[Qemu-devel] [PATCH for 2.9] migration: use "" as the default for tls-creds/hostname

[Qemu-devel] [PATCH for 2.9] migration: use "" as the default for tls-creds/hostname

[Daniel P. Berrange]

The tls-creds parameter has a default value of NULL indicating
that TLS should not be used. Setting it to non-NULL enables
use of TLS. Once tls-creds are set to a non-NULL value via the
monitor, it isn't possible to set them back to NULL again, due
to current implementation limitations. The empty string is not
a valid QObject identifier, so this switches to use "" as the
default, indicating that TLS will not be used

The tls-hostname parameter has a default value of NULL indicating
the the hostname from the migrate connection URI should be used.
Again, once tls-hostname is set non-NULL, to override the default
hostname for x509 cert validation, it isn't possible to reset it
back to NULL via the monitor. The empty string is not a valid
hostname, so this switches to use "" as the default, indicating
that the migrate URI hostname should be used.

Using "" as the default for both, also means that the monitor
commands "info migrate_parameters" / "query-migrate-parameters"
will report existance of tls-creds/tls-parameters even when set
to their default values.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 migration/migration.c | 4 ++++
 migration/tls.c       | 2 +-
 qapi-schema.json      | 4 ++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/migration/migration.c b/migration/migration.c
index 3dab684..54060f7 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -110,6 +110,8 @@ MigrationState *migrate_get_current(void)
 
     if (!once) {
         qemu_mutex_init(&current_migration.src_page_req_mutex);
+        current_migration.parameters.tls_creds = g_strdup("");
+        current_migration.parameters.tls_hostname = g_strdup("");
         once = true;
     }
     return &current_migration;
@@ -458,6 +460,7 @@ void migration_channel_process_incoming(MigrationState *s,
         ioc, object_get_typename(OBJECT(ioc)));
 
     if (s->parameters.tls_creds &&
+        *s->parameters.tls_creds &&
         !object_dynamic_cast(OBJECT(ioc),
                              TYPE_QIO_CHANNEL_TLS)) {
         Error *local_err = NULL;
@@ -480,6 +483,7 @@ void migration_channel_connect(MigrationState *s,
         ioc, object_get_typename(OBJECT(ioc)), hostname);
 
     if (s->parameters.tls_creds &&
+        *s->parameters.tls_creds &&
         !object_dynamic_cast(OBJECT(ioc),
                              TYPE_QIO_CHANNEL_TLS)) {
         Error *local_err = NULL;
diff --git a/migration/tls.c b/migration/tls.c
index 203c11d..45bec44 100644
--- a/migration/tls.c
+++ b/migration/tls.c
@@ -141,7 +141,7 @@ void migration_tls_channel_connect(MigrationState *s,
         return;
     }
 
-    if (s->parameters.tls_hostname) {
+    if (s->parameters.tls_hostname && *s->parameters.tls_hostname) {
         hostname = s->parameters.tls_hostname;
     }
     if (!hostname) {
diff --git a/qapi-schema.json b/qapi-schema.json
index 32b4a4b..eb9bf67 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -1036,6 +1036,8 @@
 #             credentials must be for a 'server' endpoint. Setting this
 #             will enable TLS for all migrations. The default is unset,
 #             resulting in unsecured migration at the QEMU level. (Since 2.7)
+#             An empty string means that QEMU will use plain text mode for
+#             migration, rather than TLS (Since 2.9)
 #
 # @tls-hostname: #optional hostname of the target host for the migration. This
 #                is required when using x509 based TLS credentials and the
@@ -1043,6 +1045,8 @@
 #                example if using fd: or exec: based migration, the
 #                hostname must be provided so that the server's x509
 #                certificate identity can be validated. (Since 2.7)
+#                An empty string means that QEMU will use the hostname
+#                associated with the migration URI, if any. (Since 2.9)
 #
 # @max-bandwidth: to set maximum speed for migration. maximum speed in
 #                 bytes per second. (Since 2.8)
-- 
2.9.3

Re: [Qemu-devel] [PATCH for 2.9] migration: use "" as the default for tls-creds/hostname

[Dr. David Alan Gilbert]

