External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-11-01 10:51:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
a3931b4996
libvirt/src/util/virstorageencryption.c

427 lines
11 KiB
C
Raw Normal View History

Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
/*
conf: move storage encryption type to util/ Encryption keys can be associated with each source file in a backing chain; as such, this file belongs more in util/ where it can be used by virstoragefile.h. * src/conf/storage_encryption_conf.h: Rename... * src/util/virstorageencryption.h: ...to this. * src/conf/storage_encryption_conf.c: Rename... * src/util/virstorageencryption.c: ...to this. * src/Makefile.am (ENCRYPTION_CONF_SOURCES, CONF_SOURCES) (UTIL_SOURCES): Update to new file names. * src/libvirt_private.syms: Likewise. * src/conf/domain_conf.h: Update client. * src/conf/storage_conf.h: Likewise. Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-28 03:26:44 +00:00
* virstorageencryption.c: volume encryption information
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
*
conf: eliminate hardcoded indent in volume/pool xml Again completely mechanical, but a lot of lines.
2014-03-06 14:57:47 +00:00
* Copyright (C) 2009-2014 Red Hat, Inc.
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
maint: fix up copyright notice inconsistencies https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
2012-09-20 22:30:55 +00:00
* License along with this library. If not, see
Desert the FSF address in copyright Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
2012-07-21 10:06:23 +00:00
* <http://www.gnu.org/licenses/>.
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
*/
#include <config.h>
Provide missing passphrase when creating a volume. If the <encryption format='qcow'> element does not specify a secret during volume creation, generate a suitable secret and add it to the <encryption> tag. The caller can view the updated <encryption> tag using virStorageVolGetXMLDesc(). Similarly, when <encryption format='default'/> is specified while creating a qcow or qcow2-formatted volume, change the format to "qcow" and generate a secret as described above. * src/storage_encryption_conf.h (VIR_STORAGE_QCOW_PASSPHRASE_SIZE, virStorageGenerateQcowPasphrase), src/storage_encryption_conf.c (virStorageGenerateQcowPasphrase), src/libvirt_private.syms: Add virStorageGenerateQcowPasphrase(). * src/storage_backend.c (virStoragegenerateQcowEncryption, virStorageBackendCreateQemuImg): Generate a passphrase and <encryption> when creating a qcow-formatted encrypted volume and the user did not supply the information.
2009-08-14 18:06:59 +00:00
#include <fcntl.h>
#include <unistd.h>
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
#include "internal.h"
Rename buf.{c,h} to virbuffer.{c,h} Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-04 12:04:07 +00:00
#include "virbuffer.h"
Rename memory.{c,h} to viralloc.{c,h}
2012-12-12 18:06:53 +00:00
#include "viralloc.h"
conf: move storage encryption type to util/ Encryption keys can be associated with each source file in a backing chain; as such, this file belongs more in util/ where it can be used by virstoragefile.h. * src/conf/storage_encryption_conf.h: Rename... * src/util/virstorageencryption.h: ...to this. * src/conf/storage_encryption_conf.c: Rename... * src/util/virstorageencryption.c: ...to this. * src/Makefile.am (ENCRYPTION_CONF_SOURCES, CONF_SOURCES) (UTIL_SOURCES): Update to new file names. * src/libvirt_private.syms: Likewise. * src/conf/domain_conf.h: Update client. * src/conf/storage_conf.h: Likewise. Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-28 03:26:44 +00:00
#include "virstorageencryption.h"
Rename xml.{c,h} to virxml.{c,h}
2012-12-13 18:13:21 +00:00
#include "virxml.h"
Rename virterror.c virterror_internal.h to virerror.{c,h}
2012-12-13 18:21:53 +00:00
#include "virerror.h"
Rename uuid.{c,h} to viruuid.{c,h}
2012-12-13 18:01:25 +00:00
#include "viruuid.h"
build: rename files.h to virfile.h In preparation for a future patch adding new virFile APIs. * src/util/files.h, src/util/files.c: Move... * src/util/virfile.h, src/util/virfile.c: ...here, and rename functions to virFile prefix. Macro names are intentionally left alone. * *.c: All '#include "files.h"' uses changed. * src/Makefile.am (UTIL_SOURCES): Reflect rename. * cfg.mk (exclude_file_name_regexp--sc_prohibit_close): Likewise. * src/libvirt_private.syms: Likewise. * docs/hacking.html.in: Likewise. * HACKING: Regenerate.
