Re: [libvirt] [PATCH 7/8] qemu: add support for encrypted VNC TLS keys

17 Jan 2019

On 1/16/19 2:41 AM, Ján Tomko wrote:
...
Use the password stored in the secret driver under
the uuid specified by the vnc_tls_x509_secret_uuid
option in qemu.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=1602418
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 src/qemu/qemu_command.c                       | 11 +++++-
 src/qemu/qemu_domain.c                        |  9 +++++
 src/qemu/qemu_domain.h                        |  1 +
 ...graphics-vnc-tls-secret.x86_64-latest.args | 36 +++++++++++++++++++
 .../graphics-vnc-tls-secret.xml               | 30 ++++++++++++++++
 tests/qemuxml2argvtest.c                      |  5 +++
 6 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls-secret.xml

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index d130d0463c..e17d7ddec7 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8037,11 +8037,20 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
     if (cfg->vncTLS) {
         qemuDomainGraphicsPrivatePtr gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics);
         if (gfxPriv->tlsAlias) {
+            const char *secretAlias = NULL;
+
+            if (gfxPriv && gfxPriv->secinfo) {
"gfxPriv" check is unnecessary, we would have already died dereffing
tlsAlias.
...
+                if (qemuBuildObjectSecretCommandLine(cmd,
+                                                     gfxPriv->secinfo) < 0)
+                    goto error;
+                secretAlias = gfxPriv->secinfo->s.aes.alias;
+            }
+
             if (qemuBuildTLSx509CommandLine(cmd,
                                             cfg->vncTLSx509certdir,
                                             true,
                                             cfg->vncTLSx509verify,
-                                            NULL,
+                                            secretAlias,
                                             gfxPriv->tlsAlias,
                                             qemuCaps) < 0)
                 goto error;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 6960f0569b..da9c4e566d 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1269,6 +1269,7 @@ qemuDomainGraphicsPrivateDispose(void *obj)
     qemuDomainGraphicsPrivatePtr priv = obj;
VIR_FREE(priv->tlsAlias);
+    qemuDomainSecretInfoFree(&priv->secinfo);>  }
@@ -1750,6 +1751,7 @@ qemuDomainSecretGraphicsDestroy(virDomainGraphicsDefPtr graphics)
         return;
VIR_FREE(gfxPriv->tlsAlias);
+    qemuDomainSecretInfoFree(&gfxPriv->secinfo);
If you use virObjectUnref as noted in patch4, then the change in the
hunk above gives you this for free.
...
}
@@ -1773,6 +1775,13 @@ qemuDomainSecretGraphicsPrepare(virQEMUDriverConfigPtr cfg,
     if (VIR_STRDUP(gfxPriv->tlsAlias, "vnc-tls-creds0") < 0)
         return -1;
+    if (cfg->vncTLSx509secretUUID) {
+        gfxPriv->secinfo = qemuDomainSecretInfoTLSNew(priv, gfxPriv->tlsAlias,
+                                                      cfg->vncTLSx509secretUUID);
+        if (!gfxPriv->secinfo)
+            return -1;
+    }
+
     return 0;
 }
Reviewed-by: John Ferlan <jferlan@redhat.com>

John

[...]

    