From nobody Wed Nov 27 12:25:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1547624524546204.45382846478287; Tue, 15 Jan 2019 23:42:04 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 59C5A81DE9; Wed, 16 Jan 2019 07:42:00 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 133C8100190E; Wed, 16 Jan 2019 07:41:59 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5557041091; Wed, 16 Jan 2019 07:41:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0G7fud1013904 for ; Wed, 16 Jan 2019 02:41:56 -0500 Received: by smtp.corp.redhat.com (Postfix) id 5ED1E5D970; Wed, 16 Jan 2019 07:41:56 +0000 (UTC) Received: from lpt.brq.redhat.com (unknown [10.43.2.68]) by smtp.corp.redhat.com (Postfix) with ESMTP id D423B5D96E for ; Wed, 16 Jan 2019 07:41:55 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Wed, 16 Jan 2019 08:41:43 +0100 Message-Id: <566c7617ffa74e0408628cd47557e3baa6fb1f27.1547624106.git.jtomko@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 1/8] conf: introduce virDomainGraphicsNew X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 16 Jan 2019 07:42:02 +0000 (UTC) A helper function for allocating the virDomainGraphicsDef structure. Signed-off-by: J=C3=A1n Tomko Reviewed-by: John Ferlan --- src/conf/domain_conf.c | 21 +++++++++++++++++---- src/conf/domain_conf.h | 2 ++ 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 222bb8c482..82672c6493 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -14114,10 +14114,21 @@ virDomainGraphicsDefParseXMLEGLHeadless(virDomain= GraphicsDefPtr def, return 0; } =20 +virDomainGraphicsDefPtr +virDomainGraphicsDefNew(virDomainXMLOptionPtr xmlopt ATTRIBUTE_UNUSED) +{ + virDomainGraphicsDefPtr def =3D NULL; + + if (VIR_ALLOC(def) < 0) + return NULL; + + return def; +} =20 /* Parse the XML definition for a graphics device */ static virDomainGraphicsDefPtr -virDomainGraphicsDefParseXML(xmlNodePtr node, +virDomainGraphicsDefParseXML(virDomainXMLOptionPtr xmlopt, + xmlNodePtr node, xmlXPathContextPtr ctxt, unsigned int flags) { @@ -14125,7 +14136,7 @@ virDomainGraphicsDefParseXML(xmlNodePtr node, char *type =3D NULL; int typeVal; =20 - if (VIR_ALLOC(def) < 0) + if (!(def =3D virDomainGraphicsDefNew(xmlopt))) return NULL; =20 type =3D virXMLPropString(node, "type"); @@ -16237,7 +16248,8 @@ virDomainDeviceDefParse(const char *xmlStr, goto error; break; case VIR_DOMAIN_DEVICE_GRAPHICS: - if (!(dev->data.graphics =3D virDomainGraphicsDefParseXML(node, ct= xt, flags))) + if (!(dev->data.graphics =3D virDomainGraphicsDefParseXML(xmlopt, = node, + ctxt, flag= s))) goto error; break; case VIR_DOMAIN_DEVICE_HUB: @@ -20847,7 +20859,8 @@ virDomainDefParseXML(xmlDocPtr xml, if (n && VIR_ALLOC_N(def->graphics, n) < 0) goto error; for (i =3D 0; i < n; i++) { - virDomainGraphicsDefPtr graphics =3D virDomainGraphicsDefParseXML(= nodes[i], + virDomainGraphicsDefPtr graphics =3D virDomainGraphicsDefParseXML(= xmlopt, + no= des[i], ct= xt, fl= ags); if (!graphics) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index fae130668f..2a97ad8ab3 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2954,6 +2954,8 @@ virDomainChrSourceDefNew(virDomainXMLOptionPtr xmlopt= ); =20 virDomainChrDefPtr virDomainChrDefNew(virDomainXMLOptionPtr xmlopt); =20 +virDomainGraphicsDefPtr +virDomainGraphicsDefNew(virDomainXMLOptionPtr xmlopt); virDomainDefPtr virDomainDefNew(void); =20 void virDomainObjAssignDef(virDomainObjPtr domain, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Nov 27 12:25:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 15476245346051.9879403563073765; Tue, 15 Jan 2019 23:42:14 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 73116394D54; Wed, 16 Jan 2019 07:42:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 259DD1042A62; Wed, 16 Jan 2019 07:42:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id ABAB31803398; Wed, 16 Jan 2019 07:42:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0G7fvjm013909 