* Daniel P. Berrange (berrange@redhat.com) wrote:
> The tls-creds parameter has a default value of NULL indicating
> that TLS should not be used. Setting it to non-NULL enables
> use of TLS. Once tls-creds are set to a non-NULL value via the
> monitor, it isn't possible to set them back to NULL again, due
> to current implementation limitations. The empty string is not
> a valid QObject identifier, so this switches to use "" as the
> default, indicating that TLS will not be used
> 
> The tls-hostname parameter has a default value of NULL indicating
> the the hostname from the migrate connection URI should be used.
> Again, once tls-hostname is set non-NULL, to override the default
> hostname for x509 cert validation, it isn't possible to reset it
> back to NULL via the monitor. The empty string is not a valid
> hostname, so this switches to use "" as the default, indicating
> that the migrate URI hostname should be used.
> 
> Using "" as the default for both, also means that the monitor
> commands "info migrate_parameters" / "query-migrate-parameters"
> will report existance of tls-creds/tls-parameters even when set
> to their default values.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Yes, simple enough.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

Markus, Eric - are you OK with that?

Dave


> ---
>  migration/migration.c | 4 ++++
>  migration/tls.c       | 2 +-
>  qapi-schema.json      | 4 ++++
>  3 files changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/migration/migration.c b/migration/migration.c
> index 3dab684..54060f7 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -110,6 +110,8 @@ MigrationState *migrate_get_current(void)
>  
>      if (!once) {
>          qemu_mutex_init(&current_migration.src_page_req_mutex);
> +        current_migration.parameters.tls_creds = g_strdup("");
> +        current_migration.parameters.tls_hostname = g_strdup("");
>          once = true;
>      }
>      return &current_migration;
> @@ -458,6 +460,7 @@ void migration_channel_process_incoming(MigrationState *s,
>          ioc, object_get_typename(OBJECT(ioc)));
>  
>      if (s->parameters.tls_creds &&
> +        *s->parameters.tls_creds &&
>          !object_dynamic_cast(OBJECT(ioc),
>                               TYPE_QIO_CHANNEL_TLS)) {
>          Error *local_err = NULL;
> @@ -480,6 +483,7 @@ void migration_channel_connect(MigrationState *s,
>          ioc, object_get_typename(OBJECT(ioc)), hostname);
>  
>      if (s->parameters.tls_creds &&
> +        *s->parameters.tls_creds &&
>          !object_dynamic_cast(OBJECT(ioc),
>                               TYPE_QIO_CHANNEL_TLS)) {
>          Error *local_err = NULL;
> diff --git a/migration/tls.c b/migration/tls.c
> index 203c11d..45bec44 100644
> --- a/migration/tls.c
> +++ b/migration/tls.c
> @@ -141,7 +141,7 @@ void migration_tls_channel_connect(MigrationState *s,
>          return;
>      }
>  
> -    if (s->parameters.tls_hostname) {
> +    if (s->parameters.tls_hostname && *s->parameters.tls_hostname) {
>          hostname = s->parameters.tls_hostname;
>      }
>      if (!hostname) {
> diff --git a/qapi-schema.json b/qapi-schema.json
> index 32b4a4b..eb9bf67 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -1036,6 +1036,8 @@
>  #             credentials must be for a 'server' endpoint. Setting this
>  #             will enable TLS for all migrations. The default is unset,
>  #             resulting in unsecured migration at the QEMU level. (Since 2.7)
> +#             An empty string means that QEMU will use plain text mode for
> +#             migration, rather than TLS (Since 2.9)
>  #
>  # @tls-hostname: #optional hostname of the target host for the migration. This
>  #                is required when using x509 based TLS credentials and the
> @@ -1043,6 +1045,8 @@
>  #                example if using fd: or exec: based migration, the
>  #                hostname must be provided so that the server's x509
>  #                certificate identity can be validated. (Since 2.7)
> +#                An empty string means that QEMU will use the hostname
> +#                associated with the migration URI, if any. (Since 2.9)
>  #
>  # @max-bandwidth: to set maximum speed for migration. maximum speed in
>  #                 bytes per second. (Since 2.8)
> -- 
> 2.9.3
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH for 2.9] migration: use "" as the default for tls-creds/hostname