2011-07-19 18:32:58 +00:00
#include "virfile.h"
util: Add 'usage' for encryption In order to use more common code and set up for a future type, modify the encryption secret to allow the "usage" attribute or the "uuid" attribute to define the secret. The "usage" in the case of a volume secret would be the path to the volume as dictated by the backwards compatibility brought on by virStorageGenerateQcowEncryption where it set up the usage field as the vol->target.path and didn't allow someone to provide it. This carries into virSecretObjListFindByUsageLocked which takes the secret usage attribute value from from the domain disk definition and compares it against the usage type from the secret definition. Since none of the code dealing with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly cosmetic change. The real usage comes in a future path where the encryption is expanded to be a luks volume and the secret will allow definition of the usage field. This code will make use of the virSecretLookup{Parse|Format}Secret common code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-30 11:47:46 +00:00
#include "virsecret.h"
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
#include "virstring.h"
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
#define VIR_FROM_THIS VIR_FROM_STORAGE
maint: shorten 'TypeType' function names The VIR_ENUM_DECL/VIR_ENUM_IMPL helper macros already append 'Type' to the enum name being converted; it looks silly to have functions with 'TypeType' in their name. Even though some of our enums have to have a 'Type' suffix, the corresponding string conversion functions do not. * src/conf/secret_conf.h (VIR_ENUM_DECL): Rename virSecretUsageType. * src/conf/storage_conf.h (VIR_ENUM_DECL): Rename virStoragePoolAuthType, virStoragePoolSourceAdapterType, virStoragePartedFsType. * src/conf/domain_conf.c (virDomainDiskDefParseXML) (virDomainFSDefParseXML, virDomainFSDefFormat): Update callers. * src/conf/secret_conf.c (virSecretDefParseUsage) (virSecretDefFormatUsage): Likewise. * src/conf/storage_conf.c (virStoragePoolDefParseAuth) (virStoragePoolDefParseSource, virStoragePoolSourceFormat): Likewise. * src/lxc/lxc_controller.c (virLXCControllerSetupLoopDevices): Likewise. * src/storage/storage_backend_disk.c (virStorageBackendDiskPartFormat): Likewise. * src/util/virstorageencryption.c (virStorageEncryptionSecretParse) (virStorageEncryptionSecretFormat): Likewise. * tools/virsh-secret.c (cmdSecretList): Likewise. * src/libvirt_private.syms (secret_conf.h, storage_conf.h): Export corrected names. Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-14 19:48:15 +00:00
VIR_ENUM_IMPL(virStorageEncryptionSecret,
Require a semicolon for VIR_ENUM_IMPL calls Missing semicolon at the end of macros can confuse some analyzers (like cppcheck <filename>), and we have a mix of semicolon and non-semicolon usage through the code. Let's standardize on using a semicolon for VIR_ENUM_IMPL calls. Move the verify() statement to the end of the macro and drop the semicolon, so the compiler will require callers to add a semicolon. While we are touching these call sites, standardize on putting the closing parenth on its own line, as discussed here: https://www.redhat.com/archives/libvir-list/2019-January/msg00750.html Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-01-20 16:30:15 +00:00
VIR_STORAGE_ENCRYPTION_SECRET_TYPE_LAST,
"passphrase",
);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
VIR_ENUM_IMPL(virStorageEncryptionFormat,
VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
Require a semicolon for VIR_ENUM_IMPL calls Missing semicolon at the end of macros can confuse some analyzers (like cppcheck <filename>), and we have a mix of semicolon and non-semicolon usage through the code. Let's standardize on using a semicolon for VIR_ENUM_IMPL calls. Move the verify() statement to the end of the macro and drop the semicolon, so the compiler will require callers to add a semicolon. While we are touching these call sites, standardize on putting the closing parenth on its own line, as discussed here: https://www.redhat.com/archives/libvir-list/2019-January/msg00750.html Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-01-20 16:30:15 +00:00
"default", "qcow", "luks",
);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
static void
virStorageEncryptionInfoDefFree(virStorageEncryptionInfoDefPtr def)
{
VIR_FREE(def->cipher_name);
VIR_FREE(def->cipher_mode);
VIR_FREE(def->cipher_hash);
VIR_FREE(def->ivgen_name);
VIR_FREE(def->ivgen_hash);
}
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
static void
virStorageEncryptionSecretFree(virStorageEncryptionSecretPtr secret)
{
if (!secret)
return;
virStorageEncryptionSecretFree: Don't leak secret lookup definition When storage secret is parsed in virStorageEncryptionSecretParse(), virSecretLookupParseSecret() which allocates some memory. This is however never freed. ==21711== 134 bytes in 6 blocks are definitely lost in loss record 70 of 85 ==21711== at 0x4C29F80: malloc (vg_replace_malloc.c:296) ==21711== by 0xBCA0356: xmlStrndup (in /usr/lib64/libxml2.so.2.9.4) ==21711== by 0xA9F432E: virXMLPropString (virxml.c:479) ==21711== by 0xA9D25B0: virSecretLookupParseSecret (virsecret.c:70) ==21711== by 0xA9D616E: virStorageEncryptionSecretParse (virstorageencryption.c:172) ==21711== by 0xA9D66B2: virStorageEncryptionParseXML (virstorageencryption.c:281) ==21711== by 0xA9D68DF: virStorageEncryptionParseNode (virstorageencryption.c:338) ==21711== by 0xAA12575: virDomainDiskDefParseXML (domain_conf.c:7606) ==21711== by 0xAA2CAC6: virDomainDefParseXML (domain_conf.c:16658) ==21711== by 0xAA2FC75: virDomainDefParseNode (domain_conf.c:17472) ==21711== by 0xAA2FAE4: virDomainDefParse (domain_conf.c:17419) ==21711== by 0xAA2FB72: virDomainDefParseFile (domain_conf.c:17443) Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-08 16:09:40 +00:00
