Instead of hardcoding the TLS creds alias in
qemuBuildGraphicsVNCCommandLine, store it
in the domain private data.
Given that we only support one VNC graphics
and thus have only one alias per-domain,
this is overengineered, but it will allow us
to prepare the secret upfront when we start
supporting encrypted server TLS keys.
Note that the alias is not formatted anywhere
since we won't need to access it after domain
startup.
Signed-off-by: Ján Tomko <jtomko@xxxxxxxxxx>
---
src/qemu/qemu_command.c | 8 ++++----
src/qemu/qemu_domain.c | 44 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 48 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 822d5f8669..d130d0463c 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8035,18 +8035,18 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
virBufferAddLit(&opt, ",password");
if (cfg->vncTLS) {
- if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
- const char *alias = "vnc-tls-creds0";
+ qemuDomainGraphicsPrivatePtr gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics);
+ if (gfxPriv->tlsAlias) {
if (qemuBuildTLSx509CommandLine(cmd,
cfg->vncTLSx509certdir,
true,
cfg->vncTLSx509verify,
NULL,
- alias,
+ gfxPriv->tlsAlias,
qemuCaps) < 0)
goto error;
- virBufferAsprintf(&opt, ",tls-creds=%s", alias);
+ virBufferAsprintf(&opt, ",tls-creds=%s", gfxPriv->tlsAlias);
} else {
virBufferAddLit(&opt, ",tls");
if (cfg->vncTLSx509verify) {
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 4b11cba1bd..b35c217d65 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1726,6 +1726,42 @@ qemuDomainSecretChardevPrepare(virQEMUDriverConfigPtr cfg,
}
+static void
+qemuDomainSecretGraphicsDestroy(virDomainGraphicsDefPtr graphics)
+{
+ qemuDomainGraphicsPrivatePtr gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics);
+
+ if (!gfxPriv)
+ return;
+
+ VIR_FREE(gfxPriv->tlsAlias);
+}
+
+
+static int
+qemuDomainSecretGraphicsPrepare(virQEMUDriverConfigPtr cfg,
+ qemuDomainObjPrivatePtr priv,
+ virDomainGraphicsDefPtr graphics)
+{
+ virQEMUCapsPtr qemuCaps = priv->qemuCaps;
+ qemuDomainGraphicsPrivatePtr gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics);
+
+ if (graphics->type != VIR_DOMAIN_GRAPHICS_TYPE_VNC)
+ return 0;
+
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509))
+ return 0;
+
+ if (!cfg->vncTLS)
+ return 0;
+
+ if (VIR_STRDUP(gfxPriv->tlsAlias, "vnc-tls-creds0") < 0)
+ return -1;
+
+ return 0;
+}
+
+
/* qemuDomainSecretDestroy:
* @vm: Domain object
*
@@ -1767,6 +1803,9 @@ qemuDomainSecretDestroy(virDomainObjPtr vm)
for (i = 0; i < vm->def->nredirdevs; i++)
qemuDomainSecretChardevDestroy(vm->def->redirdevs[i]->source);
+
+ for (i = 0; i < vm->def->ngraphics; i++)
+ qemuDomainSecretGraphicsDestroy(vm->def->graphics[i]);
}
@@ -1850,6 +1889,11 @@ qemuDomainSecretPrepare(virQEMUDriverPtr driver,
goto cleanup;
}
+ for (i = 0; i < vm->def->ngraphics; i++) {
+ if (qemuDomainSecretGraphicsPrepare(cfg, priv, vm->def->graphics[i]) < 0)
+ goto cleanup;
+ }
+
ret = 0;
cleanup:
--
2.20.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
