mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-22 22:13:18 +00:00
qemu: prepare secret for the graphics upfront
Instead of hardcoding the TLS creds alias in qemuBuildGraphicsVNCCommandLine, store it in the domain private data. Given that we only support one VNC graphics and thus have only one alias per-domain, this is overengineered, but it will allow us to prepare the secret upfront when we start supporting encrypted server TLS keys. Note that the alias is not formatted anywhere since we won't need to access it after domain startup. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
This commit is contained in:
parent
ea3c3f8846
commit
2c7791a869
@ -8036,18 +8036,18 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
|
||||
virBufferAddLit(&opt, ",password");
|
||||
|
||||
if (cfg->vncTLS) {
|
||||
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
|
||||
const char *alias = "vnc-tls-creds0";
|
||||
qemuDomainGraphicsPrivatePtr gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics);
|
||||
if (gfxPriv->tlsAlias) {
|
||||
if (qemuBuildTLSx509CommandLine(cmd,
|
||||
cfg->vncTLSx509certdir,
|
||||
true,
|
||||
cfg->vncTLSx509verify,
|
||||
NULL,
|
||||
alias,
|
||||
gfxPriv->tlsAlias,
|
||||
qemuCaps) < 0)
|
||||
goto error;
|
||||
|
||||
virBufferAsprintf(&opt, ",tls-creds=%s", alias);
|
||||
virBufferAsprintf(&opt, ",tls-creds=%s", gfxPriv->tlsAlias);
|
||||
} else {
|
||||
virBufferAddLit(&opt, ",tls");
|
||||
if (cfg->vncTLSx509verify) {
|
||||
|
@ -1726,6 +1726,42 @@ qemuDomainSecretChardevPrepare(virQEMUDriverConfigPtr cfg,
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
qemuDomainSecretGraphicsDestroy(virDomainGraphicsDefPtr graphics)
|
||||
{
|
||||
qemuDomainGraphicsPrivatePtr gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics);
|
||||
|
||||
if (!gfxPriv)
|
||||
return;
|
||||
|
||||
VIR_FREE(gfxPriv->tlsAlias);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
qemuDomainSecretGraphicsPrepare(virQEMUDriverConfigPtr cfg,
|
||||
qemuDomainObjPrivatePtr priv,
|
||||
virDomainGraphicsDefPtr graphics)
|
||||
{
|
||||
virQEMUCapsPtr qemuCaps = priv->qemuCaps;
|
||||
qemuDomainGraphicsPrivatePtr gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics);
|
||||
|
||||
if (graphics->type != VIR_DOMAIN_GRAPHICS_TYPE_VNC)
|
||||
return 0;
|
||||
|
||||
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509))
|
||||
return 0;
|
||||
|
||||
if (!cfg->vncTLS)
|
||||
return 0;
|
||||
|
||||
if (VIR_STRDUP(gfxPriv->tlsAlias, "vnc-tls-creds0") < 0)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* qemuDomainSecretDestroy:
|
||||
* @vm: Domain object
|
||||
*
|
||||
@ -1767,6 +1803,9 @@ qemuDomainSecretDestroy(virDomainObjPtr vm)
|
||||
|
||||
for (i = 0; i < vm->def->nredirdevs; i++)
|
||||
qemuDomainSecretChardevDestroy(vm->def->redirdevs[i]->source);
|
||||
|
||||
for (i = 0; i < vm->def->ngraphics; i++)
|
||||
qemuDomainSecretGraphicsDestroy(vm->def->graphics[i]);
|
||||
}
|
||||
|
||||
|
||||
@ -1850,6 +1889,11 @@ qemuDomainSecretPrepare(virQEMUDriverPtr driver,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
for (i = 0; i < vm->def->ngraphics; i++) {
|
||||
if (qemuDomainSecretGraphicsPrepare(cfg, priv, vm->def->graphics[i]) < 0)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
cleanup:
|
||||
|
Loading…
Reference in New Issue
Block a user