virSecretLookupDefClear(&secret->seclookupdef);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
VIR_FREE(secret);
}
void
virStorageEncryptionFree(virStorageEncryptionPtr enc)
{
size_t i;
if (!enc)
return;
for (i = 0; i < enc->nsecrets; i++)
virStorageEncryptionSecretFree(enc->secrets[i]);
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
virStorageEncryptionInfoDefFree(&enc->encinfo);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
VIR_FREE(enc->secrets);
VIR_FREE(enc);
}
storage: encryption: Add deep copy function for storage encryption
2014-06-12 13:26:18 +00:00
static virStorageEncryptionSecretPtr
virStorageEncryptionSecretCopy(const virStorageEncryptionSecret *src)
{
virStorageEncryptionSecretPtr ret;
if (VIR_ALLOC(ret) < 0)
return NULL;
memcpy(ret, src, sizeof(*src));
return ret;
}
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
static int
virStorageEncryptionInfoDefCopy(const virStorageEncryptionInfoDef *src,
virStorageEncryptionInfoDefPtr dst)
{
dst->cipher_size = src->cipher_size;
if (VIR_STRDUP(dst->cipher_name, src->cipher_name) < 0 ||
VIR_STRDUP(dst->cipher_mode, src->cipher_mode) < 0 ||
VIR_STRDUP(dst->cipher_hash, src->cipher_hash) < 0 ||
VIR_STRDUP(dst->ivgen_name, src->ivgen_name) < 0 ||
VIR_STRDUP(dst->ivgen_hash, src->ivgen_hash) < 0)
return -1;
return 0;
}
storage: encryption: Add deep copy function for storage encryption
2014-06-12 13:26:18 +00:00
virStorageEncryptionPtr
virStorageEncryptionCopy(const virStorageEncryption *src)
{
virStorageEncryptionPtr ret;
size_t i;
if (VIR_ALLOC(ret) < 0)
return NULL;
if (VIR_ALLOC_N(ret->secrets, src->nsecrets) < 0)
goto error;
ret->nsecrets = src->nsecrets;
ret->format = src->format;
for (i = 0; i < src->nsecrets; i++) {
if (!(ret->secrets[i] = virStorageEncryptionSecretCopy(src->secrets[i])))
goto error;
}
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
if (virStorageEncryptionInfoDefCopy(&src->encinfo, &ret->encinfo) < 0)
goto error;
storage: encryption: Add deep copy function for storage encryption
2014-06-12 13:26:18 +00:00
return ret;
error:
virStorageEncryptionFree(ret);
return NULL;
}
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
static virStorageEncryptionSecretPtr
Remove virConnectPtr from storage APIs & driver The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in storage_conf.{h,c} and storage_encryption_conf.{h,c} and update all callers to match
2010-02-10 11:42:56 +00:00
virStorageEncryptionSecretParse(xmlXPathContextPtr ctxt,
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
xmlNodePtr node)
{
xmlNodePtr old_node;
virStorageEncryptionSecretPtr ret;
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
char *type_str = NULL;
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
char *uuidstr = NULL;
util: Add 'usage' for encryption In order to use more common code and set up for a future type, modify the encryption secret to allow the "usage" attribute or the "uuid" attribute to define the secret. The "usage" in the case of a volume secret would be the path to the volume as dictated by the backwards compatibility brought on by virStorageGenerateQcowEncryption where it set up the usage field as the vol->target.path and didn't allow someone to provide it. This carries into virSecretObjListFindByUsageLocked which takes the secret usage attribute value from from the domain disk definition and compares it against the usage type from the secret definition. Since none of the code dealing with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly cosmetic change. The real usage comes in a future path where the encryption is expanded to be a luks volume and the secret will allow definition of the usage field. This code will make use of the virSecretLookup{Parse|Format}Secret common code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-30 11:47:46 +00:00
char *usagestr = NULL;
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
Adapt to VIR_ALLOC and virAsprintf in src/conf/*
2013-07-04 10:02:00 +00:00
if (VIR_ALLOC(ret) < 0)
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
return NULL;
old_node = ctxt->node;
ctxt->node = node;
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
if (!(type_str = virXPathString("string(./@type)", ctxt))) {
Convert all files in src/conf/ to use virReportError() This removes all the per-file error reporting macros from the code in src/conf/ Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-18 10:50:44 +00:00
virReportError(VIR_ERR_XML_ERROR, "%s",
_("unknown volume encryption secret type"));
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
goto cleanup;
}
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
if ((ret->type = virStorageEncryptionSecretTypeFromString(type_str)) < 0) {
conf: Always use VIR_ERR_CONFIG_UNSUPPORTED on enumFromString() failures Currently, during XML parsing, when a call to a FromString() function to get an enum value fails, the error which is reported is either VIR_ERR_CONFIG_UNSUPPORTED, VIR_ERR_INTERNAL_ERROR or VIR_ERR_XML_ERROR. This commit makes such conversion failures consistently return VIR_ERR_CONFIG_UNSUPPORTED.
