2009-08-14 21:48:55 +02:00
|
|
|
/*
|
|
|
|
* secret_driver.c: local driver for secret manipulation API
|
|
|
|
*
|
2016-02-23 13:44:12 -05:00
|
|
|
* Copyright (C) 2009-2016 Red Hat, Inc.
|
2009-08-14 21:48:55 +02:00
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
2012-09-20 16:30:55 -06:00
|
|
|
* License along with this library. If not, see
|
2012-07-21 18:06:23 +08:00
|
|
|
* <http://www.gnu.org/licenses/>.
|
2009-08-14 21:48:55 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
#include "internal.h"
|
|
|
|
#include "base64.h"
|
|
|
|
#include "datatypes.h"
|
|
|
|
#include "driver.h"
|
2012-12-12 17:59:27 +00:00
|
|
|
#include "virlog.h"
|
2012-12-12 18:06:53 +00:00
|
|
|
#include "viralloc.h"
|
2009-08-14 21:48:55 +02:00
|
|
|
#include "secret_conf.h"
|
2016-02-27 06:49:12 -05:00
|
|
|
#include "virsecretobj.h"
|
2009-08-14 21:48:55 +02:00
|
|
|
#include "secret_driver.h"
|
2012-12-13 15:49:48 +00:00
|
|
|
#include "virthread.h"
|
2012-12-13 18:01:25 +00:00
|
|
|
#include "viruuid.h"
|
2012-12-13 18:21:53 +00:00
|
|
|
#include "virerror.h"
|
2011-07-19 12:32:58 -06:00
|
|
|
#include "virfile.h"
|
2019-05-23 11:34:08 +01:00
|
|
|
#include "virpidfile.h"
|
2010-11-16 07:54:17 -07:00
|
|
|
#include "configmake.h"
|
2013-04-03 12:36:23 +02:00
|
|
|
#include "virstring.h"
|
2013-04-23 11:56:22 +01:00
|
|
|
#include "viraccessapicheck.h"
|
2016-12-22 16:23:58 +00:00
|
|
|
#include "secret_event.h"
|
2009-08-14 21:48:55 +02:00
|
|
|
|
|
|
|
#define VIR_FROM_THIS VIR_FROM_SECRET
|
|
|
|
|
2014-02-28 12:16:17 +00:00
|
|
|
VIR_LOG_INIT("secret.secret_driver");
|
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
enum { SECRET_MAX_XML_FILE = 10*1024*1024 };
|
|
|
|
|
2016-02-23 13:44:12 -05:00
|
|
|
/* Internal driver state */
|
2009-08-14 21:48:55 +02:00
|
|
|
|
|
|
|
typedef struct _virSecretDriverState virSecretDriverState;
|
|
|
|
typedef virSecretDriverState *virSecretDriverStatePtr;
|
|
|
|
struct _virSecretDriverState {
|
|
|
|
virMutex lock;
|
2018-01-26 11:16:00 +00:00
|
|
|
bool privileged; /* readonly */
|
2016-02-25 06:30:39 -05:00
|
|
|
virSecretObjListPtr secrets;
|
2019-05-23 11:34:08 +01:00
|
|
|
char *stateDir;
|
2016-02-23 18:27:21 -05:00
|
|
|
char *configDir;
|
2016-12-22 16:23:58 +00:00
|
|
|
|
2019-05-23 11:34:08 +01:00
|
|
|
/* pid file FD, ensures two copies of the driver can't use the same root */
|
|
|
|
int lockFD;
|
|
|
|
|
2016-12-22 16:23:58 +00:00
|
|
|
/* Immutable pointer, self-locking APIs */
|
|
|
|
virObjectEventStatePtr secretEventState;
|
2009-08-14 21:48:55 +02:00
|
|
|
};
|
|
|
|
|
2014-11-07 11:28:58 +01:00
|
|
|
static virSecretDriverStatePtr driver;
|
2009-08-14 21:48:55 +02:00
|
|
|
|
|
|
|
static void
|
2014-11-07 11:28:58 +01:00
|
|
|
secretDriverLock(void)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
|
|
|
virMutexLock(&driver->lock);
|
|
|
|
}
|
|
|
|
|
2017-04-26 09:33:22 -04:00
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
static void
|
2014-11-07 11:28:58 +01:00
|
|
|
secretDriverUnlock(void)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
|
|
|
virMutexUnlock(&driver->lock);
|
|
|
|
}
|
|
|
|
|
2016-02-24 10:52:30 -05:00
|
|
|
|
2016-02-29 17:15:26 -05:00
|
|
|
static virSecretObjPtr
|
|
|
|
secretObjFromSecret(virSecretPtr secret)
|
|
|
|
{
|
|
|
|
virSecretObjPtr obj;
|
|
|
|
char uuidstr[VIR_UUID_STRING_BUFLEN];
|
|
|
|
|
2017-04-21 11:43:37 -04:00
|
|
|
virUUIDFormat(secret->uuid, uuidstr);
|
|
|
|
if (!(obj = virSecretObjListFindByUUID(driver->secrets, uuidstr))) {
|
2016-02-29 17:15:26 -05:00
|
|
|
virReportError(VIR_ERR_NO_SECRET,
|
|
|
|
_("no secret with matching uuid '%s'"), uuidstr);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
return obj;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-02-23 13:44:12 -05:00
|
|
|
/* Driver functions */
|
2009-08-14 21:48:55 +02:00
|
|
|
|
|
|
|
static int
|
2013-04-23 13:50:18 +01:00
|
|
|
secretConnectNumOfSecrets(virConnectPtr conn)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
2013-04-23 11:56:22 +01:00
|
|
|
if (virConnectNumOfSecretsEnsureACL(conn) < 0)
|
|
|
|
return -1;
|
|
|
|
|
2016-02-25 06:30:39 -05:00
|
|
|
return virSecretObjListNumOfSecrets(driver->secrets,
|
|
|
|
virConnectNumOfSecretsCheckACL,
|
|
|
|
conn);
|
2009-08-14 21:48:55 +02:00
|
|
|
}
|
|
|
|
|
2017-04-26 09:33:22 -04:00
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
static int
|
2016-02-23 13:44:12 -05:00
|
|
|
secretConnectListSecrets(virConnectPtr conn,
|
|
|
|
char **uuids,
|
|
|
|
int maxuuids)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
|
|
|
memset(uuids, 0, maxuuids * sizeof(*uuids));
|
|
|
|
|
2013-04-23 11:56:22 +01:00
|
|
|
if (virConnectListSecretsEnsureACL(conn) < 0)
|
|
|
|
return -1;
|
|
|
|
|
2016-02-25 06:30:39 -05:00