for ; Wed, 16 Jan 2019 02:41:57 -0500 Received: by smtp.corp.redhat.com (Postfix) id 313055D970; Wed, 16 Jan 2019 07:41:57 +0000 (UTC) Received: from lpt.brq.redhat.com (unknown [10.43.2.68]) by smtp.corp.redhat.com (Postfix) with ESMTP id AAA545D96E for ; Wed, 16 Jan 2019 07:41:56 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Wed, 16 Jan 2019 08:41:44 +0100 Message-Id: <7962bdddd4e382cdfa0bf1dcbdb174a77fd872e9.1547624106.git.jtomko@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/8] conf: add privateData to virDomainGraphicsDef X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Wed, 16 Jan 2019 07:42:13 +0000 (UTC) Signed-off-by: J=C3=A1n Tomko Reviewed-by: John Ferlan --- src/conf/domain_conf.c | 8 +++++++- src/conf/domain_conf.h | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 82672c6493..21112c6336 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -14115,13 +14115,19 @@ virDomainGraphicsDefParseXMLEGLHeadless(virDomain= GraphicsDefPtr def, } =20 virDomainGraphicsDefPtr -virDomainGraphicsDefNew(virDomainXMLOptionPtr xmlopt ATTRIBUTE_UNUSED) +virDomainGraphicsDefNew(virDomainXMLOptionPtr xmlopt) { virDomainGraphicsDefPtr def =3D NULL; =20 if (VIR_ALLOC(def) < 0) return NULL; =20 + if (xmlopt && xmlopt->privateData.graphicsNew && + !(def->privateData =3D xmlopt->privateData.graphicsNew())) { + VIR_FREE(def); + def =3D NULL; + } + return def; } =20 diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 2a97ad8ab3..7776a3afb2 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1603,6 +1603,8 @@ struct _virDomainGraphicsListenDef { }; =20 struct _virDomainGraphicsDef { + virObjectPtr privateData; + /* Port value discipline: * Value -1 is legacy syntax indicating that it should be auto-allocat= ed. * Value 0 means port wasn't specified in XML at all. @@ -2783,6 +2785,7 @@ struct _virDomainXMLPrivateDataCallbacks { virDomainXMLPrivateDataNewFunc vcpuNew; virDomainXMLPrivateDataNewFunc chrSourceNew; virDomainXMLPrivateDataNewFunc vsockNew; + virDomainXMLPrivateDataNewFunc graphicsNew; virDomainXMLPrivateDataFormatFunc format; virDomainXMLPrivateDataParseFunc parse; /* following function shall return a pointer which will be used as the --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Nov 27 12:25:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1547624525361111.0352966603582; Tue, 15 Jan 2019 23:42:05 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D3C167265F; Wed, 16 Jan 2019 07:42:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7109B5C1B4; Wed, 16 Jan 2019 07:42:00 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C22113F954; Wed, 16 Jan 2019 07:41:59 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0G7fwgB013924 for ; Wed, 16 Jan 2019 02:41:58 -0500 Received: by smtp.corp.redhat.com (Postfix) id 08D705D967; Wed, 16 Jan 2019 07:41:58 +0000 (UTC) Received: from lpt.brq.redhat.com (unknown [10.43.2.68]) by smtp.corp.redhat.com (Postfix) with ESMTP id 818925D970 for ; Wed, 16 Jan 2019 07:41:57 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Wed, 16 Jan 2019 08:41:45 +0100 Message-Id: <677a0418a8199b788fb34f624b1b38d2dee34e95.1547624106.git.jtomko@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 3/8] qemu: add qemuDomainGraphicsPrivate data with a tlsAlias X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 16 Jan 2019 07:42:03 +0000 (UTC) Also introduce the necessary callbacks. Signed-off-by: J=C3=A1n Tomko Reviewed-by: John Ferlan --- src/qemu/qemu_domain.c | 39 +++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_domain.h | 12 ++++++++++++ 2 files changed, 51 insertions(+) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index ec6b340308..63e739b778 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1234,6 +1234,44 @@ qemuDomainVsockPrivateDispose(void *obj ATTRIBUTE_UN= USED) } =20 =20 +static virClassPtr qemuDomainGraphicsPrivateClass; +static void qemuDomainGraphicsPrivateDispose(void *obj); + +static int +qemuDomainGraphicsPrivateOnceInit(void) +{ + if (!VIR_CLASS_NEW(qemuDomainGraphicsPrivate, virClassForObject())) + return -1; + + return 0; +} + +VIR_ONCE_GLOBAL_INIT(qemuDomainGraphicsPrivate) + +static virObjectPtr +qemuDomainGraphicsPrivateNew(void) +{ + qemuDomainGraphicsPrivatePtr priv; + + if (qemuDomainGraphicsPrivateInitialize() < 0) + return NULL; + + if (!