2014-01-10 16:41:33 +00:00
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
Convert all files in src/conf/ to use virReportError() This removes all the per-file error reporting macros from the code in src/conf/ Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-18 10:50:44 +00:00
_("unknown volume encryption secret type %s"),
type_str);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
goto cleanup;
}
util: Add 'usage' for encryption In order to use more common code and set up for a future type, modify the encryption secret to allow the "usage" attribute or the "uuid" attribute to define the secret. The "usage" in the case of a volume secret would be the path to the volume as dictated by the backwards compatibility brought on by virStorageGenerateQcowEncryption where it set up the usage field as the vol->target.path and didn't allow someone to provide it. This carries into virSecretObjListFindByUsageLocked which takes the secret usage attribute value from from the domain disk definition and compares it against the usage type from the secret definition. Since none of the code dealing with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly cosmetic change. The real usage comes in a future path where the encryption is expanded to be a luks volume and the secret will allow definition of the usage field. This code will make use of the virSecretLookup{Parse|Format}Secret common code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-30 11:47:46 +00:00
if (virSecretLookupParseSecret(node, &ret->seclookupdef) < 0)
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
goto cleanup;
util: Add 'usage' for encryption In order to use more common code and set up for a future type, modify the encryption secret to allow the "usage" attribute or the "uuid" attribute to define the secret. The "usage" in the case of a volume secret would be the path to the volume as dictated by the backwards compatibility brought on by virStorageGenerateQcowEncryption where it set up the usage field as the vol->target.path and didn't allow someone to provide it. This carries into virSecretObjListFindByUsageLocked which takes the secret usage attribute value from from the domain disk definition and compares it against the usage type from the secret definition. Since none of the code dealing with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly cosmetic change. The real usage comes in a future path where the encryption is expanded to be a luks volume and the secret will allow definition of the usage field. This code will make use of the virSecretLookup{Parse|Format}Secret common code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-30 11:47:46 +00:00
VIR_FREE(type_str);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
ctxt->node = old_node;
return ret;
Indent top-level labels by one space in src/conf/
2014-03-25 06:48:31 +00:00
cleanup:
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
VIR_FREE(type_str);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
virStorageEncryptionSecretFree(ret);
Fix UUID handling in secrets/storage encryption APIs Convert all the secret/storage encryption APIs / wire format to handle UUIDs in raw format instead of non-canonical printable format. Guarentees data format correctness. * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret and validate fully * docs/schemas/secret.rng: Fully validate UUID * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add virSecretLookupByUUID and virSecretGetUUID. Make virSecretGetUUIDString follow normal API design pattern * python/generator.py: Skip generation of virSecretGetUUID, virSecretGetUUIDString and virSecretLookupByUUID * python/libvir.c, python/libvirt-python-api.xml: Manual impl of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/ Fix get_nonnull_secret/make_nonnull_secret to use unsigned char * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a remote_uuid instead of remote_nonnull_string for UUID field. Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an remote_uuid value * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h, qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead of printable. Change virGetSecret to use raw format UUID * src/driver.h: Rename virDrvSecretLookupByUUIDString to virDrvSecretLookupByUUID and use raw format UUID * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID and re-implement virSecretLookupByUUIDString and virSecretGetUUIDString in terms of those * src/libvirt_public.syms: Add virSecretLookupByUUID and virSecretGetUUID * src/remote_internal.c: Rename remoteSecretLookupByUUIDString to remoteSecretLookupByUUID. Fix typo in args for remoteSecretDefineXML impl. Use raw UUID format for get_nonnull_secret and make_nonnull_secret * src/storage_encryption_conf.c, src/storage_encryption_conf.h: Storage UUID in raw format, and require it to be present in XML. Use UUID parser to validate. * secret_conf.h, secret_conf.c: Generate a UUID if none is provided. Storage UUID in raw format. * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets in a filed with printable UUID, instead of base64 UUID. * src/virsh.c: Adjust for changed public API contract of virSecretGetUUIDString. * src/storage_Backend.c: DOn't undefine secret we just generated upon successful volume creation. Fix to handle raw UUIDs. Generate a non-clashing UUID * src/qemu_driver.c: Change to use lookupByUUID instead of lookupByUUIDString
2009-09-10 16:44:12 +00:00
VIR_FREE(uuidstr);
util: Add 'usage' for encryption In order to use more common code and set up for a future type, modify the encryption secret to allow the "usage" attribute or the "uuid" attribute to define the secret. The "usage" in the case of a volume secret would be the path to the volume as dictated by the backwards compatibility brought on by virStorageGenerateQcowEncryption where it set up the usage field as the vol->target.path and didn't allow someone to provide it. This carries into virSecretObjListFindByUsageLocked which takes the secret usage attribute value from from the domain disk definition and compares it against the usage type from the secret definition. Since none of the code dealing with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly cosmetic change. The real usage comes in a future path where the encryption is expanded to be a luks volume and the secret will allow definition of the usage field. This code will make use of the virSecretLookup{Parse|Format}Secret common code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-30 11:47:46 +00:00
VIR_FREE(usagestr);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
ctxt->node = old_node;
return NULL;
}
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
static int
virStorageEncryptionInfoParseCipher(xmlNodePtr info_node,
virStorageEncryptionInfoDefPtr info)
{
int ret = -1;
char *size_str = NULL;
if (!(info->cipher_name = virXMLPropString(info_node, "name"))) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("cipher info missing 'name' attribute"));
goto cleanup;
}
if ((size_str = virXMLPropString(info_node, "size")) &&
