1:06 p.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1300776
Complete the implementation of support for TLS encryption on
chardev TCP transports by adding the hotplug ability of a secret
to generate the passwordid for the TLS object
Likewise, add the ability to hot unplug that secret object as well
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/qemu/qemu_driver.c | 2 +-
src/qemu/qemu_hotplug.c | 43 +++++++++++++++++++++++++++++++++++++++++--
src/qemu/qemu_hotplug.h | 3 ++-
tests/qemuhotplugtest.c | 2 +-
4 files changed, 45 insertions(+), 5 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ee717f0..aba5a69 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7516,7 +7516,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
break;
case VIR_DOMAIN_DEVICE_CHR:
- ret = qemuDomainAttachChrDevice(driver, vm,
+ ret = qemuDomainAttachChrDevice(dom->conn, driver, vm,
dev->data.chr);
if (!ret) {
alias = dev->data.chr->info.alias;
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 1a07a32..42b5778 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1513,7 +1513,8 @@ qemuDomainAttachChrDeviceAssignAddr(qemuDomainObjPrivatePtr priv,
return 0;
}
-int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
+int qemuDomainAttachChrDevice(virConnectPtr conn,
+ virQEMUDriverPtr driver,
virDomainObjPtr vm,
virDomainChrDefPtr chr)
{
@@ -1526,6 +1527,8 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
char *charAlias = NULL;
virJSONValuePtr props = NULL;
char *objAlias = NULL;
+ virJSONValuePtr secprops = NULL;
+ char *secAlias = NULL;
bool need_release = false;
if (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
@@ -1549,11 +1552,28 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
if (qemuDomainChrPreInsert(vmdef, chr) < 0)
goto cleanup;
+ if (qemuDomainSecretChardevPrepare(conn, priv, chr) < 0)
+ goto cleanup;
+
if (cfg->chardevTLS) {
+ /* Add a secret object in order to access the TLS environment
+ * if provided of course */
+ if (dev->data.tcp.sectype == VIR_SECRET_USAGE_TYPE_PASSPHRASE) {
+ qemuDomainChardevPrivatePtr chardevPriv =
+ QEMU_DOMAIN_CHARDEV_PRIVATE(chr);
+ qemuDomainSecretInfoPtr secinfo = chardevPriv->secinfo;
+
+ if (qemuBuildSecretInfoProps(secinfo, &secprops) < 0)
+ goto cleanup;
+
+ if (!(secAlias = qemuDomainGetSecretAESAlias(charAlias)))
+ goto cleanup;
+ }
+
if (qemuBuildTLSx509BackendProps(cfg->chardevTLSx509certdir,
dev->data.tcp.listen,
cfg->chardevTLSx509verify,
- NULL,
+ secAlias,
priv->qemuCaps,
&props) < 0)
goto cleanup;
@@ -1565,6 +1585,10 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
qemuDomainObjEnterMonitor(driver, vm);
+ if (secAlias && qemuMonitorAddObject(priv->mon, "secret",
+ secAlias, secprops) < 0)
+ goto failsecobject;
+
if (objAlias && qemuMonitorAddObject(priv->mon,
"tls-creds-x509",
objAlias, props) < 0)
goto failobject;
@@ -1589,6 +1613,8 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
qemuDomainReleaseDeviceAddress(vm, &chr->info, NULL);
VIR_FREE(objAlias);
virJSONValueFree(props);
+ VIR_FREE(secAlias);
+ virJSONValueFree(secprops);
VIR_FREE(charAlias);
VIR_FREE(devstr);
virObjectUnref(cfg);
@@ -1601,6 +1627,9 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
/* Remove the object */
ignore_value(qemuMonitorDelObject(priv->mon, objAlias));
failobject:
+ /* Remove the secobject */
+ ignore_value(qemuMonitorDelObject(priv->mon, secAlias));
+ failsecobject:
ignore_value(qemuDomainObjExitMonitor(driver, vm));
goto audit;
}
@@ -4115,6 +4144,7 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
qemuDomainObjPrivatePtr priv = vm->privateData;
virDomainDefPtr vmdef = vm->def;
virDomainChrDefPtr tmpChr;
+ virDomainChrSourceDefPtr dev = &chr->source;
char *objAlias = NULL;
char *devstr = NULL;
@@ -4139,6 +4169,15 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
qemuDomainMarkDeviceForRemoval(vm, &tmpChr->info);
qemuDomainObjEnterMonitor(driver, vm);
+ if (dev->data.tcp.sectype == VIR_SECRET_USAGE_TYPE_PASSPHRASE) {
+ qemuDomainChardevPrivatePtr chardevPriv =
+ QEMU_DOMAIN_CHARDEV_PRIVATE(chr);
+ qemuDomainSecretInfoPtr secinfo = chardevPriv->secinfo;
+
+ if (qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias) < 0)
+ goto faildel;
+ }
+
if (objAlias && qemuMonitorDelObject(priv->mon, objAlias) < 0)
goto faildel;
diff --git a/src/qemu/qemu_hotplug.h b/src/qemu/qemu_hotplug.h
index 165d345..a299ea1 100644
--- a/src/qemu/qemu_hotplug.h
+++ b/src/qemu/qemu_hotplug.h
@@ -92,7 +92,8 @@ int qemuDomainAttachLease(virQEMUDriverPtr driver,
int qemuDomainDetachLease(virQEMUDriverPtr driver,
virDomainObjPtr vm,
virDomainLeaseDefPtr lease);
-int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
+int qemuDomainAttachChrDevice(virConnectPtr conn,
+ virQEMUDriverPtr driver,
virDomainObjPtr vm,
virDomainChrDefPtr chr);
int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
diff --git a/tests/qemuhotplugtest.c b/tests/qemuhotplugtest.c
index 91bf331..c4412b6 100644
--- a/tests/qemuhotplugtest.c
+++ b/tests/qemuhotplugtest.c
@@ -116,7 +116,7 @@ testQemuHotplugAttach(virDomainObjPtr vm,
ret = qemuDomainAttachDeviceDiskLive(NULL, &driver, vm, dev);
break;
case VIR_DOMAIN_DEVICE_CHR:
- ret = qemuDomainAttachChrDevice(&driver, vm, dev->data.chr);
+ ret = qemuDomainAttachChrDevice(NULL, &driver, vm, dev->data.chr);
break;
default:
VIR_TEST_VERBOSE("device type '%s' cannot be attached\n",
--
2.5.5