(priv =3D virObjectNew(qemuDomainGraphicsPrivateClass))) + return NULL; + + return (virObjectPtr) priv; +} + + +static void +qemuDomainGraphicsPrivateDispose(void *obj) +{ + qemuDomainGraphicsPrivatePtr priv =3D obj; + + VIR_FREE(priv->tlsAlias); +} + + /* qemuDomainSecretPlainSetup: * @secinfo: Pointer to secret info * @usageType: The virSecretUsageType @@ -3035,6 +3073,7 @@ virDomainXMLPrivateDataCallbacks virQEMUDriverPrivate= DataCallbacks =3D { .vcpuNew =3D qemuDomainVcpuPrivateNew, .chrSourceNew =3D qemuDomainChrSourcePrivateNew, .vsockNew =3D qemuDomainVsockPrivateNew, + .graphicsNew =3D qemuDomainGraphicsPrivateNew, .parse =3D qemuDomainObjPrivateXMLParse, .format =3D qemuDomainObjPrivateXMLFormat, .getParseOpaque =3D qemuDomainObjPrivateXMLGetParseOpaque, diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index a837b8a731..01e47996f5 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -481,6 +481,18 @@ struct _qemuDomainVsockPrivate { }; =20 =20 +# define QEMU_DOMAIN_GRAPHICS_PRIVATE(dev) \ + ((qemuDomainGraphicsPrivatePtr) (dev)->privateData) + +typedef struct _qemuDomainGraphicsPrivate qemuDomainGraphicsPrivate; +typedef qemuDomainGraphicsPrivate *qemuDomainGraphicsPrivatePtr; +struct _qemuDomainGraphicsPrivate { + virObject parent; + + char *tlsAlias; +}; + + typedef enum { QEMU_PROCESS_EVENT_WATCHDOG =3D 0, QEMU_PROCESS_EVENT_GUESTPANIC, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Nov 27 12:25:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1547624544452305.2612316758101; Tue, 15 Jan 2019 23:42:24 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E5E633A267; Wed, 16 Jan 2019 07:42:21 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8D8CF101963A; Wed, 16 Jan 2019 07:42:21 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3F0F6180339B; Wed, 16 Jan 2019 07:42:21 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0G7fwDh013930 for ; Wed, 16 Jan 2019 02:41:58 -0500 Received: by smtp.corp.redhat.com (Postfix) id CE7C75D96E; Wed, 16 Jan 2019 07:41:58 +0000 (UTC) Received: from lpt.brq.redhat.com (unknown [10.43.2.68]) by smtp.corp.redhat.com (Postfix) with ESMTP id 55CDE5D967 for ; Wed, 16 Jan 2019 07:41:58 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Wed, 16 Jan 2019 08:41:46 +0100 Message-Id: <686c80e9d9f4f5342007adbb5b70f068d9189157.1547624106.git.jtomko@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 4/8] qemu: prepare secret for the graphics upfront X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Wed, 16 Jan 2019 07:42:23 +0000 (UTC) Instead of hardcoding the TLS creds alias in qemuBuildGraphicsVNCCommandLine, store it in the domain private data. Given that we only support one VNC graphics and thus have only one alias per-domain, this is overengineered, but it will allow us to prepare the secret upfront when we start supporting encrypted server TLS keys. Note that the alias is not formatted anywhere since we won't need to access it after domain startup. Signed-off-by: J=C3=A1n Tomko Reviewed-by: John Ferlan --- src/qemu/qemu_command.c | 8 ++++---- src/qemu/qemu_domain.c | 44 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 822d5f8669..d130d0463c 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -8035,18 +8035,18 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfig= Ptr cfg, virBufferAddLit(&opt, ",password"); =20 if (cfg->vncTLS) { - if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) { - const char *alias =3D "vnc-tls-creds0"; + qemuDomainGraphicsPrivatePtr gfxPriv =3D