7:41 a.m.
qemuBuildTLSx509CommandLine has no business guessing which alias should
be used. The alias needs to be passed in.
Note that there's a lingering bad design of this, since the secret
object alias is based on the device name and not on the fact that the
secret is used for decrypting of the TLS private key. If we ever add
authentication for chardevs this will bite us.
Thankfully disk code does not support encrypted private keys for TLS so
it can be happily refactored there.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_command.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 9ec1d30c80..c63963adfa 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -723,7 +723,8 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
* @tlspath: path to the TLS credentials
* @listen: boolen listen for client or server setting
* @verifypeer: boolean to enable peer verification (form of authorization)
- * @addpasswordid: boolean to handle adding passwordid to object
+ * @certEncSecretAlias: alias of a 'secret' object for decrypting TLS private
key
+ * (optional)
* @inalias: Alias for the parent to generate object alias
* @qemuCaps: capabilities
*
@@ -736,7 +737,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
const char *tlspath,
bool isListen,
bool verifypeer,
- bool addpasswordid,
+ const char *certEncSecretAlias,
const char *inalias,
virQEMUCapsPtr qemuCaps)
{
@@ -744,13 +745,9 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
char *objalias = NULL;
virJSONValuePtr props = NULL;
char *tmp = NULL;
- char *secalias = NULL;
- if (addpasswordid &&
- !(secalias = qemuDomainGetSecretAESAlias(inalias, false)))
- return -1;
-
- if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, secalias,
+ if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer,
+ certEncSecretAlias,
qemuCaps, &props) < 0)
goto cleanup;
@@ -769,7 +766,6 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
virJSONValueFree(props);
VIR_FREE(objalias);
VIR_FREE(tmp);
- VIR_FREE(secalias);
return ret;
}
@@ -793,7 +789,7 @@ qemuBuildDiskSrcTLSx509CommandLine(virCommandPtr cmd,
src->haveTLS == VIR_TRISTATE_BOOL_YES) {
return qemuBuildTLSx509CommandLine(cmd, src->tlsCertdir,
false, src->tlsVerify,
- false, srcalias, qemuCaps);
+ NULL, srcalias, qemuCaps);
}
return 0;
@@ -4986,20 +4982,24 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager,
qemuDomainChrSourcePrivatePtr chrSourcePriv =
QEMU_DOMAIN_CHR_SOURCE_PRIVATE(dev);
char *objalias = NULL;
+ const char *tlsCertEncSecAlias = NULL;
/* Add the secret object first if necessary. The
* secinfo is added only to a TCP serial device during
* qemuDomainSecretChardevPrepare. Subsequently called
* functions can just check the config fields */
- if (chrSourcePriv && chrSourcePriv->secinfo &&
- qemuBuildObjectSecretCommandLine(cmd,
- chrSourcePriv->secinfo) < 0)
- goto cleanup;
+ if (chrSourcePriv && chrSourcePriv->secinfo) {
+ if (qemuBuildObjectSecretCommandLine(cmd,
+ chrSourcePriv->secinfo) < 0)
+ goto cleanup;
+
+ tlsCertEncSecAlias = chrSourcePriv->secinfo->s.aes.alias;
+ }
if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir,
dev->data.tcp.listen,
cfg->chardevTLSx509verify,
- !!cfg->chardevTLSx509secretUUID,
+ tlsCertEncSecAlias,
charAlias, qemuCaps) < 0)
goto cleanup;
--
2.16.2