External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-09-25 00:45:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
87b7e148e9
libvirt/src/secret/secret_driver.c

1099 lines
28 KiB
C
Raw Normal View History

Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
/*
* secret_driver.c: local driver for secret manipulation API
*
secret: drop dead code Detected by Coverity. The only ways to get to the cleanup label were by an early abort (list still unassigned) or after successfully transferring list to dest, so there is no list to clean up. * src/secret/secret_driver.c (loadSecrets): Kill dead code.
2011-06-06 19:14:48 +00:00
* Copyright (C) 2009-2011 Red Hat, Inc.
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* Red Hat Author: Miloslav Trmač <mitr@redhat.com>
*/
#include <config.h>
#include <dirent.h>
#include <fcntl.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
#include "internal.h"
#include "base64.h"
#include "datatypes.h"
#include "driver.h"
#include "logging.h"
#include "memory.h"
#include "secret_conf.h"
#include "secret_driver.h"
#include "threads.h"
#include "util.h"
#include "uuid.h"
#include "virterror_internal.h"
build: rename files.h to virfile.h In preparation for a future patch adding new virFile APIs. * src/util/files.h, src/util/files.c: Move... * src/util/virfile.h, src/util/virfile.c: ...here, and rename functions to virFile prefix. Macro names are intentionally left alone. * *.c: All '#include "files.h"' uses changed. * src/Makefile.am (UTIL_SOURCES): Reflect rename. * cfg.mk (exclude_file_name_regexp--sc_prohibit_close): Likewise. * src/libvirt_private.syms: Likewise. * docs/hacking.html.in: Likewise. * HACKING: Regenerate.
2011-07-19 18:32:58 +00:00
#include "virfile.h"
maint: use gnulib configmake rather than open-coding things * bootstrap.conf (gnulib_modules): Add configmake. * daemon/Makefile.am (libvirtd_CFLAGS): Drop defines provided by gnulib. * src/Makefile.am (INCLUDES): Likewise. * tests/Makefile.am (INCLUDES): Likewise. * tools/Makefile.am (virsh_CFLAGS): Likewise. * daemon/libvirtd.c (qemudInitPaths, usage, main): Update clients. * src/cpu/cpu_map.c (CPUMAPFILE): Likewise. * src/driver.c (DEFAULT_DRIVER_DIR): Likewise. * src/internal.h (_): Likewise. * src/libvirt.c (virInitialize): Likewise. * src/lxc/lxc_conf.h (LXC_CONFIG_DIR, LXC_STATE_DIR, LXC_LOG_DIR): Likewise. * src/lxc/lxc_conf.c (lxcCapsInit, lxcLoadDriverConfig): Likewise. * src/network/bridge_driver.c (NETWORK_PID_DIR) (NETWORK_STATE_DIR, DNSMASQ_STATE_DIR, networkStartup): Likewise. * src/nwfilter/nwfilter_driver.c (nwfilterDriverStartup): Likewise. * src/qemu/qemu_conf.c (qemudLoadDriverConfig): Likewise. * src/qemu/qemu_driver.c (qemudStartup): Likewise. * src/remote/remote_driver.h (LIBVIRTD_PRIV_UNIX_SOCKET) (LIBVIRTD_PRIV_UNIX_SOCKET_RO, LIBVIRTD_CONFIGURATION_FILE) (LIBVIRT_PKI_DIR): Likewise. * src/secret/secret_driver.c (secretDriverStartup): Likewise. * src/security/security_apparmor.c (VIRT_AA_HELPER): Likewise. * src/security/virt-aa-helper.c (main): Likewise. * src/storage/storage_backend_disk.c (PARTHELPER): Likewise. * src/storage/storage_driver.c (storageDriverStartup): Likewise. * src/uml/uml_driver.c (TEMPDIR, umlStartup): Likewise. * src/util/hooks.c (LIBVIRT_HOOK_DIR): Likewise. * tools/virsh.c (main): Likewise. * docs/hooks.html.in: Likewise.
2010-11-16 14:54:17 +00:00
#include "configmake.h"
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
#define VIR_FROM_THIS VIR_FROM_SECRET
enum { SECRET_MAX_XML_FILE = 10*1024*1024 };
/* Internal driver state */
typedef struct _virSecretEntry virSecretEntry;
typedef virSecretEntry *virSecretEntryPtr;
struct _virSecretEntry {
virSecretEntryPtr next;
virSecretDefPtr def;
unsigned char *value; /* May be NULL */
size_t value_size;
};
typedef struct _virSecretDriverState virSecretDriverState;
typedef virSecretDriverState *virSecretDriverStatePtr;
struct _virSecretDriverState {
virMutex lock;
virSecretEntry *secrets;
char *directory;
};
static virSecretDriverStatePtr driverState;
static void
secretDriverLock(virSecretDriverStatePtr driver)
{
virMutexLock(&driver->lock);
}
static void
secretDriverUnlock(virSecretDriverStatePtr driver)
{
virMutexUnlock(&driver->lock);
}
static virSecretEntryPtr
listUnlink(virSecretEntryPtr *pptr)
{
virSecretEntryPtr secret;
secret = *pptr;
*pptr = secret->next;
return secret;
}
static void
listInsert(virSecretEntryPtr *pptr, virSecretEntryPtr secret)
{
secret->next = *pptr;
*pptr = secret;
}
static void
secretFree(virSecretEntryPtr secret)
{
if (secret == NULL)
return;
virSecretDefFree(secret->def);
if (secret->value != NULL) {
memset(secret->value, 0, secret->value_size);
VIR_FREE(secret->value);
}
VIR_FREE(secret);
}
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
static virSecretEntryPtr
secretFindByUUID(virSecretDriverStatePtr driver, const unsigned char *uuid)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
{
virSecretEntryPtr *pptr, s;
for (pptr = &driver->secrets; *pptr != NULL; pptr = &s->next) {
s = *pptr;
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
if (memcmp(s->def->uuid, uuid, VIR_UUID_BUFLEN) == 0)
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
return s;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
}
return NULL;
}
static virSecretEntryPtr
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
secretFindByUsage(virSecretDriverStatePtr driver, int usageType, const char *usageID)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
{
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
virSecretEntryPtr *pptr, s;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
for (pptr = &driver->secrets; *pptr != NULL; pptr = &s->next) {
s = *pptr;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
if (s->def->usage_type != usageType)
continue;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
switch (usageType) {
case VIR_SECRET_USAGE_TYPE_NONE:
/* never match this */
break;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
case VIR_SECRET_USAGE_TYPE_VOLUME:
if (STREQ(s->def->usage.volume, usageID))
return s;
break;
}
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
}
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
return NULL;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
}
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
/* Permament secret storage */
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
/* Secrets are stored in virSecretDriverStatePtr->directory. Each secret
has virSecretDef stored as XML in "$basename.xml". If a value of the
secret is defined, it is stored as base64 (with no formatting) in
"$basename.base64". "$basename" is in both cases the base64-encoded UUID. */
static int
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
replaceFile(const char *filename, void *data, size_t size)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
{
char *tmp_path = NULL;
int fd = -1, ret = -1;
if (virAsprintf(&tmp_path, "%sXXXXXX", filename) < 0) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
fd = mkstemp (tmp_path);
if (fd == -1) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, _("mkstemp('%s') failed"), tmp_path);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
if (fchmod(fd, S_IRUSR | S_IWUSR) != 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, _("fchmod('%s') failed"), tmp_path);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
ret = safewrite(fd, data, size);
if (ret < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, _("error writing to '%s'"),
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
tmp_path);
goto cleanup;
}
bye to close(), welcome to VIR_(FORCE_)CLOSE() Using automated replacement with sed and editing I have now replaced all occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of course. Some replacements were straight forward, others I needed to pay attention. I hope I payed attention in all the right places... Please have a look. This should have at least solved one more double-close error.