virStrToLong_uip(size_str, NULL, 10, &info->cipher_size) < 0) {
virReportError(VIR_ERR_XML_ERROR,
_("cannot parse cipher size: '%s'"),
size_str);
goto cleanup;
}
if (!size_str) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("cipher info missing 'size' attribute"));
goto cleanup;
}
info->cipher_mode = virXMLPropString(info_node, "mode");
info->cipher_hash = virXMLPropString(info_node, "hash");
ret = 0;
cleanup:
VIR_FREE(size_str);
return ret;
}
static int
virStorageEncryptionInfoParseIvgen(xmlNodePtr info_node,
virStorageEncryptionInfoDefPtr info)
{
if (!(info->ivgen_name = virXMLPropString(info_node, "name"))) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("missing ivgen info name string"));
return -1;
}
info->ivgen_hash = virXMLPropString(info_node, "hash");
return 0;
}
util: storage: Sanitize parsing of disk encryption XMLs Pass in the XPath context as we do in all other places rather than allocating a new one. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:17:59 +00:00
virStorageEncryptionPtr
virStorageEncryptionParseNode(xmlNodePtr node,
xmlXPathContextPtr ctxt)
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
{
util: storage: Sanitize parsing of disk encryption XMLs Pass in the XPath context as we do in all other places rather than allocating a new one. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:17:59 +00:00
xmlNodePtr saveNode = ctxt->node;
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
xmlNodePtr *nodes = NULL;
util: storageencryption: Refactor cleanup section in virStorageEncryptionParseXML The function used the 'cleanup' label only in error cases. This patch makes the code pass the cleanup label in every case and removes few unnecessary VIR_FREEs. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:57:17 +00:00
virStorageEncryptionPtr encdef = NULL;
virStorageEncryptionPtr ret = NULL;
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
char *format_str = NULL;
int n;
Convert 'int i' to 'size_t i' in src/conf/ files Convert the type of loop iterators named 'i', 'j', k', 'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or 'unsigned int', also santizing 'ii', 'jj', 'kk' to use the normal 'i', 'j', 'k' naming Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-08 14:09:33 +00:00
size_t i;
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
util: storage: Sanitize parsing of disk encryption XMLs Pass in the XPath context as we do in all other places rather than allocating a new one. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:17:59 +00:00
ctxt->node = node;
util: storageencryption: Refactor cleanup section in virStorageEncryptionParseXML The function used the 'cleanup' label only in error cases. This patch makes the code pass the cleanup label in every case and removes few unnecessary VIR_FREEs. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:57:17 +00:00
if (VIR_ALLOC(encdef) < 0)
goto cleanup;
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
if (!(format_str = virXPathString("string(./@format)", ctxt))) {
Convert all files in src/conf/ to use virReportError() This removes all the per-file error reporting macros from the code in src/conf/ Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-18 10:50:44 +00:00
virReportError(VIR_ERR_XML_ERROR, "%s",
_("unknown volume encryption format"));
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
goto cleanup;
}
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
util: storageencryption: Refactor cleanup section in virStorageEncryptionParseXML The function used the 'cleanup' label only in error cases. This patch makes the code pass the cleanup label in every case and removes few unnecessary VIR_FREEs. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:57:17 +00:00
if ((encdef->format =
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
virStorageEncryptionFormatTypeFromString(format_str)) < 0) {
conf: Always use VIR_ERR_CONFIG_UNSUPPORTED on enumFromString() failures Currently, during XML parsing, when a call to a FromString() function to get an enum value fails, the error which is reported is either VIR_ERR_CONFIG_UNSUPPORTED, VIR_ERR_INTERNAL_ERROR or VIR_ERR_XML_ERROR. This commit makes such conversion failures consistently return VIR_ERR_CONFIG_UNSUPPORTED.
2014-01-10 16:41:33 +00:00
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
Convert all files in src/conf/ to use virReportError() This removes all the per-file error reporting macros from the code in src/conf/ Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-18 10:50:44 +00:00
_("unknown volume encryption format type %s"),
format_str);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
goto cleanup;
}
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
if ((n = virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
goto cleanup;
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
if (n > 0) {
util: storageencryption: Refactor cleanup section in virStorageEncryptionParseXML The function used the 'cleanup' label only in error cases. This patch makes the code pass the cleanup label in every case and removes few unnecessary VIR_FREEs. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:57:17 +00:00
if (VIR_ALLOC_N(encdef->secrets, n) < 0)
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
goto cleanup;
util: storageencryption: Refactor cleanup section in virStorageEncryptionParseXML The function used the 'cleanup' label only in error cases. This patch makes the code pass the cleanup label in every case and removes few unnecessary VIR_FREEs. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:57:17 +00:00
encdef->nsecrets = n;
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
for (i = 0; i < n; i++) {
util: storageencryption: Refactor cleanup section in virStorageEncryptionParseXML The function used the 'cleanup' label only in error cases. This patch makes the code pass the cleanup label in every case and removes few unnecessary VIR_FREEs. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:57:17 +00:00
if (!(encdef->secrets[i] =
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
virStorageEncryptionSecretParse(ctxt, nodes[i])))
goto cleanup;
}
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
}
util: storageencryption: Refactor cleanup section in virStorageEncryptionParseXML The function used the 'cleanup' label only in error cases. This patch makes the code pass the cleanup label in every case and removes few unnecessary VIR_FREEs. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:57:17 +00:00
if (encdef->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
xmlNodePtr tmpnode;
if ((tmpnode = virXPathNode("./cipher[1]", ctxt))) {
util: storageencryption: Refactor cleanup section in virStorageEncryptionParseXML The function used the 'cleanup' label only in error cases. This patch makes the code pass the cleanup label in every case and removes few unnecessary VIR_FREEs. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:57:17 +00:00
if (virStorageEncryptionInfoParseCipher(tmpnode, &encdef->encinfo) < 0)
