From 3d1c9b608003e9b8faf80180530b8073b3337fc8 Mon Sep 17 00:00:00 2001

Message-Id: <3d1c9b608003e9b8faf80180530b8073b3337fc8@dist-git>

From: John Ferlan <jferlan@redhat.com>

Date: Mon, 25 Jul 2016 12:42:59 -0400

Subject: [PATCH] qemu: Alter the qemuDomainGetSecretAESAlias to add new arg

https://bugzilla.redhat.com/show_bug.cgi?id=1301021

Soon we will be adding luks encryption support. Since a volume could require

both a luks secret and a secret to give to the server to use of the device,

alter the alias generation to create a slightly different alias so that

we don't have two objects with the same alias.

Signed-off-by: John Ferlan <jferlan@redhat.com>

(cherry picked from commit b7b3a51e8ab7c95b7ffab6b8d727338d71c37c55)

---

 src/qemu/qemu_alias.c   | 10 ++++++++--

 src/qemu/qemu_alias.h   |  3 ++-

 src/qemu/qemu_domain.c  | 17 ++++++++++-------

 src/qemu/qemu_hotplug.c |  3 ++-

 4 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c

index d624071..51a654a 100644

--- a/src/qemu/qemu_alias.c

+++ b/src/qemu/qemu_alias.c

@@ -485,13 +485,16 @@ qemuDomainGetMasterKeyAlias(void)

 /* qemuDomainGetSecretAESAlias:

+ * @srcalias: Source alias used to generate the secret alias

+ * @isLuks: True when we are generating a secret for LUKS encrypt/decrypt

  *

  * Generate and return an alias for the encrypted secret

  *

  * Returns NULL or a string containing the alias

  */

 char *

-qemuDomainGetSecretAESAlias(const char *srcalias)

+qemuDomainGetSecretAESAlias(const char *srcalias,

+                            bool isLuks)

 {

     char *alias;

@@ -501,7 +504,10 @@ qemuDomainGetSecretAESAlias(const char *srcalias)

         return NULL;

     }

-    ignore_value(virAsprintf(&alias, "%s-secret0", srcalias));

+    if (isLuks)

+        ignore_value(virAsprintf(&alias, "%s-luks-secret0", srcalias));

+    else

+        ignore_value(virAsprintf(&alias, "%s-secret0", srcalias));

     return alias;

 }

diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h

index e328a9b..d1c6ba8 100644

--- a/src/qemu/qemu_alias.h

+++ b/src/qemu/qemu_alias.h

@@ -69,6 +69,7 @@ char *qemuAliasFromDisk(const virDomainDiskDef *disk);

 char *qemuDomainGetMasterKeyAlias(void);

-char *qemuDomainGetSecretAESAlias(const char *srcalias);

+char *qemuDomainGetSecretAESAlias(const char *srcalias,

+                                  bool isLuks);

 #endif /* __QEMU_ALIAS_H__*/

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c

index f298366..27158f4 100644

--- a/src/qemu/qemu_domain.c

+++ b/src/qemu/qemu_domain.c

@@ -848,6 +848,7 @@ qemuDomainSecretPlainSetup(virConnectPtr conn,

  * @secretUsageType: The virSecretUsageType

  * @username: username to use for authentication (may be NULL)

  * @seclookupdef: Pointer to seclookupdef data

+ * @isLuks: True/False for is for luks (alias generation)

  *

  * Taking a secinfo, fill in the AES specific information using the

  *

@@ -860,7 +861,8 @@ qemuDomainSecretAESSetup(virConnectPtr conn,

                          const char *srcalias,

                          virSecretUsageType secretUsageType,

                          const char *username,

-                         virSecretLookupTypeDefPtr seclookupdef)

+                         virSecretLookupTypeDefPtr seclookupdef,

+                         bool isLuks)

 {

     int ret = -1;

     uint8_t *raw_iv = NULL;

@@ -874,7 +876,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,

     if (VIR_STRDUP(secinfo->s.aes.username, username) < 0)

         return -1;

-    if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias)))

+    if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))

         return -1;

     /* Create a random initialization vector */

@@ -923,6 +925,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn,

  * @secretUsageType: The virSecretUsageType

  * @username: username to use for authentication (may be NULL)

  * @seclookupdef: Pointer to seclookupdef data

+ * @isLuks: True when is luks (generates different alias)

  *

  * If we have the encryption API present and can support a secret object, then

  * build the AES secret; otherwise, build the Plain secret. This is the magic

@@ -938,14 +941,15 @@ qemuDomainSecretSetup(virConnectPtr conn,

                       const char *srcalias,

                       virSecretUsageType secretUsageType,

                       const char *username,

-                      virSecretLookupTypeDefPtr seclookupdef)

+                      virSecretLookupTypeDefPtr seclookupdef,

+                      bool isLuks)

 {

     if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&

         virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&

         secretUsageType == VIR_SECRET_USAGE_TYPE_CEPH) {

         if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias,

                                      secretUsageType, username,

-                                     seclookupdef) < 0)

+                                     seclookupdef, isLuks) < 0)

             return -1;

     } else {

         if (qemuDomainSecretPlainSetup(conn, secinfo, secretUsageType,

@@ -1005,7 +1009,6 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,

     qemuDomainSecretInfoPtr secinfo = NULL;

     if (conn && qemuDomainSecretDiskCapable(src)) {

-

         virSecretUsageType secretUsageType = VIR_SECRET_USAGE_TYPE_ISCSI;

         qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);

@@ -1017,7 +1020,7 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,

         if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,

                                   secretUsageType, src->auth->username,

-                                  &src->auth->seclookupdef) < 0)

+                                  &src->auth->seclookupdef, false) < 0)

             goto error;

         diskPriv->secinfo = secinfo;

@@ -1084,7 +1087,7 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn,

             if (qemuDomainSecretSetup(conn, priv, secinfo, hostdev->info->alias,

                                       VIR_SECRET_USAGE_TYPE_ISCSI,

                                       iscsisrc->auth->username,

-                                      &iscsisrc->auth->seclookupdef) < 0)

+                                      &iscsisrc->auth->seclookupdef, false) < 0)

                 goto error;

             hostdevPriv->secinfo = secinfo;

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c

index 084443f..9cb1d44 100644

--- a/src/qemu/qemu_hotplug.c

+++ b/src/qemu/qemu_hotplug.c

@@ -2874,7 +2874,8 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,

     if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&

         qemuDomainSecretDiskCapable(disk->src)) {

-        if (!(objAlias = qemuDomainGetSecretAESAlias(disk->info.alias))) {

+        if (!(objAlias =

+              qemuDomainGetSecretAESAlias(disk->info.alias, false))) {

             VIR_FREE(drivestr);

             return -1;

         }

-- 

2.9.2