QEMU_DOMAIN_GRAPHICS_PRIV= ATE(graphics); + if (gfxPriv->tlsAlias) { if (qemuBuildTLSx509CommandLine(cmd, cfg->vncTLSx509certdir, true, cfg->vncTLSx509verify, NULL, - alias, + gfxPriv->tlsAlias, qemuCaps) < 0) goto error; =20 - virBufferAsprintf(&opt, ",tls-creds=3D%s", alias); + virBufferAsprintf(&opt, ",tls-creds=3D%s", gfxPriv->tlsAlias); } else { virBufferAddLit(&opt, ",tls"); if (cfg->vncTLSx509verify) { diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 63e739b778..6960f0569b 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1741,6 +1741,42 @@ qemuDomainSecretChardevPrepare(virQEMUDriverConfigPt= r cfg, } =20 =20 +static void +qemuDomainSecretGraphicsDestroy(virDomainGraphicsDefPtr graphics) +{ + qemuDomainGraphicsPrivatePtr gfxPriv =3D QEMU_DOMAIN_GRAPHICS_PRIVATE(= graphics); + + if (!gfxPriv) + return; + + VIR_FREE(gfxPriv->tlsAlias); +} + + +static int +qemuDomainSecretGraphicsPrepare(virQEMUDriverConfigPtr cfg, + qemuDomainObjPrivatePtr priv, + virDomainGraphicsDefPtr graphics) +{ + virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; + qemuDomainGraphicsPrivatePtr gfxPriv =3D QEMU_DOMAIN_GRAPHICS_PRIVATE(= graphics); + + if (graphics->type !=3D VIR_DOMAIN_GRAPHICS_TYPE_VNC) + return 0; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) + return 0; + + if (!cfg->vncTLS) + return 0; + + if (VIR_STRDUP(gfxPriv->tlsAlias, "vnc-tls-creds0") < 0) + return -1; + + return 0; +} + + /* qemuDomainSecretDestroy: * @vm: Domain object * @@ -1782,6 +1818,9 @@ qemuDomainSecretDestroy(virDomainObjPtr vm) =20 for (i =3D 0; i < vm->def->nredirdevs; i++) qemuDomainSecretChardevDestroy(vm->def->redirdevs[i]->source); + + for (i =3D 0; i < vm->def->ngraphics; i++) + qemuDomainSecretGraphicsDestroy(vm->def->graphics[i]); } =20 =20 @@ -1865,6 +1904,11 @@ qemuDomainSecretPrepare(virQEMUDriverPtr driver, goto cleanup; } =20 + for (i =3D 0; i < vm->def->ngraphics; i++) { + if (qemuDomainSecretGraphicsPrepare(cfg, priv, vm->def->graphics[i= ]) < 0) + goto cleanup; + } + ret =3D 0; =20 cleanup: --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Nov 27 12:25:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1547624525601147.8481235816871; Tue, 15 Jan 2019 23:42:05 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 387A487642; Wed, 16 Jan 2019 07:42:03 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D702A6063E; Wed, 16 Jan 2019 07:42:02 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6C20C3F7D5; Wed, 16 Jan 2019 07:42:02 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0G7fxLR013935 for ; Wed, 16 Jan 2019 02:41:59 -0500 Received: by smtp.corp.redhat.com (Postfix) id A266F5D96E; Wed, 16 Jan 2019 07:41:59 +0000 (UTC) Received: from lpt.brq.redhat.com (unknown [10.43.2.68]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2727D5D967 for ; Wed, 16 Jan 2019 07:41:58 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Wed, 16 Jan 2019 08:41:47 +0100 Message-Id: <38b55f95f650557f865c5b226725eb96938a7bc1.1547624106.git.jtomko@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 5/8] qemu_process: fix debug message X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 16 Jan 2019 07:42:04 +0000 (UTC) Be generic instead of trying to enumerate all the involved device types. Signed-off-by: J=C3=A1n Tomko Reviewed-by: John Ferlan --- src/qemu/qemu_process.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index aad6c12552..f4af673cdb 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -6050,7 +6050,7 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver, VIR_DEBUG("Prepare chardev source backends for TLS"); qemuDomainPrepareChardevSource(vm->def, cfg); =20 - VIR_DEBUG("Add secrets to hostdevs and chardevs"); + VIR_DEBUG("Prepare device secrets"); if (qemuDomainSecretPrepare(driver, vm) < 0) goto cleanup; =20 --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Nov 27 12:25:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1547624535098520.6523929869187; Tue, 