qemu.conf: add vnc_tls_x509_secret_uuid

Add an option that lets the user specify the secret that unlocks the server TLS key. Signed-off-by: N Ján Tomko <jtomko@redhat.com> Reviewed-by: N John Ferlan <jferlan@redhat.com>

qemu.conf: add vnc_tls_x509_secret_uuid
Add an option that lets the user specify the secret that unlocks the server TLS key. Signed-off-by: N Ján Tomko <jtomko@redhat.com> Reviewed-by: N John Ferlan <jferlan@redhat.com>
2c5dd1ee · Ján Tomko · 0b3fc37e · 2c5dd1ee · 2c5dd1ee · 2c5dd1ee
5 changed file
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -35,6 +35,7 @@ module Libvirtd_qemu =
                 | bool_entry "vnc_auto_unix_socket"
                 | bool_entry "vnc_tls"
                 | str_entry "vnc_tls_x509_cert_dir"
+                 | str_entry "vnc_tls_x509_secret_uuid"
                 | bool_entry "vnc_tls_x509_verify"
                 | str_entry "vnc_password"
                 | bool_entry "vnc_sasl"

--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -95,6 +95,12 @@
 #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"


+# Uncomment and use the following option to override the default secret
+# UUID provided in the default_tls_x509_secret_uuid parameter.
+#
+#vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
 # The default TLS configuration only uses certificates for the server
 # allowing the client to verify the server's identity and establish
 # an encrypted channel.

--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -361,6 +361,7 @@ static void virQEMUDriverConfigDispose(void *obj)
    VIR_FREE(cfg->defaultTLSx509secretUUID);

    VIR_FREE(cfg->vncTLSx509certdir);
+    VIR_FREE(cfg->vncTLSx509secretUUID);
    VIR_FREE(cfg->vncListen);
    VIR_FREE(cfg->vncPassword);
    VIR_FREE(cfg->vncSASLdir);
@@ -458,6 +459,8 @@ virQEMUDriverConfigLoadVNCEntry(virQEMUDriverConfigPtr cfg,
        cfg->vncTLSx509verifyPresent = true;
    if (virConfGetValueString(conf, "vnc_tls_x509_cert_dir", &cfg->vncTLSx509certdir) < 0)
        return -1;
+    if (virConfGetValueString(conf, "vnc_tls_x509_secret_uuid", &cfg->vncTLSx509secretUUID) < 0)
+        return -1;
    if (virConfGetValueString(conf, "vnc_listen", &cfg->vncListen) < 0)
        return -1;
    if (virConfGetValueString(conf, "vnc_password", &cfg->vncPassword) < 0)
@@ -1168,6 +1171,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr cfg)
        } \
    } while (0)

+    SET_TLS_SECRET_UUID_DEFAULT(vnc);
    SET_TLS_SECRET_UUID_DEFAULT(chardev);
    SET_TLS_SECRET_UUID_DEFAULT(migrate);


--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -125,6 +125,7 @@ struct _virQEMUDriverConfig {
    bool vncTLSx509verifyPresent;
    bool vncSASL;
    char *vncTLSx509certdir;
+    char *vncTLSx509secretUUID;
    char *vncListen;
    char *vncPassword;
    char *vncSASLdir;

--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -9,6 +9,7 @@ module Test_libvirtd_qemu =
 { "vnc_auto_unix_socket" = "1" }
 { "vnc_tls" = "1" }
 { "vnc_tls_x509_cert_dir" = "/etc/pki/libvirt-vnc" }
+{ "vnc_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" }
 { "vnc_tls_x509_verify" = "1" }
 { "vnc_password" = "XYZ12345" }
 { "vnc_sasl" = "1" }