2009-09-01 15:27:46 +00:00
|
|
|
/*
|
|
|
|
* secret_conf.c: internal <secret> XML handling
|
|
|
|
*
|
2011-03-04 16:52:12 +00:00
|
|
|
* Copyright (C) 2009, 2011 Red Hat, Inc.
|
2009-09-01 15:27:46 +00:00
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
2012-09-20 22:30:55 +00:00
|
|
|
* License along with this library. If not, see
|
2012-07-21 10:06:23 +00:00
|
|
|
* <http://www.gnu.org/licenses/>.
|
2009-09-01 15:27:46 +00:00
|
|
|
*
|
|
|
|
* Red Hat Author: Miloslav Trmač <mitr@redhat.com>
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#include "internal.h"
|
2012-12-04 12:04:07 +00:00
|
|
|
#include "virbuffer.h"
|
2009-09-01 15:27:46 +00:00
|
|
|
#include "datatypes.h"
|
2012-12-12 17:59:27 +00:00
|
|
|
#include "virlog.h"
|
2012-12-12 18:06:53 +00:00
|
|
|
#include "viralloc.h"
|
2009-09-01 15:27:46 +00:00
|
|
|
#include "secret_conf.h"
|
2012-12-13 18:21:53 +00:00
|
|
|
#include "virerror.h"
|
2012-12-13 18:13:21 +00:00
|
|
|
#include "virxml.h"
|
2012-12-13 18:01:25 +00:00
|
|
|
#include "viruuid.h"
|
2009-09-01 15:27:46 +00:00
|
|
|
|
|
|
|
#define VIR_FROM_THIS VIR_FROM_SECRET
|
|
|
|
|
2011-10-28 17:30:45 +00:00
|
|
|
VIR_ENUM_IMPL(virSecretUsageType, VIR_SECRET_USAGE_TYPE_LAST,
|
2013-03-21 11:53:52 +00:00
|
|
|
"none", "volume", "ceph", "iscsi")
|
2009-09-01 15:27:46 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
virSecretDefFree(virSecretDefPtr def)
|
|
|
|
{
|
|
|
|
if (def == NULL)
|
|
|
|
return;
|
|
|
|
|
|
|
|
VIR_FREE(def->description);
|
|
|
|
switch (def->usage_type) {
|
|
|
|
case VIR_SECRET_USAGE_TYPE_NONE:
|
|
|
|
break;
|
|
|
|
|
|
|
|
case VIR_SECRET_USAGE_TYPE_VOLUME:
|
|
|
|
VIR_FREE(def->usage.volume);
|
|
|
|
break;
|
|
|
|
|
2011-10-28 17:30:45 +00:00
|
|
|
case VIR_SECRET_USAGE_TYPE_CEPH:
|
|
|
|
VIR_FREE(def->usage.ceph);
|
2011-10-28 18:55:04 +00:00
|
|
|
break;
|
2011-10-28 17:30:45 +00:00
|
|
|
|
2013-03-21 11:53:52 +00:00
|
|
|
case VIR_SECRET_USAGE_TYPE_ISCSI:
|
|
|
|
VIR_FREE(def->usage.target);
|
|
|
|
break;
|
|
|
|
|
2009-09-01 15:27:46 +00:00
|
|
|
default:
|
|
|
|
VIR_ERROR(_("unexpected secret usage type %d"), def->usage_type);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
VIR_FREE(def);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-02-10 12:33:34 +00:00
|
|
|
virSecretDefParseUsage(xmlXPathContextPtr ctxt,
|
2009-09-01 15:27:46 +00:00
|
|
|
virSecretDefPtr def)
|
|
|
|
{
|
|
|
|
char *type_str;
|
|
|
|
int type;
|
|
|
|
|
2010-02-04 21:52:34 +00:00
|
|
|
type_str = virXPathString("string(./usage/@type)", ctxt);
|
2009-09-01 15:27:46 +00:00
|
|
|
if (type_str == NULL) {
|
2012-07-18 10:50:44 +00:00
|
|
|
virReportError(VIR_ERR_XML_ERROR, "%s",
|
|
|
|
_("unknown secret usage type"));
|
2009-09-01 15:27:46 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
type = virSecretUsageTypeTypeFromString(type_str);
|
|
|
|
if (type < 0) {
|
2012-07-18 10:50:44 +00:00
|
|
|
virReportError(VIR_ERR_XML_ERROR,
|
|
|
|
_("unknown secret usage type %s"), type_str);
|
2009-09-01 15:27:46 +00:00
|
|
|
VIR_FREE(type_str);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
VIR_FREE(type_str);
|
|
|
|
def->usage_type = type;
|
|
|
|
switch (def->usage_type) {
|
|
|
|
case VIR_SECRET_USAGE_TYPE_NONE:
|
|
|
|
break;
|
|
|
|
|
|
|
|
case VIR_SECRET_USAGE_TYPE_VOLUME:
|
2010-02-04 21:52:34 +00:00
|
|
|
def->usage.volume = virXPathString("string(./usage/volume)", ctxt);
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
|
|
|
if (!def->usage.volume) {
|
2012-07-18 10:50:44 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("volume usage specified, but volume path is missing"));
|
Add usage type/id as a public API property of virSecret
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
2009-09-11 13:06:15 +00:00
|
|
|
return -1;
|
|
|
|
}
|
2009-09-01 15:27:46 +00:00
|
|
|
break;
|
|
|
|
|
2011-10-28 17:30:45 +00:00
|
|
|
case VIR_SECRET_USAGE_TYPE_CEPH:
|
|
|
|
def->usage.ceph = virXPathString("string(./usage/name)", ctxt);
|
|
|
|
if (!def->usage.ceph) {
|
2012-07-18 10:50:44 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Ceph usage specified, but name is missing"));
|
2011-10-28 17:30:45 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
2013-03-21 11:53:52 +00:00
|
|
|
case VIR_SECRET_USAGE_TYPE_ISCSI:
|
|
|
|
def->usage.target = virXPathString("string(./usage/target)", ctxt);
|
|
|
|
if (!def->usage.target) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("iSCSI usage specified, but target is missing"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
2009-09-01 15:27:46 +00:00
|
|
|
default:
|
2012-07-18 10:50:44 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("unexpected secret usage type %d"),
|
|
|
|
def->usage_type);
|
2009-09-01 15:27:46 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static virSecretDefPtr
|
2010-02-10 12:33:34 +00:00
|
|
|
secretXMLParseNode(xmlDocPtr xml, xmlNodePtr root)
|
2009-09-01 15:27:46 +00:00
|
|
|
{
|
|
|
|
xmlXPathContextPtr ctxt = NULL;
|
|
|
|
virSecretDefPtr def = NULL, ret = NULL;
|
|
|
|
char *prop = NULL;
|
Fix UUID handling in secrets/storage encryption APIs
Convert all the secret/storage encryption APIs / wire format to
handle UUIDs in raw format instead of non-canonical printable
format. Guarentees data format correctness.
* docs/schemas/storageencryption.rng: Make UUID mandatory for a secret
and validate fully
* docs/schemas/secret.rng: Fully validate UUID
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add
virSecretLookupByUUID and virSecretGetUUID. Make
virSecretGetUUIDString follow normal API design pattern
* python/generator.py: Skip generation of virSecretGetUUID,
virSecretGetUUIDString and virSecretLookupByUUID
* python/libvir.c, python/libvirt-python-api.xml: Manual impl
of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID
* qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/
Fix get_nonnull_secret/make_nonnull_secret to use unsigned char
* qemud/remote_protocol.x: Fix remote_nonnull_secret to use a
remote_uuid instead of remote_nonnull_string for UUID field.
Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to
REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an
remote_uuid value
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.h, src/datatypes.c: Store UUID in raw format instead
of printable. Change virGetSecret to use raw format UUID
* src/driver.h: Rename virDrvSecretLookupByUUIDString to
virDrvSecretLookupByUUID and use raw format UUID
* src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID
and re-implement virSecretLookupByUUIDString and
virSecretGetUUIDString in terms of those
* src/libvirt_public.syms: Add virSecretLookupByUUID and
virSecretGetUUID
* src/remote_internal.c: Rename remoteSecretLookupByUUIDString
to remoteSecretLookupByUUID. Fix typo in args for
remoteSecretDefineXML impl. Use raw UUID format for
get_nonnull_secret and make_nonnull_secret
* src/storage_encryption_conf.c, src/storage_encryption_conf.h:
Storage UUID in raw format, and require it to be present in
XML. Use UUID parser to validate.
* secret_conf.h, secret_conf.c: Generate a UUID if none is provided.
Storage UUID in raw format.
* src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets
in a filed with printable UUID, instead of base64 UUID.
* src/virsh.c: Adjust for changed public API contract of
virSecretGetUUIDString.
* src/storage_Backend.c: DOn't undefine secret we just generated
upon successful volume creation. Fix to handle raw UUIDs. Generate
a non-clashing UUID
* src/qemu_driver.c: Change to use lookupByUUID instead of
lookupByUUIDString
2009-09-10 16:44:12 +00:00
|
|
|
char *uuidstr = NULL;
|
2009-09-01 15:27:46 +00:00
|
|
|
|
|
|
|
if (!xmlStrEqual(root->name, BAD_CAST "secret")) {
|
2012-07-18 10:50:44 +00:00
|
|
|
virReportError(VIR_ERR_XML_ERROR,
|
|
|
|
_("unexpected root element <%s>, "
|
|
|
|
"expecting <secret>"),
|
|
|
|
root->name);
|
2009-09-01 15:27:46 +00:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
ctxt = xmlXPathNewContext(xml);
|
|
|
|
if (ctxt == NULL) {
|
2010-02-04 18:19:08 +00:00
|
|
|
virReportOOMError();
|
2009-09-01 15:27:46 +00:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
ctxt->node = root;
|
|
|
|
|
2013-07-04 10:02:00 +00:00
|
|
|
if (VIR_ALLOC(def) < 0)
|
2009-09-01 15:27:46 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
2010-02-04 21:52:34 +00:00
|
|
|
prop = virXPathString("string(./@ephemeral)", ctxt);
|
2009-09-01 15:27:46 +00:00
|
|
|
if (prop != NULL) {
|
|
|
|
if (STREQ(prop, "yes"))
|
2013-04-11 03:50:23 +00:00
|
|
|
def->ephemeral = true;
|
2009-09-01 15:27:46 +00:00
|
|
|
else if (STREQ(prop, "no"))
|
2013-04-11 03:50:23 +00:00
|
|
|
def->ephemeral = false;
|
2009-09-01 15:27:46 +00:00
|
|
|
else {
|
2012-07-18 10:50:44 +00:00
|
|
|
virReportError(VIR_ERR_XML_ERROR, "%s",
|
|
|
|
_("invalid value of 'ephemeral'"));
|
2009-09-01 15:27:46 +00:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
VIR_FREE(prop);
|
|
|
|
}
|
|
|
|
|
2010-02-04 21:52:34 +00:00
|
|
|
prop = virXPathString("string(./@private)", ctxt);
|
2009-09-01 15:27:46 +00:00
|
|
|
if (prop != NULL) {
|
|
|
|
if (STREQ(prop, "yes"))
|
2013-04-11 03:54:37 +00:00
|
|
|
def->private = true;
|
2009-09-01 15:27:46 +00:00
|
|
|
else if (STREQ(prop, "no"))
|
2013-04-11 03:54:37 +00:00
|
|
|
def->private = false;
|
2009-09-01 15:27:46 +00:00
|
|
|
else {
|
2012-07-18 10:50:44 +00:00
|
|
|
virReportError(VIR_ERR_XML_ERROR, "%s",
|
|
|
|
_("invalid value of 'private'"));
|
2009-09-01 15:27:46 +00:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
VIR_FREE(prop);
|
|
|
|
}
|
|
|
|
|
2010-02-04 21:52:34 +00:00
|
|
|
uuidstr = virXPathString("string(./uuid)", ctxt);
|
Fix UUID handling in secrets/storage encryption APIs
Convert all the secret/storage encryption APIs / wire format to
handle UUIDs in raw format instead of non-canonical printable
format. Guarentees data format correctness.