|
|
|
return virSecretObjListGetUUIDs(driver->secrets, uuids, maxuuids,
|
|
|
|
virConnectListSecretsCheckACL, conn);
|
2009-08-14 21:48:55 +02:00
|
|
|
}
|
|
|
|
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 14:06:15 +01:00
|
|
|
|
2012-09-14 16:38:50 +08:00
|
|
|
static int
|
2013-04-23 13:50:18 +01:00
|
|
|
secretConnectListAllSecrets(virConnectPtr conn,
|
|
|
|
virSecretPtr **secrets,
|
2014-03-18 09:19:33 +01:00
|
|
|
unsigned int flags)
|
|
|
|
{
|
2012-09-14 16:38:50 +08:00
|
|
|
virCheckFlags(VIR_CONNECT_LIST_SECRETS_FILTERS_ALL, -1);
|
|
|
|
|
2013-04-23 11:56:22 +01:00
|
|
|
if (virConnectListAllSecretsEnsureACL(conn) < 0)
|
|
|
|
return -1;
|
|
|
|
|
2016-02-25 06:30:39 -05:00
|
|
|
return virSecretObjListExport(conn, driver->secrets, secrets,
|
|
|
|
virConnectListAllSecretsCheckACL,
|
|
|
|
flags);
|
2012-09-14 16:38:50 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
static virSecretPtr
|
2016-02-23 13:44:12 -05:00
|
|
|
secretLookupByUUID(virConnectPtr conn,
|
|
|
|
const unsigned char *uuid)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
|
|
|
virSecretPtr ret = NULL;
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjPtr obj;
|
2016-03-07 19:22:04 -05:00
|
|
|
virSecretDefPtr def;
|
2017-04-21 11:43:37 -04:00
|
|
|
char uuidstr[VIR_UUID_STRING_BUFLEN];
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2017-04-21 11:43:37 -04:00
|
|
|
virUUIDFormat(uuid, uuidstr);
|
|
|
|
if (!(obj = virSecretObjListFindByUUID(driver->secrets, uuidstr))) {
|
2012-07-18 12:40:16 +01:00
|
|
|
virReportError(VIR_ERR_NO_SECRET,
|
|
|
|
_("no secret with matching uuid '%s'"), uuidstr);
|
2009-08-14 21:48:55 +02:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
def = virSecretObjGetDef(obj);
|
2016-03-07 19:22:04 -05:00
|
|
|
if (virSecretLookupByUUIDEnsureACL(conn, def) < 0)
|
2013-04-23 11:56:22 +01:00
|
|
|
goto cleanup;
|
|
|
|
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 14:06:15 +01:00
|
|
|
ret = virGetSecret(conn,
|
2016-03-07 19:22:04 -05:00
|
|
|
def->uuid,
|
|
|
|
def->usage_type,
|
2016-12-22 15:40:11 +00:00
|
|
|
def->usage_id);
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 14:06:15 +01:00
|
|
|
|
2014-03-25 07:57:22 +01:00
|
|
|
cleanup:
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjEndAPI(&obj);
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 14:06:15 +01:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static virSecretPtr
|
2016-02-23 13:44:12 -05:00
|
|
|
secretLookupByUsage(virConnectPtr conn,
|
|
|
|
int usageType,
|
|
|
|
const char *usageID)
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 14:06:15 +01:00
|
|
|
{
|
|
|
|
virSecretPtr ret = NULL;
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjPtr obj;
|
2016-03-07 19:22:04 -05:00
|
|
|
virSecretDefPtr def;
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 14:06:15 +01:00
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
if (!(obj = virSecretObjListFindByUsage(driver->secrets,
|
|
|
|
usageType, usageID))) {
|
2012-07-18 12:40:16 +01:00
|
|
|
virReportError(VIR_ERR_NO_SECRET,
|
|
|
|
_("no secret with matching usage '%s'"), usageID);
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 14:06:15 +01:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
def = virSecretObjGetDef(obj);
|
2016-03-07 19:22:04 -05:00
|
|
|
if (virSecretLookupByUsageEnsureACL(conn, def) < 0)
|
2013-04-23 11:56:22 +01:00
|
|
|
goto cleanup;
|
|
|
|
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 14:06:15 +01:00
|
|
|
ret = virGetSecret(conn,
|
2016-03-07 19:22:04 -05:00
|
|
|
def->uuid,
|
|
|
|
def->usage_type,
|
2016-12-22 15:40:11 +00:00
|
|
|
def->usage_id);
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2014-03-25 07:57:22 +01:00
|
|
|
cleanup:
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjEndAPI(&obj);
|
2009-08-14 21:48:55 +02:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static virSecretPtr
|
2016-02-23 13:44:12 -05:00
|
|
|
secretDefineXML(virConnectPtr conn,
|
|
|
|
const char *xml,
|
2011-07-06 16:29:02 -06:00
|
|
|
unsigned int flags)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
|
|
|
virSecretPtr ret = NULL;
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjPtr obj = NULL;
|
2017-06-01 08:17:52 -04:00
|
|
|
virSecretDefPtr objDef;
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 14:06:15 +01:00
|
|
|
virSecretDefPtr backup = NULL;
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretDefPtr def;
|
2016-12-22 16:23:58 +00:00
|
|
|
virObjectEventPtr event = NULL;
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2011-07-06 16:29:02 -06:00
|
|
|
virCheckFlags(0, NULL);
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
if (!(def = virSecretDefParseString(xml)))
|
2009-08-14 21:48:55 +02:00
|
