[PATCH v4 14/14] qemu: Add the ability to hotplug a secret object for TCP chardev TLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1300776

Complete the implementation of support for TLS encryption on
chardev TCP transports by adding the hotplug ability of a secret
to generate the passwordid for the TLS object

Likewise, add the ability to hot unplug that secret object as well

Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
 src/qemu/qemu_driver.c  |  2 +-
 src/qemu/qemu_hotplug.c | 43 +++++++++++++++++++++++++++++++++++++++++--
 src/qemu/qemu_hotplug.h |  3 ++-
 tests/qemuhotplugtest.c |  2 +-
 4 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ee717f0..aba5a69 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7516,7 +7516,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
         break;
 
     case VIR_DOMAIN_DEVICE_CHR:
-        ret = qemuDomainAttachChrDevice(driver, vm,
+        ret = qemuDomainAttachChrDevice(dom->conn, driver, vm,
                                         dev->data.chr);
         if (!ret) {
             alias = dev->data.chr->info.alias;
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 1a07a32..42b5778 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1513,7 +1513,8 @@ qemuDomainAttachChrDeviceAssignAddr(qemuDomainObjPrivatePtr priv,
     return 0;
 }
 
-int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
+int qemuDomainAttachChrDevice(virConnectPtr conn,
+                              virQEMUDriverPtr driver,
                               virDomainObjPtr vm,
                               virDomainChrDefPtr chr)
 {
@@ -1526,6 +1527,8 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
     char *charAlias = NULL;
     virJSONValuePtr props = NULL;
     char *objAlias = NULL;
+    virJSONValuePtr secprops = NULL;
+    char *secAlias = NULL;
     bool need_release = false;
 
     if (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
@@ -1549,11 +1552,28 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
     if (qemuDomainChrPreInsert(vmdef, chr) < 0)
         goto cleanup;
 
+    if (qemuDomainSecretChardevPrepare(conn, priv, chr) < 0)
+        goto cleanup;
+
     if (cfg->chardevTLS) {
+        /* Add a secret object in order to access the TLS environment
+         * if provided of course */
+        if (dev->data.tcp.sectype == VIR_SECRET_USAGE_TYPE_PASSPHRASE) {
+            qemuDomainChardevPrivatePtr chardevPriv =
+                QEMU_DOMAIN_CHARDEV_PRIVATE(chr);
+            qemuDomainSecretInfoPtr secinfo = chardevPriv->secinfo;
+
+            if (qemuBuildSecretInfoProps(secinfo, &secprops) < 0)
+                goto cleanup;
+
+            if (!(secAlias = qemuDomainGetSecretAESAlias(charAlias)))
+                goto cleanup;
+        }
+
         if (qemuBuildTLSx509BackendProps(cfg->chardevTLSx509certdir,
                                          dev->data.tcp.listen,
                                          cfg->chardevTLSx509verify,
-                                         NULL,
+                                         secAlias,
                                          priv->qemuCaps,
                                          &props) < 0)
             goto cleanup;
@@ -1565,6 +1585,10 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
 
     qemuDomainObjEnterMonitor(driver, vm);
 
+    if (secAlias && qemuMonitorAddObject(priv->mon, "secret",
+                                         secAlias, secprops) < 0)
+        goto failsecobject;
+
     if (objAlias && qemuMonitorAddObject(priv->mon, "tls-creds-x509",
                                          objAlias, props) < 0)
         goto failobject;
@@ -1589,6 +1613,8 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
         qemuDomainReleaseDeviceAddress(vm, &chr->info, NULL);
     VIR_FREE(objAlias);
     virJSONValueFree(props);
+    VIR_FREE(secAlias);
+    virJSONValueFree(secprops);
     VIR_FREE(charAlias);
     VIR_FREE(devstr);
     virObjectUnref(cfg);
@@ -1601,6 +1627,9 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
     /* Remove the object */
     ignore_value(qemuMonitorDelObject(priv->mon, objAlias));
  failobject:
+    /* Remove the secobject */
+    ignore_value(qemuMonitorDelObject(priv->mon, secAlias));
+ failsecobject:
     ignore_value(qemuDomainObjExitMonitor(driver, vm));
     goto audit;
 }
@@ -4115,6 +4144,7 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
     qemuDomainObjPrivatePtr priv = vm->privateData;
     virDomainDefPtr vmdef = vm->def;
     virDomainChrDefPtr tmpChr;
+    virDomainChrSourceDefPtr dev = &chr->source;
     char *objAlias = NULL;
     char *devstr = NULL;
 
@@ -4139,6 +4169,15 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
     qemuDomainMarkDeviceForRemoval(vm, &tmpChr->info);
 
     qemuDomainObjEnterMonitor(driver, vm);
+    if (dev->data.tcp.sectype == VIR_SECRET_USAGE_TYPE_PASSPHRASE) {
+        qemuDomainChardevPrivatePtr chardevPriv =
+            QEMU_DOMAIN_CHARDEV_PRIVATE(chr);
+        qemuDomainSecretInfoPtr secinfo = chardevPriv->secinfo;
+
+        if (qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias) < 0)
+            goto faildel;
+    }
+
     if (objAlias && qemuMonitorDelObject(priv->mon, objAlias) < 0)
         goto faildel;
 
diff --git a/src/qemu/qemu_hotplug.h b/src/qemu/qemu_hotplug.h
index 165d345..a299ea1 100644
--- a/src/qemu/qemu_hotplug.h
+++ b/src/qemu/qemu_hotplug.h
@@ -92,7 +92,8 @@ int qemuDomainAttachLease(virQEMUDriverPtr driver,
 int qemuDomainDetachLease(virQEMUDriverPtr driver,
                           virDomainObjPtr vm,
                           virDomainLeaseDefPtr lease);
-int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
+int qemuDomainAttachChrDevice(virConnectPtr conn,
+                              virQEMUDriverPtr driver,
                               virDomainObjPtr vm,
                               virDomainChrDefPtr chr);
 int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
diff --git a/tests/qemuhotplugtest.c b/tests/qemuhotplugtest.c
index 91bf331..c4412b6 100644
--- a/tests/qemuhotplugtest.c
+++ b/tests/qemuhotplugtest.c
@@ -116,7 +116,7 @@ testQemuHotplugAttach(virDomainObjPtr vm,
         ret = qemuDomainAttachDeviceDiskLive(NULL, &driver, vm, dev);
         break;
     case VIR_DOMAIN_DEVICE_CHR:
-        ret = qemuDomainAttachChrDevice(&driver, vm, dev->data.chr);
+        ret = qemuDomainAttachChrDevice(NULL, &driver, vm, dev->data.chr);
         break;
     default:
         VIR_TEST_VERBOSE("device type '%s' cannot be attached\n",
-- 
2.5.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]