1. Patchew
  2. Libvirt
  3. [libvirt] [PATCH 00/38] qemu: Refactor secret/TLS setup and add TLS for nbd
  4. View patch

[libvirt] [PATCH 10/38] qemu: Store and parse disk authentication and encryption secret alias

Peter Krempa posted 38 patches 7 years, 6 months ago
[libvirt] [PATCH 10/38] qemu: Store and parse disk authentication and encryption secret alias
Posted by Peter Krempa 7 years, 6 months ago 
Rather than trying to figure out which alias was used, store it in the
status XML.
---
 src/qemu/qemu_domain.c                    | 90 +++++++++++++++++++++++++++++--
 tests/qemustatusxml2xmldata/modern-in.xml |  4 ++
 2 files changed, 90 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 9ebb5d150c..a6494ff5fc 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1991,20 +1991,84 @@ qemuDomainObjPrivateFree(void *data)
 }


+static int
+qemuStorageSourcePrivateDataAssignSecinfo(qemuDomainSecretInfoPtr *secinfo,
+                                          char **alias)
+{
+    if (!*alias)
+        return 0;
+
+    if (!*secinfo) {
+        if (VIR_ALLOC(*secinfo) < 0)
+            return -1;
+
+        (*secinfo)->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
+    }
+
+    if ((*secinfo)->type ==  VIR_DOMAIN_SECRET_INFO_TYPE_AES)
+        VIR_STEAL_PTR((*secinfo)->s.aes.alias, *alias);
+
+    return 0;
+}
+
+
 static int
 qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
                                   virStorageSourcePtr src)
 {
+    qemuDomainStorageSourcePrivatePtr priv;
+    char *authalias = NULL;
+    char *encalias = NULL;
+    int ret = -1;
+
     src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt);
     src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt);

     if (src->pr)
         src->pr->mgralias = virXPathString("string(./reservations/@mgralias)", ctxt);

+    authalias = virXPathString("string(./objects/secret[@type='auth']/@alias)", ctxt);
+    encalias = virXPathString("string(./objects/secret[@type='encryption']/@alias)", ctxt);
+
+    if (authalias || encalias) {
+        if (!src->privateData &&
+            !(src->privateData = qemuDomainStorageSourcePrivateNew()))
+            goto cleanup;
+
+        priv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
+
+        if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->secinfo, &authalias) < 0)
+            goto cleanup;
+
+        if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &encalias) < 0)
+            goto cleanup;
+    }
+
     if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0)
-        return -1;
+        goto cleanup;

-    return 0;
+    ret = 0;
+
+ cleanup:
+    VIR_FREE(authalias);
+    VIR_FREE(encalias);
+
+    return ret;
+}
+
+
+static void
+qemuStorageSourcePrivateDataFormatSecinfo(virBufferPtr buf,
+                                          qemuDomainSecretInfoPtr secinfo,
+                                          const char *type)
+{
+    if (!secinfo ||
+        secinfo->type != VIR_DOMAIN_SECRET_INFO_TYPE_AES ||
+        !secinfo->s.aes.alias)
+        return;
+
+    virBufferAsprintf(buf, "<secret type='%s' alias='%s'/>\n",
+                      type, secinfo->s.aes.alias);
 }


@@ -2012,6 +2076,10 @@ static int
 qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
                                    virBufferPtr buf)
 {
+    virBuffer tmp = VIR_BUFFER_INITIALIZER;
+    qemuDomainStorageSourcePrivatePtr srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
+    int ret = -1;
+
     if (src->nodestorage || src->nodeformat) {
         virBufferAddLit(buf, "<nodenames>\n");
         virBufferAdjustIndent(buf, 2);
@@ -2025,9 +2093,23 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
         virBufferAsprintf(buf, "<reservations mgralias='%s'/>\n", src->pr->mgralias);

     if (virStorageSourcePrivateDataFormatRelPath(src, buf) < 0)
-        return -1;
+        goto cleanup;

-    return 0;
+    virBufferSetChildIndent(&tmp, buf);
+
+    if (srcPriv) {
+        qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, "auth");
+        qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption");
+    }
+
+    if (virXMLFormatElement(buf, "objects", NULL, &tmp) < 0)
+        goto cleanup;
+
+    ret = 0;
+
+ cleanup:
+    virBufferFreeAndReset(&tmp);
+    return ret;
 }


diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxml2xmldata/modern-in.xml
index 5b7e2a34cb..42869261d0 100644
--- a/tests/qemustatusxml2xmldata/modern-in.xml
+++ b/tests/qemustatusxml2xmldata/modern-in.xml
@@ -319,6 +319,10 @@
               </nodenames>
               <reservations mgralias='test-alias'/>
               <relPath>base.qcow2</relPath>
+              <objects>
+                <secret type='auth' alias='test-auth-alias'/>
+                <secret type='encryption' alias='test-encryption-alias'/>
+              </objects>
             </privateData>
           </source>
           <backingStore/>
-- 
2.16.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 10/38] qemu: Store and parse disk authentication and encryption secret alias
Posted by Ján Tomko 7 years, 6 months ago 
On Wed, May 30, 2018 at 02:41:06PM +0200, Peter Krempa wrote:
>Rather than trying to figure out which alias was used, store it in the
>status XML.
>---
> src/qemu/qemu_domain.c                    | 90 +++++++++++++++++++++++++++++--
> tests/qemustatusxml2xmldata/modern-in.xml |  4 ++
> 2 files changed, 90 insertions(+), 4 deletions(-)
>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 10/38] qemu: Store and parse disk authentication and encryption secret alias
Posted by John Ferlan 7 years, 6 months ago 