|
|
return NULL;
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
if (virSecretDefineXMLEnsureACL(conn, def) < 0)
|
2013-04-23 11:56:22 +01:00
|
|
|
goto cleanup;
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
if (!(obj = virSecretObjListAdd(driver->secrets, def,
|
|
|
|
driver->configDir, &backup)))
|
2016-02-25 06:30:39 -05:00
|
|
|
goto cleanup;
|
2017-06-01 08:17:52 -04:00
|
|
|
VIR_STEAL_PTR(objDef, def);
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2017-06-01 08:17:52 -04:00
|
|
|
if (!objDef->isephemeral) {
|
2016-03-08 11:34:56 -05:00
|
|
|
if (backup && backup->isephemeral) {
|
2017-04-01 11:46:36 -04:00
|
|
|
if (virSecretObjSaveData(obj) < 0)
|
2009-08-14 21:48:55 +02:00
|
|
|
goto restore_backup;
|
|
|
|
}
|
2016-03-18 10:17:25 -04:00
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
if (virSecretObjSaveConfig(obj) < 0) {
|
2016-03-08 11:34:56 -05:00
|
|
|
if (backup && backup->isephemeral) {
|
2016-03-18 10:17:25 -04:00
|
|
|
/* Undo the virSecretObjSaveData() above; ignore errors */
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjDeleteData(obj);
|
2009-08-14 21:48:55 +02:00
|
|
|
}
|
|
|
|
goto restore_backup;
|
|
|
|
}
|
2016-03-08 11:34:56 -05:00
|
|
|
} else if (backup && !backup->isephemeral) {
|
2017-04-01 11:46:36 -04:00
|
|
|
if (virSecretObjDeleteConfig(obj) < 0)
|
2009-08-14 21:48:55 +02:00
|
|
|
goto restore_backup;
|
2016-03-07 18:06:57 -05:00
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjDeleteData(obj);
|
2009-08-14 21:48:55 +02:00
|
|
|
}
|
2009-10-01 16:42:40 +02:00
|
|
|
/* Saved successfully - drop old values */
|
2009-08-14 21:48:55 +02:00
|
|
|
virSecretDefFree(backup);
|
|
|
|
|
2017-06-01 08:17:52 -04:00
|
|
|
event = virSecretEventLifecycleNew(objDef->uuid,
|
|
|
|
objDef->usage_type,
|
|
|
|
objDef->usage_id,
|
2016-12-22 16:23:58 +00:00
|
|
|
VIR_SECRET_EVENT_DEFINED,
|
|
|
|
0);
|
|
|
|
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 14:06:15 +01:00
|
|
|
ret = virGetSecret(conn,
|
2017-06-01 08:17:52 -04:00
|
|
|
objDef->uuid,
|
|
|
|
objDef->usage_type,
|
|
|
|
objDef->usage_id);
|
2009-08-14 21:48:55 +02:00
|
|
|
goto cleanup;
|
|
|
|
|
2014-03-25 07:57:22 +01:00
|
|
|
restore_backup:
|
2016-02-25 06:30:39 -05:00
|
|
|
/* If we have a backup, then secret was defined before, so just restore
|
2017-06-01 08:17:52 -04:00
|
|
|
* the backup; otherwise, this is a new secret, thus remove it. */
|
|
|
|
if (backup) {
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjSetDef(obj, backup);
|
2017-06-01 08:17:52 -04:00
|
|
|
VIR_STEAL_PTR(def, objDef);
|
|
|
|
} else {
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjListRemove(driver->secrets, obj);
|
2017-06-01 12:43:06 -04:00
|
|
|
virObjectUnref(obj);
|
|
|
|
obj = NULL;
|
2017-06-01 08:17:52 -04:00
|
|
|
}
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2014-03-25 07:57:22 +01:00
|
|
|
cleanup:
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretDefFree(def);
|
|
|
|
virSecretObjEndAPI(&obj);
|
2018-06-11 15:38:17 -04:00
|
|
|
virObjectEventStateQueue(driver->secretEventState, event);
|
2009-08-14 21:48:55 +02:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2017-04-26 09:33:22 -04:00
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
static char *
|
2017-04-01 11:46:36 -04:00
|
|
|
secretGetXMLDesc(virSecretPtr secret,
|
2016-02-23 13:44:12 -05:00
|
|
|
unsigned int flags)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
|
|
|
char *ret = NULL;
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjPtr obj;
|
2016-03-07 19:22:04 -05:00
|
|
|
virSecretDefPtr def;
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2011-07-06 16:29:02 -06:00
|
|
|
virCheckFlags(0, NULL);
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
if (!(obj = secretObjFromSecret(secret)))
|
2009-08-14 21:48:55 +02:00
|
|
|
goto cleanup;
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
def = virSecretObjGetDef(obj);
|
|
|
|
if (virSecretGetXMLDescEnsureACL(secret->conn, def) < 0)
|
2013-04-23 11:56:22 +01:00
|
|
|
goto cleanup;
|
|
|
|
|
2016-03-07 19:22:04 -05:00
|
|
|
ret = virSecretDefFormat(def);
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2014-03-25 07:57:22 +01:00
|
|
|
cleanup:
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjEndAPI(&obj);
|
2009-08-14 21:48:55 +02:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2017-04-26 09:33:22 -04:00
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
static int
|
2017-04-01 11:46:36 -04:00
|
|
|
secretSetValue(virSecretPtr secret,
|
2016-02-23 13:44:12 -05:00
|
|
|
const unsigned char *value,
|
|
|
|
size_t value_size,
|
|
|
|
unsigned int flags)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
|
|
|
int ret = -1;
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjPtr obj;
