qemu: prepare secret for the graphics upfront

Instead of hardcoding the TLS creds alias in qemuBuildGraphicsVNCCommandLine, store it in the domain private data. Given that we only support one VNC graphics and thus have only one alias per-domain, this is overengineered, but it will allow us to prepare the secret upfront when we start supporting encrypted server TLS keys. Note that the alias is not formatted anywhere since we won't need to access it after domain startup. Signed-off-by: N Ján Tomko <jtomko@redhat.com> Reviewed-by: N John Ferlan <jferlan@redhat.com>

qemu: prepare secret for the graphics upfront
Instead of hardcoding the TLS creds alias in qemuBuildGraphicsVNCCommandLine, store it in the domain private data. Given that we only support one VNC graphics and thus have only one alias per-domain, this is overengineered, but it will allow us to prepare the secret upfront when we start supporting encrypted server TLS keys. Note that the alias is not formatted anywhere since we won't need to access it after domain startup. Signed-off-by: N Ján Tomko <jtomko@redhat.com> Reviewed-by: N John Ferlan <jferlan@redhat.com>
2c7791a8 · Ján Tomko · ea3c3f88 · 2c7791a8 · 2c7791a8
隐藏空白更改
内联并排

Showing with 48 addition and 4 deletion

src/qemu/qemu_command.c src/qemu/qemu_command.c +4 -4

src/qemu/qemu_domain.c src/qemu/qemu_domain.c +44 -0

未找到文件。
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8036,18 +8036,18 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
        virBufferAddLit(&opt, ",password");
    if (cfg->vncTLS) {
-        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
+        qemuDomainGraphicsPrivatePtr gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics);
-            const char *alias = "vnc-tls-creds0";
+        if (gfxPriv->tlsAlias) {
            if (qemuBuildTLSx509CommandLine(cmd,
                                            cfg->vncTLSx509certdir,
                                            true,
                                            cfg->vncTLSx509verify,
                                            NULL,
-                                            alias,
+                                            gfxPriv->tlsAlias,
                                            qemuCaps) < 0)
                goto error;
-            virBufferAsprintf(&opt, ",tls-creds=%s", alias);
+            virBufferAsprintf(&opt, ",tls-creds=%s", gfxPriv->tlsAlias);
        } else {
            virBufferAddLit(&opt, ",tls");
            if (cfg->vncTLSx509verify) {

--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1726,6 +1726,42 @@ qemuDomainSecretChardevPrepare(virQEMUDriverConfigPtr cfg,
 }
+static void
+qemuDomainSecretGraphicsDestroy(virDomainGraphicsDefPtr graphics)
+{
+    qemuDomainGraphicsPrivatePtr gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics);
+    if (!gfxPriv)
+        return;
+    VIR_FREE(gfxPriv->tlsAlias);
+}
+static int
+qemuDomainSecretGraphicsPrepare(virQEMUDriverConfigPtr cfg,
+                                qemuDomainObjPrivatePtr priv,
+                                virDomainGraphicsDefPtr graphics)
+{
+    virQEMUCapsPtr qemuCaps = priv->qemuCaps;
+    qemuDomainGraphicsPrivatePtr gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics);
+    if (graphics->type != VIR_DOMAIN_GRAPHICS_TYPE_VNC)
+        return 0;
+    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509))
+        return 0;
+    if (!cfg->vncTLS)
+        return 0;
+    if (VIR_STRDUP(gfxPriv->tlsAlias, "vnc-tls-creds0") < 0)
+        return -1;
+    return 0;
+}
 /* qemuDomainSecretDestroy:
 * @vm: Domain object
 *
@@ -1767,6 +1803,9 @@ qemuDomainSecretDestroy(virDomainObjPtr vm)
    for (i = 0; i < vm->def->nredirdevs; i++)
        qemuDomainSecretChardevDestroy(vm->def->redirdevs[i]->source);
+    for (i = 0; i < vm->def->ngraphics; i++)
+        qemuDomainSecretGraphicsDestroy(vm->def->graphics[i]);
 }
@@ -1850,6 +1889,11 @@ qemuDomainSecretPrepare(virQEMUDriverPtr driver,
            goto cleanup;
    }
+    for (i = 0; i < vm->def->ngraphics; i++) {
+        if (qemuDomainSecretGraphicsPrepare(cfg, priv, vm->def->graphics[i]) < 0)
+            goto cleanup;
+    }
    ret = 0;
 cleanup: