7:40 p.m.
Add the domain rng, parse, and format of a new XML element "tlsx509":
<tlsx509 path='/tmp/x509/certdir'/>
The attribute for the element will contain a path to an X.509 certificate
credential directory to be passed along to the hypervisor to process.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
docs/formatdomain.html.in | 26 +++++++++++
docs/schemas/domaincommon.rng | 12 +++++
src/conf/domain_conf.c | 15 +++++++
src/conf/domain_conf.h | 1 +
.../qemuxml2argv-serial-tcp-tlsx509-chardev.xml | 42 ++++++++++++++++++
.../qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml | 51 ++++++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
7 files changed, 148 insertions(+)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
create mode 100644
tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index bca9847..07d5773 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -5975,6 +5975,32 @@ qemu-kvm -net nic,model=? /dev/null
</devices>
...</pre>
+ <p>
+ <span class="since">Since 1.3.6,</span> some hypervisors
support
+ receiving a path to a directory containing an X.509 certificate
+ credentials. Configuration is handled via the
+ <code>tlsx509</code> element with the <code>path</code>
attribute
+ defining the absolute directory path to the credentials.
+ </p>
+<pre>
+ ...
+ <devices>
+ <serial type="tcp">
+ <source mode="connect" host="0.0.0.0"
service="2445"/>
+ <protocol type="raw"/>
+ <tlsx509 path='/path/to/x509/certdir'/>
+ <target port="1"/>
+ </serial>
+ ...
+ <serial type="tcp">
+ <source mode="bind" host="127.0.0.1"
service="2445"/>
+ <protocol type="raw"/>
+ <target port="1"/>
+ <tlsx509 path="/path/to/x509/certdir"/>
+ </serial>
+ </devices>
+ ...</pre>
+
<h6><a name="elementsCharUDP">UDP network
console</a></h6>
<p>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 02078d7..1b6af6c 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3207,6 +3207,9 @@
<ref name="qemucdevTgtDef"/>
</optional>
<optional>
+ <ref name="qemucdevTlsx509Def"/>
+ </optional>
+ <optional>
<ref name="alias"/>
</optional>
<optional>
@@ -3258,6 +3261,14 @@
</element>
</define>
+ <define name="qemucdevTlsx509Def">
+ <element name="tlsx509">
+ <attribute name="path">
+ <ref name="absFilePath"/>
+ </attribute>
+ </element>
+ </define>
+
<define name="qemucdevSrcTypeChoice">
<choice>
<value>dev</value>
@@ -3373,6 +3384,7 @@
</element>
</optional>
<optional>
+
<element name="log">
<attribute name="file">
<ref name="absFilePath"/>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 10e61da..721866e 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1837,6 +1837,7 @@ virDomainChrSourceDefClear(virDomainChrSourceDefPtr def)
case VIR_DOMAIN_CHR_TYPE_TCP:
VIR_FREE(def->data.tcp.host);
VIR_FREE(def->data.tcp.service);
+ VIR_FREE(def->data.tcp.tlspath);
break;
case VIR_DOMAIN_CHR_TYPE_UNIX:
@@ -1893,6 +1894,9 @@ virDomainChrSourceDefCopy(virDomainChrSourceDefPtr dest,
if (VIR_STRDUP(dest->data.tcp.service, src->data.tcp.service) < 0)
return -1;
+
+ if (VIR_STRDUP(dest->data.tcp.tlspath, src->data.tcp.tlspath) < 0)
+ return -1;
break;
case VIR_DOMAIN_CHR_TYPE_UNIX:
@@ -1961,6 +1965,7 @@ virDomainChrSourceDefIsEqual(const virDomainChrSourceDef *src,
case VIR_DOMAIN_CHR_TYPE_TCP:
return src->data.tcp.listen == tgt->data.tcp.listen &&
src->data.tcp.protocol == tgt->data.tcp.protocol &&
+ STREQ_NULLABLE(src->data.tcp.tlspath, tgt->data.tcp.tlspath)
&&
STREQ_NULLABLE(src->data.tcp.host, tgt->data.tcp.host) &&
STREQ_NULLABLE(src->data.tcp.service, tgt->data.tcp.service);
break;
@@ -9849,6 +9854,7 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
char *master = NULL;
char *slave = NULL;