|
2016-03-07 19:22:04 -05:00
|
|
|
virSecretDefPtr def;
|
2017-01-05 13:51:07 +00:00
|
|
|
virObjectEventPtr event = NULL;
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2011-07-06 16:29:02 -06:00
|
|
|
virCheckFlags(0, -1);
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
if (!(obj = secretObjFromSecret(secret)))
|
2009-08-14 21:48:55 +02:00
|
|
|
goto cleanup;
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
def = virSecretObjGetDef(obj);
|
|
|
|
if (virSecretSetValueEnsureACL(secret->conn, def) < 0)
|
2013-04-23 11:56:22 +01:00
|
|
|
goto cleanup;
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
if (virSecretObjSetValue(obj, value, value_size) < 0)
|
2016-03-07 19:40:58 -05:00
|
|
|
goto cleanup;
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2017-01-05 13:51:07 +00:00
|
|
|
event = virSecretEventValueChangedNew(def->uuid,
|
|
|
|
def->usage_type,
|
|
|
|
def->usage_id);
|
2009-08-14 21:48:55 +02:00
|
|
|
ret = 0;
|
|
|
|
|
2014-03-25 07:57:22 +01:00
|
|
|
cleanup:
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjEndAPI(&obj);
|
2018-06-11 15:38:17 -04:00
|
|
|
virObjectEventStateQueue(driver->secretEventState, event);
|
2009-08-14 21:48:55 +02:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2017-04-26 09:33:22 -04:00
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
static unsigned char *
|
2017-04-01 11:46:36 -04:00
|
|
|
secretGetValue(virSecretPtr secret,
|
2016-02-23 13:44:12 -05:00
|
|
|
size_t *value_size,
|
|
|
|
unsigned int flags,
|
libvirt: do not mix internal flags into public API
There were two API in driver.c that were silently masking flags
bits prior to calling out to the drivers, and several others
that were explicitly masking flags bits. This is not
forward-compatible - if we ever have that many flags in the
future, then talking to an old server that masks out the
flags would be indistinguishable from talking to a new server
that can honor the flag. In general, libvirt.c should forward
_all_ flags on to drivers, and only the drivers should reject
unknown flags.
In the case of virDrvSecretGetValue, the solution is to separate
the internal driver callback function to have two parameters
instead of one, with only one parameter affected by the public
API. In the case of virDomainGetXMLDesc, it turns out that
no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with
the dumpxml path in the first place; that internal flag was
only used in saving and restoring state files, which happened
to be in functions internal to a single file, so there is no
mixing of the internal flag with a public flags argument.
Additionally, virDomainMemoryStats passed a flags argument
over RPC, but not to the driver.
* src/driver.h (VIR_DOMAIN_XML_FLAGS_MASK)
(VIR_SECRET_GET_VALUE_FLAGS_MASK): Delete.
(virDrvSecretGetValue): Separate out internal flags.
(virDrvDomainMemoryStats): Provide missing flags argument.
* src/driver.c (verify): Drop unused check.
* src/conf/domain_conf.h (virDomainObjParseFile): Delete
declaration.
(virDomainXMLInternalFlags): Move...
* src/conf/domain_conf.c: ...here. Delete redundant include.
(virDomainObjParseFile): Make static.
* src/libvirt.c (virDomainGetXMLDesc, virSecretGetValue): Update
clients.
(virDomainMemoryPeek, virInterfaceGetXMLDesc)
(virDomainMemoryStats, virDomainBlockPeek, virNetworkGetXMLDesc)
(virStoragePoolGetXMLDesc, virStorageVolGetXMLDesc)
(virNodeNumOfDevices, virNodeListDevices, virNWFilterGetXMLDesc):
Don't mask unknown flags.
* src/interface/netcf_driver.c (interfaceGetXMLDesc): Reject
unknown flags.
* src/secret/secret_driver.c (secretGetValue): Update clients.
* src/remote/remote_driver.c (remoteSecretGetValue)
(remoteDomainMemoryStats): Likewise.
* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase):
Likewise.
* src/qemu/qemu_driver.c (qemudDomainMemoryStats): Likewise.
* daemon/remote.c (remoteDispatchDomainMemoryStats): Likewise.
2011-07-13 15:31:56 -06:00
|
|
|
unsigned int internalFlags)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
|
|
|
unsigned char *ret = NULL;
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjPtr obj;
|
2016-03-07 19:22:04 -05:00
|
|
|
virSecretDefPtr def;
|
2009-08-14 21:48:55 +02:00
|
|
|
|
libvirt: do not mix internal flags into public API
There were two API in driver.c that were silently masking flags
bits prior to calling out to the drivers, and several others
that were explicitly masking flags bits. This is not
forward-compatible - if we ever have that many flags in the
future, then talking to an old server that masks out the
flags would be indistinguishable from talking to a new server
that can honor the flag. In general, libvirt.c should forward
_all_ flags on to drivers, and only the drivers should reject
unknown flags.
