From nobody Wed May 14 16:51:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527684144659576.489425912061; Wed, 30 May 2018 05:42:24 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5DB3E67E15; Wed, 30 May 2018 12:42:22 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2BFE430012BD; Wed, 30 May 2018 12:42:22 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CFDF3180BA85; Wed, 30 May 2018 12:42:21 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4UCfpf8027489 for ; Wed, 30 May 2018 08:41:51 -0400 Received: by smtp.corp.redhat.com (Postfix) id 92EC7217B40A; Wed, 30 May 2018 12:41:51 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 37A22217B409 for ; Wed, 30 May 2018 12:41:51 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 30 May 2018 14:41:03 +0200 Message-Id: <5edea5cdf2892de6dd1a00b3920e29fd6916d907.1527683835.git.pkrempa@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 07/38] qemu: domain: Use qemuDomainSecretInfoNewPlain only for unencrypted secrets X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Wed, 30 May 2018 12:42:23 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Move the logic that determines which secret shall be used into the caller and make this function work only for plain secrets. This untangles the control flow by only checking relevant data. Signed-off-by: Peter Krempa Reviewed-by: J=EF=BF=BDn Tomko --- src/qemu/qemu_domain.c | 94 ++++++++++++----------------------------------= ---- 1 file changed, 22 insertions(+), 72 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index d9b10ae96d..e4588f7428 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1308,94 +1308,33 @@ qemuDomainSupportsEncryptedSecret(qemuDomainObjPriv= atePtr priv) } -/* qemuDomainSecretSetup: - * @priv: pointer to domain private object - * @secinfo: Pointer to secret info - * @srcalias: Alias of the disk/hostdev used to generate the secret alias - * @usageType: The virSecretUsageType - * @username: username to use for authentication (may be NULL) - * @seclookupdef: Pointer to seclookupdef data - * @isLuks: True when is luks (generates different alias) - * - * If we have the encryption API present and can support a secret object, = then - * build the AES secret; otherwise, build the Plain secret. This is the ma= gic - * decision point for utilizing the AES secrets for an RBD disk. For now i= SCSI - * disks and hostdevs will not be able to utilize this mechanism. - * - * Returns 0 on success, -1 on failure - */ -static int -qemuDomainSecretSetup(qemuDomainObjPrivatePtr priv, - qemuDomainSecretInfoPtr secinfo, - const char *srcalias, - virSecretUsageType usageType, - const char *username, - virSecretLookupTypeDefPtr seclookupdef, - bool isLuks) -{ - bool iscsiHasPS =3D virQEMUCapsGet(priv->qemuCaps, - QEMU_CAPS_ISCSI_PASSWORD_SECRET); - - if (qemuDomainSupportsEncryptedSecret(priv) && - (usageType =3D=3D VIR_SECRET_USAGE_TYPE_CEPH || - (usageType =3D=3D VIR_SECRET_USAGE_TYPE_ISCSI && iscsiHasPS) || - usageType =3D=3D VIR_SECRET_USAGE_TYPE_VOLUME || - usageType =3D=3D VIR_SECRET_USAGE_TYPE_TLS)) { - if (qemuDomainSecretAESSetup(priv, secinfo, srcalias, - usageType, username, - seclookupdef, isLuks) < 0) - return -1; - } else { - if (qemuDomainSecretPlainSetup(secinfo, usageType, - username, seclookupdef) < 0) - return -1; - } - return 0; -} - - /* qemuDomainSecretInfoNewPlain: - * @priv: pointer to domain private object - * @srcAlias: Alias base to use for TLS object * @usageType: Secret usage type * @username: username for plain secrets (only) * @looupdef: lookup def describing secret - * @isLuks: boolean for luks lookup * * Helper function to create a secinfo to be used for secinfo consumers. T= his - * possibly sets up a 'plain' (unencrypted) secret for legacy consumers. + * up a 'plain' (unencrypted) secret for legacy consumers. * * Returns @secinfo on success, NULL on failure. Caller is responsible * to eventually free @secinfo. */ static qemuDomainSecretInfoPtr -qemuDomainSecretInfoNewPlain(qemuDomainObjPrivatePtr priv, - const char *srcAlias, - virSecretUsageType usageType, +qemuDomainSecretInfoNewPlain(virSecretUsageType usageType, const char *username, - virSecretLookupTypeDefPtr lookupDef, - bool isLuks) + virSecretLookupTypeDefPtr lookupDef) { qemuDomainSecretInfoPtr secinfo =3D NULL; if (VIR_ALLOC(secinfo) < 0) return NULL; - if (qemuDomainSecretSetup(priv, secinfo, srcAlias, usageType, - username, lookupDef, isLuks) < 0) - goto error; - - if (!username && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_PLAI= N) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("encrypted secrets are not supported")); - goto error; + if (qemuDomainSecretPlainSetup(secinfo, usageType, username, lookupDef= ) < 0) { + qemuDomainSecretInfoFree(&secinfo); + return NULL; } return secinfo; - - error: - qemuDomainSecretInfoFree(&secinfo); - return NULL; } @@ -1549,6 +1488,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPri= vatePtr priv, const char *encalias) { qemuDomainStorageSourcePrivatePtr srcPriv; + bool iscsiHasPS =3D virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ISCSI_PAS= SWORD_SECRET); bool hasAuth =3D qemuDomainStorageSourceHasAuth(src); bool hasEnc =3D qemuDomainDiskHasEncryptionSecret(src); @@ -1566,11 +1506,21 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjP= rivatePtr priv, if (src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_RBD) usageType =3D VIR_SECRET_USAGE_TYPE_CEPH; - if (!(srcPriv->secinfo =3D - qemuDomainSecretInfoNewPlain(priv, authalias, - usageType, src->auth->username, - &src->auth->seclookupdef, false= ))) - return -1; + if (!qemuDomainSupportsEncryptedSecret(priv) || + (src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_ISCSI && !iscsi= HasPS)) { + srcPriv->secinfo =3D qemuDomainSecretInfoNewPlain(usageType, + src->auth->use= rname, + &src->auth->se= clookupdef); + } else { + srcPriv->secinfo =3D qemuDomainSecretInfoNew(priv, authalias, + usageType, + src->auth->username, + &src->auth->seclook= updef, + false); + } + + if (!srcPriv->secinfo) + return -1; } if (hasEnc) { --=20 2.16.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list