* docs/schemas/storageencryption.rng: Make UUID mandatory for a secret
and validate fully
* docs/schemas/secret.rng: Fully validate UUID
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add
virSecretLookupByUUID and virSecretGetUUID. Make
virSecretGetUUIDString follow normal API design pattern
* python/generator.py: Skip generation of virSecretGetUUID,
virSecretGetUUIDString and virSecretLookupByUUID
* python/libvir.c, python/libvirt-python-api.xml: Manual impl
of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID
* qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/
Fix get_nonnull_secret/make_nonnull_secret to use unsigned char
* qemud/remote_protocol.x: Fix remote_nonnull_secret to use a
remote_uuid instead of remote_nonnull_string for UUID field.
Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to
REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an
remote_uuid value
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.h, src/datatypes.c: Store UUID in raw format instead
of printable. Change virGetSecret to use raw format UUID
* src/driver.h: Rename virDrvSecretLookupByUUIDString to
virDrvSecretLookupByUUID and use raw format UUID
* src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID
and re-implement virSecretLookupByUUIDString and
virSecretGetUUIDString in terms of those
* src/libvirt_public.syms: Add virSecretLookupByUUID and
virSecretGetUUID
* src/remote_internal.c: Rename remoteSecretLookupByUUIDString
to remoteSecretLookupByUUID. Fix typo in args for
remoteSecretDefineXML impl. Use raw UUID format for
get_nonnull_secret and make_nonnull_secret
* src/storage_encryption_conf.c, src/storage_encryption_conf.h:
Storage UUID in raw format, and require it to be present in
XML. Use UUID parser to validate.
* secret_conf.h, secret_conf.c: Generate a UUID if none is provided.
Storage UUID in raw format.
* src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets
in a filed with printable UUID, instead of base64 UUID.
* src/virsh.c: Adjust for changed public API contract of
virSecretGetUUIDString.
* src/storage_Backend.c: DOn't undefine secret we just generated
upon successful volume creation. Fix to handle raw UUIDs. Generate
a non-clashing UUID
* src/qemu_driver.c: Change to use lookupByUUID instead of
lookupByUUIDString
2009-09-10 16:44:12 +00:00
|
|
|
if (!uuidstr) {
|
|
|
|
if (virUUIDGenerate(def->uuid)) {
|
2012-07-18 10:50:44 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("Failed to generate UUID"));
|
Fix UUID handling in secrets/storage encryption APIs
Convert all the secret/storage encryption APIs / wire format to
handle UUIDs in raw format instead of non-canonical printable
format. Guarentees data format correctness.
* docs/schemas/storageencryption.rng: Make UUID mandatory for a secret
and validate fully
* docs/schemas/secret.rng: Fully validate UUID
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add
virSecretLookupByUUID and virSecretGetUUID. Make
virSecretGetUUIDString follow normal API design pattern
* python/generator.py: Skip generation of virSecretGetUUID,
virSecretGetUUIDString and virSecretLookupByUUID
* python/libvir.c, python/libvirt-python-api.xml: Manual impl
of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID
* qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/
Fix get_nonnull_secret/make_nonnull_secret to use unsigned char
* qemud/remote_protocol.x: Fix remote_nonnull_secret to use a
remote_uuid instead of remote_nonnull_string for UUID field.
Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to
REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an
remote_uuid value
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.h, src/datatypes.c: Store UUID in raw format instead
of printable. Change virGetSecret to use raw format UUID
* src/driver.h: Rename virDrvSecretLookupByUUIDString to
virDrvSecretLookupByUUID and use raw format UUID
* src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID
and re-implement virSecretLookupByUUIDString and
virSecretGetUUIDString in terms of those
* src/libvirt_public.syms: Add virSecretLookupByUUID and
virSecretGetUUID
* src/remote_internal.c: Rename remoteSecretLookupByUUIDString
to remoteSecretLookupByUUID. Fix typo in args for
remoteSecretDefineXML impl. Use raw UUID format for
get_nonnull_secret and make_nonnull_secret
* src/storage_encryption_conf.c, src/storage_encryption_conf.h:
Storage UUID in raw format, and require it to be present in
XML. Use UUID parser to validate.
* secret_conf.h, secret_conf.c: Generate a UUID if none is provided.
Storage UUID in raw format.
* src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets
in a filed with printable UUID, instead of base64 UUID.
* src/virsh.c: Adjust for changed public API contract of
virSecretGetUUIDString.
* src/storage_Backend.c: DOn't undefine secret we just generated
upon successful volume creation. Fix to handle raw UUIDs. Generate
a non-clashing UUID
* src/qemu_driver.c: Change to use lookupByUUID instead of
lookupByUUIDString
2009-09-10 16:44:12 +00:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if (virUUIDParse(uuidstr, def->uuid) < 0) {
|
2012-07-18 10:50:44 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("malformed uuid element"));
|
Fix UUID handling in secrets/storage encryption APIs
Convert all the secret/storage encryption APIs / wire format to
handle UUIDs in raw format instead of non-canonical printable
format. Guarentees data format correctness.
* docs/schemas/storageencryption.rng: Make UUID mandatory for a secret
and validate fully
* docs/schemas/secret.rng: Fully validate UUID
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add
virSecretLookupByUUID and virSecretGetUUID. Make
virSecretGetUUIDString follow normal API design pattern
* python/generator.py: Skip generation of virSecretGetUUID,
virSecretGetUUIDString and virSecretLookupByUUID
* python/libvir.c, python/libvirt-python-api.xml: Manual impl
of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID
* qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/
Fix get_nonnull_secret/make_nonnull_secret to use unsigned char
* qemud/remote_protocol.x: Fix remote_nonnull_secret to use a
remote_uuid instead of remote_nonnull_string for UUID field.
Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to
REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an
remote_uuid value
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.h, src/datatypes.c: Store UUID in raw format instead
of printable. Change virGetSecret to use raw format UUID
* src/driver.h: Rename virDrvSecretLookupByUUIDString to
virDrvSecretLookupByUUID and use raw format UUID
* src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID
and re-implement virSecretLookupByUUIDString and
virSecretGetUUIDString in terms of those
* src/libvirt_public.syms: Add virSecretLookupByUUID and
virSecretGetUUID
* src/remote_internal.c: Rename remoteSecretLookupByUUIDString
to remoteSecretLookupByUUID. Fix typo in args for
remoteSecretDefineXML impl. Use raw UUID format for
get_nonnull_secret and make_nonnull_secret
* src/storage_encryption_conf.c, src/storage_encryption_conf.h:
Storage UUID in raw format, and require it to be present in
XML. Use UUID parser to validate.
* secret_conf.h, secret_conf.c: Generate a UUID if none is provided.
Storage UUID in raw format.
* src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets
in a filed with printable UUID, instead of base64 UUID.
* src/virsh.c: Adjust for changed public API contract of
virSecretGetUUIDString.