15 Jan 2019 23:42:15 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 675A8BDFA; Wed, 16 Jan 2019 07:42:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0A998608E0; Wed, 16 Jan 2019 07:42:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 96D041803396; Wed, 16 Jan 2019 07:42:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0G7g0TH013948 for ; Wed, 16 Jan 2019 02:42:00 -0500 Received: by smtp.corp.redhat.com (Postfix) id 78C585D96E; Wed, 16 Jan 2019 07:42:00 +0000 (UTC) Received: from lpt.brq.redhat.com (unknown [10.43.2.68]) by smtp.corp.redhat.com (Postfix) with ESMTP id F248C5D967 for ; Wed, 16 Jan 2019 07:41:59 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Wed, 16 Jan 2019 08:41:48 +0100 Message-Id: <459fbb835daf1a3b656f42fd0fcd2acf19820447.1547624106.git.jtomko@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 6/8] qemu.conf: add vnc_tls_x509_secret_uuid X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 16 Jan 2019 07:42:13 +0000 (UTC) Add an option that lets the user specify the secret that unlocks the server TLS key. Signed-off-by: J=C3=A1n Tomko Reviewed-by: John Ferlan --- src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 6 ++++++ src/qemu/qemu_conf.c | 3 +++ src/qemu/qemu_conf.h | 1 + src/qemu/test_libvirtd_qemu.aug.in | 1 + 5 files changed, 12 insertions(+) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index 28bd851411..b311f02da6 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -35,6 +35,7 @@ module Libvirtd_qemu =3D | bool_entry "vnc_auto_unix_socket" | bool_entry "vnc_tls" | str_entry "vnc_tls_x509_cert_dir" + | str_entry "vnc_tls_x509_secret_uuid" | bool_entry "vnc_tls_x509_verify" | str_entry "vnc_password" | bool_entry "vnc_sasl" diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 28e51b2c59..c1f1201134 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -95,6 +95,12 @@ #vnc_tls_x509_cert_dir =3D "/etc/pki/libvirt-vnc" =20 =20 +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +#vnc_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000" + + # The default TLS configuration only uses certificates for the server # allowing the client to verify the server's identity and establish # an encrypted channel. diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 18ad99c173..0f74fd1716 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -457,6 +457,8 @@ virQEMUDriverConfigLoadVNCEntry(virQEMUDriverConfigPtr = cfg, cfg->vncTLSx509verifyPresent =3D true; if (virConfGetValueString(conf, "vnc_tls_x509_cert_dir", &cfg->vncTLSx= 509certdir) < 0) return -1; + if (virConfGetValueString(conf, "vnc_tls_x509_secret_uuid", &cfg->vncT= LSx509secretUUID) < 0) + return -1; if (virConfGetValueString(conf, "vnc_listen", &cfg->vncListen) < 0) return -1; if (virConfGetValueString(conf, "vnc_password", &cfg->vncPassword) < 0) @@ -1184,6 +1186,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr= cfg) } \ } while (0) =20 + SET_TLS_SECRET_UUID_DEFAULT(vnc); SET_TLS_SECRET_UUID_DEFAULT(chardev); SET_TLS_SECRET_UUID_DEFAULT(migrate); =20 diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index bce8364c5a..14c9d15a72 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -125,6 +125,7 @@ struct _virQEMUDriverConfig { bool vncTLSx509verifyPresent; bool vncSASL; char *vncTLSx509certdir; + char *vncTLSx509secretUUID; char *vncListen; char *vncPassword; char *vncSASLdir; diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index f1e8806ad2..4235464530 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -9,6 +9,7 @@ module Test_libvirtd_qemu =3D { "vnc_auto_unix_socket" =3D "1" } { "vnc_tls" =3D "1" } { "vnc_tls_x509_cert_dir" =3D "/etc/pki/libvirt-vnc" } +{ "vnc_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000" } { "vnc_tls_x509_verify" =3D "1" } { "vnc_password" =3D "XYZ12345" } { "vnc_sasl" =3D "1" } --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Nov 27 