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
goto cleanup;
}
if ((tmpnode = virXPathNode("./ivgen[1]", ctxt))) {
/* If no cipher node, then fail */
util: storageencryption: Refactor cleanup section in virStorageEncryptionParseXML The function used the 'cleanup' label only in error cases. This patch makes the code pass the cleanup label in every case and removes few unnecessary VIR_FREEs. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:57:17 +00:00
if (!encdef->encinfo.cipher_name) {
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
virReportError(VIR_ERR_XML_ERROR, "%s",
util: Fix misaligned arguments and misaligned conditions for [if|while|...] This patch just fixes misaligned arguments and misaligned conditions of src/util/*.c. Signed-off-by: Shi Lei <shi_lei@massclouds.com>
2018-09-19 08:38:14 +00:00
_("ivgen element found, but cipher is missing"));
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
goto cleanup;
}
util: storageencryption: Refactor cleanup section in virStorageEncryptionParseXML The function used the 'cleanup' label only in error cases. This patch makes the code pass the cleanup label in every case and removes few unnecessary VIR_FREEs. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:57:17 +00:00
if (virStorageEncryptionInfoParseIvgen(tmpnode, &encdef->encinfo) < 0)
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
goto cleanup;
}
}
util: use g_steal_pointer instead of VIR_STEAL_PTR Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-16 11:43:52 +00:00
ret = g_steal_pointer(&encdef);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
Indent top-level labels by one space in src/conf/
2014-03-25 06:48:31 +00:00
cleanup:
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
VIR_FREE(format_str);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
VIR_FREE(nodes);
util: storageencryption: Refactor cleanup section in virStorageEncryptionParseXML The function used the 'cleanup' label only in error cases. This patch makes the code pass the cleanup label in every case and removes few unnecessary VIR_FREEs. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:57:17 +00:00
virStorageEncryptionFree(encdef);
util: storage: Sanitize parsing of disk encryption XMLs Pass in the XPath context as we do in all other places rather than allocating a new one. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:17:59 +00:00
ctxt->node = saveNode;
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
util: storage: Sanitize parsing of disk encryption XMLs Pass in the XPath context as we do in all other places rather than allocating a new one. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-06 13:17:59 +00:00
return ret;
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
}
Misc fixes to secrets API code * proxy/Makefile.am: Build storage_encryption_conf.c since its a dependancy of domain_conf.c * src/storage_encryption_conf.c: Disable XML parsing APis when build under proxy * src/test.c: Add a dummy no-op secrets driver for test suite
2009-09-01 20:37:42 +00:00
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
static int
Remove virConnectPtr from storage APIs & driver The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in storage_conf.{h,c} and storage_encryption_conf.{h,c} and update all callers to match
2010-02-10 11:42:56 +00:00
virStorageEncryptionSecretFormat(virBufferPtr buf,
snapshot: simplify indentation of disk encryption xml Use auto-indent in more places. * src/conf/storage_encryption_conf.h (virStorageEncryptionFormat): Drop parameter. * src/conf/storage_encryption_conf.c (virStorageEncryptionFormat) (virStorageEncryptionSecretFormat): Simplify with auto-indent. * src/conf/domain_conf.c (virDomainDiskDefFormat): Adjust caller. * src/conf/storage_conf.c (virStorageVolTargetDefFormat): Likewise.
2011-09-22 18:16:26 +00:00
virStorageEncryptionSecretPtr secret)
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
{
const char *type;
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
if (!(type = virStorageEncryptionSecretTypeToString(secret->type))) {
Convert all files in src/conf/ to use virReportError() This removes all the per-file error reporting macros from the code in src/conf/ Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-18 10:50:44 +00:00
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("unexpected volume encryption secret type"));
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
return -1;
}
util: Add 'usage' for encryption In order to use more common code and set up for a future type, modify the encryption secret to allow the "usage" attribute or the "uuid" attribute to define the secret. The "usage" in the case of a volume secret would be the path to the volume as dictated by the backwards compatibility brought on by virStorageGenerateQcowEncryption where it set up the usage field as the vol->target.path and didn't allow someone to provide it. This carries into virSecretObjListFindByUsageLocked which takes the secret usage attribute value from from the domain disk definition and compares it against the usage type from the secret definition. Since none of the code dealing with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly cosmetic change. The real usage comes in a future path where the encryption is expanded to be a luks volume and the secret will allow definition of the usage field. This code will make use of the virSecretLookup{Parse|Format}Secret common code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-30 11:47:46 +00:00
virSecretLookupFormatSecret(buf, type, &secret->seclookupdef);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
return 0;
}
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
static void
virStorageEncryptionInfoDefFormat(virBufferPtr buf,
const virStorageEncryptionInfoDef *enc)
{
virBufferEscapeString(buf, "<cipher name='%s'", enc->cipher_name);
virBufferAsprintf(buf, " size='%u'", enc->cipher_size);
if (enc->cipher_mode)
virBufferEscapeString(buf, " mode='%s'", enc->cipher_mode);
if (enc->cipher_hash)
virBufferEscapeString(buf, " hash='%s'", enc->cipher_hash);
virBufferAddLit(buf, "/>\n");
if (enc->ivgen_name) {
virBufferEscapeString(buf, "<ivgen name='%s'", enc->ivgen_name);
if (enc->ivgen_hash)
virBufferEscapeString(buf, " hash='%s'", enc->ivgen_hash);
virBufferAddLit(buf, "/>\n");
}
}
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
int
Remove virConnectPtr from storage APIs & driver The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in storage_conf.{h,c} and storage_encryption_conf.{h,c} and update all callers to match
2010-02-10 11:42:56 +00:00
virStorageEncryptionFormat(virBufferPtr buf,
snapshot: simplify indentation of disk encryption xml Use auto-indent in more places. * src/conf/storage_encryption_conf.h (virStorageEncryptionFormat): Drop parameter. * src/conf/storage_encryption_conf.c (virStorageEncryptionFormat) (virStorageEncryptionSecretFormat): Simplify with auto-indent. * src/conf/domain_conf.c (virDomainDiskDefFormat): Adjust caller. * src/conf/storage_conf.c (virStorageVolTargetDefFormat): Likewise.
