Commit Graph

12 Commits

Author SHA1 Message Date
Peter Krempa
1e6e34b144 util: storage: Sanitize parsing of disk encryption XMLs
Pass in the XPath context as we do in all other places rather than
allocating a new one.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-08 14:29:50 +01:00
Peter Krempa
15948e6266 util: storageencryption: Refactor cleanup section in virStorageEncryptionParseXML
The function used the 'cleanup' label only in error cases. This patch
makes the code pass the cleanup label in every case and removes few
unnecessary VIR_FREEs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-08 14:29:50 +01:00
Michal Privoznik
b04835258f virStorageEncryptionSecretFree: Don't leak secret lookup definition
When storage secret is parsed in virStorageEncryptionSecretParse(),
virSecretLookupParseSecret() which allocates some memory. This is
however never freed.

==21711== 134 bytes in 6 blocks are definitely lost in loss record 70 of 85
==21711==    at 0x4C29F80: malloc (vg_replace_malloc.c:296)
==21711==    by 0xBCA0356: xmlStrndup (in /usr/lib64/libxml2.so.2.9.4)
==21711==    by 0xA9F432E: virXMLPropString (virxml.c:479)
==21711==    by 0xA9D25B0: virSecretLookupParseSecret (virsecret.c:70)
==21711==    by 0xA9D616E: virStorageEncryptionSecretParse (virstorageencryption.c:172)
==21711==    by 0xA9D66B2: virStorageEncryptionParseXML (virstorageencryption.c:281)
==21711==    by 0xA9D68DF: virStorageEncryptionParseNode (virstorageencryption.c:338)
==21711==    by 0xAA12575: virDomainDiskDefParseXML (domain_conf.c:7606)
==21711==    by 0xAA2CAC6: virDomainDefParseXML (domain_conf.c:16658)
==21711==    by 0xAA2FC75: virDomainDefParseNode (domain_conf.c:17472)
==21711==    by 0xAA2FAE4: virDomainDefParse (domain_conf.c:17419)
==21711==    by 0xAA2FB72: virDomainDefParseFile (domain_conf.c:17443)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-11 14:21:01 +02:00
John Ferlan
2552fec248 encryption: Add <cipher> and <ivgen> to encryption
For a luks device, allow the configuration of a specific cipher to be
used for encrypting the volume.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-01 15:46:57 -04:00
John Ferlan
9bbf0d7e64 encryption: Add luks parsing for storageencryption
Add parse and format of the luks/passphrase secret including tests for
volume XML parsing.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-01 15:46:52 -04:00
John Ferlan
47e88b33be util: Add 'usage' for encryption
In order to use more common code and set up for a future type, modify the
encryption secret to allow the "usage" attribute or the "uuid" attribute
to define the secret. The "usage" in the case of a volume secret would be
the path to the volume as dictated by the backwards compatibility brought
on by virStorageGenerateQcowEncryption where it set up the usage field as
the vol->target.path and didn't allow someone to provide it. This carries
into virSecretObjListFindByUsageLocked which takes the secret usage attribute
value from from the domain disk definition and compares it against the
usage type from the secret definition. Since none of the code dealing
with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly
cosmetic change. The real usage comes in a future path where the encryption
is expanded to be a luks volume and the secret will allow definition of
the usage field.

This code will make use of the virSecretLookup{Parse|Format}Secret common code.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-01 15:46:24 -04:00
John Ferlan
1933b87855 util: Clean up code formatting in virstorageencryption
Bring style more in line with more recent code.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-06 11:41:45 -04:00
Martin Kletzander
1b7f8ca6bd Remove unnecessary curly brackets in src/util/
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-11-14 17:13:35 +01:00
Martin Kletzander
93cf8f9861 cleanup spaces between parentheses and braces
And add a syntax-check for '){$'.  It's not perfect, but better than
nothing.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-08-20 14:50:21 +02:00
Peter Krempa
756b46ddd2 storage: encryption: Add deep copy function for storage encryption 2014-06-20 09:14:46 +02:00
Eric Blake
ab5178188f maint: shorten 'TypeType' function names
The VIR_ENUM_DECL/VIR_ENUM_IMPL helper macros already append 'Type'
to the enum name being converted; it looks silly to have functions
with 'TypeType' in their name.  Even though some of our enums have
to have a 'Type' suffix, the corresponding string conversion
functions do not.

* src/conf/secret_conf.h (VIR_ENUM_DECL): Rename virSecretUsageType.
* src/conf/storage_conf.h (VIR_ENUM_DECL): Rename
virStoragePoolAuthType, virStoragePoolSourceAdapterType,
virStoragePartedFsType.
* src/conf/domain_conf.c (virDomainDiskDefParseXML)
(virDomainFSDefParseXML, virDomainFSDefFormat): Update callers.
* src/conf/secret_conf.c (virSecretDefParseUsage)
(virSecretDefFormatUsage): Likewise.
* src/conf/storage_conf.c (virStoragePoolDefParseAuth)
(virStoragePoolDefParseSource, virStoragePoolSourceFormat):
Likewise.
* src/lxc/lxc_controller.c (virLXCControllerSetupLoopDevices):
Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskPartFormat): Likewise.
* src/util/virstorageencryption.c (virStorageEncryptionSecretParse)
(virStorageEncryptionSecretFormat): Likewise.
* tools/virsh-secret.c (cmdSecretList): Likewise.
* src/libvirt_private.syms (secret_conf.h, storage_conf.h): Export
corrected names.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-16 00:22:18 -06:00
Eric Blake
8fc328592c conf: move storage encryption type to util/
Encryption keys can be associated with each source file in a
backing chain; as such, this file belongs more in util/ where
it can be used by virstoragefile.h.

* src/conf/storage_encryption_conf.h: Rename...
* src/util/virstorageencryption.h: ...to this.
* src/conf/storage_encryption_conf.c: Rename...
* src/util/virstorageencryption.c: ...to this.
* src/Makefile.am (ENCRYPTION_CONF_SOURCES, CONF_SOURCES)
(UTIL_SOURCES): Update to new file names.
* src/libvirt_private.syms: Likewise.
* src/conf/domain_conf.h: Update client.
* src/conf/storage_conf.h: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-01 10:38:13 -06:00