From 8a5cd05b55a372106651b48ead486ddaffa5bab4 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Tue, 29 May 2018 18:04:42 +0200 Subject: [PATCH] qemu: command: Don't generate alias for TLS private key password secret MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit qemuBuildTLSx509CommandLine has no business guessing which alias should be used. The alias needs to be passed in. Note that there's a lingering bad design of this, since the secret object alias is based on the device name and not on the fact that the secret is used for decrypting of the TLS private key. If we ever add authentication for chardevs this will bite us. Thankfully disk code does not support encrypted private keys for TLS so it can be happily refactored there. Signed-off-by: Peter Krempa Reviewed-by: Ján Tomko --- src/qemu/qemu_command.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2d375b4ca4..29022ce10e 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -723,7 +723,8 @@ qemuBuildTLSx509BackendProps(const char *tlspath, * @tlspath: path to the TLS credentials * @listen: boolen listen for client or server setting * @verifypeer: boolean to enable peer verification (form of authorization) - * @addpasswordid: boolean to handle adding passwordid to object + * @certEncSecretAlias: alias of a 'secret' object for decrypting TLS private key + * (optional) * @inalias: Alias for the parent to generate object alias * @qemuCaps: capabilities * @@ -736,7 +737,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, const char *tlspath, bool isListen, bool verifypeer, - bool addpasswordid, + const char *certEncSecretAlias, const char *inalias, virQEMUCapsPtr qemuCaps) { @@ -744,13 +745,9 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, char *objalias = NULL; virJSONValuePtr props = NULL; char *tmp = NULL; - char *secalias = NULL; - if (addpasswordid && - !(secalias = qemuDomainGetSecretAESAlias(inalias, false))) - return -1; - - if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, secalias, + if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, + certEncSecretAlias, qemuCaps, &props) < 0) goto cleanup; @@ -769,7 +766,6 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, virJSONValueFree(props); VIR_FREE(objalias); VIR_FREE(tmp); - VIR_FREE(secalias); return ret; } @@ -793,7 +789,7 @@ qemuBuildDiskSrcTLSx509CommandLine(virCommandPtr cmd, src->haveTLS == VIR_TRISTATE_BOOL_YES) { return qemuBuildTLSx509CommandLine(cmd, src->tlsCertdir, false, src->tlsVerify, - false, srcalias, qemuCaps); + NULL, srcalias, qemuCaps); } return 0; @@ -4986,20 +4982,24 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager, qemuDomainChrSourcePrivatePtr chrSourcePriv = QEMU_DOMAIN_CHR_SOURCE_PRIVATE(dev); char *objalias = NULL; + const char *tlsCertEncSecAlias = NULL; /* Add the secret object first if necessary. The * secinfo is added only to a TCP serial device during * qemuDomainSecretChardevPrepare. Subsequently called * functions can just check the config fields */ - if (chrSourcePriv && chrSourcePriv->secinfo && - qemuBuildObjectSecretCommandLine(cmd, - chrSourcePriv->secinfo) < 0) - goto cleanup; + if (chrSourcePriv && chrSourcePriv->secinfo) { + if (qemuBuildObjectSecretCommandLine(cmd, + chrSourcePriv->secinfo) < 0) + goto cleanup; + + tlsCertEncSecAlias = chrSourcePriv->secinfo->s.aes.alias; + } if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir, dev->data.tcp.listen, cfg->chardevTLSx509verify, - !!cfg->chardevTLSx509secretUUID, + tlsCertEncSecAlias, charAlias, qemuCaps) < 0) goto cleanup; -- 2.39.5