[libvirt] [PATCH 07/11] storage: Support to use secret object for iscsi chap "auth"

Based on the plain password chap "auth" support, this gets the secret value (password) with the secret driver methods, and apply it for the "iscsiadm" update command. --- src/storage/storage_backend_iscsi.c | 56 +++++++++++++++++++++++++++++++++---- 1 file changed, 50 insertions(+), 6 deletions(-) diff --git a/src/storage/storage_backend_iscsi.c b/src/storage/storage_backend_iscsi.c index 6a17b5a..516025a 100644 --- a/src/storage/storage_backend_iscsi.c +++ b/src/storage/storage_backend_iscsi.c @@ -35,6 +35,8 @@ #include <unistd.h> #include <sys/stat.h> +#include "datatypes.h" +#include "driver.h" #include "virerror.h" #include "storage_backend_scsi.h" #include "storage_backend_iscsi.h" @@ -42,6 +44,7 @@ #include "virlog.h" #include "virfile.h" #include "vircommand.h" +#include "virobject.h" #include "virrandom.h" #include "virstring.h" @@ -746,10 +749,17 @@ cleanup: } static int -virStorageBackendISCSISetAuth(virStoragePoolDefPtr def, +virStorageBackendISCSISetAuth(virConnectPtr conn, + virStoragePoolDefPtr def, const char *portal, const char *target) { + virSecretPtr secret = NULL; + unsigned char *secret_value = NULL; + const char *passwd = NULL; + virStoragePoolAuthChap chap = def->source.auth.chap; + int ret = -1; + if (def->source.authType == VIR_STORAGE_POOL_AUTH_NONE) return 0; @@ -759,6 +769,35 @@ virStorageBackendISCSISetAuth(virStoragePoolDefPtr def, return -1; } + if (chap.type == VIR_STORAGE_POOL_AUTH_CHAP_SECRET) { + if (chap.u.secret.uuidUsable) + secret = virSecretLookupByUUID(conn, chap.u.secret.uuid); + else + secret = virSecretLookupByUsage(conn, VIR_SECRET_USAGE_TYPE_ISCSI, + chap.u.secret.usage); + + if (secret) { + size_t secret_size; + secret_value = conn->secretDriver->secretGetValue(secret, &secret_size, 0, + VIR_SECRET_GET_VALUE_INTERNAL_CALL); + if (!secret_value) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("could not get the value of the secret " + "for username %s"), chap.login); + goto cleanup; + } + } else { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("username '%s' specified but secret not found"), + chap.login); + goto cleanup; + } + + passwd = (const char *)secret_value; + } else if (chap.type == VIR_STORAGE_POOL_AUTH_CHAP_PLAIN_PASSWORD) { + passwd = chap.u.passwd; + } + if (virStorageBackendISCSINodeUpdate(portal, target, "node.session.auth.authmethod", @@ -770,14 +809,18 @@ virStorageBackendISCSISetAuth(virStoragePoolDefPtr def, virStorageBackendISCSINodeUpdate(portal, target, "node.session.auth.password", - def->source.auth.chap.u.passwd) < 0) - return -1; + passwd) < 0) + goto cleanup; - return 0; + ret = 0; +cleanup: + virObjectUnref(secret); + VIR_FREE(secret_value); + return ret; } static int -virStorageBackendISCSIStartPool(virConnectPtr conn ATTRIBUTE_UNUSED, +virStorageBackendISCSIStartPool(virConnectPtr conn, virStoragePoolObjPtr pool) { char *portal = NULL; @@ -817,7 +860,8 @@ virStorageBackendISCSIStartPool(virConnectPtr conn ATTRIBUTE_UNUSED, NULL, NULL) < 0) goto cleanup; - if (virStorageBackendISCSISetAuth(pool->def, + if (virStorageBackendISCSISetAuth(conn, + pool->def, portal, pool->def->source.devices[0].path) < 0) goto cleanup; -- 1.8.1.4