2011-09-22 18:16:26 +00:00
virStorageEncryptionPtr enc)
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
{
const char *format;
size_t i;
util: Clean up code formatting in virstorageencryption Bring style more in line with more recent code. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-25 10:51:30 +00:00
if (!(format = virStorageEncryptionFormatTypeToString(enc->format))) {
Convert all files in src/conf/ to use virReportError() This removes all the per-file error reporting macros from the code in src/conf/ Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-18 10:50:44 +00:00
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("unexpected encryption format"));
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
return -1;
}
snapshot: simplify indentation of disk encryption xml Use auto-indent in more places. * src/conf/storage_encryption_conf.h (virStorageEncryptionFormat): Drop parameter. * src/conf/storage_encryption_conf.c (virStorageEncryptionFormat) (virStorageEncryptionSecretFormat): Simplify with auto-indent. * src/conf/domain_conf.c (virDomainDiskDefFormat): Adjust caller. * src/conf/storage_conf.c (virStorageVolTargetDefFormat): Likewise.
2011-09-22 18:16:26 +00:00
virBufferAsprintf(buf, "<encryption format='%s'>\n", format);
conf: eliminate hardcoded indent in volume/pool xml Again completely mechanical, but a lot of lines.
2014-03-06 14:57:47 +00:00
virBufferAdjustIndent(buf, 2);
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
for (i = 0; i < enc->nsecrets; i++) {
snapshot: simplify indentation of disk encryption xml Use auto-indent in more places. * src/conf/storage_encryption_conf.h (virStorageEncryptionFormat): Drop parameter. * src/conf/storage_encryption_conf.c (virStorageEncryptionFormat) (virStorageEncryptionSecretFormat): Simplify with auto-indent. * src/conf/domain_conf.c (virDomainDiskDefFormat): Adjust caller. * src/conf/storage_conf.c (virStorageVolTargetDefFormat): Likewise.
2011-09-22 18:16:26 +00:00
if (virStorageEncryptionSecretFormat(buf, enc->secrets[i]) < 0)
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
return -1;
}
encryption: Add <cipher> and <ivgen> to encryption For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-01 23:21:26 +00:00
if (enc->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
enc->encinfo.cipher_name)
virStorageEncryptionInfoDefFormat(buf, &enc->encinfo);
conf: eliminate hardcoded indent in volume/pool xml Again completely mechanical, but a lot of lines.
2014-03-06 14:57:47 +00:00
virBufferAdjustIndent(buf, -2);
snapshot: simplify indentation of disk encryption xml Use auto-indent in more places. * src/conf/storage_encryption_conf.h (virStorageEncryptionFormat): Drop parameter. * src/conf/storage_encryption_conf.c (virStorageEncryptionFormat) (virStorageEncryptionSecretFormat): Simplify with auto-indent. * src/conf/domain_conf.c (virDomainDiskDefFormat): Adjust caller. * src/conf/storage_conf.c (virStorageVolTargetDefFormat): Likewise.
2011-09-22 18:16:26 +00:00
virBufferAddLit(buf, "</encryption>\n");
Add volume encryption information handling. Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key). Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API. Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported. This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains. * docs/*.html: Re-generate * docs/formatstorageencryption.html.in, docs/sitemap.html.in: Add page describing storage encryption data format * docs/schemas/Makefile.am, docs/schemas/storageencryption.rng: Add RNG schema for storage encryption format * po/POTFILES.in: Add src/storage_encryption_conf.c * src/libvirt_private.syms: Export virStorageEncryption* functions * src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal helper APIs for dealing with storage encryption format * libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng RNG schema
2009-08-19 19:50:10 +00:00
return 0;
}
Provide missing passphrase when creating a volume. If the <encryption format='qcow'> element does not specify a secret during volume creation, generate a suitable secret and add it to the <encryption> tag. The caller can view the updated <encryption> tag using virStorageVolGetXMLDesc(). Similarly, when <encryption format='default'/> is specified while creating a qcow or qcow2-formatted volume, change the format to "qcow" and generate a secret as described above. * src/storage_encryption_conf.h (VIR_STORAGE_QCOW_PASSPHRASE_SIZE, virStorageGenerateQcowPasphrase), src/storage_encryption_conf.c (virStorageGenerateQcowPasphrase), src/libvirt_private.syms: Add virStorageGenerateQcowPasphrase(). * src/storage_backend.c (virStoragegenerateQcowEncryption, virStorageBackendCreateQemuImg): Generate a passphrase and <encryption> when creating a qcow-formatted encrypted volume and the user did not supply the information.
2009-08-14 18:06:59 +00:00
int
Remove virConnectPtr from storage APIs & driver The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in storage_conf.{h,c} and storage_encryption_conf.{h,c} and update all callers to match
2010-02-10 11:42:56 +00:00
virStorageGenerateQcowPassphrase(unsigned char *dest)
Provide missing passphrase when creating a volume. If the <encryption format='qcow'> element does not specify a secret during volume creation, generate a suitable secret and add it to the <encryption> tag. The caller can view the updated <encryption> tag using virStorageVolGetXMLDesc(). Similarly, when <encryption format='default'/> is specified while creating a qcow or qcow2-formatted volume, change the format to "qcow" and generate a secret as described above. * src/storage_encryption_conf.h (VIR_STORAGE_QCOW_PASSPHRASE_SIZE, virStorageGenerateQcowPasphrase), src/storage_encryption_conf.c (virStorageGenerateQcowPasphrase), src/libvirt_private.syms: Add virStorageGenerateQcowPasphrase(). * src/storage_backend.c (virStoragegenerateQcowEncryption, virStorageBackendCreateQemuImg): Generate a passphrase and <encryption> when creating a qcow-formatted encrypted volume and the user did not supply the information.
