On Fri, Jan 26, 2018 at 13:35:36 +0000, Daniel Berrange wrote:
Instead of passing around a virConnectPtr object, just open a connection to the secret driver at time of use. Opening connections on demand will be beneficial when the secret driver is in a separate daemon. It also solves the problem that a number of callers just pass in a NULL connection today which prevents secret lookup working at all.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/storage/storage_backend_iscsi.c | 14 +++--- src/storage/storage_backend_logical.c | 2 +- src/storage/storage_backend_rbd.c | 41 +++++++-------- src/storage/storage_util.c | 95 ++++++++++++++++------------------- src/storage/storage_util.h | 6 +-- 5 files changed, 71 insertions(+), 87 deletions(-)
diff --git a/src/storage/storage_backend_iscsi.c b/src/storage/storage_backend_iscsi.c index b0c5096adb..921215c9e9 100644 --- a/src/storage/storage_backend_iscsi.c +++ b/src/storage/storage_backend_iscsi.c @@ -273,13 +273,13 @@ virStorageBackendISCSICheckPool(virStoragePoolObjPtr pool,
static int virStorageBackendISCSISetAuth(const char *portal, - virConnectPtr conn, virStoragePoolSourcePtr source) { unsigned char *secret_value = NULL; size_t secret_size; virStorageAuthDefPtr authdef = source->auth; int ret = -1; + virConnectPtr conn = NULL;
if (!authdef || authdef->authType == VIR_STORAGE_AUTH_TYPE_NONE) return 0; @@ -292,12 +292,9 @@ virStorageBackendISCSISetAuth(const char *portal, return -1; }
- if (!conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("iscsi 'chap' authentication not supported " - "for autostarted pools")); + conn = virConnectOpen(geteuid() == 0 ? "secret:///system" : "secret:///session");
You should add this as a helper function. If we decide that geteuid() is not a good enough check whether a connection is privileged or anything else we'd need to fix a lot of similar ugly ternary conditions. Same for the connection to the secret driver in this patch.