qemu: Store TLS config options for chardevs in qemuDomainChrSourcePrivate

When setting up TLS options from config in qemuDomainPrepareChardevSourceOne
we can also extract the x509 certificate path and default tlsVerify
setting so that 'qemuBuildChardevCommand' doesn't need to access the
config object any more.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 910508e725137a47b23679d911549120c1bbc4b7..583e311008e6c951098907d94309e65bd62d4cf8 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1476,7 +1476,7 @@ qemuBuildChardevStr(const virDomainChrSourceDef *dev,
 
 static int
 qemuBuildChardevCommand(virCommand *cmd,
-                        virQEMUDriverConfig *cfg,
+                        virQEMUDriverConfig *cfg G_GNUC_UNUSED,
                         const virDomainChrSourceDef *dev,
                         const char *charAlias,
                         virQEMUCaps *qemuCaps)
@@ -1506,9 +1506,9 @@ qemuBuildChardevCommand(virCommand *cmd,
             if (!(objalias = qemuAliasTLSObjFromSrcAlias(charAlias)))
                 return -1;
 
-            if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir,
+            if (qemuBuildTLSx509CommandLine(cmd, chrSourcePriv->tlsCertPath,
                                             dev->data.tcp.listen,
-                                            cfg->chardevTLSx509verify,
+                                            chrSourcePriv->tlsVerify,
                                             tlsCertEncSecAlias,
                                             objalias, qemuCaps) < 0) {
                 return -1;

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a2ee160128eb30c992da9141e680a16556564632..d7751f731da622957c88de2215c7f1f6202bbd29 100644 (file)
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -867,6 +867,8 @@ qemuDomainChrSourcePrivateDispose(void *obj)
     VIR_FORCE_CLOSE(priv->fd);
     VIR_FORCE_CLOSE(priv->logfd);
 
+    g_free(priv->tlsCertPath);
+
     g_free(priv->fdset);
     g_free(priv->logFdset);
     g_free(priv->tlsCredsAlias);
@@ -9754,6 +9756,11 @@ qemuDomainPrepareChardevSourceOne(virDomainDeviceDef *dev,
                 charsrc->data.tcp.haveTLS = virTristateBoolFromBool(data->cfg->chardevTLS);
                 charsrc->data.tcp.tlsFromConfig = true;
             }
+
+            if (charsrc->data.tcp.haveTLS == VIR_TRISTATE_BOOL_YES) {
+                charpriv->tlsCertPath = g_strdup(data->cfg->chardevTLSx509certdir);
+                charpriv->tlsVerify = data->cfg->chardevTLSx509verify;
+            }
         }
         break;
 

diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index d07def3d8506742415920fe76fde3d813ad6d14a..5474d1dcccd7f52630445e04f8532dc06857ce61 100644 (file)
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -346,6 +346,9 @@ struct _qemuDomainChrSourcePrivate {
     int logfd; /* file descriptor of the logging source */
     bool wait; /* wait for incomming connections on chardev */
 
+    char *tlsCertPath; /* path to certificates if TLS is requested */
+    bool tlsVerify; /* whether server should verify client certificates */
+
     char *fdset; /* fdset path corresponding to the passed filedescriptor */
     char *logFdset; /* fdset path corresponding to the passed filedescriptor for logfile */
     int passedFD; /* filedescriptor number when fdset passing it directly */