Re: [libvirt] [PATCH 15/20] Provide missing passphrase when creating a volume.
----- "Daniel P. Berrange" <berrange@redhat.com> wrote:
On Thu, Aug 20, 2009 at 08:18:13PM +0200, Miloslav Trma?? wrote:
If the <encryption format='qcow'> element does not specify a secret during volume creation, generate a suitable secret and add it to the <encryption> tag. The caller can view the updated <encryption> tag using virStorageVolGetXMLDesc().
Similarly, when <encryption format='default'/> is specified while creating a qcow or qcow2-formatted volume, change the format to "qcow" and generate a secret as described above.
+ virBufferAddLit(&buf, "<secret ephemeral='no' private='no'>"); + /* <uuid/> is chosen by the secret driver */ + virBufferEscapeString(&buf, + "<description>qcow passphrase for %s</description>", + vol->target.path); + virBufferEscapeString(&buf, "<volume>%s</volume>", vol->target.path); + virBufferAddLit(&buf, "</secret>"); + if (virBufferError(&buf)) { + virReportOOMError(conn); + goto cleanup; + } + xml = virBufferContentAndReset(&buf);
This is the first place where we should be just calling into an internal secret_conf.h API for formatting XML from a struct, rather than duplicating the XML formatting. OK.
+ /* A qcow passphrase is up to 16 bytes, with any data following a NUL + ignored. Prohibit control and non-ASCII characters to avoid possible + unpleasant surprises with the qemu monitor input mechanism. */ + fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) { + virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s", + _("Cannot open /dev/urandom")); + goto cleanup; + } + i = 0; + while (i < sizeof (value)) { + ssize_t r; + + while ((r = read(fd, value + i, 1)) == -1 && errno == EINTR) + ; + if (r <= 0) { + virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s", + _("Cannot read from /dev/urandom")); + goto cleanup; + } + if (value[i] >= 0x20 && value[i] <= 0x7E) + i++; /* Got an acceptable character */ + } + close(fd);
I reckon this snippet of code could usefully be put into the util.h file as virFileGenerateRandomkey(), or alternatively perhaps secret_conf.h, as virSecretGenerateRandomKey(unsigned char *buf, size_t buflen); This code, with its limitation to ASCII characters, is qcow/qemu-specific. Mirek
On Tue, Sep 01, 2009 at 11:49:14AM -0400, Miloslav Trmac wrote:
----- "Daniel P. Berrange" <berrange@redhat.com> wrote:
+ /* A qcow passphrase is up to 16 bytes, with any data following a NUL + ignored. Prohibit control and non-ASCII characters to avoid possible + unpleasant surprises with the qemu monitor input mechanism. */ + fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) { + virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s", + _("Cannot open /dev/urandom")); + goto cleanup; + } + i = 0; + while (i < sizeof (value)) { + ssize_t r; + + while ((r = read(fd, value + i, 1)) == -1 && errno == EINTR) + ; + if (r <= 0) { + virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s", + _("Cannot read from /dev/urandom")); + goto cleanup; + } + if (value[i] >= 0x20 && value[i] <= 0x7E) + i++; /* Got an acceptable character */ + } + close(fd);
I reckon this snippet of code could usefully be put into the util.h file as virFileGenerateRandomkey(), or alternatively perhaps secret_conf.h, as virSecretGenerateRandomKey(unsigned char *buf, size_t buflen); This code, with its limitation to ASCII characters, is qcow/qemu-specific.
Ok, lets leave it in the QEMU driver file then Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
----- "Daniel P. Berrange" <berrange@redhat.com> wrote:
I reckon this snippet of code could usefully be put into the util.h file as virFileGenerateRandomkey(), or alternatively perhaps secret_conf.h, as virSecretGenerateRandomKey(unsigned char *buf, size_t buflen); This code, with its limitation to ASCII characters, is qcow/qemu-specific.
Ok, lets leave it in the QEMU driver file then AFAICS the qemu and storage drivers can be built as modules, this would create a dependency. I'll just split the code into a separate function for now. Mirek
On Tue, Sep 01, 2009 at 02:58:12PM -0400, Miloslav Trmac wrote:
----- "Daniel P. Berrange" <berrange@redhat.com> wrote:
I reckon this snippet of code could usefully be put into the util.h file as virFileGenerateRandomkey(), or alternatively perhaps secret_conf.h, as virSecretGenerateRandomKey(unsigned char *buf, size_t buflen); This code, with its limitation to ASCII characters, is qcow/qemu-specific.
Ok, lets leave it in the QEMU driver file then AFAICS the qemu and storage drivers can be built as modules, this would create a dependency. I'll just split the code into a separate function for now.
Yes, you can't introduce dependancies between individual drivers. You could move it out into the storage_encryption_conf.c/.h file, rather that util.c. That would make it clearer that its just for the qcow encryption case Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
participants (2)
-
Daniel P. Berrange -
Miloslav Trmac