提交 2c5dd1ee 编写于 作者: J Ján Tomko

qemu.conf: add vnc_tls_x509_secret_uuid

Add an option that lets the user specify the secret
that unlocks the server TLS key.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
上级 0b3fc37e
...@@ -35,6 +35,7 @@ module Libvirtd_qemu = ...@@ -35,6 +35,7 @@ module Libvirtd_qemu =
| bool_entry "vnc_auto_unix_socket" | bool_entry "vnc_auto_unix_socket"
| bool_entry "vnc_tls" | bool_entry "vnc_tls"
| str_entry "vnc_tls_x509_cert_dir" | str_entry "vnc_tls_x509_cert_dir"
| str_entry "vnc_tls_x509_secret_uuid"
| bool_entry "vnc_tls_x509_verify" | bool_entry "vnc_tls_x509_verify"
| str_entry "vnc_password" | str_entry "vnc_password"
| bool_entry "vnc_sasl" | bool_entry "vnc_sasl"
......
...@@ -95,6 +95,12 @@ ...@@ -95,6 +95,12 @@
#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
# Uncomment and use the following option to override the default secret
# UUID provided in the default_tls_x509_secret_uuid parameter.
#
#vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
# The default TLS configuration only uses certificates for the server # The default TLS configuration only uses certificates for the server
# allowing the client to verify the server's identity and establish # allowing the client to verify the server's identity and establish
# an encrypted channel. # an encrypted channel.
......
...@@ -361,6 +361,7 @@ static void virQEMUDriverConfigDispose(void *obj) ...@@ -361,6 +361,7 @@ static void virQEMUDriverConfigDispose(void *obj)
VIR_FREE(cfg->defaultTLSx509secretUUID); VIR_FREE(cfg->defaultTLSx509secretUUID);
VIR_FREE(cfg->vncTLSx509certdir); VIR_FREE(cfg->vncTLSx509certdir);
VIR_FREE(cfg->vncTLSx509secretUUID);
VIR_FREE(cfg->vncListen); VIR_FREE(cfg->vncListen);
VIR_FREE(cfg->vncPassword); VIR_FREE(cfg->vncPassword);
VIR_FREE(cfg->vncSASLdir); VIR_FREE(cfg->vncSASLdir);
...@@ -458,6 +459,8 @@ virQEMUDriverConfigLoadVNCEntry(virQEMUDriverConfigPtr cfg, ...@@ -458,6 +459,8 @@ virQEMUDriverConfigLoadVNCEntry(virQEMUDriverConfigPtr cfg,
cfg->vncTLSx509verifyPresent = true; cfg->vncTLSx509verifyPresent = true;
if (virConfGetValueString(conf, "vnc_tls_x509_cert_dir", &cfg->vncTLSx509certdir) < 0) if (virConfGetValueString(conf, "vnc_tls_x509_cert_dir", &cfg->vncTLSx509certdir) < 0)
return -1; return -1;
if (virConfGetValueString(conf, "vnc_tls_x509_secret_uuid", &cfg->vncTLSx509secretUUID) < 0)
return -1;
if (virConfGetValueString(conf, "vnc_listen", &cfg->vncListen) < 0) if (virConfGetValueString(conf, "vnc_listen", &cfg->vncListen) < 0)
return -1; return -1;
if (virConfGetValueString(conf, "vnc_password", &cfg->vncPassword) < 0) if (virConfGetValueString(conf, "vnc_password", &cfg->vncPassword) < 0)
...@@ -1168,6 +1171,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr cfg) ...@@ -1168,6 +1171,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr cfg)
} \ } \
} while (0) } while (0)
SET_TLS_SECRET_UUID_DEFAULT(vnc);
SET_TLS_SECRET_UUID_DEFAULT(chardev); SET_TLS_SECRET_UUID_DEFAULT(chardev);
SET_TLS_SECRET_UUID_DEFAULT(migrate); SET_TLS_SECRET_UUID_DEFAULT(migrate);
......
...@@ -125,6 +125,7 @@ struct _virQEMUDriverConfig { ...@@ -125,6 +125,7 @@ struct _virQEMUDriverConfig {
bool vncTLSx509verifyPresent; bool vncTLSx509verifyPresent;
bool vncSASL; bool vncSASL;
char *vncTLSx509certdir; char *vncTLSx509certdir;
char *vncTLSx509secretUUID;
char *vncListen; char *vncListen;
char *vncPassword; char *vncPassword;
char *vncSASLdir; char *vncSASLdir;
......
...@@ -9,6 +9,7 @@ module Test_libvirtd_qemu = ...@@ -9,6 +9,7 @@ module Test_libvirtd_qemu =
{ "vnc_auto_unix_socket" = "1" } { "vnc_auto_unix_socket" = "1" }
{ "vnc_tls" = "1" } { "vnc_tls" = "1" }
{ "vnc_tls_x509_cert_dir" = "/etc/pki/libvirt-vnc" } { "vnc_tls_x509_cert_dir" = "/etc/pki/libvirt-vnc" }
{ "vnc_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" }
{ "vnc_tls_x509_verify" = "1" } { "vnc_tls_x509_verify" = "1" }
{ "vnc_password" = "XYZ12345" } { "vnc_password" = "XYZ12345" }
{ "vnc_sasl" = "1" } { "vnc_sasl" = "1" }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册