2010-11-09 20:48:48 +00:00
if (VIR_CLOSE(fd) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, _("error closing '%s'"), tmp_path);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
fd = -1;
if (rename(tmp_path, filename) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, _("rename(%s, %s) failed"), tmp_path,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
filename);
goto cleanup;
}
VIR_FREE(tmp_path);
ret = 0;
cleanup:
bye to close(), welcome to VIR_(FORCE_)CLOSE() Using automated replacement with sed and editing I have now replaced all occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of course. Some replacements were straight forward, others I needed to pay attention. I hope I payed attention in all the right places... Please have a look. This should have at least solved one more double-close error.
2010-11-09 20:48:48 +00:00
VIR_FORCE_CLOSE(fd);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (tmp_path != NULL) {
unlink(tmp_path);
VIR_FREE(tmp_path);
}
return ret;
}
static char *
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
secretComputePath(virSecretDriverStatePtr driver,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
const virSecretEntry *secret, const char *suffix)
{
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
char *ret;
char uuidstr[VIR_UUID_STRING_BUFLEN];
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
virUUIDFormat(secret->def->uuid, uuidstr);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
if (virAsprintf(&ret, "%s/%s%s", driver->directory, uuidstr, suffix) < 0)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
/* ret is NULL */
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
return ret;
}
static char *
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
secretXMLPath(virSecretDriverStatePtr driver,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
const virSecretEntry *secret)
{
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
return secretComputePath(driver, secret, ".xml");
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
}
static char *
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
secretBase64Path(virSecretDriverStatePtr driver,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
const virSecretEntry *secret)
{
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
return secretComputePath(driver, secret, ".base64");
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
}
static int
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
secretEnsureDirectory(virSecretDriverStatePtr driver)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
{
if (mkdir(driver->directory, S_IRWXU) < 0 && errno != EEXIST) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, _("cannot create '%s'"),
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
driver->directory);
return -1;
}
return 0;
}
static int
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
secretSaveDef(virSecretDriverStatePtr driver,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
const virSecretEntry *secret)
{
char *filename = NULL, *xml = NULL;
int ret = -1;
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
if (secretEnsureDirectory(driver) < 0)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
filename = secretXMLPath(driver, secret);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (filename == NULL)
goto cleanup;
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
xml = virSecretDefFormat(secret->def);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (xml == NULL)
goto cleanup;
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
if (replaceFile(filename, xml, strlen(xml)) < 0)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
ret = 0;
cleanup:
VIR_FREE(xml);
VIR_FREE(filename);
return ret;
}
static int
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
secretSaveValue(virSecretDriverStatePtr driver,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
const virSecretEntry *secret)
{
char *filename = NULL, *base64 = NULL;
int ret = -1;
if (secret->value == NULL)
return 0;
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
if (secretEnsureDirectory(driver) < 0)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
filename = secretBase64Path(driver, secret);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (filename == NULL)
goto cleanup;
base64_encode_alloc((const char *)secret->value, secret->value_size,
&base64);
if (base64 == NULL) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
if (replaceFile(filename, base64, strlen(base64)) < 0)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
ret = 0;
cleanup:
VIR_FREE(base64);
VIR_FREE(filename);
return ret;
}
static int
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
secretDeleteSaved(virSecretDriverStatePtr driver,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
const virSecretEntry *secret)
{
char *xml_filename = NULL, *value_filename = NULL;
int ret = -1;
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
xml_filename = secretXMLPath(driver, secret);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (xml_filename == NULL)
goto cleanup;
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
value_filename = secretBase64Path(driver, secret);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (value_filename == NULL)
goto cleanup;
if (unlink(xml_filename) < 0 && errno != ENOENT)
goto cleanup;
/* When the XML is missing, the rest may waste disk space, but the secret
won't be loaded again, so we have succeeded already. */
ret = 0;
(void)unlink(value_filename);
cleanup:
VIR_FREE(value_filename);
VIR_FREE(xml_filename);
return ret;
}
static int
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
secretLoadValidateUUID(virSecretDefPtr def,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
const char *xml_basename)
{
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
char uuidstr[VIR_UUID_STRING_BUFLEN];
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
virUUIDFormat(def->uuid, uuidstr);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
if (!virFileMatchesNameSuffix(xml_basename, uuidstr, ".xml")) {
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_INTERNAL_ERROR,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
_("<uuid> does not match secret file name '%s'"),
xml_basename);
return -1;
}
return 0;
}
static int
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
secretLoadValue(virSecretDriverStatePtr driver,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
virSecretEntryPtr secret)
{
int ret = -1, fd = -1;
struct stat st;
char *filename = NULL, *contents = NULL, *value = NULL;
size_t value_size;
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
filename = secretBase64Path(driver, secret);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (filename == NULL)
goto cleanup;
fd = open(filename, O_RDONLY);
if (fd == -1) {
if (errno == ENOENT) {
ret = 0;
goto cleanup;
}
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, _("cannot open '%s'"), filename);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
if (fstat(fd, &st) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, _("cannot stat '%s'"), filename);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
if ((size_t)st.st_size != st.st_size) {
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_INTERNAL_ERROR,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
_("'%s' file does not fit in memory"), filename);
goto cleanup;
}
if (VIR_ALLOC_N(contents, st.st_size) < 0) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
if (saferead(fd, contents, st.st_size) != st.st_size) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, _("cannot read '%s'"), filename);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
bye to close(), welcome to VIR_(FORCE_)CLOSE() Using automated replacement with sed and editing I have now replaced all occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of course. Some replacements were straight forward, others I needed to pay attention. I hope I payed attention in all the right places... Please have a look. This should have at least solved one more double-close error.
2010-11-09 20:48:48 +00:00
VIR_FORCE_CLOSE(fd);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (!base64_decode_alloc(contents, st.st_size, &value, &value_size)) {
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_INTERNAL_ERROR,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
_("invalid base64 in '%s'"), filename);
goto cleanup;
}
if (value == NULL) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
secret->value = (unsigned char *)value;
value = NULL;
secret->value_size = value_size;
ret = 0;
cleanup:
if (value != NULL) {
memset(value, 0, value_size);
VIR_FREE(value);
}
if (contents != NULL) {
memset(contents, 0, st.st_size);
VIR_FREE(contents);
}
bye to close(), welcome to VIR_(FORCE_)CLOSE() Using automated replacement with sed and editing I have now replaced all occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of course. Some replacements were straight forward, others I needed to pay attention. I hope I payed attention in all the right places... Please have a look. This should have at least solved one more double-close error.
2010-11-09 20:48:48 +00:00
VIR_FORCE_CLOSE(fd);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
VIR_FREE(filename);
return ret;
}
static virSecretEntryPtr
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
secretLoad(virSecretDriverStatePtr driver,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
const char *xml_basename)
{
Fix secret_driver compile warning, bug. Set def to NULL in secretLoad(), otherwise we can access a random pointer on error. Signed-off-by: Chris Lalancette <clalance@redhat.com>
2009-09-24 10:58:53 +00:00
virSecretDefPtr def = NULL;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
virSecretEntryPtr secret = NULL, ret = NULL;
char *xml_filename;
if (virAsprintf(&xml_filename, "%s/%s", driver->directory,
xml_basename) < 0) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
def = virSecretDefParseFile(xml_filename);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (def == NULL)
goto cleanup;
VIR_FREE(xml_filename);
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
if (secretLoadValidateUUID(def, xml_basename) < 0)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
Add missing OOM error checks, reports and cleanups
2009-11-08 21:08:54 +00:00
if (VIR_ALLOC(secret) < 0) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
Add missing OOM error checks, reports and cleanups
2009-11-08 21:08:54 +00:00
}
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
secret->def = def;
def = NULL;
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
if (secretLoadValue(driver, secret) < 0)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
ret = secret;
secret = NULL;
cleanup:
secretFree(secret);
virSecretDefFree(def);
VIR_FREE(xml_filename);
return ret;
}
static int
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
loadSecrets(virSecretDriverStatePtr driver,
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
virSecretEntryPtr *dest)
{
int ret = -1;
DIR *dir = NULL;
struct dirent *de;
virSecretEntryPtr list = NULL;
dir = opendir(driver->directory);
if (dir == NULL) {
if (errno == ENOENT)
return 0;
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, _("cannot open '%s'"),
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
driver->directory);
goto cleanup;
}
while ((de = readdir(dir)) != NULL) {
virSecretEntryPtr secret;
if (STREQ(de->d_name, ".") || STREQ(de->d_name, ".."))
continue;
if (!virFileHasSuffix(de->d_name, ".xml"))
continue;
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
secret = secretLoad(driver, de->d_name);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (secret == NULL) {
virErrorPtr err = virGetLastError();
Remove superfluous new lines from messages I noticed some debug messages are printed with an empty lines after them. This patch removes these empty lines from all invocations of the following macros: VIR_DEBUG VIR_DEBUG0 VIR_ERROR VIR_ERROR0 VIR_INFO VIR_WARN VIR_WARN0 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2010-01-19 13:17:20 +00:00
VIR_ERROR(_("Error reading secret: %s"),
maint: change "" in err ? err->message : "" to _("unknown error"), ... These changes avoid false-positive syntax-check failure, and also make the resulting diagnostics more comprehensible.
2010-05-20 06:44:27 +00:00
err != NULL ? err->message: _("unknown error"));
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
virResetError(err);
continue;
}
listInsert(&list, secret);
}
/* Ignore error reported by readdir(), if any. It's better to keep the
secrets we managed to find. */
while (list != NULL) {
virSecretEntryPtr s;
s = listUnlink(&list);
listInsert(dest, s);
}
ret = 0;
cleanup:
if (dir != NULL)
closedir(dir);
return ret;
}
/* Driver functions */
static virDrvOpenStatus
secretOpen(virConnectPtr conn, virConnectAuthPtr auth ATTRIBUTE_UNUSED,
util: reject unknown flags, and prefer unsigned flags Silently ignored flags get in the way of new features that use those flags. Also, an upcoming syntax check will favor unsigned flags. * src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Drop unused attribute. * src/interface/netcf_driver.c (interfaceOpenInterface) (interfaceDefineXML, interfaceCreate, interfaceDestroy): Reject unknown flags. * src/network/bridge_driver.c (networkOpenNetwork) (networkGetXMLDesc): Likewise. * src/nwfilter/nwfilter_driver.c (nwfilterOpen): Likewise. * src/secret/secret_driver.c (secretOpen, secretDefineXML) (secretGetXMLDesc, secretSetValue): Likewise. * src/util/logging.c (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Likewise; also use unsigned flags. * src/util/logging.h (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Change signature. * src/util/command.c (virExecWithHook): Likewise.