In the case of virDrvSecretGetValue, the solution is to separate
the internal driver callback function to have two parameters
instead of one, with only one parameter affected by the public
API. In the case of virDomainGetXMLDesc, it turns out that
no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with
the dumpxml path in the first place; that internal flag was
only used in saving and restoring state files, which happened
to be in functions internal to a single file, so there is no
mixing of the internal flag with a public flags argument.
Additionally, virDomainMemoryStats passed a flags argument
over RPC, but not to the driver.
* src/driver.h (VIR_DOMAIN_XML_FLAGS_MASK)
(VIR_SECRET_GET_VALUE_FLAGS_MASK): Delete.
(virDrvSecretGetValue): Separate out internal flags.
(virDrvDomainMemoryStats): Provide missing flags argument.
* src/driver.c (verify): Drop unused check.
* src/conf/domain_conf.h (virDomainObjParseFile): Delete
declaration.
(virDomainXMLInternalFlags): Move...
* src/conf/domain_conf.c: ...here. Delete redundant include.
(virDomainObjParseFile): Make static.
* src/libvirt.c (virDomainGetXMLDesc, virSecretGetValue): Update
clients.
(virDomainMemoryPeek, virInterfaceGetXMLDesc)
(virDomainMemoryStats, virDomainBlockPeek, virNetworkGetXMLDesc)
(virStoragePoolGetXMLDesc, virStorageVolGetXMLDesc)
(virNodeNumOfDevices, virNodeListDevices, virNWFilterGetXMLDesc):
Don't mask unknown flags.
* src/interface/netcf_driver.c (interfaceGetXMLDesc): Reject
unknown flags.
* src/secret/secret_driver.c (secretGetValue): Update clients.
* src/remote/remote_driver.c (remoteSecretGetValue)
(remoteDomainMemoryStats): Likewise.
* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase):
Likewise.
* src/qemu/qemu_driver.c (qemudDomainMemoryStats): Likewise.
* daemon/remote.c (remoteDispatchDomainMemoryStats): Likewise.
2011-07-13 15:31:56 -06:00
|
|
|
virCheckFlags(0, NULL);
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
if (!(obj = secretObjFromSecret(secret)))
|
2009-08-14 21:48:55 +02:00
|
|
|
goto cleanup;
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 14:06:15 +01:00
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
def = virSecretObjGetDef(obj);
|
|
|
|
if (virSecretGetValueEnsureACL(secret->conn, def) < 0)
|
2013-04-23 11:56:22 +01:00
|
|
|
goto cleanup;
|
|
|
|
|
libvirt: do not mix internal flags into public API
There were two API in driver.c that were silently masking flags
bits prior to calling out to the drivers, and several others
that were explicitly masking flags bits. This is not
forward-compatible - if we ever have that many flags in the
future, then talking to an old server that masks out the
flags would be indistinguishable from talking to a new server
that can honor the flag. In general, libvirt.c should forward
_all_ flags on to drivers, and only the drivers should reject
unknown flags.
In the case of virDrvSecretGetValue, the solution is to separate
the internal driver callback function to have two parameters
instead of one, with only one parameter affected by the public
API. In the case of virDomainGetXMLDesc, it turns out that
no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with
the dumpxml path in the first place; that internal flag was
only used in saving and restoring state files, which happened
to be in functions internal to a single file, so there is no
mixing of the internal flag with a public flags argument.
Additionally, virDomainMemoryStats passed a flags argument
over RPC, but not to the driver.
* src/driver.h (VIR_DOMAIN_XML_FLAGS_MASK)
(VIR_SECRET_GET_VALUE_FLAGS_MASK): Delete.
(virDrvSecretGetValue): Separate out internal flags.
(virDrvDomainMemoryStats): Provide missing flags argument.
* src/driver.c (verify): Drop unused check.
* src/conf/domain_conf.h (virDomainObjParseFile): Delete
declaration.
(virDomainXMLInternalFlags): Move...
* src/conf/domain_conf.c: ...here. Delete redundant include.
(virDomainObjParseFile): Make static.
* src/libvirt.c (virDomainGetXMLDesc, virSecretGetValue): Update
clients.
(virDomainMemoryPeek, virInterfaceGetXMLDesc)
(virDomainMemoryStats, virDomainBlockPeek, virNetworkGetXMLDesc)
(virStoragePoolGetXMLDesc, virStorageVolGetXMLDesc)
(virNodeNumOfDevices, virNodeListDevices, virNWFilterGetXMLDesc):
Don't mask unknown flags.
* src/interface/netcf_driver.c (interfaceGetXMLDesc): Reject
unknown flags.
* src/secret/secret_driver.c (secretGetValue): Update clients.
* src/remote/remote_driver.c (remoteSecretGetValue)
(remoteDomainMemoryStats): Likewise.
* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase):
Likewise.
* src/qemu/qemu_driver.c (qemudDomainMemoryStats): Likewise.
* daemon/remote.c (remoteDispatchDomainMemoryStats): Likewise.