On 05/30/2018 08:41 AM, Peter Krempa wrote:
> Rather than trying to figure out which alias was used, store it in the
> status XML.
> ---
>  src/qemu/qemu_domain.c                    | 90 +++++++++++++++++++++++++++++--
>  tests/qemustatusxml2xmldata/modern-in.xml |  4 ++
>  2 files changed, 90 insertions(+), 4 deletions(-)
> 
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index 9ebb5d150c..a6494ff5fc 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -1991,20 +1991,84 @@ qemuDomainObjPrivateFree(void *data)
>  }
> 
> 
> +static int
> +qemuStorageSourcePrivateDataAssignSecinfo(qemuDomainSecretInfoPtr *secinfo,
> +                                          char **alias)
> +{
> +    if (!*alias)
> +        return 0;
> +
> +    if (!*secinfo) {
> +        if (VIR_ALLOC(*secinfo) < 0)
> +            return -1;
> +
> +        (*secinfo)->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
> +    }
> +
> +    if ((*secinfo)->type ==  VIR_DOMAIN_SECRET_INFO_TYPE_AES)

Extra space after ==

> +        VIR_STEAL_PTR((*secinfo)->s.aes.alias, *alias);
> +
> +    return 0;
> +}
> +
> +

John

>  static int
>  qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
>                                    virStorageSourcePtr src)
>  {
> +    qemuDomainStorageSourcePrivatePtr priv;
> +    char *authalias = NULL;
> +    char *encalias = NULL;
> +    int ret = -1;
> +
>      src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt);
>      src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt);
> 
>      if (src->pr)
>          src->pr->mgralias = virXPathString("string(./reservations/@mgralias)", ctxt);
> 
> +    authalias = virXPathString("string(./objects/secret[@type='auth']/@alias)", ctxt);
> +    encalias = virXPathString("string(./objects/secret[@type='encryption']/@alias)", ctxt);
> +
> +    if (authalias || encalias) {
> +        if (!src->privateData &&
> +            !(src->privateData = qemuDomainStorageSourcePrivateNew()))
> +            goto cleanup;
> +
> +        priv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
> +
> +        if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->secinfo, &authalias) < 0)
> +            goto cleanup;
> +
> +        if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &encalias) < 0)
> +            goto cleanup;
> +    }
> +
>      if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0)
> -        return -1;
> +        goto cleanup;
> 
> -    return 0;
> +    ret = 0;
> +
> + cleanup:
> +    VIR_FREE(authalias);
> +    VIR_FREE(encalias);
> +
> +    return ret;
> +}
> +
> +
> +static void
> +qemuStorageSourcePrivateDataFormatSecinfo(virBufferPtr buf,
> +                                          qemuDomainSecretInfoPtr secinfo,
> +                                          const char *type)
> +{
> +    if (!secinfo ||
> +        secinfo->type != VIR_DOMAIN_SECRET_INFO_TYPE_AES ||
> +        !secinfo->s.aes.alias)
> +        return;
> +
> +    virBufferAsprintf(buf, "<secret type='%s' alias='%s'/>\n",
> +                      type, secinfo->s.aes.alias);
>  }
> 
> 
> @@ -2012,6 +2076,10 @@ static int
>  qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
>                                     virBufferPtr buf)
>  {
> +    virBuffer tmp = VIR_BUFFER_INITIALIZER;
> +    qemuDomainStorageSourcePrivatePtr srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
> +    int ret = -1;
> +
>      if (src->nodestorage || src->nodeformat) {
>          virBufferAddLit(buf, "<nodenames>\n");
>          virBufferAdjustIndent(buf, 2);
> @@ -2025,9 +2093,23 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
>          virBufferAsprintf(buf, "<reservations mgralias='%s'/>\n", src->pr->mgralias);
> 
>      if (virStorageSourcePrivateDataFormatRelPath(src, buf) < 0)
> -        return -1;
> +        goto cleanup;
> 
> -    return 0;
> +    virBufferSetChildIndent(&tmp, buf);
> +
> +    if (srcPriv) {
> +        qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, "auth");
> +        qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption");
> +    }
> +
> +    if (virXMLFormatElement(buf, "objects", NULL, &tmp) < 0)
> +        goto cleanup;
> +
> +    ret = 0;
> +
> + cleanup:
> +    virBufferFreeAndReset(&tmp);
> +    return ret;
>  }
> 
> 
> diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxml2xmldata/modern-in.xml
> index 5b7e2a34cb..42869261d0 100644
> --- a/tests/qemustatusxml2xmldata/modern-in.xml
> +++ b/tests/qemustatusxml2xmldata/modern-in.xml
> @@ -319,6 +319,10 @@
>                </nodenames>
>                <reservations mgralias='test-alias'/>
>                <relPath>base.qcow2</relPath>
> +              <objects>
> +                <secret type='auth' alias='test-auth-alias'/>
> +                <secret type='encryption' alias='test-encryption-alias'/>
> +              </objects>
>              </privateData>
>            </source>
>            <backingStore/>
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-8c64711

© 2016 - 2025 Red Hat, Inc.