2009-08-14 18:06:59 +00:00
{
int fd;
size_t i;
/* A qcow passphrase is up to 16 bytes, with any data following a NUL
ignored. Prohibit control and non-ASCII characters to avoid possible
unpleasant surprises with the qemu monitor input mechanism. */
fd = open("/dev/urandom", O_RDONLY);
if (fd < 0) {
Convert all files in src/conf/ to use virReportError() This removes all the per-file error reporting macros from the code in src/conf/ Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-18 10:50:44 +00:00
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Cannot open /dev/urandom"));
Provide missing passphrase when creating a volume. If the <encryption format='qcow'> element does not specify a secret during volume creation, generate a suitable secret and add it to the <encryption> tag. The caller can view the updated <encryption> tag using virStorageVolGetXMLDesc(). Similarly, when <encryption format='default'/> is specified while creating a qcow or qcow2-formatted volume, change the format to "qcow" and generate a secret as described above. * src/storage_encryption_conf.h (VIR_STORAGE_QCOW_PASSPHRASE_SIZE, virStorageGenerateQcowPasphrase), src/storage_encryption_conf.c (virStorageGenerateQcowPasphrase), src/libvirt_private.syms: Add virStorageGenerateQcowPasphrase(). * src/storage_backend.c (virStoragegenerateQcowEncryption, virStorageBackendCreateQemuImg): Generate a passphrase and <encryption> when creating a qcow-formatted encrypted volume and the user did not supply the information.
2009-08-14 18:06:59 +00:00
return -1;
}
i = 0;
while (i < VIR_STORAGE_QCOW_PASSPHRASE_SIZE) {
ssize_t r;
while ((r = read(fd, dest + i, 1)) == -1 && errno == EINTR)
;
if (r <= 0) {
Convert all files in src/conf/ to use virReportError() This removes all the per-file error reporting macros from the code in src/conf/ Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-18 10:50:44 +00:00
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Cannot read from /dev/urandom"));
Introduce VIR_CLOSE to be used rather than close() Since bugs due to double-closed file descriptors are difficult to track down in a multi-threaded system, I am introducing the VIR_CLOSE(fd) macro to help avoid mistakes here. There are lots of places where close() is being used. In this patch I am only cleaning up usage of close() in src/conf where the problems were. I also dare to declare close() as being deprecated in libvirt code base (HACKING).
2010-10-19 14:23:51 +00:00
VIR_FORCE_CLOSE(fd);
Provide missing passphrase when creating a volume. If the <encryption format='qcow'> element does not specify a secret during volume creation, generate a suitable secret and add it to the <encryption> tag. The caller can view the updated <encryption> tag using virStorageVolGetXMLDesc(). Similarly, when <encryption format='default'/> is specified while creating a qcow or qcow2-formatted volume, change the format to "qcow" and generate a secret as described above. * src/storage_encryption_conf.h (VIR_STORAGE_QCOW_PASSPHRASE_SIZE, virStorageGenerateQcowPasphrase), src/storage_encryption_conf.c (virStorageGenerateQcowPasphrase), src/libvirt_private.syms: Add virStorageGenerateQcowPasphrase(). * src/storage_backend.c (virStoragegenerateQcowEncryption, virStorageBackendCreateQemuImg): Generate a passphrase and <encryption> when creating a qcow-formatted encrypted volume and the user did not supply the information.
2009-08-14 18:06:59 +00:00
return -1;
}
if (dest[i] >= 0x20 && dest[i] <= 0x7E)
i++; /* Got an acceptable character */
}
Introduce VIR_CLOSE to be used rather than close() Since bugs due to double-closed file descriptors are difficult to track down in a multi-threaded system, I am introducing the VIR_CLOSE(fd) macro to help avoid mistakes here. There are lots of places where close() is being used. In this patch I am only cleaning up usage of close() in src/conf where the problems were. I also dare to declare close() as being deprecated in libvirt code base (HACKING).
2010-10-19 14:23:51 +00:00
VIR_FORCE_CLOSE(fd);
Provide missing passphrase when creating a volume. If the <encryption format='qcow'> element does not specify a secret during volume creation, generate a suitable secret and add it to the <encryption> tag. The caller can view the updated <encryption> tag using virStorageVolGetXMLDesc(). Similarly, when <encryption format='default'/> is specified while creating a qcow or qcow2-formatted volume, change the format to "qcow" and generate a secret as described above. * src/storage_encryption_conf.h (VIR_STORAGE_QCOW_PASSPHRASE_SIZE, virStorageGenerateQcowPasphrase), src/storage_encryption_conf.c (virStorageGenerateQcowPasphrase), src/libvirt_private.syms: Add virStorageGenerateQcowPasphrase(). * src/storage_backend.c (virStoragegenerateQcowEncryption, virStorageBackendCreateQemuImg): Generate a passphrase and <encryption> when creating a qcow-formatted encrypted volume and the user did not supply the information.
2009-08-14 18:06:59 +00:00
return 0;
}
Reference in New Issue Copy Permalink