Soon we will be adding luks encryption support. Since a volume could require
both a luks secret and a secret to give to the server to use of the device,
alter the alias generation to create a slightly different alias so that
we don't have two objects with the same alias.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/qemu/qemu_alias.c | 10 ++++++++--
src/qemu/qemu_alias.h | 3 ++-
src/qemu/qemu_domain.c | 17 ++++++++++-------
src/qemu/qemu_hotplug.c | 3 ++-
4 files changed, 22 insertions(+), 11 deletions(-)
diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
index d624071..51a654a 100644
--- a/src/qemu/qemu_alias.c
+++ b/src/qemu/qemu_alias.c
@@ -485,13 +485,16 @@ qemuDomainGetMasterKeyAlias(void)
/* qemuDomainGetSecretAESAlias:
+ * @srcalias: Source alias used to generate the secret alias
+ * @isLuks: True when we are generating a secret for LUKS encrypt/decrypt
*
* Generate and return an alias for the encrypted secret
*
* Returns NULL or a string containing the alias
*/
char *
-qemuDomainGetSecretAESAlias(const char *srcalias)
+qemuDomainGetSecretAESAlias(const char *srcalias,
+ bool isLuks)
{
char *alias;
@@ -501,7 +504,10 @@ qemuDomainGetSecretAESAlias(const char *srcalias)
return NULL;
}
- ignore_value(virAsprintf(&alias, "%s-secret0", srcalias));
+ if (isLuks)
+ ignore_value(virAsprintf(&alias, "%s-luks-secret0", srcalias));
+ else
+ ignore_value(virAsprintf(&alias, "%s-secret0", srcalias));
return alias;
}
diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h
index e328a9b..d1c6ba8 100644
--- a/src/qemu/qemu_alias.h
+++ b/src/qemu/qemu_alias.h
@@ -69,6 +69,7 @@ char *qemuAliasFromDisk(const virDomainDiskDef *disk);
char *qemuDomainGetMasterKeyAlias(void);
-char *qemuDomainGetSecretAESAlias(const char *srcalias);
+char *qemuDomainGetSecretAESAlias(const char *srcalias,
+ bool isLuks);
#endif /* __QEMU_ALIAS_H__*/
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 938b524..d51e82b 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -847,6 +847,7 @@ qemuDomainSecretPlainSetup(virConnectPtr conn,
* @secretUsageType: The virSecretUsageType
* @username: username to use for authentication (may be NULL)
* @seclookupdef: Pointer to seclookupdef data
+ * @isLuks: True/False for is for luks (alias generation)
*
* Taking a secinfo, fill in the AES specific information using the
*
@@ -859,7 +860,8 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
const char *srcalias,
virSecretUsageType secretUsageType,
const char *username,
- virSecretLookupTypeDefPtr seclookupdef)
+ virSecretLookupTypeDefPtr seclookupdef,
+ bool isLuks)
{
int ret = -1;
uint8_t *raw_iv = NULL;
@@ -873,7 +875,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
if (VIR_STRDUP(secinfo->s.aes.username, username) < 0)
return -1;
- if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias)))
+ if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
return -1;
/* Create a random initialization vector */
@@ -922,6 +924,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
* @secretUsageType: The virSecretUsageType
* @username: username to use for authentication (may be NULL)
* @seclookupdef: Pointer to seclookupdef data
+ * @isLuks: True when is luks (generates different alias)
*
* If we have the encryption API present and can support a secret object, then
* build the AES secret; otherwise, build the Plain secret. This is the magic
@@ -937,14 +940,15 @@ qemuDomainSecretSetup(virConnectPtr conn,
const char *srcalias,
virSecretUsageType secretUsageType,
const char *username,
- virSecretLookupTypeDefPtr seclookupdef)
+ virSecretLookupTypeDefPtr seclookupdef,
+ bool isLuks)
{
if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
secretUsageType == VIR_SECRET_USAGE_TYPE_CEPH) {
if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias,
secretUsageType, username,
- seclookupdef) < 0)
+ seclookupdef, isLuks) < 0)
return -1;
} else {
if (qemuDomainSecretPlainSetup(conn, secinfo, secretUsageType,
@@ -1004,7 +1008,6 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
qemuDomainSecretInfoPtr secinfo = NULL;
if (conn && qemuDomainSecretDiskCapable(src)) {
-
virSecretUsageType secretUsageType = VIR_SECRET_USAGE_TYPE_ISCSI;
qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
@@ -1016,7 +1019,7 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,
secretUsageType, src->auth->username,
- &src->auth->seclookupdef) < 0)
+ &src->auth->seclookupdef, false) < 0)
goto error;
diskPriv->secinfo = secinfo;
@@ -1083,7 +1086,7 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn,
if (qemuDomainSecretSetup(conn, priv, secinfo, hostdev->info->alias,
VIR_SECRET_USAGE_TYPE_ISCSI,
iscsisrc->auth->username,
- &iscsisrc->auth->seclookupdef) < 0)
+ &iscsisrc->auth->seclookupdef, false)
< 0)
goto error;
hostdevPriv->secinfo = secinfo;
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index fbe3cb8..8acb69d 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -2829,7 +2829,8 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
qemuDomainSecretDiskCapable(disk->src)) {
- if (!(objAlias = qemuDomainGetSecretAESAlias(disk->info.alias))) {
+ if (!(objAlias =
+ qemuDomainGetSecretAESAlias(disk->info.alias, false))) {
VIR_FREE(drivestr);
return -1;
}
--
2.5.5