[libvirt] [PATCH 0/4] qemu: TLS cleanup and fix of path escaping
Clean up some code and fix wrong escaping of TLS certificate path. Peter Krempa (4): qemu: command: Optimize formatting of 'passwordid' in qemuBuildTLSx509BackendProps tests: qemuxml2argv: Test TLS certificate path containing a comma qemu: command: Fix formatting of TLS backend properties qemu: command: Remove qemuBuildHasMasterKey src/qemu/qemu_command.c | 40 +++------------------- .../disk-drive-network-tlsx509-vxhs.args | 8 ++--- tests/qemuxml2argvtest.c | 2 +- 3 files changed, 10 insertions(+), 40 deletions(-) -- 2.16.2
Use the 'S' modifier for create the field optionally rather than calling another JSON formatter function. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_command.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index c4237339bf..173745ee49 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -731,13 +731,10 @@ qemuBuildTLSx509BackendProps(const char *tlspath, "s:dir", path, "s:endpoint", (isListen ? "server": "client"), "b:verify-peer", (isListen ? verifypeer : true), + "S:passwordid", secalias, NULL) < 0) goto cleanup; - if (secalias && - virJSONValueObjectAdd(*propsret, "s:passwordid", secalias, NULL) < 0) - goto cleanup; - ret = 0; cleanup: -- 2.16.2
We have to escape commas when formatting them on the command line. Add a test case of a TLS path containing a comma. Note that the output is wrong, this test case is to prove there's a bug. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args | 8 ++++---- tests/qemuxml2argvtest.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args b/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args index 2e747392be..a2b4d2bcbd 100644 --- a/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args +++ b/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args @@ -23,16 +23,16 @@ server,nowait \ -no-acpi \ -boot c \ -usb \ --object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/libvirt-vxhs,\ -endpoint=client,verify-peer=yes \ +-object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/libvirt-vxhs/dummy,\ +,,,path,endpoint=client,verify-peer=yes \ -drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\ file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\ file.server.host=192.168.0.1,file.server.port=9999,format=raw,if=none,\ id=drive-virtio-disk0,serial=eb90327c-8302-4725-9e1b-4e85ed4dc251,cache=none \ -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\ id=virtio-disk0 \ --object tls-creds-x509,id=objvirtio-disk1_tls0,dir=/etc/pki/libvirt-vxhs,\ -endpoint=client,verify-peer=yes \ +-object tls-creds-x509,id=objvirtio-disk1_tls0,dir=/etc/pki/libvirt-vxhs/dummy,\ +,,,path,endpoint=client,verify-peer=yes \ -drive file.driver=vxhs,file.tls-creds=objvirtio-disk1_tls0,\ file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc252,\ file.server.host=192.168.0.2,file.server.port=9999,format=raw,if=none,\ diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 07e5ba1d13..78454acb1a 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -639,7 +639,7 @@ mymain(void) if (VIR_STRDUP_QUIET(driver.config->chardevTLSx509certdir, "/etc/pki/libvirt-chardev") < 0) return EXIT_FAILURE; VIR_FREE(driver.config->vxhsTLSx509certdir); - if (VIR_STRDUP_QUIET(driver.config->vxhsTLSx509certdir, "/etc/pki/libvirt-vxhs") < 0) + if (VIR_STRDUP_QUIET(driver.config->vxhsTLSx509certdir, "/etc/pki/libvirt-vxhs/dummy,path") < 0) return EXIT_FAILURE; VIR_FREE(driver.config->hugetlbfs); -- 2.16.2
The JSON property generator should not escape commas as we do on the command line. The JSON->commandline generator already does that. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_command.c | 20 +++----------------- .../disk-drive-network-tlsx509-vxhs.args | 4 ++-- 2 files changed, 5 insertions(+), 19 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 173745ee49..19c7149b5b 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -712,35 +712,21 @@ qemuBuildTLSx509BackendProps(const char *tlspath, virQEMUCapsPtr qemuCaps, virJSONValuePtr *propsret) { - virBuffer buf = VIR_BUFFER_INITIALIZER; - char *path = NULL; - int ret = -1; - if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("tls-creds-x509 not supported in this QEMU binary")); return -1; } - virQEMUBuildBufferEscapeComma(&buf, tlspath); - if (virBufferCheckError(&buf) < 0) - goto cleanup; - path = virBufferContentAndReset(&buf); - if (virJSONValueObjectCreate(propsret, - "s:dir", path, + "s:dir", tlspath, "s:endpoint", (isListen ? "server": "client"), "b:verify-peer", (isListen ? verifypeer : true), "S:passwordid", secalias, NULL) < 0) - goto cleanup; - - ret = 0; + return -1; - cleanup: - virBufferFreeAndReset(&buf); - VIR_FREE(path); - return ret; + return 0; } diff --git a/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args b/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args index a2b4d2bcbd..91d3a8a70a 100644 --- a/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args +++ b/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args @@ -24,7 +24,7 @@ server,nowait \ -boot c \ -usb \ -object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/libvirt-vxhs/dummy,\ -,,,path,endpoint=client,verify-peer=yes \ +,path,endpoint=client,verify-peer=yes \ -drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\ file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\ file.server.host=192.168.0.1,file.server.port=9999,format=raw,if=none,\ @@ -32,7 +32,7 @@ id=drive-virtio-disk0,serial=eb90327c-8302-4725-9e1b-4e85ed4dc251,cache=none \ -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\ id=virtio-disk0 \ -object tls-creds-x509,id=objvirtio-disk1_tls0,dir=/etc/pki/libvirt-vxhs/dummy,\ -,,,path,endpoint=client,verify-peer=yes \ +,path,endpoint=client,verify-peer=yes \ -drive file.driver=vxhs,file.tls-creds=objvirtio-disk1_tls0,\ file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc252,\ file.server.host=192.168.0.2,file.server.port=9999,format=raw,if=none,\ -- 2.16.2
The thin wrapper is not necessary. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_command.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 19c7149b5b..f3724a766b 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -175,19 +175,6 @@ VIR_ENUM_IMPL(qemuNumaPolicy, VIR_DOMAIN_NUMATUNE_MEM_LAST, "interleave"); -/** - * qemuBuildHasMasterKey: - * @qemuCaps: QEMU binary capabilities - * - * Return true if this binary supports the secret -object, false otherwise. - */ -static bool -qemuBuildHasMasterKey(virQEMUCapsPtr qemuCaps) -{ - return virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_SECRET); -} - - /** * qemuBuildMasterKeyCommandLine: * @cmd: the command to modify @@ -211,7 +198,7 @@ qemuBuildMasterKeyCommandLine(virCommandPtr cmd, * means the domain won't be able to use a secret master key and is * not a failure. */ - if (!qemuBuildHasMasterKey(priv->qemuCaps)) { + if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET)) { VIR_INFO("secret object is not supported by this QEMU binary"); return 0; } -- 2.16.2
On Thu, May 17, 2018 at 05:17:31PM +0200, Peter Krempa wrote:
Clean up some code and fix wrong escaping of TLS certificate path.
Peter Krempa (4): qemu: command: Optimize formatting of 'passwordid' in qemuBuildTLSx509BackendProps tests: qemuxml2argv: Test TLS certificate path containing a comma qemu: command: Fix formatting of TLS backend properties qemu: command: Remove qemuBuildHasMasterKey
src/qemu/qemu_command.c | 40 +++------------------- .../disk-drive-network-tlsx509-vxhs.args | 8 ++--- tests/qemuxml2argvtest.c | 2 +- 3 files changed, 10 insertions(+), 40 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
participants (2)
-
Ján Tomko -
Peter Krempa