[Markus Armbruster]

"Dr. David Alan Gilbert" <dgilbert@redhat.com> writes:

> * Daniel P. Berrange (berrange@redhat.com) wrote:
>> The tls-creds parameter has a default value of NULL indicating
>> that TLS should not be used. Setting it to non-NULL enables
>> use of TLS. Once tls-creds are set to a non-NULL value via the
>> monitor, it isn't possible to set them back to NULL again, due
>> to current implementation limitations. The empty string is not
>> a valid QObject identifier, so this switches to use "" as the
>> default, indicating that TLS will not be used
>> 
>> The tls-hostname parameter has a default value of NULL indicating
>> the the hostname from the migrate connection URI should be used.
>> Again, once tls-hostname is set non-NULL, to override the default
>> hostname for x509 cert validation, it isn't possible to reset it
>> back to NULL via the monitor. The empty string is not a valid
>> hostname, so this switches to use "" as the default, indicating
>> that the migrate URI hostname should be used.
>> 
>> Using "" as the default for both, also means that the monitor
>> commands "info migrate_parameters" / "query-migrate-parameters"
>> will report existance of tls-creds/tls-parameters even when set
>> to their default values.
>> 
>> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
>
> Yes, simple enough.
>
> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
>
> Markus, Eric - are you OK with that?

No objections.

Re: [Qemu-devel] [PATCH for 2.9] migration: use "" as the default for tls-creds/hostname

[Eric Blake]

[-- Attachment #1: Type: text/plain, Size: 1688 bytes --]

On 03/15/2017 11:16 AM, Daniel P. Berrange wrote:
> The tls-creds parameter has a default value of NULL indicating
> that TLS should not be used. Setting it to non-NULL enables
> use of TLS. Once tls-creds are set to a non-NULL value via the
> monitor, it isn't possible to set them back to NULL again, due
> to current implementation limitations. The empty string is not
> a valid QObject identifier, so this switches to use "" as the
> default, indicating that TLS will not be used
> 
> The tls-hostname parameter has a default value of NULL indicating
> the the hostname from the migrate connection URI should be used.
> Again, once tls-hostname is set non-NULL, to override the default
> hostname for x509 cert validation, it isn't possible to reset it
> back to NULL via the monitor. The empty string is not a valid
> hostname, so this switches to use "" as the default, indicating
> that the migrate URI hostname should be used.
> 
> Using "" as the default for both, also means that the monitor
> commands "info migrate_parameters" / "query-migrate-parameters"
> will report existance of tls-creds/tls-parameters even when set
> to their default values.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  migration/migration.c | 4 ++++
>  migration/tls.c       | 2 +-
>  qapi-schema.json      | 4 ++++
>  3 files changed, 9 insertions(+), 1 deletion(-)

Reviewed-by: Eric Blake <eblake@redhat.com>

And still leaves the door open to future growth if we want to add
"foo":null for resetting a value to default in 2.10.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]

Re: [Qemu-devel] [PATCH for 2.9] migration: use "" as the default for tls-creds/hostname

[Juan Quintela]

"Daniel P. Berrange" <berrange@redhat.com> wrote:
> The tls-creds parameter has a default value of NULL indicating
> that TLS should not be used. Setting it to non-NULL enables
> use of TLS. Once tls-creds are set to a non-NULL value via the
> monitor, it isn't possible to set them back to NULL again, due
> to current implementation limitations. The empty string is not
> a valid QObject identifier, so this switches to use "" as the
> default, indicating that TLS will not be used
>
> The tls-hostname parameter has a default value of NULL indicating
> the the hostname from the migrate connection URI should be used.
> Again, once tls-hostname is set non-NULL, to override the default
> hostname for x509 cert validation, it isn't possible to reset it
> back to NULL via the monitor. The empty string is not a valid
> hostname, so this switches to use "" as the default, indicating
> that the migrate URI hostname should be used.
>
> Using "" as the default for both, also means that the monitor
> commands "info migrate_parameters" / "query-migrate-parameters"
> will report existance of tls-creds/tls-parameters even when set
> to their default values.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

queued