2011-07-06 22:29:02 +00:00
unsigned int flags)
{
virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (driverState == NULL)
return VIR_DRV_OPEN_DECLINED;
conn->secretPrivateData = driverState;
return VIR_DRV_OPEN_SUCCESS;
}
static int
secretClose(virConnectPtr conn) {
conn->secretPrivateData = NULL;
return 0;
}
static int
secretNumOfSecrets(virConnectPtr conn)
{
virSecretDriverStatePtr driver = conn->secretPrivateData;
int i;
virSecretEntryPtr secret;
secretDriverLock(driver);
i = 0;
for (secret = driver->secrets; secret != NULL; secret = secret->next)
i++;
secretDriverUnlock(driver);
return i;
}
static int
secretListSecrets(virConnectPtr conn, char **uuids, int maxuuids)
{
virSecretDriverStatePtr driver = conn->secretPrivateData;
int i;
virSecretEntryPtr secret;
memset(uuids, 0, maxuuids * sizeof(*uuids));
secretDriverLock(driver);
i = 0;
for (secret = driver->secrets; secret != NULL; secret = secret->next) {
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
char *uuidstr;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (i == maxuuids)
break;
Add missing OOM error checks, reports and cleanups
2009-11-08 21:08:54 +00:00
if (VIR_ALLOC_N(uuidstr, VIR_UUID_STRING_BUFLEN) < 0) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
Add missing OOM error checks, reports and cleanups
2009-11-08 21:08:54 +00:00
}
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
virUUIDFormat(secret->def->uuid, uuidstr);
uuids[i] = uuidstr;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
i++;
}
secretDriverUnlock(driver);
return i;
cleanup:
secretDriverUnlock(driver);
for (i = 0; i < maxuuids; i++)
VIR_FREE(uuids[i]);
return -1;
}
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
static const char *
secretUsageIDForDef(virSecretDefPtr def)
{
switch (def->usage_type) {
case VIR_SECRET_USAGE_TYPE_NONE:
return "";
case VIR_SECRET_USAGE_TYPE_VOLUME:
return def->usage.volume;
default:
return NULL;
}
}
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
static virSecretPtr
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
secretLookupByUUID(virConnectPtr conn, const unsigned char *uuid)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
{
virSecretDriverStatePtr driver = conn->secretPrivateData;
virSecretPtr ret = NULL;
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
virSecretEntryPtr secret;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
secretDriverLock(driver);
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
secret = secretFindByUUID(driver, uuid);
if (secret == NULL) {
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(uuid, uuidstr);
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_NO_SECRET,
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
_("no secret with matching uuid '%s'"), uuidstr);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
ret = virGetSecret(conn,
secret->def->uuid,
secret->def->usage_type,
secretUsageIDForDef(secret->def));
cleanup:
secretDriverUnlock(driver);
return ret;
}
static virSecretPtr
secretLookupByUsage(virConnectPtr conn, int usageType, const char *usageID)
{
virSecretDriverStatePtr driver = conn->secretPrivateData;
virSecretPtr ret = NULL;
virSecretEntryPtr secret;
secretDriverLock(driver);
secret = secretFindByUsage(driver, usageType, usageID);
if (secret == NULL) {
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_NO_SECRET,
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
_("no secret with matching usage '%s'"), usageID);
goto cleanup;
}
ret = virGetSecret(conn,
secret->def->uuid,
secret->def->usage_type,
secretUsageIDForDef(secret->def));
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
cleanup:
secretDriverUnlock(driver);
return ret;
}
static virSecretPtr
secretDefineXML(virConnectPtr conn, const char *xml,
util: reject unknown flags, and prefer unsigned flags Silently ignored flags get in the way of new features that use those flags. Also, an upcoming syntax check will favor unsigned flags. * src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Drop unused attribute. * src/interface/netcf_driver.c (interfaceOpenInterface) (interfaceDefineXML, interfaceCreate, interfaceDestroy): Reject unknown flags. * src/network/bridge_driver.c (networkOpenNetwork) (networkGetXMLDesc): Likewise. * src/nwfilter/nwfilter_driver.c (nwfilterOpen): Likewise. * src/secret/secret_driver.c (secretOpen, secretDefineXML) (secretGetXMLDesc, secretSetValue): Likewise. * src/util/logging.c (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Likewise; also use unsigned flags. * src/util/logging.h (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Change signature. * src/util/command.c (virExecWithHook): Likewise.
2011-07-06 22:29:02 +00:00
unsigned int flags)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
{
virSecretDriverStatePtr driver = conn->secretPrivateData;
virSecretPtr ret = NULL;
virSecretEntryPtr secret;
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
virSecretDefPtr backup = NULL;
virSecretDefPtr new_attrs;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
util: reject unknown flags, and prefer unsigned flags Silently ignored flags get in the way of new features that use those flags. Also, an upcoming syntax check will favor unsigned flags. * src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Drop unused attribute. * src/interface/netcf_driver.c (interfaceOpenInterface) (interfaceDefineXML, interfaceCreate, interfaceDestroy): Reject unknown flags. * src/network/bridge_driver.c (networkOpenNetwork) (networkGetXMLDesc): Likewise. * src/nwfilter/nwfilter_driver.c (nwfilterOpen): Likewise. * src/secret/secret_driver.c (secretOpen, secretDefineXML) (secretGetXMLDesc, secretSetValue): Likewise. * src/util/logging.c (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Likewise; also use unsigned flags. * src/util/logging.h (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Change signature. * src/util/command.c (virExecWithHook): Likewise.
2011-07-06 22:29:02 +00:00
virCheckFlags(0, NULL);
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
new_attrs = virSecretDefParseString(xml);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (new_attrs == NULL)
return NULL;
secretDriverLock(driver);
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
secret = secretFindByUUID(driver, new_attrs->uuid);
if (secret == NULL) {
/* No existing secret with same UUID, try look for matching usage instead */
const char *usageID = secretUsageIDForDef(new_attrs);
secret = secretFindByUsage(driver, new_attrs->usage_type, usageID);
if (secret) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(secret->def->uuid, uuidstr);
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_INTERNAL_ERROR,
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
_("a secret with UUID %s already defined for use with %s"),
uuidstr, usageID);
goto cleanup;
}
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
/* No existing secret at all, create one */
if (VIR_ALLOC(secret) < 0) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
goto cleanup;
}
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
listInsert(&driver->secrets, secret);
secret->def = new_attrs;
} else {
const char *newUsageID = secretUsageIDForDef(new_attrs);
const char *oldUsageID = secretUsageIDForDef(secret->def);
if (STRNEQ(oldUsageID, newUsageID)) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(secret->def->uuid, uuidstr);
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_INTERNAL_ERROR,
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
_("a secret with UUID %s is already defined for use with %s"),
uuidstr, oldUsageID);
goto cleanup;
}
if (secret->def->private && !new_attrs->private) {
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_INTERNAL_ERROR, "%s",
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
_("cannot change private flag on existing secret"));
goto cleanup;
}
/* Got an existing secret matches attrs, so reuse that */
backup = secret->def;
secret->def = new_attrs;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
}
if (!new_attrs->ephemeral) {
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
if (backup && backup->ephemeral) {
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
if (secretSaveValue(driver, secret) < 0)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto restore_backup;
}
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
if (secretSaveDef(driver, secret) < 0) {
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
if (backup && backup->ephemeral) {
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
char *filename;
/* Undo the secretSaveValue() above; ignore errors */
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
filename = secretBase64Path(driver, secret);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (filename != NULL)
(void)unlink(filename);
VIR_FREE(filename);
}
goto restore_backup;
}
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
} else if (backup && !backup->ephemeral) {
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
if (secretDeleteSaved(driver, secret) < 0)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto restore_backup;
}
Fix documentation and comment typos Fix a few mispellings :-) of "successfully" and regenerate docs/libvirt-*.xml. * src/libvirt.c: Fix typos. * src/secret/secret_driver.c: Fix typos. * docs/libvirt-api.xml: Regenerate. * docs/libvirt-refs.xml: Regenerate.