2011-07-13 15:31:56 -06:00
|
|
|
if ((internalFlags & VIR_SECRET_GET_VALUE_INTERNAL_CALL) == 0 &&
|
2016-03-08 11:34:56 -05:00
|
|
|
def->isprivate) {
|
2012-09-18 12:01:46 +02:00
|
|
|
virReportError(VIR_ERR_INVALID_SECRET, "%s",
|
2012-07-18 12:40:16 +01:00
|
|
|
_("secret is private"));
|
2009-08-14 21:48:55 +02:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
if (!(ret = virSecretObjGetValue(obj)))
|
2009-08-14 21:48:55 +02:00
|
|
|
goto cleanup;
|
2016-03-07 19:40:58 -05:00
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
*value_size = virSecretObjGetValueSize(obj);
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2014-03-25 07:57:22 +01:00
|
|
|
cleanup:
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjEndAPI(&obj);
|
2009-08-14 21:48:55 +02:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2017-04-26 09:33:22 -04:00
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
static int
|
2017-04-01 11:46:36 -04:00
|
|
|
secretUndefine(virSecretPtr secret)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
|
|
|
int ret = -1;
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjPtr obj;
|
2016-03-07 19:22:04 -05:00
|
|
|
virSecretDefPtr def;
|
2016-12-22 16:23:58 +00:00
|
|
|
virObjectEventPtr event = NULL;
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
if (!(obj = secretObjFromSecret(secret)))
|
2009-08-14 21:48:55 +02:00
|
|
|
goto cleanup;
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
def = virSecretObjGetDef(obj);
|
|
|
|
if (virSecretUndefineEnsureACL(secret->conn, def) < 0)
|
2013-04-23 11:56:22 +01:00
|
|
|
goto cleanup;
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
if (virSecretObjDeleteConfig(obj) < 0)
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 14:06:15 +01:00
|
|
|
goto cleanup;
|
|
|
|
|
2016-12-22 16:23:58 +00:00
|
|
|
event = virSecretEventLifecycleNew(def->uuid,
|
|
|
|
def->usage_type,
|
|
|
|
def->usage_id,
|
|
|
|
VIR_SECRET_EVENT_UNDEFINED,
|
|
|
|
0);
|
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjDeleteData(obj);
|
2016-03-07 18:06:57 -05:00
|
|
|
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjListRemove(driver->secrets, obj);
|
2017-06-01 12:43:06 -04:00
|
|
|
virObjectUnref(obj);
|
|
|
|
obj = NULL;
|
2009-08-14 21:48:55 +02:00
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
|
2014-03-25 07:57:22 +01:00
|
|
|
cleanup:
|
2017-04-01 11:46:36 -04:00
|
|
|
virSecretObjEndAPI(&obj);
|
2018-06-11 15:38:17 -04:00
|
|
|
virObjectEventStateQueue(driver->secretEventState, event);
|
2009-08-14 21:48:55 +02:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2017-04-26 09:33:22 -04:00
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
static int
|
2013-04-23 13:50:18 +01:00
|
|
|
secretStateCleanup(void)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
2016-02-25 06:30:39 -05:00
|
|
|
if (!driver)
|
2009-08-14 21:48:55 +02:00
|
|
|
return -1;
|
|
|
|
|
2014-11-07 11:28:58 +01:00
|
|
|
secretDriverLock();
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2016-02-25 06:30:39 -05:00
|
|
|
virObjectUnref(driver->secrets);
|
2016-02-23 18:27:21 -05:00
|
|
|
VIR_FREE(driver->configDir);
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2016-12-22 16:23:58 +00:00
|
|
|
virObjectUnref(driver->secretEventState);
|
|
|
|
|
2019-05-23 11:34:08 +01:00
|
|
|
if (driver->lockFD != -1)
|
|
|
|
virPidFileRelease(driver->stateDir, "driver", driver->lockFD);
|
|
|
|
|
|
|
|
VIR_FREE(driver->stateDir);
|
2014-11-07 11:28:58 +01:00
|
|
|
secretDriverUnlock();
|
|
|
|
virMutexDestroy(&driver->lock);
|
|
|
|
VIR_FREE(driver);
|
2009-08-14 21:48:55 +02:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-04-26 09:33:22 -04:00
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
static int
|
2013-04-23 13:50:18 +01:00
|
|
|
secretStateInitialize(bool privileged,
|
|
|
|
virStateInhibitCallback callback ATTRIBUTE_UNUSED,
|
|
|
|
void *opaque ATTRIBUTE_UNUSED)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
2014-11-07 11:28:58 +01:00
|
|
|
if (VIR_ALLOC(driver) < 0)
|
2019-07-23 13:05:18 +01:00
|
|
|
return VIR_DRV_STATE_INIT_ERROR;
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2019-05-23 11:34:08 +01:00
|
|
|
driver->lockFD = -1;
|
2014-11-07 11:28:58 +01:00
|
|
|
if (virMutexInit(&driver->lock) < 0) {
|
|
|
|
VIR_FREE(driver);
|
2019-07-23 13:05:18 +01:00
|
|
|
return VIR_DRV_STATE_INIT_ERROR;
|
2009-08-14 21:48:55 +02:00
|
|
|
}
|
2014-11-07 11:28:58 +01:00
|
|
|
secretDriverLock();
