External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-21 19:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Alter the qemuDomainGetSecretAESAlias to add new arg

Browse Source 
Soon we will be adding luks encryption support. Since a volume could require
both a luks secret and a secret to give to the server to use of the device,
alter the alias generation to create a slightly different alias so that
we don't have two objects with the same alias.

Signed-off-by: John Ferlan <jferlan@redhat.com>
This commit is contained in:
John Ferlan 2016-06-24 15:31:57 -04:00
parent fceeeda211
commit b7b3a51e8a
4 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/qemu/qemu_alias.c
View File

@ -485,13 +485,16 @@ qemuDomainGetMasterKeyAlias(void)
/* qemuDomainGetSecretAESAlias:
* @srcalias: Source alias used to generate the secret alias
* @isLuks: True when we are generating a secret for LUKS encrypt/decrypt
*
* Generate and return an alias for the encrypted secret
*
* Returns NULL or a string containing the alias
*/
char *
qemuDomainGetSecretAESAlias(const char *srcalias)
qemuDomainGetSecretAESAlias(const char *srcalias,
bool isLuks)
{
char *alias;
@ -501,7 +504,10 @@ qemuDomainGetSecretAESAlias(const char *srcalias)
return NULL;
}
ignore_value(virAsprintf(&alias, "%s-secret0", srcalias));
if (isLuks)
ignore_value(virAsprintf(&alias, "%s-luks-secret0", srcalias));
else
ignore_value(virAsprintf(&alias, "%s-secret0", srcalias));
return alias;
}

3
src/qemu/qemu_alias.h
View File

@ -69,6 +69,7 @@ char *qemuAliasFromDisk(const virDomainDiskDef *disk);
char *qemuDomainGetMasterKeyAlias(void);
char *qemuDomainGetSecretAESAlias(const char *srcalias);
char *qemuDomainGetSecretAESAlias(const char *srcalias,
bool isLuks);
#endif /* __QEMU_ALIAS_H__*/

17
src/qemu/qemu_domain.c
View File

@ -895,6 +895,7 @@ qemuDomainSecretPlainSetup(virConnectPtr conn,
* @secretUsageType: The virSecretUsageType
* @username: username to use for authentication (may be NULL)
* @seclookupdef: Pointer to seclookupdef data
* @isLuks: True/False for is for luks (alias generation)
*
* Taking a secinfo, fill in the AES specific information using the
*
@ -907,7 +908,8 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
const char *srcalias,
virSecretUsageType secretUsageType,
const char *username,
virSecretLookupTypeDefPtr seclookupdef)
virSecretLookupTypeDefPtr seclookupdef,
bool isLuks)
{
int ret = -1;
uint8_t *raw_iv = NULL;
@ -921,7 +923,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
if (VIR_STRDUP(secinfo->s.aes.username, username) < 0)
return -1;
if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias)))
if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
return -1;
/* Create a random initialization vector */
@ -970,6 +972,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
* @secretUsageType: The virSecretUsageType
* @username: username to use for authentication (may be NULL)
* @seclookupdef: Pointer to seclookupdef data
* @isLuks: True when is luks (generates different alias)
*
* If we have the encryption API present and can support a secret object, then
* build the AES secret; otherwise, build the Plain secret. This is the magic
@ -985,14 +988,15 @@ qemuDomainSecretSetup(virConnectPtr conn,
const char *srcalias,
virSecretUsageType secretUsageType,
const char *username,
virSecretLookupTypeDefPtr seclookupdef)
virSecretLookupTypeDefPtr seclookupdef,
bool isLuks)
{
if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
secretUsageType == VIR_SECRET_USAGE_TYPE_CEPH) {
if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias,
secretUsageType, username,
seclookupdef) < 0)
seclookupdef, isLuks) < 0)
return -1;
} else {
if (qemuDomainSecretPlainSetup(conn, secinfo, secretUsageType,
@ -1052,7 +1056,6 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
qemuDomainSecretInfoPtr secinfo = NULL;
if (conn && qemuDomainSecretDiskCapable(src)) {
virSecretUsageType secretUsageType = VIR_SECRET_USAGE_TYPE_ISCSI;
qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
@ -1064,7 +1067,7 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,
secretUsageType, src->auth->username,
&src->auth->seclookupdef) < 0)
&src->auth->seclookupdef, false) < 0)
goto error;
diskPriv->secinfo = secinfo;
@ -1131,7 +1134,7 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn,
if (qemuDomainSecretSetup(conn, priv, secinfo, hostdev->info->alias,
VIR_SECRET_USAGE_TYPE_ISCSI,
iscsisrc->auth->username,
&iscsisrc->auth->seclookupdef) < 0)
&iscsisrc->auth->seclookupdef, false) < 0)
goto error;
hostdevPriv->secinfo = secinfo;

5
src/qemu/qemu_hotplug.c
View File

@ -374,7 +374,7 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
secobjProps);
secobjProps = NULL; /* qemuMonitorAddObject consumes */
if (rv < 0)
goto monitor_error;
goto exit_monitor;
}
secobjAdded = true;
@ -2874,7 +2874,8 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
qemuDomainSecretDiskCapable(disk->src)) {
if (!(objAlias = qemuDomainGetSecretAESAlias(disk->info.alias))) {
if (!(objAlias =
qemuDomainGetSecretAESAlias(disk->info.alias, false))) {
VIR_FREE(drivestr);
return -1;
}