qemu: Store TLS config options for chardevs in qemuDomainChrSourcePrivate

When setting up TLS options from config in qemuDomainPrepareChardevSourceOne
we can also extract the x509 certificate path and default tlsVerify
setting so that 'qemuBuildChardevCommand' doesn't need to access the
config object any more.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2021-11-22 14:41:23 +01:00
parent 1ea28569a0
commit 7b94408db5
3 changed files with 13 additions and 3 deletions

View File

@ -1476,7 +1476,7 @@ qemuBuildChardevStr(const virDomainChrSourceDef *dev,
static int static int
qemuBuildChardevCommand(virCommand *cmd, qemuBuildChardevCommand(virCommand *cmd,
virQEMUDriverConfig *cfg, virQEMUDriverConfig *cfg G_GNUC_UNUSED,
const virDomainChrSourceDef *dev, const virDomainChrSourceDef *dev,
const char *charAlias, const char *charAlias,
virQEMUCaps *qemuCaps) virQEMUCaps *qemuCaps)
@ -1506,9 +1506,9 @@ qemuBuildChardevCommand(virCommand *cmd,
if (!(objalias = qemuAliasTLSObjFromSrcAlias(charAlias))) if (!(objalias = qemuAliasTLSObjFromSrcAlias(charAlias)))
return -1; return -1;
if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir, if (qemuBuildTLSx509CommandLine(cmd, chrSourcePriv->tlsCertPath,
dev->data.tcp.listen, dev->data.tcp.listen,
cfg->chardevTLSx509verify, chrSourcePriv->tlsVerify,
tlsCertEncSecAlias, tlsCertEncSecAlias,
objalias, qemuCaps) < 0) { objalias, qemuCaps) < 0) {
return -1; return -1;

View File

@ -867,6 +867,8 @@ qemuDomainChrSourcePrivateDispose(void *obj)
VIR_FORCE_CLOSE(priv->fd); VIR_FORCE_CLOSE(priv->fd);
VIR_FORCE_CLOSE(priv->logfd); VIR_FORCE_CLOSE(priv->logfd);
g_free(priv->tlsCertPath);
g_free(priv->fdset); g_free(priv->fdset);
g_free(priv->logFdset); g_free(priv->logFdset);
g_free(priv->tlsCredsAlias); g_free(priv->tlsCredsAlias);
@ -9754,6 +9756,11 @@ qemuDomainPrepareChardevSourceOne(virDomainDeviceDef *dev,
charsrc->data.tcp.haveTLS = virTristateBoolFromBool(data->cfg->chardevTLS); charsrc->data.tcp.haveTLS = virTristateBoolFromBool(data->cfg->chardevTLS);
charsrc->data.tcp.tlsFromConfig = true; charsrc->data.tcp.tlsFromConfig = true;
} }
if (charsrc->data.tcp.haveTLS == VIR_TRISTATE_BOOL_YES) {
charpriv->tlsCertPath = g_strdup(data->cfg->chardevTLSx509certdir);
charpriv->tlsVerify = data->cfg->chardevTLSx509verify;
}
} }
break; break;

View File

@ -346,6 +346,9 @@ struct _qemuDomainChrSourcePrivate {
int logfd; /* file descriptor of the logging source */ int logfd; /* file descriptor of the logging source */
bool wait; /* wait for incomming connections on chardev */ bool wait; /* wait for incomming connections on chardev */
char *tlsCertPath; /* path to certificates if TLS is requested */
bool tlsVerify; /* whether server should verify client certificates */
char *fdset; /* fdset path corresponding to the passed filedescriptor */ char *fdset; /* fdset path corresponding to the passed filedescriptor */
char *logFdset; /* fdset path corresponding to the passed filedescriptor for logfile */ char *logFdset; /* fdset path corresponding to the passed filedescriptor for logfile */
int passedFD; /* filedescriptor number when fdset passing it directly */ int passedFD; /* filedescriptor number when fdset passing it directly */