[PATCH 4/6] conf: Add new tlsx509 attribute for tcp chardev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Add the domain rng, parse, and format of a new XML element "tlsx509":

     <tlsx509 path='/tmp/x509/certdir'/>

The attribute for the element will contain a path to an X.509 certificate
credential directory to be passed along to the hypervisor to process.

Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
 docs/formatdomain.html.in                          | 26 +++++++++++
 docs/schemas/domaincommon.rng                      | 12 +++++
 src/conf/domain_conf.c                             | 15 +++++++
 src/conf/domain_conf.h                             |  1 +
 .../qemuxml2argv-serial-tcp-tlsx509-chardev.xml    | 42 ++++++++++++++++++
 .../qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml  | 51 ++++++++++++++++++++++
 tests/qemuxml2xmltest.c                            |  1 +
 7 files changed, 148 insertions(+)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
 create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index bca9847..07d5773 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -5975,6 +5975,32 @@ qemu-kvm -net nic,model=? /dev/null
   &lt;/devices&gt;
   ...</pre>
 
+    <p>
+      <span class="since">Since 1.3.6,</span> some hypervisors support
+      receiving a path to a directory containing an X.509 certificate
+      credentials. Configuration is handled via the
+      <code>tlsx509</code> element with the <code>path</code> attribute
+      defining the absolute directory path to the credentials.
+    </p>
+<pre>
+  ...
+  &lt;devices&gt;
+    &lt;serial type="tcp"&gt;
+      &lt;source mode="connect" host="0.0.0.0" service="2445"/&gt;
+      &lt;protocol type="raw"/&gt;
+      &lt;tlsx509 path='/path/to/x509/certdir'/&gt;
+      &lt;target port="1"/&gt;
+    &lt;/serial&gt;
+    ...
+    &lt;serial type="tcp"&gt;
+      &lt;source mode="bind" host="127.0.0.1" service="2445"/&gt;
+      &lt;protocol type="raw"/&gt;
+      &lt;target port="1"/&gt;
+      &lt;tlsx509 path="/path/to/x509/certdir"/&gt;
+    &lt;/serial&gt;
+  &lt;/devices&gt;
+  ...</pre>
+
     <h6><a name="elementsCharUDP">UDP network console</a></h6>
 
     <p>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 02078d7..1b6af6c 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3207,6 +3207,9 @@
         <ref name="qemucdevTgtDef"/>
       </optional>
       <optional>
+        <ref name="qemucdevTlsx509Def"/>
+      </optional>
+      <optional>
         <ref name="alias"/>
       </optional>
       <optional>
@@ -3258,6 +3261,14 @@
     </element>
   </define>
 
+  <define  name="qemucdevTlsx509Def">
+    <element name="tlsx509">
+      <attribute name="path">
+        <ref name="absFilePath"/>
+      </attribute>
+    </element>
+  </define>
+
   <define name="qemucdevSrcTypeChoice">
     <choice>
       <value>dev</value>
@@ -3373,6 +3384,7 @@
       </element>
     </optional>
     <optional>
+
       <element name="log">
         <attribute name="file">
           <ref name="absFilePath"/>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 10e61da..721866e 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1837,6 +1837,7 @@ virDomainChrSourceDefClear(virDomainChrSourceDefPtr def)
     case VIR_DOMAIN_CHR_TYPE_TCP:
         VIR_FREE(def->data.tcp.host);
         VIR_FREE(def->data.tcp.service);
+        VIR_FREE(def->data.tcp.tlspath);
         break;
 
     case VIR_DOMAIN_CHR_TYPE_UNIX:
@@ -1893,6 +1894,9 @@ virDomainChrSourceDefCopy(virDomainChrSourceDefPtr dest,
 
         if (VIR_STRDUP(dest->data.tcp.service, src->data.tcp.service) < 0)
             return -1;
+
+        if (VIR_STRDUP(dest->data.tcp.tlspath, src->data.tcp.tlspath) < 0)
+            return -1;
         break;
 
     case VIR_DOMAIN_CHR_TYPE_UNIX:
@@ -1961,6 +1965,7 @@ virDomainChrSourceDefIsEqual(const virDomainChrSourceDef *src,
     case VIR_DOMAIN_CHR_TYPE_TCP:
         return src->data.tcp.listen == tgt->data.tcp.listen &&
             src->data.tcp.protocol == tgt->data.tcp.protocol &&
+            STREQ_NULLABLE(src->data.tcp.tlspath, tgt->data.tcp.tlspath) &&
             STREQ_NULLABLE(src->data.tcp.host, tgt->data.tcp.host) &&
             STREQ_NULLABLE(src->data.tcp.service, tgt->data.tcp.service);
         break;
@@ -9849,6 +9854,7 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
     char *master = NULL;
     char *slave = NULL;
     char *append = NULL;
+    char *tlsx509 = NULL;
     int remaining = 0;
 