2009-10-01 14:42:40 +00:00
/* Saved successfully - drop old values */
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
new_attrs = NULL;
virSecretDefFree(backup);
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
ret = virGetSecret(conn,
secret->def->uuid,
secret->def->usage_type,
secretUsageIDForDef(secret->def));
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
restore_backup:
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
if (backup) {
/* Error - restore previous state and free new attributes */
secret->def = backup;
} else {
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
/* "secret" was added to the head of the list above */
if (listUnlink(&driverState->secrets) != secret)
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_INTERNAL_ERROR, "%s",
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
_("list of secrets is inconsistent"));
else
secretFree(secret);
}
cleanup:
virSecretDefFree(new_attrs);
secretDriverUnlock(driver);
return ret;
}
static char *
util: reject unknown flags, and prefer unsigned flags Silently ignored flags get in the way of new features that use those flags. Also, an upcoming syntax check will favor unsigned flags. * src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Drop unused attribute. * src/interface/netcf_driver.c (interfaceOpenInterface) (interfaceDefineXML, interfaceCreate, interfaceDestroy): Reject unknown flags. * src/network/bridge_driver.c (networkOpenNetwork) (networkGetXMLDesc): Likewise. * src/nwfilter/nwfilter_driver.c (nwfilterOpen): Likewise. * src/secret/secret_driver.c (secretOpen, secretDefineXML) (secretGetXMLDesc, secretSetValue): Likewise. * src/util/logging.c (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Likewise; also use unsigned flags. * src/util/logging.h (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Change signature. * src/util/command.c (virExecWithHook): Likewise.
2011-07-06 22:29:02 +00:00
secretGetXMLDesc(virSecretPtr obj, unsigned int flags)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
{
virSecretDriverStatePtr driver = obj->conn->secretPrivateData;
char *ret = NULL;
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
virSecretEntryPtr secret;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
util: reject unknown flags, and prefer unsigned flags Silently ignored flags get in the way of new features that use those flags. Also, an upcoming syntax check will favor unsigned flags. * src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Drop unused attribute. * src/interface/netcf_driver.c (interfaceOpenInterface) (interfaceDefineXML, interfaceCreate, interfaceDestroy): Reject unknown flags. * src/network/bridge_driver.c (networkOpenNetwork) (networkGetXMLDesc): Likewise. * src/nwfilter/nwfilter_driver.c (nwfilterOpen): Likewise. * src/secret/secret_driver.c (secretOpen, secretDefineXML) (secretGetXMLDesc, secretSetValue): Likewise. * src/util/logging.c (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Likewise; also use unsigned flags. * src/util/logging.h (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Change signature. * src/util/command.c (virExecWithHook): Likewise.
2011-07-06 22:29:02 +00:00
virCheckFlags(0, NULL);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
secretDriverLock(driver);
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
secret = secretFindByUUID(driver, obj->uuid);
if (secret == NULL) {
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(obj->uuid, uuidstr);
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_NO_SECRET,
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
_("no secret with matching uuid '%s'"), uuidstr);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
ret = virSecretDefFormat(secret->def);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
cleanup:
secretDriverUnlock(driver);
return ret;
}
static int
secretSetValue(virSecretPtr obj, const unsigned char *value,
util: reject unknown flags, and prefer unsigned flags Silently ignored flags get in the way of new features that use those flags. Also, an upcoming syntax check will favor unsigned flags. * src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Drop unused attribute. * src/interface/netcf_driver.c (interfaceOpenInterface) (interfaceDefineXML, interfaceCreate, interfaceDestroy): Reject unknown flags. * src/network/bridge_driver.c (networkOpenNetwork) (networkGetXMLDesc): Likewise. * src/nwfilter/nwfilter_driver.c (nwfilterOpen): Likewise. * src/secret/secret_driver.c (secretOpen, secretDefineXML) (secretGetXMLDesc, secretSetValue): Likewise. * src/util/logging.c (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Likewise; also use unsigned flags. * src/util/logging.h (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Change signature. * src/util/command.c (virExecWithHook): Likewise.
2011-07-06 22:29:02 +00:00
size_t value_size, unsigned int flags)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
{
virSecretDriverStatePtr driver = obj->conn->secretPrivateData;
int ret = -1;
unsigned char *old_value, *new_value;
size_t old_value_size;
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
virSecretEntryPtr secret;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
util: reject unknown flags, and prefer unsigned flags Silently ignored flags get in the way of new features that use those flags. Also, an upcoming syntax check will favor unsigned flags. * src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Drop unused attribute. * src/interface/netcf_driver.c (interfaceOpenInterface) (interfaceDefineXML, interfaceCreate, interfaceDestroy): Reject unknown flags. * src/network/bridge_driver.c (networkOpenNetwork) (networkGetXMLDesc): Likewise. * src/nwfilter/nwfilter_driver.c (nwfilterOpen): Likewise. * src/secret/secret_driver.c (secretOpen, secretDefineXML) (secretGetXMLDesc, secretSetValue): Likewise. * src/util/logging.c (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Likewise; also use unsigned flags. * src/util/logging.h (virLogDefineFilter, virLogDefineOutput) (virLogMessage): Change signature. * src/util/command.c (virExecWithHook): Likewise.
2011-07-06 22:29:02 +00:00
virCheckFlags(0, -1);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (VIR_ALLOC_N(new_value, value_size) < 0) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
return -1;
}
secretDriverLock(driver);
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
secret = secretFindByUUID(driver, obj->uuid);
if (secret == NULL) {
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(obj->uuid, uuidstr);
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_NO_SECRET,
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
_("no secret with matching uuid '%s'"), uuidstr);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
old_value = secret->value;
old_value_size = secret->value_size;
memcpy(new_value, value, value_size);
secret->value = new_value;
secret->value_size = value_size;
if (!secret->def->ephemeral) {
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
if (secretSaveValue(driver, secret) < 0)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto restore_backup;
}
Fix documentation and comment typos Fix a few mispellings :-) of "successfully" and regenerate docs/libvirt-*.xml. * src/libvirt.c: Fix typos. * src/secret/secret_driver.c: Fix typos. * docs/libvirt-api.xml: Regenerate. * docs/libvirt-refs.xml: Regenerate.