12:25:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1547624548080876.5175398354677; Tue, 15 Jan 2019 23:42:28 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EE33DD4E6F; Wed, 16 Jan 2019 07:42:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B00AE1019633; Wed, 16 Jan 2019 07:42:25 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 588903F606; Wed, 16 Jan 2019 07:42:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0G7g1DO013964 for ; Wed, 16 Jan 2019 02:42:01 -0500 Received: by smtp.corp.redhat.com (Postfix) id 512805D967; Wed, 16 Jan 2019 07:42:01 +0000 (UTC) Received: from lpt.brq.redhat.com (unknown [10.43.2.68]) by smtp.corp.redhat.com (Postfix) with ESMTP id C69D75D96E for ; Wed, 16 Jan 2019 07:42:00 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Wed, 16 Jan 2019 08:41:49 +0100 Message-Id: <39a864599a3ddfaea1f0fa25d1665ad165bba1a8.1547624106.git.jtomko@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 7/8] qemu: add support for encrypted VNC TLS keys X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Wed, 16 Jan 2019 07:42:27 +0000 (UTC) Use the password stored in the secret driver under the uuid specified by the vnc_tls_x509_secret_uuid option in qemu.conf. https://bugzilla.redhat.com/show_bug.cgi?id=3D1602418 Signed-off-by: J=C3=A1n Tomko Reviewed-by: John Ferlan --- src/qemu/qemu_command.c | 11 +++++- src/qemu/qemu_domain.c | 9 +++++ src/qemu/qemu_domain.h | 1 + ...graphics-vnc-tls-secret.x86_64-latest.args | 36 +++++++++++++++++++ .../graphics-vnc-tls-secret.xml | 30 ++++++++++++++++ tests/qemuxml2argvtest.c | 5 +++ 6 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-l= atest.args create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls-secret.xml diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index d130d0463c..e17d7ddec7 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -8037,11 +8037,20 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfig= Ptr cfg, if (cfg->vncTLS) { qemuDomainGraphicsPrivatePtr gfxPriv =3D QEMU_DOMAIN_GRAPHICS_PRIV= ATE(graphics); if (gfxPriv->tlsAlias) { + const char *secretAlias =3D NULL; + + if (gfxPriv && gfxPriv->secinfo) { + if (qemuBuildObjectSecretCommandLine(cmd, + gfxPriv->secinfo) < 0) + goto error; + secretAlias =3D gfxPriv->secinfo->s.aes.alias; + } + if (qemuBuildTLSx509CommandLine(cmd, cfg->vncTLSx509certdir, true, cfg->vncTLSx509verify, - NULL, + secretAlias, gfxPriv->tlsAlias, qemuCaps) < 0) goto error; diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 6960f0569b..da9c4e566d 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1269,6 +1269,7 @@ qemuDomainGraphicsPrivateDispose(void *obj) qemuDomainGraphicsPrivatePtr priv =3D obj; =20 VIR_FREE(priv->tlsAlias); + qemuDomainSecretInfoFree(&priv->secinfo); } =20 =20 @@ -1750,6 +1751,7 @@ qemuDomainSecretGraphicsDestroy(virDomainGraphicsDefP= tr graphics) return; =20 VIR_FREE(gfxPriv->tlsAlias); + qemuDomainSecretInfoFree(&gfxPriv->secinfo); } =20 =20 @@ -1773,6 +1775,13 @@ qemuDomainSecretGraphicsPrepare(virQEMUDriverConfigP= tr cfg, if (VIR_STRDUP(gfxPriv->tlsAlias, "vnc-tls-creds0") < 0) return -1; =20 + if (cfg->vncTLSx509secretUUID) { + gfxPriv->secinfo =3D qemuDomainSecretInfoTLSNew(priv, gfxPriv->tls= Alias, + cfg->vncTLSx509secre= tUUID); + if (!gfxPriv->secinfo) + return -1; + } + return 0; } =20 diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 01e47996f5..e706ddca31 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -490,6 +490,7 @@ struct _qemuDomainGraphicsPrivate { virObject parent; =20 char *tlsAlias; + qemuDomainSecretInfoPtr secinfo; }; =20 =20 diff --git a/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.a= rgs b/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args new file mode 100644 index 0000000000..737c4fe8fb --- /dev/null +++ b/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args @@ -0,0 +1,36 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +SASL_CONF_PATH=3D/root/.sasl2 \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-i686 \ +-name guest=3DQEMUGuest1,debug-threads=3Don \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ +-machine pc,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ +-m 214 \ +-realtime mlock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-no-acpi \ +-boot strict=3Don \ +-device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \ +-object secret,id=3Dvnc-tls-creds0-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-object tls-creds-x509,id=3Dvnc-tls-creds0,dir=3D/etc/pki/libvirt-vnc,\ +endpoint=3Dserver,verify-peer=3Dyes,passwordid=3Dvnc-tls-creds0-secret0 \ +-vnc 127.0.0.1:3,tls-creds=3Dvnc-tls-creds0,sasl \ +-device cirrus-vga,id=3Dvideo0,bus=3Dpci.0,addr=3D0x2 \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,\ +resourcecontrol=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvdata/graphics-vnc-tls-secret.xml b/tests/qem= uxml2argvdata/graphics-vnc-tls-secret.xml new file mode 100644 index 0000000000..079f6241c4 --- /dev/null +++ b/tests/qemuxml2argvdata/graphics-vnc-tls-secret.xml @@ -0,0 +1,30 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + + + + + + + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 2cb8860d26..ba6fd4db35 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1290,6 +1290,11 @@ mymain(void) DO_TEST("graphics-vnc-tls", QEMU_CAPS_VNC, QEMU_CAPS_DEVICE_CIRRUS_VGA= ); DO_TEST_CAPS_VER("graphics-vnc-tls", "2.4.0"); DO_TEST_CAPS_LATEST("graphics-vnc-tls"); + if (VIR_STRDUP_QUIET(driver.config->vncTLSx509secretUUID, + "6fd3f62d-9fe7-4a4e-a869-7acd6376d8ea") < 0) + return EXIT_FAILURE; + DO_TEST_CAPS_LATEST("graphics-vnc-tls-secret"); + VIR_FREE(driver.config->vncTLSx509secretUUID); driver.config->vncSASL =3D driver.config->vncTLSx509verify =3D driver.= config->vncTLS =3D 0; VIR_FREE(driver.config->vncSASLdir); VIR_FREE(driver.config->vncTLSx509certdir); --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Nov 27 12:25:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1547624552796218.92308098870683; Tue, 15 Jan 2019 23:42:32 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D3A129D1F9; Wed, 16 Jan 2019 07:42:30 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8048818501; Wed, 16 Jan 2019 07:42:30 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id E597A3F60A; Wed, 16 Jan 2019 07:42:29 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0G7g2ef013991 for ; Wed, 16 Jan 2019 02:42:02 -0500 Received: by smtp.corp.redhat.com (Postfix) id 211195D96E; Wed, 16 Jan 2019 07:42:02 +0000 (UTC) Received: from lpt.brq.redhat.com (unknown [10.43.2.68]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9BD6C5D967 for ; Wed, 16 Jan 2019 07:42:01 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Wed, 16 Jan 2019 08:41:50 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 8/8] qemu: error out when vnc vncTLSx509secretUUID is unsupported X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 16 Jan 2019 07:42:31 +0000 (UTC) Add a capability check to qemuDomainDefValidate. Signed-off-by: J=C3=A1n Tomko --- src/qemu/qemu_domain.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index da9c4e566d..851cb6d622 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -4127,6 +4127,7 @@ qemuDomainDefValidate(const virDomainDef *def, void *opaque) { virQEMUDriverPtr driver =3D opaque; + virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); virQEMUCapsPtr qemuCaps =3D NULL; int ret =3D -1; =20 @@ -4249,10 +4250,19 @@ qemuDomainDefValidate(const virDomainDef *def, if (qemuDomainDefValidateMemory(def, qemuCaps) < 0) goto cleanup; =20 + if (cfg->vncTLS && cfg->vncTLSx509secretUUID && + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("encrypted VNC TLS keys are not supported with " + "this QEMU binary")); + goto cleanup; + } + ret =3D 0; =20 cleanup: virObjectUnref(qemuCaps); + virObjectUnref(cfg); return ret; } =20 --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list