* src/storage_Backend.c: DOn't undefine secret we just generated
upon successful volume creation. Fix to handle raw UUIDs. Generate
a non-clashing UUID
* src/qemu_driver.c: Change to use lookupByUUID instead of
lookupByUUIDString
2009-09-10 16:44:12 +00:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
VIR_FREE(uuidstr);
|
|
|
|
}
|
|
|
|
|
2010-02-04 21:52:34 +00:00
|
|
|
def->description = virXPathString("string(./description)", ctxt);
|
|
|
|
if (virXPathNode("./usage", ctxt) != NULL
|
2010-02-10 12:33:34 +00:00
|
|
|
&& virSecretDefParseUsage(ctxt, def) < 0)
|
2009-09-01 15:27:46 +00:00
|
|
|
goto cleanup;
|
|
|
|
ret = def;
|
|
|
|
def = NULL;
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
VIR_FREE(prop);
|
2011-03-04 16:52:12 +00:00
|
|
|
VIR_FREE(uuidstr);
|
2009-09-01 15:27:46 +00:00
|
|
|
virSecretDefFree(def);
|
|
|
|
xmlXPathFreeContext(ctxt);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static virSecretDefPtr
|
2010-02-24 20:53:16 +00:00
|
|
|
virSecretDefParse(const char *xmlStr,
|
|
|
|
const char *filename)
|
2009-09-01 15:27:46 +00:00
|
|
|
{
|
2010-02-24 20:53:16 +00:00
|
|
|
xmlDocPtr xml;
|
2009-09-01 15:27:46 +00:00
|
|
|
virSecretDefPtr ret = NULL;
|
|
|
|
|
2011-09-14 14:17:57 +00:00
|
|
|
if ((xml = virXMLParse(filename, xmlStr, _("(definition_of_secret)")))) {
|
2010-02-24 20:53:16 +00:00
|
|
|
ret = secretXMLParseNode(xml, xmlDocGetRootElement(xml));
|
|
|
|
xmlFreeDoc(xml);
|
2009-09-01 15:27:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
virSecretDefPtr
|
2010-02-10 12:33:34 +00:00
|
|
|
virSecretDefParseString(const char *xmlStr)
|
2009-09-01 15:27:46 +00:00
|
|
|
{
|
2010-02-10 12:33:34 +00:00
|
|
|
return virSecretDefParse(xmlStr, NULL);
|
2009-09-01 15:27:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
virSecretDefPtr
|
2010-02-10 12:33:34 +00:00
|
|
|
virSecretDefParseFile(const char *filename)
|
2009-09-01 15:27:46 +00:00
|
|
|
{
|
2010-02-10 12:33:34 +00:00
|
|
|
return virSecretDefParse(NULL, filename);
|
2009-09-01 15:27:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-02-10 12:33:34 +00:00
|
|
|
virSecretDefFormatUsage(virBufferPtr buf,
|
2009-09-01 15:27:46 +00:00
|
|
|
const virSecretDefPtr def)
|
|
|
|
{
|
|
|
|
const char *type;
|
|
|
|
|
|
|
|
type = virSecretUsageTypeTypeToString(def->usage_type);
|
|
|
|
if (type == NULL) {
|
2012-07-18 10:50:44 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("unexpected secret usage type %d"),
|
|
|
|
def->usage_type);
|
2009-09-01 15:27:46 +00:00
|
|
|
return -1;
|
|
|
|
}
|
2011-04-30 16:34:49 +00:00
|
|
|
virBufferAsprintf(buf, " <usage type='%s'>\n", type);
|
2009-09-01 15:27:46 +00:00
|
|
|
switch (def->usage_type) {
|
|
|
|
case VIR_SECRET_USAGE_TYPE_NONE:
|
|
|
|
break;
|
|
|
|
|
|
|
|
case VIR_SECRET_USAGE_TYPE_VOLUME:
|
|
|
|
if (def->usage.volume != NULL)
|
|
|
|
virBufferEscapeString(buf, " <volume>%s</volume>\n",
|
|
|
|
def->usage.volume);
|
|
|
|
break;
|
|
|
|
|
2011-10-28 17:30:45 +00:00
|
|
|
case VIR_SECRET_USAGE_TYPE_CEPH:
|
|
|
|
if (def->usage.ceph != NULL) {
|
|
|
|
virBufferEscapeString(buf, " <name>%s</name>\n",
|
|
|
|
def->usage.ceph);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
2013-03-21 11:53:52 +00:00
|
|
|
case VIR_SECRET_USAGE_TYPE_ISCSI:
|
|
|
|
if (def->usage.target != NULL) {
|
|
|
|
virBufferEscapeString(buf, " <target>%s</target>\n",
|
|
|
|
def->usage.target);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
2009-09-01 15:27:46 +00:00
|
|
|
default:
|
