>  src/qemu/test_libvirtd_qemu.aug.in | 1 +
>  5 files changed, 12 insertions(+)
> 


Missing a change to virQEMUDriverConfigDispose in order to
VIR_FREE(cfg->vncTLSx509secretUUID);

with that,

Reviewed-by: John Ferlan <jferlan@redhat.com>

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list