char *append = NULL;
+ char *tlsx509 = NULL;
int remaining = 0;
while (cur != NULL) {
@@ -9938,6 +9944,9 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
} else if (xmlStrEqual(cur->name, BAD_CAST "protocol")) {
if (!protocol)
protocol = virXMLPropString(cur, "type");
+ } else if (xmlStrEqual(cur->name, BAD_CAST "tlsx509")) {
+ if (!tlsx509)
+ tlsx509 = virXMLPropString(cur, "path");
} else {
remaining++;
}
@@ -10041,6 +10050,8 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
goto error;
}
+ if (tlsx509)
+ def->data.tcp.tlspath = virFileSanitizePath(tlsx509);
break;
case VIR_DOMAIN_CHR_TYPE_UDP:
@@ -10115,6 +10126,7 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
VIR_FREE(append);
VIR_FREE(logappend);
VIR_FREE(logfile);
+ VIR_FREE(tlsx509);
return remaining;
@@ -20965,6 +20977,9 @@ virDomainChrSourceDefFormat(virBufferPtr buf,
virBufferAsprintf(buf, "<protocol type='%s'/>\n",
virDomainChrTcpProtocolTypeToString(
def->data.tcp.protocol));
+ if (def->data.tcp.tlspath)
+ virBufferEscapeString(buf, "<tlsx509 path='%s'/>\n",
+ def->data.tcp.tlspath);
break;
case VIR_DOMAIN_CHR_TYPE_UNIX:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 3792562..a1cced5 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1085,6 +1085,7 @@ struct _virDomainChrSourceDef {
struct {
char *host;
char *service;
+ char *tlspath;
bool listen;
int protocol;
} tcp;
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
new file mode 100644
index 0000000..edd78f1
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
@@ -0,0 +1,42 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0'
target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='ide' index='0'/>
+ <serial type='udp'>
+ <source mode='bind' host='127.0.0.1'
service='1111'/>
+ <source mode='connect' host='127.0.0.1'
service='2222'/>
+ <target port='0'/>
+ </serial>
+ <serial type='tcp'>
+ <source mode='connect' host='127.0.0.1'
service='5555'/>
+ <protocol type='raw'/>
+ <target port='0'/>
+ <tlsx509 path='/tmp/x509/certdir'/>
+ </serial>
+ <console type='udp'>
+ <source mode='bind' host='127.0.0.1'
service='1111'/>
+ <source mode='connect' host='127.0.0.1'
service='2222'/>
+ <target type='serial' port='0'/>
+ </console>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
b/tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
new file mode 100644
index 0000000..e9e6e70
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
@@ -0,0 +1,51 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0'
target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='ide' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x1'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <serial type='udp'>
+ <source mode='bind' host='127.0.0.1'
service='1111'/>
+ <source mode='connect' host='127.0.0.1'
service='2222'/>
+ <target port='0'/>
+ </serial>
+ <serial type='tcp'>
+ <source mode='connect' host='127.0.0.1'
service='5555'/>
+ <protocol type='raw'/>
+ <tlsx509 path='/tmp/x509/certdir'/>
+ <target port='0'/>
+ </serial>
+ <console type='udp'>
+ <source mode='bind' host='127.0.0.1'
service='1111'/>
+ <source mode='connect' host='127.0.0.1'
service='2222'/>
+ <target type='serial' port='0'/>
+ </console>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
+ </memballoon>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index ba55919..692f2c2 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -483,6 +483,7 @@ mymain(void)
DO_TEST("serial-tcp");
DO_TEST("serial-udp");
DO_TEST("serial-tcp-telnet");
+ DO_TEST("serial-tcp-tlsx509-chardev");
DO_TEST("serial-many");
DO_TEST("serial-spiceport");
DO_TEST("serial-spiceport-nospice");
--
2.5.5