2009-10-01 14:42:40 +00:00
/* Saved successfully - drop old value */
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (old_value != NULL) {
memset(old_value, 0, old_value_size);
VIR_FREE(old_value);
}
new_value = NULL;
ret = 0;
goto cleanup;
restore_backup:
/* Error - restore previous state and free new value */
secret->value = old_value;
secret->value_size = old_value_size;
memset(new_value, 0, value_size);
cleanup:
secretDriverUnlock(driver);
VIR_FREE(new_value);
return ret;
}
static unsigned char *
libvirt: do not mix internal flags into public API There were two API in driver.c that were silently masking flags bits prior to calling out to the drivers, and several others that were explicitly masking flags bits. This is not forward-compatible - if we ever have that many flags in the future, then talking to an old server that masks out the flags would be indistinguishable from talking to a new server that can honor the flag. In general, libvirt.c should forward _all_ flags on to drivers, and only the drivers should reject unknown flags. In the case of virDrvSecretGetValue, the solution is to separate the internal driver callback function to have two parameters instead of one, with only one parameter affected by the public API. In the case of virDomainGetXMLDesc, it turns out that no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with the dumpxml path in the first place; that internal flag was only used in saving and restoring state files, which happened to be in functions internal to a single file, so there is no mixing of the internal flag with a public flags argument. Additionally, virDomainMemoryStats passed a flags argument over RPC, but not to the driver. * src/driver.h (VIR_DOMAIN_XML_FLAGS_MASK) (VIR_SECRET_GET_VALUE_FLAGS_MASK): Delete. (virDrvSecretGetValue): Separate out internal flags. (virDrvDomainMemoryStats): Provide missing flags argument. * src/driver.c (verify): Drop unused check. * src/conf/domain_conf.h (virDomainObjParseFile): Delete declaration. (virDomainXMLInternalFlags): Move... * src/conf/domain_conf.c: ...here. Delete redundant include. (virDomainObjParseFile): Make static. * src/libvirt.c (virDomainGetXMLDesc, virSecretGetValue): Update clients. (virDomainMemoryPeek, virInterfaceGetXMLDesc) (virDomainMemoryStats, virDomainBlockPeek, virNetworkGetXMLDesc) (virStoragePoolGetXMLDesc, virStorageVolGetXMLDesc) (virNodeNumOfDevices, virNodeListDevices, virNWFilterGetXMLDesc): Don't mask unknown flags. * src/interface/netcf_driver.c (interfaceGetXMLDesc): Reject unknown flags. * src/secret/secret_driver.c (secretGetValue): Update clients. * src/remote/remote_driver.c (remoteSecretGetValue) (remoteDomainMemoryStats): Likewise. * src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase): Likewise. * src/qemu/qemu_driver.c (qemudDomainMemoryStats): Likewise. * daemon/remote.c (remoteDispatchDomainMemoryStats): Likewise.
2011-07-13 21:31:56 +00:00
secretGetValue(virSecretPtr obj, size_t *value_size, unsigned int flags,
unsigned int internalFlags)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
{
virSecretDriverStatePtr driver = obj->conn->secretPrivateData;
unsigned char *ret = NULL;
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
virSecretEntryPtr secret;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
libvirt: do not mix internal flags into public API There were two API in driver.c that were silently masking flags bits prior to calling out to the drivers, and several others that were explicitly masking flags bits. This is not forward-compatible - if we ever have that many flags in the future, then talking to an old server that masks out the flags would be indistinguishable from talking to a new server that can honor the flag. In general, libvirt.c should forward _all_ flags on to drivers, and only the drivers should reject unknown flags. In the case of virDrvSecretGetValue, the solution is to separate the internal driver callback function to have two parameters instead of one, with only one parameter affected by the public API. In the case of virDomainGetXMLDesc, it turns out that no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with the dumpxml path in the first place; that internal flag was only used in saving and restoring state files, which happened to be in functions internal to a single file, so there is no mixing of the internal flag with a public flags argument. Additionally, virDomainMemoryStats passed a flags argument over RPC, but not to the driver. * src/driver.h (VIR_DOMAIN_XML_FLAGS_MASK) (VIR_SECRET_GET_VALUE_FLAGS_MASK): Delete. (virDrvSecretGetValue): Separate out internal flags. (virDrvDomainMemoryStats): Provide missing flags argument. * src/driver.c (verify): Drop unused check. * src/conf/domain_conf.h (virDomainObjParseFile): Delete declaration. (virDomainXMLInternalFlags): Move... * src/conf/domain_conf.c: ...here. Delete redundant include. (virDomainObjParseFile): Make static. * src/libvirt.c (virDomainGetXMLDesc, virSecretGetValue): Update clients. (virDomainMemoryPeek, virInterfaceGetXMLDesc) (virDomainMemoryStats, virDomainBlockPeek, virNetworkGetXMLDesc) (virStoragePoolGetXMLDesc, virStorageVolGetXMLDesc) (virNodeNumOfDevices, virNodeListDevices, virNWFilterGetXMLDesc): Don't mask unknown flags. * src/interface/netcf_driver.c (interfaceGetXMLDesc): Reject unknown flags. * src/secret/secret_driver.c (secretGetValue): Update clients. * src/remote/remote_driver.c (remoteSecretGetValue) (remoteDomainMemoryStats): Likewise. * src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase): Likewise. * src/qemu/qemu_driver.c (qemudDomainMemoryStats): Likewise. * daemon/remote.c (remoteDispatchDomainMemoryStats): Likewise.