2012-07-18 10:50:44 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("unexpected secret usage type %d"),
|
|
|
|
def->usage_type);
|
2009-09-01 15:27:46 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
virBufferAddLit(buf, " </usage>\n");
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
2010-02-10 12:33:34 +00:00
|
|
|
virSecretDefFormat(const virSecretDefPtr def)
|
2009-09-01 15:27:46 +00:00
|
|
|
{
|
|
|
|
virBuffer buf = VIR_BUFFER_INITIALIZER;
|
Fix UUID handling in secrets/storage encryption APIs
Convert all the secret/storage encryption APIs / wire format to
handle UUIDs in raw format instead of non-canonical printable
format. Guarentees data format correctness.
* docs/schemas/storageencryption.rng: Make UUID mandatory for a secret
and validate fully
* docs/schemas/secret.rng: Fully validate UUID
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add
virSecretLookupByUUID and virSecretGetUUID. Make
virSecretGetUUIDString follow normal API design pattern
* python/generator.py: Skip generation of virSecretGetUUID,
virSecretGetUUIDString and virSecretLookupByUUID
* python/libvir.c, python/libvirt-python-api.xml: Manual impl
of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID
* qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/
Fix get_nonnull_secret/make_nonnull_secret to use unsigned char
* qemud/remote_protocol.x: Fix remote_nonnull_secret to use a
remote_uuid instead of remote_nonnull_string for UUID field.
Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to
REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an
remote_uuid value
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.h, src/datatypes.c: Store UUID in raw format instead
of printable. Change virGetSecret to use raw format UUID
* src/driver.h: Rename virDrvSecretLookupByUUIDString to
virDrvSecretLookupByUUID and use raw format UUID
* src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID
and re-implement virSecretLookupByUUIDString and
virSecretGetUUIDString in terms of those
* src/libvirt_public.syms: Add virSecretLookupByUUID and
virSecretGetUUID
* src/remote_internal.c: Rename remoteSecretLookupByUUIDString
to remoteSecretLookupByUUID. Fix typo in args for
remoteSecretDefineXML impl. Use raw UUID format for
get_nonnull_secret and make_nonnull_secret
* src/storage_encryption_conf.c, src/storage_encryption_conf.h:
Storage UUID in raw format, and require it to be present in
XML. Use UUID parser to validate.
* secret_conf.h, secret_conf.c: Generate a UUID if none is provided.
Storage UUID in raw format.
* src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets
in a filed with printable UUID, instead of base64 UUID.
* src/virsh.c: Adjust for changed public API contract of
virSecretGetUUIDString.
* src/storage_Backend.c: DOn't undefine secret we just generated
upon successful volume creation. Fix to handle raw UUIDs. Generate
a non-clashing UUID
* src/qemu_driver.c: Change to use lookupByUUID instead of
lookupByUUIDString
2009-09-10 16:44:12 +00:00
|
|
|
unsigned char *uuid;
|
|
|
|
char uuidstr[VIR_UUID_STRING_BUFLEN];
|
2009-09-01 15:27:46 +00:00
|
|
|
|
2011-04-30 16:34:49 +00:00
|
|
|
virBufferAsprintf(&buf, "<secret ephemeral='%s' private='%s'>\n",
|
2009-09-01 15:27:46 +00:00
|
|
|
def->ephemeral ? "yes" : "no",
|
|
|
|
def->private ? "yes" : "no");
|
Fix UUID handling in secrets/storage encryption APIs
Convert all the secret/storage encryption APIs / wire format to
handle UUIDs in raw format instead of non-canonical printable
format. Guarentees data format correctness.
