[PATCH 05/38] qemu: domain: Add new function to set up encrypted secrets only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Some code paths can't use the unencrypted secret. Add a helper which
checks and sets up an encrypted secret only and reuse it when setting up
the secret to decrypt the TLS private key in qemuDomainSecretInfoTLSNew.

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 src/qemu/qemu_domain.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 46 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index cda3d00f75..67bf2f6718 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1399,6 +1399,49 @@ qemuDomainSecretInfoNewPlain(qemuDomainObjPrivatePtr priv,
 }


+/* qemuDomainSecretInfoNew:
+ * @priv: pointer to domain private object
+ * @srcAlias: Alias base to use for TLS object
+ * @usageType: Secret usage type
+ * @username: username for plain secrets (only)
+ * @looupdef: lookup def describing secret
+ * @isLuks: boolean for luks lookup
+ *
+ * Helper function to create a secinfo to be used for secinfo consumers. This
+ * possibly sets a encrypted secret object.
+ *
+ * Returns @secinfo on success, NULL on failure. Caller is responsible
+ * to eventually free @secinfo.
+ */
+static qemuDomainSecretInfoPtr
+qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv,
+                        const char *srcAlias,
+                        virSecretUsageType usageType,
+                        const char *username,
+                        virSecretLookupTypeDefPtr lookupDef,
+                        bool isLuks)
+{
+    qemuDomainSecretInfoPtr secinfo = NULL;
+
+    if (!qemuDomainSupportsEncryptedSecret(priv)) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("encrypted secrets are not supported"));
+        return NULL;
+    }
+
+    if (VIR_ALLOC(secinfo) < 0)
+        return NULL;
+
+    if (qemuDomainSecretAESSetup(priv, secinfo, srcAlias, usageType, username,
+                                 lookupDef, isLuks) < 0) {
+        qemuDomainSecretInfoFree(&secinfo);
+        return NULL;
+    }
+
+    return secinfo;
+}
+
+
 /**
  * qemuDomainSecretInfoTLSNew:
  * @priv: pointer to domain private object
@@ -1425,9 +1468,9 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivatePtr priv,
     }
     seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;

-    return qemuDomainSecretInfoNewPlain(priv, srcAlias,
-                                        VIR_SECRET_USAGE_TYPE_TLS, NULL,
-                                        &seclookupdef, false);
+    return qemuDomainSecretInfoNew(priv, srcAlias,
+                                   VIR_SECRET_USAGE_TYPE_TLS, NULL,
+                                   &seclookupdef, false);
 }


-- 
2.16.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux