On 1/16/19 2:41 AM, Ján Tomko wrote: > Use the password stored in the secret driver under > the uuid specified by the vnc_tls_x509_secret_uuid > option in qemu.conf. > > https://bugzilla.redhat.com/show_bug.cgi?id=1602418 > > Signed-off-by: Ján Tomko <jtomko@xxxxxxxxxx> > --- > src/qemu/qemu_command.c | 11 +++++- > src/qemu/qemu_domain.c | 9 +++++ > src/qemu/qemu_domain.h | 1 + > ...graphics-vnc-tls-secret.x86_64-latest.args | 36 +++++++++++++++++++ > .../graphics-vnc-tls-secret.xml | 30 ++++++++++++++++ > tests/qemuxml2argvtest.c | 5 +++ > 6 files changed, 91 insertions(+), 1 deletion(-) > create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args > create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls-secret.xml > > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c > index d130d0463c..e17d7ddec7 100644 > --- a/src/qemu/qemu_command.c > +++ b/src/qemu/qemu_command.c > @@ -8037,11 +8037,20 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg, > if (cfg->vncTLS) { > qemuDomainGraphicsPrivatePtr gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics); > if (gfxPriv->tlsAlias) { > + const char *secretAlias = NULL; > + > + if (gfxPriv && gfxPriv->secinfo) { "gfxPriv" check is unnecessary, we would have already died dereffing tlsAlias. > + if (qemuBuildObjectSecretCommandLine(cmd, > + gfxPriv->secinfo) < 0) > + goto error; > + secretAlias = gfxPriv->secinfo->s.aes.alias; > + } > + > if (qemuBuildTLSx509CommandLine(cmd, > cfg->vncTLSx509certdir, > true, > cfg->vncTLSx509verify, > - NULL, > + secretAlias, > gfxPriv->tlsAlias, > qemuCaps) < 0) > goto error; > diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c > index 6960f0569b..da9c4e566d 100644 > --- a/src/qemu/qemu_domain.c > +++ b/src/qemu/qemu_domain.c > @@ -1269,6 +1269,7 @@ qemuDomainGraphicsPrivateDispose(void *obj) > qemuDomainGraphicsPrivatePtr priv = obj; > > VIR_FREE(priv->tlsAlias); > + qemuDomainSecretInfoFree(&priv->secinfo);> } > > > @@ -1750,6 +1751,7 @@ qemuDomainSecretGraphicsDestroy(virDomainGraphicsDefPtr graphics) > return; > > VIR_FREE(gfxPriv->tlsAlias); > + qemuDomainSecretInfoFree(&gfxPriv->secinfo); If you use virObjectUnref as noted in patch4, then the change in the hunk above gives you this for free. > } > > > @@ -1773,6 +1775,13 @@ qemuDomainSecretGraphicsPrepare(virQEMUDriverConfigPtr cfg, > if (VIR_STRDUP(gfxPriv->tlsAlias, "vnc-tls-creds0") < 0) > return -1; > > + if (cfg->vncTLSx509secretUUID) { > + gfxPriv->secinfo = qemuDomainSecretInfoTLSNew(priv, gfxPriv->tlsAlias, > + cfg->vncTLSx509secretUUID); > + if (!gfxPriv->secinfo) > + return -1; > + } > + > return 0; > } > Reviewed-by: John Ferlan <jferlan@xxxxxxxxxx> John [...] -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
