Using inline authentication for storage volumes will not work properly
as libvirt requires use of the secret driver for the auth data and
thus would not be able to represent the passwords stored in the backing
store string.
Make sure that the backing store parsers return 1 which is a sign for
the caller to not use the file in certain cases.
The test data include iscsi via a json pseudo-protocol string and URIs
with the userinfo part being present.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/util/virstoragefile.c | 11 +++++++++--
tests/virstoragetest.c | 28 ++++++++++++++++++++++++++++
2 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index efc1d84048..437dcc015d 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -2705,8 +2705,6 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src,
return -1;
}
- /* XXX We currently don't support auth, so don't bother parsing it */
-
/* uri->path is NULL if the URI does not contain slash after host:
* transport://host:port */
if (uri->path)
@@ -2756,6 +2754,10 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src,
if (VIR_STRDUP(src->hosts->name, uri->server) < 0)
return -1;
+ /* Libvirt doesn't handle inline authentication. Make the caller aware. */
+ if (uri->user)
+ return 1;
+
return 0;
}
@@ -3311,6 +3313,11 @@ virStorageSourceParseBackingJSONiSCSI(virStorageSourcePtr src,
if (virAsprintf(&src->path, "%s/%s", target, lun) < 0)
return -1;
+ /* Libvirt doesn't handle inline authentication. Make the caller aware. */
+ if (virJSONValueObjectGetString(json, "user") ||
+ virJSONValueObjectGetString(json, "password"))
+ return 1;
+
return 0;
}
diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c
index be5cb98262..1d06abe8b6 100644
--- a/tests/virstoragetest.c
+++ b/tests/virstoragetest.c
@@ -1260,6 +1260,10 @@ mymain(void)
"<source protocol='http'
name='file'>\n"
" <host name='example.com'
port='80'/>\n"
"</source>\n");
+ TEST_BACKING_PARSE_FULL("http://user:pass@example.com/file",
+ "<source protocol='http'
name='file'>\n"
+ " <host name='example.com'
port='80'/>\n"
+ "</source>\n", 1);
TEST_BACKING_PARSE("rbd:testshare:id=asdf:mon_host=example.com",
"<source protocol='rbd'
name='testshare'>\n"
" <host name='example.com'/>\n"
@@ -1280,6 +1284,10 @@ mymain(void)
"<source protocol='nbd'
name='exportname'>\n"
" <host name='example.org'
port='1234'/>\n"
"</source>\n");
+
TEST_BACKING_PARSE_FULL("iscsi://testuser:testpass@example.org:1234/exportname",
+ "<source protocol='iscsi'
name='exportname'>\n"
+ " <host name='example.org'
port='1234'/>\n"
+ "</source>\n", 1);
#ifdef WITH_YAJL
TEST_BACKING_PARSE("json:", NULL);
@@ -1484,6 +1492,26 @@ mymain(void)
"<source protocol='iscsi'
name='iqn.2016-12.com.virttest:emulated-iscsi-noauth.target/0'>\n"
" <host name='test.org'
port='3260'/>\n"
"</source>\n");
+
TEST_BACKING_PARSE_FULL("json:{\"file\":{\"driver\":\"iscsi\","
+
"\"transport\":\"tcp\","
+
"\"portal\":\"test.org\","
+
"\"user\":\"testuser\","
+
"\"target\":\"iqn.2016-12.com.virttest:emulated-iscsi-auth.target\""
+ "}"
+ "}",
+ "<source protocol='iscsi'
name='iqn.2016-12.com.virttest:emulated-iscsi-auth.target/0'>\n"
+ " <host name='test.org'
port='3260'/>\n"
+ "</source>\n", 1);
+
TEST_BACKING_PARSE_FULL("json:{\"file\":{\"driver\":\"iscsi\","
+
"\"transport\":\"tcp\","
+
"\"portal\":\"test.org\","
+
"\"password\":\"testpass\","
+
"\"target\":\"iqn.2016-12.com.virttest:emulated-iscsi-auth.target\""
+ "}"
+ "}",
+ "<source protocol='iscsi'
name='iqn.2016-12.com.virttest:emulated-iscsi-auth.target/0'>\n"
+ " <host name='test.org'
port='3260'/>\n"
+ "</source>\n", 1);
TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"iscsi\","
"\"transport\":\"tcp\","
"\"portal\":\"test.org:1234\","
--
2.21.0