qemu: Introduce qemuDomainSecretInfo

Introduce a new private structure to hold qemu domain auth/secret data. This will be stored in the qemuDomainDiskPrivate as a means to store the auth and fetched secret data rather than generating during building of the command line. The initial changes will handle the current username and secret values for rbd and iscsi disks (in their various forms). The rbd secret is stored as a base64 encoded value, while the iscsi secret is stored as a plain text value. Future changes will store encoded/encrypted secret data as well as an initialization vector needed to be given to qemu in order to decrypt the encoded password along with the domain masterKey. The inital assumption will be that VIR_DOMAIN_SECRET_INFO_PLAIN is being used. Although it's expected that the cleanup of the secret data will be done immediately after command line generation, reintroduce the object dispose function qemuDomainDiskPrivateDispose to handle removing memory associated with the structure for "normal" cleanup paths. Signed-off-by: John Ferlan <jferlan@redhat.com>
2025-02-01 17:35:17 +00:00 · 2016-04-06 08:56:52 -04:00 · 2016-04-06 08:56:52 -04:00 · 48f56a9c5a
commit 48f56a9c5a
parent 0304a2a7ef
2 changed files with 58 additions and 1 deletions
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@ -729,7 +729,28 @@ qemuDomainMasterKeyCreate(virQEMUDriverPtr driver,
 }


+static void
+qemuDomainSecretPlainFree(qemuDomainSecretPlain secret)
+{
+    VIR_FREE(secret.username);
+    memset(secret.secret, 0, strlen(secret.secret));
+    VIR_FREE(secret.secret);
+}
+
+
+static void
+qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secinfo)
+{
+    if (!*secinfo)
+        return;
+
+    qemuDomainSecretPlainFree((*secinfo)->s.plain);
+    VIR_FREE(*secinfo);
+}
+
+
 static virClassPtr qemuDomainDiskPrivateClass;
+static void qemuDomainDiskPrivateDispose(void *obj);

 static int
 qemuDomainDiskPrivateOnceInit(void)
@ -737,7 +758,7 @@ qemuDomainDiskPrivateOnceInit(void)
    qemuDomainDiskPrivateClass = virClassNew(virClassForObject(),
                                             "qemuDomainDiskPrivate",
                                             sizeof(qemuDomainDiskPrivate),
-                                             NULL);
+                                             qemuDomainDiskPrivateDispose);
    if (!qemuDomainDiskPrivateClass)
        return -1;
    else
@ -761,6 +782,15 @@ qemuDomainDiskPrivateNew(void)
 }


+static void
+qemuDomainDiskPrivateDispose(void *obj)
+{
+    qemuDomainDiskPrivatePtr priv = obj;
+
+    qemuDomainSecretInfoFree(&priv->secinfo);
+}
+
+
 /* This is the old way of setting up per-domain directories */
 static int
 qemuDomainSetPrivatePathsOld(virQEMUDriverPtr driver,
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@ -239,6 +239,29 @@ struct _qemuDomainObjPrivate {
    size_t masterKeyLen;
 };

+/* Type of domain secret */
+typedef enum {
+    VIR_DOMAIN_SECRET_INFO_PLAIN = 0,
+
+    VIR_DOMAIN_SECRET_INFO_LAST
+} qemuDomainSecretInfoType;
+
+typedef struct _qemuDomainSecretPlain qemuDomainSecretPlain;
+typedef struct _qemuDomainSecretPlain *qemuDomainSecretPlainPtr;
+struct _qemuDomainSecretPlain {
+    char *username;
+    char *secret;
+};
+
+typedef struct _qemuDomainSecretInfo qemuDomainSecretInfo;
+typedef qemuDomainSecretInfo *qemuDomainSecretInfoPtr;
+struct _qemuDomainSecretInfo {
+    int type;  /* qemuDomainSecretInfoType */
+    union {
+        qemuDomainSecretPlain plain;
+    } s;
+};
+
 # define QEMU_DOMAIN_DISK_PRIVATE(disk)	\
    ((qemuDomainDiskPrivatePtr) (disk)->privateData)

@ -258,6 +281,10 @@ struct _qemuDomainDiskPrivate {
    bool blockJobSync; /* the block job needs synchronized termination */

    bool migrating; /* the disk is being migrated */
+
+    /* for storage devices using auth/secret
+     * NB: *not* to be written to qemu domain object XML */
+    qemuDomainSecretInfoPtr secinfo;
 };

 typedef enum {