render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
6ae9ed
From 3d1c9b608003e9b8faf80180530b8073b3337fc8 Mon Sep 17 00:00:00 2001
6ae9ed
Message-Id: <3d1c9b608003e9b8faf80180530b8073b3337fc8@dist-git>
6ae9ed
From: John Ferlan <jferlan@redhat.com>
6ae9ed
Date: Mon, 25 Jul 2016 12:42:59 -0400
6ae9ed
Subject: [PATCH] qemu: Alter the qemuDomainGetSecretAESAlias to add new arg
6ae9ed
6ae9ed
https://bugzilla.redhat.com/show_bug.cgi?id=1301021
6ae9ed
6ae9ed
Soon we will be adding luks encryption support. Since a volume could require
6ae9ed
both a luks secret and a secret to give to the server to use of the device,
6ae9ed
alter the alias generation to create a slightly different alias so that
6ae9ed
we don't have two objects with the same alias.
6ae9ed
6ae9ed
Signed-off-by: John Ferlan <jferlan@redhat.com>
6ae9ed
(cherry picked from commit b7b3a51e8ab7c95b7ffab6b8d727338d71c37c55)
6ae9ed
---
6ae9ed
 src/qemu/qemu_alias.c   | 10 ++++++++--
6ae9ed
 src/qemu/qemu_alias.h   |  3 ++-
6ae9ed
 src/qemu/qemu_domain.c  | 17 ++++++++++-------
6ae9ed
 src/qemu/qemu_hotplug.c |  3 ++-
6ae9ed
 4 files changed, 22 insertions(+), 11 deletions(-)
6ae9ed
6ae9ed
diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
6ae9ed
index d624071..51a654a 100644
6ae9ed
--- a/src/qemu/qemu_alias.c
6ae9ed
+++ b/src/qemu/qemu_alias.c
6ae9ed
@@ -485,13 +485,16 @@ qemuDomainGetMasterKeyAlias(void)
6ae9ed
 
6ae9ed
 
6ae9ed
 /* qemuDomainGetSecretAESAlias:
6ae9ed
+ * @srcalias: Source alias used to generate the secret alias
6ae9ed
+ * @isLuks: True when we are generating a secret for LUKS encrypt/decrypt
6ae9ed
  *
6ae9ed
  * Generate and return an alias for the encrypted secret
6ae9ed
  *
6ae9ed
  * Returns NULL or a string containing the alias
6ae9ed
  */
6ae9ed
 char *
6ae9ed
-qemuDomainGetSecretAESAlias(const char *srcalias)
6ae9ed
+qemuDomainGetSecretAESAlias(const char *srcalias,
6ae9ed
+                            bool isLuks)
6ae9ed
 {
6ae9ed
     char *alias;
6ae9ed
 
6ae9ed
@@ -501,7 +504,10 @@ qemuDomainGetSecretAESAlias(const char *srcalias)
6ae9ed
         return NULL;
6ae9ed
     }
6ae9ed
 
6ae9ed
-    ignore_value(virAsprintf(&alias, "%s-secret0", srcalias));
6ae9ed
+    if (isLuks)
6ae9ed
+        ignore_value(virAsprintf(&alias, "%s-luks-secret0", srcalias));
6ae9ed
+    else
6ae9ed
+        ignore_value(virAsprintf(&alias, "%s-secret0", srcalias));
6ae9ed
 
6ae9ed
     return alias;
6ae9ed
 }
6ae9ed
diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h
6ae9ed
index e328a9b..d1c6ba8 100644
6ae9ed
--- a/src/qemu/qemu_alias.h
6ae9ed
+++ b/src/qemu/qemu_alias.h
6ae9ed
@@ -69,6 +69,7 @@ char *qemuAliasFromDisk(const virDomainDiskDef *disk);
6ae9ed
 
6ae9ed
 char *qemuDomainGetMasterKeyAlias(void);
6ae9ed
 
6ae9ed
-char *qemuDomainGetSecretAESAlias(const char *srcalias);
6ae9ed
+char *qemuDomainGetSecretAESAlias(const char *srcalias,
6ae9ed
+                                  bool isLuks);
6ae9ed
 