2011-07-13 21:31:56 +00:00
virCheckFlags(0, NULL);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
secretDriverLock(driver);
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
secret = secretFindByUUID(driver, obj->uuid);
if (secret == NULL) {
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(obj->uuid, uuidstr);
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_NO_SECRET,
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
_("no secret with matching uuid '%s'"), uuidstr);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (secret->value == NULL) {
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(obj->uuid, uuidstr);
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_NO_SECRET,
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
_("secret '%s' does not have a value"), uuidstr);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
libvirt: do not mix internal flags into public API There were two API in driver.c that were silently masking flags bits prior to calling out to the drivers, and several others that were explicitly masking flags bits. This is not forward-compatible - if we ever have that many flags in the future, then talking to an old server that masks out the flags would be indistinguishable from talking to a new server that can honor the flag. In general, libvirt.c should forward _all_ flags on to drivers, and only the drivers should reject unknown flags. In the case of virDrvSecretGetValue, the solution is to separate the internal driver callback function to have two parameters instead of one, with only one parameter affected by the public API. In the case of virDomainGetXMLDesc, it turns out that no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with the dumpxml path in the first place; that internal flag was only used in saving and restoring state files, which happened to be in functions internal to a single file, so there is no mixing of the internal flag with a public flags argument. Additionally, virDomainMemoryStats passed a flags argument over RPC, but not to the driver. * src/driver.h (VIR_DOMAIN_XML_FLAGS_MASK) (VIR_SECRET_GET_VALUE_FLAGS_MASK): Delete. (virDrvSecretGetValue): Separate out internal flags. (virDrvDomainMemoryStats): Provide missing flags argument. * src/driver.c (verify): Drop unused check. * src/conf/domain_conf.h (virDomainObjParseFile): Delete declaration. (virDomainXMLInternalFlags): Move... * src/conf/domain_conf.c: ...here. Delete redundant include. (virDomainObjParseFile): Make static. * src/libvirt.c (virDomainGetXMLDesc, virSecretGetValue): Update clients. (virDomainMemoryPeek, virInterfaceGetXMLDesc) (virDomainMemoryStats, virDomainBlockPeek, virNetworkGetXMLDesc) (virStoragePoolGetXMLDesc, virStorageVolGetXMLDesc) (virNodeNumOfDevices, virNodeListDevices, virNWFilterGetXMLDesc): Don't mask unknown flags. * src/interface/netcf_driver.c (interfaceGetXMLDesc): Reject unknown flags. * src/secret/secret_driver.c (secretGetValue): Update clients. * src/remote/remote_driver.c (remoteSecretGetValue) (remoteDomainMemoryStats): Likewise. * src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase): Likewise. * src/qemu/qemu_driver.c (qemudDomainMemoryStats): Likewise. * daemon/remote.c (remoteDispatchDomainMemoryStats): Likewise.
2011-07-13 21:31:56 +00:00
if ((internalFlags & VIR_SECRET_GET_VALUE_INTERNAL_CALL) == 0 &&
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
secret->def->private) {
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_OPERATION_DENIED, "%s",
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
_("secret is private"));
goto cleanup;
}
if (VIR_ALLOC_N(ret, secret->value_size) < 0) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
memcpy(ret, secret->value, secret->value_size);
*value_size = secret->value_size;
cleanup:
secretDriverUnlock(driver);
return ret;
}
static int
secretUndefine(virSecretPtr obj)
{
virSecretDriverStatePtr driver = obj->conn->secretPrivateData;
int ret = -1;
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
virSecretEntryPtr secret;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
secretDriverLock(driver);
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
secret = secretFindByUUID(driver, obj->uuid);
if (secret == NULL) {
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(obj->uuid, uuidstr);
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
virSecretReportError(VIR_ERR_NO_SECRET,
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
_("no secret with matching uuid '%s'"), uuidstr);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto cleanup;
}
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
if (!secret->def->ephemeral &&
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
secretDeleteSaved(driver, secret) < 0)
Add usage type/id as a public API property of virSecret * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID as not throwing exceptions * qemud/remote.c: Implement dispatch for virLookupSecretByUsage * qemud/remote_protocol.x: Add usage type & ID as attributes of remote_nonnull_secret. Add RPC calls for new public APIs * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.c, src/datatypes.h: Add usageType and usageID as properties of virSecretPtr * src/driver.h: Add virLookupSecretByUsage driver entry point * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage * src/remote_internal.c: Implement virLookupSecretByUsage entry * src/secret_conf.c, src/secret_conf.h: Remove the virSecretUsageType enum, now in public API. Make volume path mandatory when parsing XML * src/secret_driver.c: Enforce usage uniqueness when defining secrets. Implement virSecretLookupByUsage api method * src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
goto cleanup;
if (driver->secrets == secret) {
driver->secrets = secret->next;
} else {
virSecretEntryPtr tmp = driver->secrets;
while (tmp && tmp->next != secret)
tmp = tmp->next;
if (tmp)
tmp->next = secret->next;
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
}
secretFree(secret);
ret = 0;
cleanup:
secretDriverUnlock(driver);
return ret;
}
static int
secretDriverCleanup(void)
{
if (driverState == NULL)
return -1;
secretDriverLock(driverState);
while (driverState->secrets != NULL) {
virSecretEntryPtr s;
s = listUnlink(&driverState->secrets);
secretFree(s);
}
VIR_FREE(driverState->directory);
secretDriverUnlock(driverState);
virMutexDestroy(&driverState->lock);
VIR_FREE(driverState);
return 0;
}
static int
secretDriverStartup(int privileged)
{
char *base = NULL;
if (VIR_ALLOC(driverState) < 0)
return -1;
if (virMutexInit(&driverState->lock) < 0) {
VIR_FREE(driverState);
return -1;
}
secretDriverLock(driverState);
if (privileged) {
maint: use gnulib configmake rather than open-coding things * bootstrap.conf (gnulib_modules): Add configmake. * daemon/Makefile.am (libvirtd_CFLAGS): Drop defines provided by gnulib. * src/Makefile.am (INCLUDES): Likewise. * tests/Makefile.am (INCLUDES): Likewise. * tools/Makefile.am (virsh_CFLAGS): Likewise. * daemon/libvirtd.c (qemudInitPaths, usage, main): Update clients. * src/cpu/cpu_map.c (CPUMAPFILE): Likewise. * src/driver.c (DEFAULT_DRIVER_DIR): Likewise. * src/internal.h (_): Likewise. * src/libvirt.c (virInitialize): Likewise. * src/lxc/lxc_conf.h (LXC_CONFIG_DIR, LXC_STATE_DIR, LXC_LOG_DIR): Likewise. * src/lxc/lxc_conf.c (lxcCapsInit, lxcLoadDriverConfig): Likewise. * src/network/bridge_driver.c (NETWORK_PID_DIR) (NETWORK_STATE_DIR, DNSMASQ_STATE_DIR, networkStartup): Likewise. * src/nwfilter/nwfilter_driver.c (nwfilterDriverStartup): Likewise. * src/qemu/qemu_conf.c (qemudLoadDriverConfig): Likewise. * src/qemu/qemu_driver.c (qemudStartup): Likewise. * src/remote/remote_driver.h (LIBVIRTD_PRIV_UNIX_SOCKET) (LIBVIRTD_PRIV_UNIX_SOCKET_RO, LIBVIRTD_CONFIGURATION_FILE) (LIBVIRT_PKI_DIR): Likewise. * src/secret/secret_driver.c (secretDriverStartup): Likewise. * src/security/security_apparmor.c (VIRT_AA_HELPER): Likewise. * src/security/virt-aa-helper.c (main): Likewise. * src/storage/storage_backend_disk.c (PARTHELPER): Likewise. * src/storage/storage_driver.c (storageDriverStartup): Likewise. * src/uml/uml_driver.c (TEMPDIR, umlStartup): Likewise. * src/util/hooks.c (LIBVIRT_HOOK_DIR): Likewise. * tools/virsh.c (main): Likewise. * docs/hooks.html.in: Likewise.