     while (cur != NULL) {
@@ -9938,6 +9944,9 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
             } else if (xmlStrEqual(cur->name, BAD_CAST "protocol")) {
                 if (!protocol)
                     protocol = virXMLPropString(cur, "type");
+            } else if (xmlStrEqual(cur->name, BAD_CAST "tlsx509")) {
+                if (!tlsx509)
+                    tlsx509 = virXMLPropString(cur, "path");
             } else {
                 remaining++;
             }
@@ -10041,6 +10050,8 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
             goto error;
         }
 
+        if (tlsx509)
+            def->data.tcp.tlspath = virFileSanitizePath(tlsx509);
         break;
 
     case VIR_DOMAIN_CHR_TYPE_UDP:
@@ -10115,6 +10126,7 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
     VIR_FREE(append);
     VIR_FREE(logappend);
     VIR_FREE(logfile);
+    VIR_FREE(tlsx509);
 
     return remaining;
 
@@ -20965,6 +20977,9 @@ virDomainChrSourceDefFormat(virBufferPtr buf,
         virBufferAsprintf(buf, "<protocol type='%s'/>\n",
                           virDomainChrTcpProtocolTypeToString(
                               def->data.tcp.protocol));
+        if (def->data.tcp.tlspath)
+            virBufferEscapeString(buf, "<tlsx509 path='%s'/>\n",
+                                  def->data.tcp.tlspath);
         break;
 
     case VIR_DOMAIN_CHR_TYPE_UNIX:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 3792562..a1cced5 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1085,6 +1085,7 @@ struct _virDomainChrSourceDef {
         struct {
             char *host;
             char *service;
+            char *tlspath;
             bool listen;
             int protocol;
         } tcp;
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
new file mode 100644
index 0000000..edd78f1
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
@@ -0,0 +1,42 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219136</memory>
+  <currentMemory unit='KiB'>219136</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <disk type='block' device='disk'>
+      <source dev='/dev/HostVG/QEMUGuest1'/>
+      <target dev='hda' bus='ide'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0'/>
+    <controller type='ide' index='0'/>
+    <serial type='udp'>
+      <source mode='bind' host='127.0.0.1' service='1111'/>
+      <source mode='connect' host='127.0.0.1' service='2222'/>
+      <target port='0'/>
+    </serial>
+    <serial type='tcp'>
+      <source mode='connect' host='127.0.0.1' service='5555'/>
+      <protocol type='raw'/>
+      <target port='0'/>
+      <tlsx509 path='/tmp/x509/certdir'/>
+    </serial>
+    <console type='udp'>
+      <source mode='bind' host='127.0.0.1' service='1111'/>
+      <source mode='connect' host='127.0.0.1' service='2222'/>
+      <target type='serial' port='0'/>
+    </console>
+    <memballoon model='virtio'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
new file mode 100644
index 0000000..e9e6e70
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
@@ -0,0 +1,51 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219136</memory>
+  <currentMemory unit='KiB'>219136</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <disk type='block' device='disk'>
+      <source dev='/dev/HostVG/QEMUGuest1'/>
+      <target dev='hda' bus='ide'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+    </controller>
+    <controller type='ide' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <serial type='udp'>
+      <source mode='bind' host='127.0.0.1' service='1111'/>
+      <source mode='connect' host='127.0.0.1' service='2222'/>
+      <target port='0'/>
+    </serial>
+    <serial type='tcp'>
+      <source mode='connect' host='127.0.0.1' service='5555'/>
+      <protocol type='raw'/>
+      <tlsx509 path='/tmp/x509/certdir'/>
+      <target port='0'/>
+    </serial>
+    <console type='udp'>
+      <source mode='bind' host='127.0.0.1' service='1111'/>
+      <source mode='connect' host='127.0.0.1' service='2222'/>
+      <target type='serial' port='0'/>
+    </console>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index ba55919..692f2c2 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -483,6 +483,7 @@ mymain(void)
     DO_TEST("serial-tcp");
     DO_TEST("serial-udp");
     DO_TEST("serial-tcp-telnet");
+    DO_TEST("serial-tcp-tlsx509-chardev");
     DO_TEST("serial-many");
     DO_TEST("serial-spiceport");
     DO_TEST("serial-spiceport-nospice");
-- 
2.5.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]