mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 06:35:24 +00:00
qemu: domain: Add new function to set up encrypted secrets only
Some code paths can't use the unencrypted secret. Add a helper which checks and sets up an encrypted secret only and reuse it when setting up the secret to decrypt the TLS private key in qemuDomainSecretInfoTLSNew. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
5882a6d72f
commit
7f08be4dfa
@ -1399,6 +1399,49 @@ qemuDomainSecretInfoNewPlain(qemuDomainObjPrivatePtr priv,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* qemuDomainSecretInfoNew:
|
||||||
|
* @priv: pointer to domain private object
|
||||||
|
* @srcAlias: Alias base to use for TLS object
|
||||||
|
* @usageType: Secret usage type
|
||||||
|
* @username: username
|
||||||
|
* @looupDef: lookup def describing secret
|
||||||
|
* @isLuks: boolean for luks lookup
|
||||||
|
*
|
||||||
|
* Helper function to create a secinfo to be used for secinfo consumers. This
|
||||||
|
* sets up encrypted data to be used with qemu's 'secret' object.
|
||||||
|
*
|
||||||
|
* Returns @secinfo on success, NULL on failure. Caller is responsible
|
||||||
|
* to eventually free @secinfo.
|
||||||
|
*/
|
||||||
|
static qemuDomainSecretInfoPtr
|
||||||
|
qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv,
|
||||||
|
const char *srcAlias,
|
||||||
|
virSecretUsageType usageType,
|
||||||
|
const char *username,
|
||||||
|
virSecretLookupTypeDefPtr lookupDef,
|
||||||
|
bool isLuks)
|
||||||
|
{
|
||||||
|
qemuDomainSecretInfoPtr secinfo = NULL;
|
||||||
|
|
||||||
|
if (!qemuDomainSupportsEncryptedSecret(priv)) {
|
||||||
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||||
|
_("encrypted secrets are not supported"));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (VIR_ALLOC(secinfo) < 0)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
if (qemuDomainSecretAESSetup(priv, secinfo, srcAlias, usageType, username,
|
||||||
|
lookupDef, isLuks) < 0) {
|
||||||
|
qemuDomainSecretInfoFree(&secinfo);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
return secinfo;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* qemuDomainSecretInfoTLSNew:
|
* qemuDomainSecretInfoTLSNew:
|
||||||
* @priv: pointer to domain private object
|
* @priv: pointer to domain private object
|
||||||
@ -1425,9 +1468,9 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivatePtr priv,
|
|||||||
}
|
}
|
||||||
seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
|
seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
|
||||||
|
|
||||||
return qemuDomainSecretInfoNewPlain(priv, srcAlias,
|
return qemuDomainSecretInfoNew(priv, srcAlias,
|
||||||
VIR_SECRET_USAGE_TYPE_TLS, NULL,
|
VIR_SECRET_USAGE_TYPE_TLS, NULL,
|
||||||
&seclookupdef, false);
|
&seclookupdef, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user