2010-11-16 14:54:17 +00:00
base = strdup(SYSCONFDIR "/libvirt");
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (base == NULL)
goto out_of_memory;
} else {
uid_t uid = geteuid();
Remove conn parameter from util functions It was used for error reporting only.
2010-02-04 22:41:52 +00:00
char *userdir = virGetUserDirectory(uid);
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
if (!userdir)
goto error;
if (virAsprintf(&base, "%s/.libvirt", userdir) == -1) {
VIR_FREE(userdir);
goto out_of_memory;
}
VIR_FREE(userdir);
}
if (virAsprintf(&driverState->directory, "%s/secrets", base) == -1)
goto out_of_memory;
VIR_FREE(base);
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
if (loadSecrets(driverState, &driverState->secrets) < 0)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto error;
secretDriverUnlock(driverState);
return 0;
out_of_memory:
libvirt,logging: cleanup VIR_XXX0() These VIR_XXXX0 APIs make us confused, use the non-0-suffix APIs instead. How do these coversions works? The magic is using the gcc extension of ##. When __VA_ARGS__ is empty, "##" will swallow the "," in "fmt," to avoid compile error. example: origin after CPP high_level_api("%d", a_int) low_level_api("%d", a_int) high_level_api("a string") low_level_api("a string") About 400 conversions. 8 special conversions: VIR_XXXX0("") -> VIR_XXXX("msg") (avoid empty format) 2 conversions VIR_XXXX0(string_literal_with_%) -> VIR_XXXX(%->%%) 0 conversions VIR_XXXX0(non_string_literal) -> VIR_XXXX("%s", non_string_literal) (for security) 6 conversions Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
2011-05-09 09:24:09 +00:00
VIR_ERROR(_("Out of memory initializing secrets"));
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
error:
VIR_FREE(base);
secretDriverUnlock(driverState);
secretDriverCleanup();
return -1;
}
static int
secretDriverReload(void)
{
virSecretEntryPtr new_secrets = NULL;
if (!driverState)
return -1;
secretDriverLock(driverState);
Remove virConnectPtr from secret XML APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in secret_conf.{h,c} and update all callers to match
2010-02-10 12:33:34 +00:00
if (loadSecrets(driverState, &new_secrets) < 0)
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
goto end;
/* Keep ephemeral secrets from current state. Discard non-ephemeral secrets
that were removed by the secrets directory. */
while (driverState->secrets != NULL) {
virSecretEntryPtr s;
s = listUnlink(&driverState->secrets);
if (s->def->ephemeral)
listInsert(&new_secrets, s);
else
secretFree(s);
}
driverState->secrets = new_secrets;
end:
secretDriverUnlock(driverState);
return 0;
}
static virSecretDriver secretDriver = {
.name = "secret",
Add many version number annotations to drivers Add many version number annotations to the internal driver tables, to allow hvsupport.html to display more accurate information
2011-05-13 13:35:01 +00:00
.open = secretOpen, /* 0.7.1 */
.close = secretClose, /* 0.7.1 */
.numOfSecrets = secretNumOfSecrets, /* 0.7.1 */
.listSecrets = secretListSecrets, /* 0.7.1 */
.lookupByUUID = secretLookupByUUID, /* 0.7.1 */
.lookupByUsage = secretLookupByUsage, /* 0.7.1 */
.defineXML = secretDefineXML, /* 0.7.1 */
.getXMLDesc = secretGetXMLDesc, /* 0.7.1 */
.setValue = secretSetValue, /* 0.7.1 */
.getValue = secretGetValue, /* 0.7.1 */
.undefine = secretUndefine, /* 0.7.1 */
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
};
static virStateDriver stateDriver = {
Fix return value in virStateInitialize impl for LXC The LXC driver was mistakenly returning -1 for lxcStartup() in scenarios that are not an error. This caused the libvirtd to quit for unprivileged users. This fixes the return code of LXC driver, and also adds a "name" field to the virStateDriver struct and logging to make it easier to find these problems in the future * src/driver.h: Add a 'name' field to state driver to allow easy identification during failures * src/libvirt.c: Log name of failed driver for virStateInit failures * src/lxc/lxc_driver.c: Don't return a failure code for lxcStartup() if LXC is not available on this host, simply disable the driver. * src/network/bridge_driver.c, src/node_device/node_device_devkit.c, src/node_device/node_device_hal.c, src/opennebula/one_driver.c, src/qemu/qemu_driver.c, src/remote/remote_driver.c, src/secret/secret_driver.c, src/storage/storage_driver.c, src/uml/uml_driver.c, src/xen/xen_driver.c: Fill in name field in virStateDriver struct
2009-11-02 23:18:19 +00:00
.name = "Secret",
Local file implementation of secret driver API This implementation stores the secrets in an unencrypted text file, for simplicity in implementation and debugging. (Symmetric encryption, e.g. using gpgme, will not be difficult to add. Because the TLS private key used by libvirtd is stored unencrypted, encrypting the secrets file does not currently provide much additional security.) * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New error number. * po/POTFILES.in, src/Makefile.am: Add secret_driver. * bootstrap: Use gnulib's base64 module. * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms: Add local secret driver. * qemud/qemud.c (qemudInitialize): Use the local secret driver.
2009-08-14 19:48:55 +00:00
.initialize = secretDriverStartup,
.cleanup = secretDriverCleanup,
.reload = secretDriverReload,
.active = NULL /* All persistent state is immediately saved to disk */
};
int
secretRegister(void)
{
virRegisterSecretDriver(&secretDriver);
virRegisterStateDriver(&stateDriver);
return 0;
}
Reference in New Issue Copy Permalink