6:08 a.m.
Rather than assume/pass the protocol to the qemuDomainSecretPlainSetup
and qemuDomainSecretAESSetup, determine and pass the secretUsageType
which is then used in the virSecretGetSecretString call
For the two callers that convert from virStorageNetProtocol, add
a new helper qemuDomainSecretProtocolGetUsageType.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/qemu/qemu_domain.c | 106 +++++++++++++++++++++++++++++--------------------
1 file changed, 64 insertions(+), 42 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index b44735d..ccd5ce8 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -807,7 +807,7 @@ qemuDomainHostdevPrivateDispose(void *obj)
/* qemuDomainSecretPlainSetup:
* @conn: Pointer to connection
* @secinfo: Pointer to secret info
- * @protocol: Protocol for secret
+ * @secretUsageType: The virSecretUsageType
* @authdef: Pointer to auth data
*
* Taking a secinfo, fill in the plaintext information
@@ -817,19 +817,15 @@ qemuDomainHostdevPrivateDispose(void *obj)
static int
qemuDomainSecretPlainSetup(virConnectPtr conn,
qemuDomainSecretInfoPtr secinfo,
- virStorageNetProtocol protocol,
+ virSecretUsageType secretUsageType,
virStorageAuthDefPtr authdef)
{
- int secretType = VIR_SECRET_USAGE_TYPE_ISCSI;
-
secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN;
if (VIR_STRDUP(secinfo->s.plain.username, authdef->username) < 0)
return -1;
- if (protocol == VIR_STORAGE_NET_PROTOCOL_RBD)
- secretType = VIR_SECRET_USAGE_TYPE_CEPH;
-
- return virSecretGetSecretString(conn, &authdef->seclookupdef, secretType,
+ return virSecretGetSecretString(conn, &authdef->seclookupdef,
+ secretUsageType,
&secinfo->s.plain.secret,
&secinfo->s.plain.secretlen);
}
@@ -840,7 +836,7 @@ qemuDomainSecretPlainSetup(virConnectPtr conn,
* @priv: pointer to domain private object
* @secinfo: Pointer to secret info
* @srcalias: Alias of the disk/hostdev used to generate the secret alias
- * @protocol: Protocol for secret
+ * @secretUsageType: The virSecretUsageType
* @authdef: Pointer to auth data
*
* Taking a secinfo, fill in the AES specific information using the
@@ -852,7 +848,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
qemuDomainObjPrivatePtr priv,
qemuDomainSecretInfoPtr secinfo,
const char *srcalias,
- virStorageNetProtocol protocol,
+ virSecretUsageType secretUsageType,
virStorageAuthDefPtr authdef)
{
int ret = -1;
@@ -862,34 +858,11 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
size_t secretlen = 0;
uint8_t *ciphertext = NULL;
size_t ciphertextlen = 0;
- int secretType = VIR_SECRET_USAGE_TYPE_NONE;
secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
if (VIR_STRDUP(secinfo->s.aes.username, authdef->username) < 0)
return -1;
- switch ((virStorageNetProtocol)protocol) {
- case VIR_STORAGE_NET_PROTOCOL_RBD:
- secretType = VIR_SECRET_USAGE_TYPE_CEPH;
- break;
-
- case VIR_STORAGE_NET_PROTOCOL_NONE:
- case VIR_STORAGE_NET_PROTOCOL_NBD:
- case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
- case VIR_STORAGE_NET_PROTOCOL_GLUSTER:
- case VIR_STORAGE_NET_PROTOCOL_ISCSI:
- case VIR_STORAGE_NET_PROTOCOL_HTTP:
- case VIR_STORAGE_NET_PROTOCOL_HTTPS:
- case VIR_STORAGE_NET_PROTOCOL_FTP:
- case VIR_STORAGE_NET_PROTOCOL_FTPS:
- case VIR_STORAGE_NET_PROTOCOL_TFTP:
- case VIR_STORAGE_NET_PROTOCOL_LAST:
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("protocol '%s' cannot be used for encrypted
secrets"),
- virStorageNetProtocolTypeToString(protocol));
- return -1;
- }
-
if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias)))
return -1;
@@ -902,7 +875,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
goto cleanup;
/* Grab the unencoded secret */
- if (virSecretGetSecretString(conn, &authdef->seclookupdef, secretType,
+ if (virSecretGetSecretString(conn, &authdef->seclookupdef, secretUsageType,
&secret, &secretlen) < 0)
goto cleanup;
