From 7b94408db5c34aa45d2ea1bfc6d220cf83edafc7 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Mon, 22 Nov 2021 14:41:23 +0100 Subject: [PATCH] qemu: Store TLS config options for chardevs in qemuDomainChrSourcePrivate MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit When setting up TLS options from config in qemuDomainPrepareChardevSourceOne we can also extract the x509 certificate path and default tlsVerify setting so that 'qemuBuildChardevCommand' doesn't need to access the config object any more. Signed-off-by: Peter Krempa Reviewed-by: Ján Tomko --- src/qemu/qemu_command.c | 6 +++--- src/qemu/qemu_domain.c | 7 +++++++ src/qemu/qemu_domain.h | 3 +++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 910508e725..583e311008 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -1476,7 +1476,7 @@ qemuBuildChardevStr(const virDomainChrSourceDef *dev, static int qemuBuildChardevCommand(virCommand *cmd, - virQEMUDriverConfig *cfg, + virQEMUDriverConfig *cfg G_GNUC_UNUSED, const virDomainChrSourceDef *dev, const char *charAlias, virQEMUCaps *qemuCaps) @@ -1506,9 +1506,9 @@ qemuBuildChardevCommand(virCommand *cmd, if (!(objalias = qemuAliasTLSObjFromSrcAlias(charAlias))) return -1; - if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir, + if (qemuBuildTLSx509CommandLine(cmd, chrSourcePriv->tlsCertPath, dev->data.tcp.listen, - cfg->chardevTLSx509verify, + chrSourcePriv->tlsVerify, tlsCertEncSecAlias, objalias, qemuCaps) < 0) { return -1; diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index a2ee160128..d7751f731d 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -867,6 +867,8 @@ qemuDomainChrSourcePrivateDispose(void *obj) VIR_FORCE_CLOSE(priv->fd); VIR_FORCE_CLOSE(priv->logfd); + g_free(priv->tlsCertPath); + g_free(priv->fdset); g_free(priv->logFdset); g_free(priv->tlsCredsAlias); @@ -9754,6 +9756,11 @@ qemuDomainPrepareChardevSourceOne(virDomainDeviceDef *dev, charsrc->data.tcp.haveTLS = virTristateBoolFromBool(data->cfg->chardevTLS); charsrc->data.tcp.tlsFromConfig = true; } + + if (charsrc->data.tcp.haveTLS == VIR_TRISTATE_BOOL_YES) { + charpriv->tlsCertPath = g_strdup(data->cfg->chardevTLSx509certdir); + charpriv->tlsVerify = data->cfg->chardevTLSx509verify; + } } break; diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index d07def3d85..5474d1dccc 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -346,6 +346,9 @@ struct _qemuDomainChrSourcePrivate { int logfd; /* file descriptor of the logging source */ bool wait; /* wait for incomming connections on chardev */ + char *tlsCertPath; /* path to certificates if TLS is requested */ + bool tlsVerify; /* whether server should verify client certificates */ + char *fdset; /* fdset path corresponding to the passed filedescriptor */ char *logFdset; /* fdset path corresponding to the passed filedescriptor for logfile */ int passedFD; /* filedescriptor number when fdset passing it directly */ -- 2.39.5