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2016-12-22 16:23:58 +00:00
|
|
|
driver->secretEventState = virObjectEventStateNew();
|
2018-01-26 11:16:00 +00:00
|
|
|
driver->privileged = privileged;
|
2016-12-22 16:23:58 +00:00
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
if (privileged) {
|
2019-05-23 11:34:08 +01:00
|
|
|
if (virAsprintf(&driver->configDir,
|
|
|
|
"%s/libvirt/secrets", SYSCONFDIR) < 0)
|
|
|
|
goto error;
|
|
|
|
if (virAsprintf(&driver->stateDir,
|
|
|
|
"%s/run/libvirt/secrets", LOCALSTATEDIR) < 0)
|
2013-05-03 14:48:16 +02:00
|
|
|
goto error;
|
2009-08-14 21:48:55 +02:00
|
|
|
} else {
|
2019-05-23 11:34:08 +01:00
|
|
|
VIR_AUTOFREE(char *) rundir = NULL;
|
|
|
|
VIR_AUTOFREE(char *) cfgdir = NULL;
|
|
|
|
|
|
|
|
if (!(cfgdir = virGetUserConfigDirectory()))
|
|
|
|
goto error;
|
|
|
|
if (virAsprintf(&driver->configDir, "%s/secrets/", cfgdir) < 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (!(rundir = virGetUserRuntimeDirectory()))
|
|
|
|
goto error;
|
|
|
|
if (virAsprintf(&driver->stateDir, "%s/secrets/run", rundir) < 0)
|
2009-08-14 21:48:55 +02:00
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
2017-04-19 16:40:45 -04:00
|
|
|
if (virFileMakePathWithMode(driver->configDir, S_IRWXU) < 0) {
|
|
|
|
virReportSystemError(errno, _("cannot create config directory '%s'"),
|
|
|
|
driver->configDir);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
2019-05-23 11:34:08 +01:00
|
|
|
if (virFileMakePathWithMode(driver->stateDir, S_IRWXU) < 0) {
|
|
|
|
virReportSystemError(errno, _("cannot create state directory '%s'"),
|
|
|
|
driver->stateDir);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ((driver->lockFD =
|
2019-07-11 15:57:34 +01:00
|
|
|
virPidFileAcquire(driver->stateDir, "driver", false, getpid())) < 0)
|
2019-05-23 11:34:08 +01:00
|
|
|
goto error;
|
|
|
|
|
2016-02-25 06:30:39 -05:00
|
|
|
if (!(driver->secrets = virSecretObjListNew()))
|
|
|
|
goto error;
|
|
|
|
|
2016-03-02 13:10:54 -05:00
|
|
|
if (virSecretLoadAllConfigs(driver->secrets, driver->configDir) < 0)
|
2009-08-14 21:48:55 +02:00
|
|
|
goto error;
|
|
|
|
|
2014-11-07 11:28:58 +01:00
|
|
|
secretDriverUnlock();
|
2019-07-23 13:05:18 +01:00
|
|
|
return VIR_DRV_STATE_INIT_COMPLETE;
|
2009-08-14 21:48:55 +02:00
|
|
|
|
|
|
|
error:
|
2014-11-07 11:28:58 +01:00
|
|
|
secretDriverUnlock();
|
2013-04-23 13:50:18 +01:00
|
|
|
secretStateCleanup();
|
2019-07-23 13:05:18 +01:00
|
|
|
return VIR_DRV_STATE_INIT_ERROR;
|
2009-08-14 21:48:55 +02:00
|
|
|
}
|
|
|
|
|
2017-04-26 09:33:22 -04:00
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
static int
|
2013-04-23 13:50:18 +01:00
|
|
|
secretStateReload(void)
|
2009-08-14 21:48:55 +02:00
|
|
|
{
|
2014-11-07 11:28:58 +01:00
|
|
|
if (!driver)
|
2009-08-14 21:48:55 +02:00
|
|
|
return -1;
|
|
|
|
|
2014-11-07 11:28:58 +01:00
|
|
|
secretDriverLock();
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2016-03-02 13:10:54 -05:00
|
|
|
ignore_value(virSecretLoadAllConfigs(driver->secrets, driver->configDir));
|
2009-08-14 21:48:55 +02:00
|
|
|
|
2014-11-07 11:28:58 +01:00
|
|
|
secretDriverUnlock();
|
2009-08-14 21:48:55 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-04-26 09:33:22 -04:00
|
|
|
|
2018-01-26 11:16:00 +00:00
|
|
|
static virDrvOpenStatus
|
|
|
|
secretConnectOpen(virConnectPtr conn,
|
|
|
|
virConnectAuthPtr auth ATTRIBUTE_UNUSED,
|
|
|
|
virConfPtr conf ATTRIBUTE_UNUSED,
|
|
|
|
unsigned int flags)
|
|
|
|
{
|
|
|
|
virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR);
|
|
|
|
|
2018-03-28 12:49:29 +01:00
|
|
|
if (driver == NULL) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("secret state driver is not active"));
|
|
|
|
return VIR_DRV_OPEN_ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (driver->privileged) {
|
|
|
|
if (STRNEQ(conn->uri->path, "/system")) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("unexpected secret URI path '%s', try secret:///system"),
|
|
|
|
conn->uri->path);
|
2018-01-26 11:16:00 +00:00
|
|
|
return VIR_DRV_OPEN_ERROR;
|
|
|
|
}
|
2018-03-28 12:49:29 +01:00
|
|
|
} else {
|
|
|
|
if (STRNEQ(conn->uri->path, "/session")) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("unexpected secret URI path '%s', try secret:///session"),
|
|
|
|
conn->uri->path);
|
|
|
|
return VIR_DRV_OPEN_ERROR;
|
2018-01-26 11:16:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (virConnectOpenEnsureACL(conn) < 0)
|
|
|
|
return VIR_DRV_OPEN_ERROR;
|
|
|
|
|
|
|
|