* docs/schemas/storageencryption.rng: Make UUID mandatory for a secret
and validate fully
* docs/schemas/secret.rng: Fully validate UUID
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add
virSecretLookupByUUID and virSecretGetUUID. Make
virSecretGetUUIDString follow normal API design pattern
* python/generator.py: Skip generation of virSecretGetUUID,
virSecretGetUUIDString and virSecretLookupByUUID
* python/libvir.c, python/libvirt-python-api.xml: Manual impl
of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID
* qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/
Fix get_nonnull_secret/make_nonnull_secret to use unsigned char
* qemud/remote_protocol.x: Fix remote_nonnull_secret to use a
remote_uuid instead of remote_nonnull_string for UUID field.
Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to
REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an
remote_uuid value
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.h, src/datatypes.c: Store UUID in raw format instead
of printable. Change virGetSecret to use raw format UUID
* src/driver.h: Rename virDrvSecretLookupByUUIDString to
virDrvSecretLookupByUUID and use raw format UUID
* src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID
and re-implement virSecretLookupByUUIDString and
virSecretGetUUIDString in terms of those
* src/libvirt_public.syms: Add virSecretLookupByUUID and
virSecretGetUUID
* src/remote_internal.c: Rename remoteSecretLookupByUUIDString
to remoteSecretLookupByUUID. Fix typo in args for
remoteSecretDefineXML impl. Use raw UUID format for
get_nonnull_secret and make_nonnull_secret
* src/storage_encryption_conf.c, src/storage_encryption_conf.h:
Storage UUID in raw format, and require it to be present in
XML. Use UUID parser to validate.
* secret_conf.h, secret_conf.c: Generate a UUID if none is provided.
Storage UUID in raw format.
* src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets
in a filed with printable UUID, instead of base64 UUID.
* src/virsh.c: Adjust for changed public API contract of
virSecretGetUUIDString.
* src/storage_Backend.c: DOn't undefine secret we just generated
upon successful volume creation. Fix to handle raw UUIDs. Generate
a non-clashing UUID
* src/qemu_driver.c: Change to use lookupByUUID instead of
lookupByUUIDString
2009-09-10 16:44:12 +00:00
|
|
|
|
|
|
|
uuid = def->uuid;
|
|
|
|
virUUIDFormat(uuid, uuidstr);
|
|
|
|
virBufferEscapeString(&buf, " <uuid>%s</uuid>\n", uuidstr);
|
2009-09-01 15:27:46 +00:00
|
|
|
if (def->description != NULL)
|
|
|
|
virBufferEscapeString(&buf, " <description>%s</description>\n",
|
|
|
|
def->description);
|
|
|
|
if (def->usage_type != VIR_SECRET_USAGE_TYPE_NONE &&
|
2010-02-10 12:33:34 +00:00
|
|
|
virSecretDefFormatUsage(&buf, def) < 0)
|
2009-09-01 15:27:46 +00:00
|
|
|
goto error;
|
|
|
|
virBufferAddLit(&buf, "</secret>\n");
|
|
|
|
|
|
|
|
if (virBufferError(&buf))
|
|
|
|
goto no_memory;
|
|
|
|
|
|
|
|
return virBufferContentAndReset(&buf);
|
|
|
|
|
|
|
|
no_memory:
|
2010-02-04 18:19:08 +00:00
|
|
|
virReportOOMError();
|
2009-09-01 15:27:46 +00:00
|
|
|
error:
|
2009-12-09 23:00:50 +00:00
|
|
|
virBufferFreeAndReset(&buf);
|
2009-09-01 15:27:46 +00:00
|
|
|
return NULL;
|
|
|
|
}
|