[PATCH v2 6/6] qemu: Add the ability to hotplug the TLS X.509 environment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If the incoming XML defined a path to a TLS X.509 certificate environment,
add the necessary 'tls-creds-x509' object to the VIR_DOMAIN_CHR_TYPE_TCP
character device.

Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
 src/conf/domain_conf.h       |  1 +
 src/qemu/qemu_command.c      |  2 +-
 src/qemu/qemu_command.h      |  6 ++++++
 src/qemu/qemu_hotplug.c      | 29 ++++++++++++++++++++++++++++-
 src/qemu/qemu_monitor_json.c |  9 +++++++++
 5 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 15f9c80..0e07504 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1097,6 +1097,7 @@ struct _virDomainChrSourceDef {
             char *service;
             bool listen;
             int protocol;
+            bool tlscreds;
         } tcp;
         struct {
             char *bindHost;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 815785c..effeee1 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -711,7 +711,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
  *
  * Returns 0 on success, -1 on failure with error set.
  */
-static int
+int
 qemuBuildTLSx509BackendProps(const char *tlspath,
                              bool listen,
                              virQEMUCapsPtr qemuCaps,
diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
index 9ff4edb..0102c8f 100644
--- a/src/qemu/qemu_command.h
+++ b/src/qemu/qemu_command.h
@@ -61,6 +61,12 @@ virCommandPtr qemuBuildCommandLine(virQEMUDriverPtr driver,
                                    const char *domainLibDir)
     ATTRIBUTE_NONNULL(15);
 
+/* Generate the object properties for a tls-creds-x509 */
+int qemuBuildTLSx509BackendProps(const char *tlspath,
+                                 bool listen,
+                                 virQEMUCapsPtr qemuCaps,
+                                 virJSONValuePtr *propsret);
+
 /* Generate '-device' string for chardev device */
 int
 qemuBuildChrDeviceStr(char **deviceStr,
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 7d05073..7dea78f 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1496,10 +1496,14 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
                               virDomainChrDefPtr chr)
 {
     int ret = -1, rc;
+    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
     qemuDomainObjPrivatePtr priv = vm->privateData;
     virDomainDefPtr vmdef = vm->def;
     char *devstr = NULL;
+    virDomainChrSourceDefPtr dev = &chr->source;
     char *charAlias = NULL;
+    virJSONValuePtr props = NULL;
+    char *objAlias = NULL;
     bool need_release = false;
 
     if (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
@@ -1523,8 +1527,25 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
     if (qemuDomainChrPreInsert(vmdef, chr) < 0)
         goto cleanup;
 
+    if (cfg->charTCPTLS) {
+        if (qemuBuildTLSx509BackendProps(cfg->charTCPTLSx509certdir,
+                                         dev->data.tcp.listen,
+                                         priv->qemuCaps,
+                                         &props) < 0)
+            goto cleanup;
+
+        if (virAsprintf(&objAlias, "obj%s_tls0", chr->info.alias) < 0)
+            goto cleanup;
+        dev->data.tcp.tlscreds = true;
+    }
+
     qemuDomainObjEnterMonitor(driver, vm);
-    if (qemuMonitorAttachCharDev(priv->mon, charAlias, &chr->source) < 0)
+
+    if (objAlias && qemuMonitorAddObject(priv->mon, "tls-creds-x509",
+                                         objAlias, props) < 0)
+        goto failobject;
+
+    if (qemuMonitorAttachCharDev(priv->mon, charAlias, dev) < 0)
         goto failchardev;
 
     if (qemuMonitorAddDevice(priv->mon, devstr) < 0)
@@ -1542,14 +1563,20 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
         qemuDomainChrInsertPreAllocCleanup(vm->def, chr);
     if (ret < 0 && need_release)
         qemuDomainReleaseDeviceAddress(vm, &chr->info, NULL);
+    VIR_FREE(objAlias);
+    virJSONValueFree(props);
     VIR_FREE(charAlias);
     VIR_FREE(devstr);
+    virObjectUnref(cfg);
     return ret;
 
  failadddev:
     /* detach associated chardev on error */
     qemuMonitorDetachCharDev(priv->mon, charAlias);
  failchardev:
+    /* Remove the object */
+    ignore_value(qemuMonitorDelObject(priv->mon, objAlias));
+ failobject:
     ignore_value(qemuDomainObjExitMonitor(driver, vm));
     goto audit;
 }
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 380ddab..703622a 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -6137,6 +6137,7 @@ qemuMonitorJSONAttachCharDevCommand(const char *chrID,
     virJSONValuePtr data = NULL;
     virJSONValuePtr addr = NULL;
     const char *backend_type = NULL;
+    char *tlsalias = NULL;
     bool telnet;
 
     if (!(backend = virJSONValueNewObject()) ||
@@ -6182,6 +6183,13 @@ qemuMonitorJSONAttachCharDevCommand(const char *chrID,
             virJSONValueObjectAppendBoolean(data, "telnet", telnet) < 0 ||
             virJSONValueObjectAppendBoolean(data, "server", chr->data.tcp.listen) < 0)
             goto error;
+        if (chr->data.tcp.tlscreds) {
+            if (virAsprintf(&tlsalias, "obj%s_tls0", chrID) < 0)
+                goto error;
+
+            if (virJSONValueObjectAppendString(data, "tls-creds", tlsalias) < 0)
+                goto error;
+        }
         break;
 
     case VIR_DOMAIN_CHR_TYPE_UDP:
@@ -6247,6 +6255,7 @@ qemuMonitorJSONAttachCharDevCommand(const char *chrID,
     return ret;
 
  error:
+    VIR_FREE(tlsalias);
     virJSONValueFree(addr);
     virJSONValueFree(data);
     virJSONValueFree(backend);
-- 
2.5.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]