@@ -936,7 +909,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
* @priv: pointer to domain private object
* @secinfo: Pointer to secret info
* @srcalias: Alias of the disk/hostdev used to generate the secret alias
- * @protocol: Protocol for secret
+ * @secretUsageType: The virSecretUsageType
* @authdef: Pointer to auth data
*
* If we have the encryption API present and can support a secret object, then
@@ -951,17 +924,18 @@ qemuDomainSecretSetup(virConnectPtr conn,
qemuDomainObjPrivatePtr priv,
qemuDomainSecretInfoPtr secinfo,
const char *srcalias,
- virStorageNetProtocol protocol,
+ virSecretUsageType secretUsageType,
virStorageAuthDefPtr authdef)
{
if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
- protocol == VIR_STORAGE_NET_PROTOCOL_RBD) {
- if (qemuDomainSecretAESSetup(conn, priv, secinfo,
- srcalias, protocol, authdef) < 0)
+ secretUsageType == VIR_SECRET_USAGE_TYPE_CEPH) {
+ if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias,
+ secretUsageType, authdef) < 0)
return -1;
} else {
- if (qemuDomainSecretPlainSetup(conn, secinfo, protocol, authdef) < 0)
+ if (qemuDomainSecretPlainSetup(conn, secinfo, secretUsageType,
+ authdef) < 0)
return -1;
}
return 0;
@@ -985,6 +959,43 @@ qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk)
}
+/* qemuDomainSecretGetProtocolUsageType:
+ * @protocol: The virStorageNetProtocol protocol type
+ *
+ * Convert the protocl into the expected virSecretUsageType for
+ * eventual usage to fetch the secret
+ *
+ * Returns matched protocol type or VIR_SECRET_USAGE_TYPE_NONE with an
+ * error message set on failure.
+ */
+static virSecretUsageType
+qemuDomainSecretProtocolGetUsageType(virStorageNetProtocol protocol)
+{
+ switch ((virStorageNetProtocol)protocol) {
+ case VIR_STORAGE_NET_PROTOCOL_RBD:
+ return VIR_SECRET_USAGE_TYPE_CEPH;
+
+ case VIR_STORAGE_NET_PROTOCOL_ISCSI:
+ return VIR_SECRET_USAGE_TYPE_ISCSI;
+
+ case VIR_STORAGE_NET_PROTOCOL_NONE:
+ case VIR_STORAGE_NET_PROTOCOL_NBD:
+ case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
+ case VIR_STORAGE_NET_PROTOCOL_GLUSTER:
+ case VIR_STORAGE_NET_PROTOCOL_HTTP:
+ case VIR_STORAGE_NET_PROTOCOL_HTTPS:
+ case VIR_STORAGE_NET_PROTOCOL_FTP:
+ case VIR_STORAGE_NET_PROTOCOL_FTPS:
+ case VIR_STORAGE_NET_PROTOCOL_TFTP:
+ case VIR_STORAGE_NET_PROTOCOL_LAST:
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("protocol '%s' cannot be used for encrypted
secrets"),
+ virStorageNetProtocolTypeToString(protocol));
+ }
+ return VIR_SECRET_USAGE_TYPE_NONE;
+}
+
+
/* qemuDomainSecretDiskPrepare:
* @conn: Pointer to connection
* @priv: pointer to domain private object
@@ -1008,13 +1019,19 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
(src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI ||
src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)) {
+ virSecretUsageType secretUsageType;
qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
if (VIR_ALLOC(secinfo) < 0)
return -1;
+ if ((secretUsageType =
+ qemuDomainSecretProtocolGetUsageType(src->protocol)) ==
+ VIR_SECRET_USAGE_TYPE_NONE)
+ goto error;
+
if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,
- src->protocol, src->auth) < 0)
+ secretUsageType, src->auth) < 0)
goto error;
diskPriv->secinfo = secinfo;
@@ -1072,14 +1089,19 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn,
if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI
&&
iscsisrc->auth) {
+ virSecretUsageType secretUsageType;
qemuDomainHostdevPrivatePtr hostdevPriv =
QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev);
if (VIR_ALLOC(secinfo) < 0)
return -1;
+ if ((secretUsageType =
+ qemuDomainSecretProtocolGetUsageType(VIR_STORAGE_NET_PROTOCOL_ISCSI)) ==
VIR_SECRET_USAGE_TYPE_NONE)
+ goto error;
+
if (qemuDomainSecretSetup(conn, priv, secinfo, hostdev->info->alias,
- VIR_STORAGE_NET_PROTOCOL_ISCSI,
+ secretUsageType,
iscsisrc->auth) < 0)
goto error;
--
2.5.5