From nobody Wed May 14 07:20:06 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527684203070317.49170145215646; Wed, 30 May 2018 05:43:23 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7027730C5B7F; Wed, 30 May 2018 12:43:21 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F39F11BBC1; Wed, 30 May 2018 12:43:20 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8DB0F1801218; Wed, 30 May 2018 12:43:20 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4UCg6Xn027655 for ; Wed, 30 May 2018 08:42:06 -0400 Received: by smtp.corp.redhat.com (Postfix) id 60C1C217B40A; Wed, 30 May 2018 12:42:06 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 05333217B409 for ; Wed, 30 May 2018 12:42:05 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 30 May 2018 14:41:26 +0200 Message-Id: <365ff5190de894d7c6122ff8cb68dc11321203cb.1527683836.git.pkrempa@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 30/38] qemu: command: Pass in alias for TLS object to qemuBuildTLSx509CommandLine X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Wed, 30 May 2018 12:43:22 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Callers need to know the alias anyways so it does not make much sense to generate it inside of this function. Note that there's a lingering bad design of this, since the secret object alias is based on the device name and not on the fact that the secret is used for decrypting of the TLS private key. If we ever add authentication for chardevs this will bite us. Thankfully disk code does not support encrypted private keys for TLS so it can be happily refactored there. Signed-off-by: Peter Krempa Reviewed-by: J=EF=BF=BDn Tomko --- src/qemu/qemu_command.c | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index c63963adfa..2ed58befd9 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -725,7 +725,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath, * @verifypeer: boolean to enable peer verification (form of authorization) * @certEncSecretAlias: alias of a 'secret' object for decrypting TLS priv= ate key * (optional) - * @inalias: Alias for the parent to generate object alias + * @alias: TLS object alias * @qemuCaps: capabilities * * Create the command line for a TLS object @@ -738,11 +738,10 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, bool isListen, bool verifypeer, const char *certEncSecretAlias, - const char *inalias, + const char *alias, virQEMUCapsPtr qemuCaps) { int ret =3D -1; - char *objalias =3D NULL; virJSONValuePtr props =3D NULL; char *tmp =3D NULL; @@ -751,11 +750,8 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, qemuCaps, &props) < 0) goto cleanup; - if (!(objalias =3D qemuAliasTLSObjFromSrcAlias(inalias))) - goto cleanup; - if (!(tmp =3D virQEMUBuildObjectCommandlineFromJSON("tls-creds-x509", - objalias, props))) + alias, props))) goto cleanup; virCommandAddArgList(cmd, "-object", tmp, NULL); @@ -764,7 +760,6 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, cleanup: virJSONValueFree(props); - VIR_FREE(objalias); VIR_FREE(tmp); return ret; } @@ -779,7 +774,6 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, static int qemuBuildDiskSrcTLSx509CommandLine(virCommandPtr cmd, virStorageSourcePtr src, - const char *srcalias, virQEMUCapsPtr qemuCaps) { @@ -789,7 +783,7 @@ qemuBuildDiskSrcTLSx509CommandLine(virCommandPtr cmd, src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) { return qemuBuildTLSx509CommandLine(cmd, src->tlsCertdir, false, src->tlsVerify, - NULL, srcalias, qemuCaps); + NULL, src->tlsAlias, qemuCaps); } return 0; @@ -2291,8 +2285,7 @@ qemuBuildDiskDriveCommandLine(virCommandPtr cmd, if (qemuBuildDiskSecinfoCommandLine(cmd, encinfo) < 0) return -1; - if (qemuBuildDiskSrcTLSx509CommandLine(cmd, disk->src, disk->info.= alias, - qemuCaps) < 0) + if (qemuBuildDiskSrcTLSx509CommandLine(cmd, disk->src, qemuCaps) <= 0) return -1; virCommandAddArg(cmd, "-drive"); @@ -4996,15 +4989,18 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager, tlsCertEncSecAlias =3D chrSourcePriv->secinfo->s.aes.alias; } + if (!(objalias =3D qemuAliasTLSObjFromSrcAlias(charAlias))) + goto cleanup; + if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdi= r, dev->data.tcp.listen, cfg->chardevTLSx509verify, tlsCertEncSecAlias, - charAlias, qemuCaps) < 0) + objalias, qemuCaps) < 0) { + VIR_FREE(objalias); goto cleanup; + } - if (!(objalias =3D qemuAliasTLSObjFromSrcAlias(charAlias))) - goto cleanup; virBufferAsprintf(&buf, ",tls-creds=3D%s", objalias); VIR_FREE(objalias); } --=20 2.16.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list