6ae9ed
 #endif /* __QEMU_ALIAS_H__*/
6ae9ed
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
6ae9ed
index f298366..27158f4 100644
6ae9ed
--- a/src/qemu/qemu_domain.c
6ae9ed
+++ b/src/qemu/qemu_domain.c
6ae9ed
@@ -848,6 +848,7 @@ qemuDomainSecretPlainSetup(virConnectPtr conn,
6ae9ed
  * @secretUsageType: The virSecretUsageType
6ae9ed
  * @username: username to use for authentication (may be NULL)
6ae9ed
  * @seclookupdef: Pointer to seclookupdef data
6ae9ed
+ * @isLuks: True/False for is for luks (alias generation)
6ae9ed
  *
6ae9ed
  * Taking a secinfo, fill in the AES specific information using the
6ae9ed
  *
6ae9ed
@@ -860,7 +861,8 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
6ae9ed
                          const char *srcalias,
6ae9ed
                          virSecretUsageType secretUsageType,
6ae9ed
                          const char *username,
6ae9ed
-                         virSecretLookupTypeDefPtr seclookupdef)
6ae9ed
+                         virSecretLookupTypeDefPtr seclookupdef,
6ae9ed
+                         bool isLuks)
6ae9ed
 {
6ae9ed
     int ret = -1;
6ae9ed
     uint8_t *raw_iv = NULL;
6ae9ed
@@ -874,7 +876,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
6ae9ed
     if (VIR_STRDUP(secinfo->s.aes.username, username) < 0)
6ae9ed
         return -1;
6ae9ed
 
6ae9ed
-    if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias)))
6ae9ed
+    if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
6ae9ed
         return -1;
6ae9ed
 
6ae9ed
     /* Create a random initialization vector */
6ae9ed
@@ -923,6 +925,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,
6ae9ed
  * @secretUsageType: The virSecretUsageType
6ae9ed
  * @username: username to use for authentication (may be NULL)
6ae9ed
  * @seclookupdef: Pointer to seclookupdef data
6ae9ed
+ * @isLuks: True when is luks (generates different alias)
6ae9ed
  *
6ae9ed
  * If we have the encryption API present and can support a secret object, then
6ae9ed
  * build the AES secret; otherwise, build the Plain secret. This is the magic
6ae9ed
@@ -938,14 +941,15 @@ qemuDomainSecretSetup(virConnectPtr conn,
6ae9ed
                       const char *srcalias,
6ae9ed
                       virSecretUsageType secretUsageType,
6ae9ed
                       const char *username,
6ae9ed
-                      virSecretLookupTypeDefPtr seclookupdef)
6ae9ed
+                      virSecretLookupTypeDefPtr seclookupdef,
6ae9ed
+                      bool isLuks)
6ae9ed
 {
6ae9ed
     if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
6ae9ed
         virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
6ae9ed
         secretUsageType == VIR_SECRET_USAGE_TYPE_CEPH) {
6ae9ed
         if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias,
6ae9ed
                                      secretUsageType, username,
6ae9ed
-                                     seclookupdef) < 0)
6ae9ed
+                                     seclookupdef, isLuks) < 0)
6ae9ed
             return -1;
6ae9ed
     } else {
6ae9ed
         if (qemuDomainSecretPlainSetup(conn, secinfo, secretUsageType,
6ae9ed
@@ -1005,7 +1009,6 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
6ae9ed
     qemuDomainSecretInfoPtr secinfo = NULL;
6ae9ed
 
6ae9ed
     if (conn && qemuDomainSecretDiskCapable(src)) {
6ae9ed
-
6ae9ed
         virSecretUsageType secretUsageType = VIR_SECRET_USAGE_TYPE_ISCSI;
6ae9ed
         qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
6ae9ed
 
6ae9ed
@@ -1017,7 +1020,7 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
6ae9ed
 
6ae9ed
         if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,
6ae9ed
                                   secretUsageType, src->auth->username,
6ae9ed
-                                  &src->auth->seclookupdef) < 0)
6ae9ed
+                                  &src->auth->seclookupdef, false) < 0)
6ae9ed
             goto error;
6ae9ed
 
6ae9ed
         diskPriv->secinfo = secinfo;
6ae9ed
@@ -1084,7 +1087,7 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn,
6ae9ed
             if (qemuDomainSecretSetup(conn, priv, secinfo, hostdev->info->alias,
6ae9ed
                                       VIR_SECRET_USAGE_TYPE_ISCSI,
6ae9ed
                                       iscsisrc->auth->username,
6ae9ed
-                                      &iscsisrc->auth->seclookupdef) < 0)
6ae9ed
+                                      &iscsisrc->auth->seclookupdef, false) < 0)
6ae9ed
                 goto error;
6ae9ed
 
6ae9ed
             hostdevPriv->secinfo = secinfo;
6ae9ed
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
6ae9ed
index 084443f..9cb1d44 100644
6ae9ed
--- a/src/qemu/qemu_hotplug.c
6ae9ed
+++ b/src/qemu/qemu_hotplug.c
6ae9ed
@@ -2874,7 +2874,8 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
6ae9ed
     if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
6ae9ed
         qemuDomainSecretDiskCapable(disk->src)) {
6ae9ed
 
6ae9ed
-        if (!(objAlias = qemuDomainGetSecretAESAlias(disk->info.alias))) {
6ae9ed
+        if (!(objAlias =
6ae9ed
+              qemuDomainGetSecretAESAlias(disk->info.alias, false))) {
6ae9ed
             VIR_FREE(drivestr);
6ae9ed
             return -1;
6ae9ed
         }
6ae9ed
-- 
6ae9ed
2.9.2
6ae9ed