return VIR_DRV_OPEN_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int secretConnectClose(virConnectPtr conn ATTRIBUTE_UNUSED)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int secretConnectIsSecure(virConnectPtr conn ATTRIBUTE_UNUSED)
|
|
|
|
{
|
|
|
|
/* Trivially secure, since always inside the daemon */
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int secretConnectIsEncrypted(virConnectPtr conn ATTRIBUTE_UNUSED)
|
|
|
|
{
|
|
|
|
/* Not encrypted, but remote driver takes care of that */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int secretConnectIsAlive(virConnectPtr conn ATTRIBUTE_UNUSED)
|
|
|
|
{
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-12-22 16:23:58 +00:00
|
|
|
static int
|
|
|
|
secretConnectSecretEventRegisterAny(virConnectPtr conn,
|
|
|
|
virSecretPtr secret,
|
|
|
|
int eventID,
|
|
|
|
virConnectSecretEventGenericCallback callback,
|
|
|
|
void *opaque,
|
|
|
|
virFreeCallback freecb)
|
|
|
|
{
|
|
|
|
int callbackID = -1;
|
|
|
|
|
|
|
|
if (virConnectSecretEventRegisterAnyEnsureACL(conn) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (virSecretEventStateRegisterID(conn, driver->secretEventState,
|
|
|
|
secret, eventID, callback,
|
|
|
|
opaque, freecb, &callbackID) < 0)
|
|
|
|
callbackID = -1;
|
|
|
|
cleanup:
|
|
|
|
return callbackID;
|
|
|
|
}
|
|
|
|
|
2017-04-26 09:33:22 -04:00
|
|
|
|
2016-12-22 16:23:58 +00:00
|
|
|
static int
|
|
|
|
secretConnectSecretEventDeregisterAny(virConnectPtr conn,
|
|
|
|
int callbackID)
|
|
|
|
{
|
|
|
|
int ret = -1;
|
|
|
|
|
|
|
|
if (virConnectSecretEventDeregisterAnyEnsureACL(conn) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (virObjectEventStateDeregisterID(conn,
|
|
|
|
driver->secretEventState,
|
2017-06-14 07:32:15 -04:00
|
|
|
callbackID, true) < 0)
|
2016-12-22 16:23:58 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
static virSecretDriver secretDriver = {
|
|
|
|
.name = "secret",
|
2013-04-23 13:50:18 +01:00
|
|
|
.connectNumOfSecrets = secretConnectNumOfSecrets, /* 0.7.1 */
|
|
|
|
.connectListSecrets = secretConnectListSecrets, /* 0.7.1 */
|
|
|
|
.connectListAllSecrets = secretConnectListAllSecrets, /* 0.10.2 */
|
2013-04-22 18:26:01 +01:00
|
|
|
.secretLookupByUUID = secretLookupByUUID, /* 0.7.1 */
|
|
|
|
.secretLookupByUsage = secretLookupByUsage, /* 0.7.1 */
|
|
|
|
.secretDefineXML = secretDefineXML, /* 0.7.1 */
|
|
|
|
.secretGetXMLDesc = secretGetXMLDesc, /* 0.7.1 */
|
|
|
|
.secretSetValue = secretSetValue, /* 0.7.1 */
|
|
|
|
.secretGetValue = secretGetValue, /* 0.7.1 */
|
|
|
|
.secretUndefine = secretUndefine, /* 0.7.1 */
|
2016-12-22 16:23:58 +00:00
|
|
|
.connectSecretEventRegisterAny = secretConnectSecretEventRegisterAny, /* 3.0.0 */
|
|
|
|
.connectSecretEventDeregisterAny = secretConnectSecretEventDeregisterAny, /* 3.0.0 */
|
2009-08-14 21:48:55 +02:00
|
|
|
};
|
|
|
|
|
2018-01-26 11:16:00 +00:00
|
|
|
|
|
|
|
static virHypervisorDriver secretHypervisorDriver = {
|
|
|
|
.name = "secret",
|
|
|
|
.connectOpen = secretConnectOpen, /* 4.1.0 */
|
|
|
|
.connectClose = secretConnectClose, /* 4.1.0 */
|
|
|
|
.connectIsEncrypted = secretConnectIsEncrypted, /* 4.1.0 */
|
|
|
|
.connectIsSecure = secretConnectIsSecure, /* 4.1.0 */
|
|
|
|
.connectIsAlive = secretConnectIsAlive, /* 4.1.0 */
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
static virConnectDriver secretConnectDriver = {
|
2018-03-28 10:53:31 +01:00
|
|
|
.localOnly = true,
|
2018-03-27 15:51:45 +01:00
|
|
|
.uriSchemes = (const char *[]){ "secret", NULL },
|
2018-01-26 11:16:00 +00:00
|
|
|
.hypervisorDriver = &secretHypervisorDriver,
|
|
|
|
.secretDriver = &secretDriver,
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
static virStateDriver stateDriver = {
|
2015-01-20 16:16:26 +00:00
|
|
|
.name = "secret",
|
2013-04-23 13:50:18 +01:00
|
|
|
.stateInitialize = secretStateInitialize,
|
|
|
|
.stateCleanup = secretStateCleanup,
|
|
|
|
.stateReload = secretStateReload,
|
2009-08-14 21:48:55 +02:00
|
|
|
};
|
|
|
|
|
2017-04-26 09:33:22 -04:00
|
|
|
|
2009-08-14 21:48:55 +02:00
|
|
|
int
|
|
|
|
secretRegister(void)
|
|
|
|
{
|
2018-01-26 11:16:00 +00:00
|
|
|
if (virRegisterConnectDriver(&secretConnectDriver, false) < 0)
|
|
|
|
return -1;
|
2015-01-20 16:16:26 +00:00
|
|
|
if (virSetSharedSecretDriver(&secretDriver) < 0)
|
2014-03-17 14:35:42 +01:00
|
|
|
return -1;
|
|
|
|
if (virRegisterStateDriver(&stateDriver) < 0)
|
|
|
|
return -1;
|
2009-08-14 21:48:55 +02:00
|
|
|
return 0;
|
|
|
|
}
|