|
 |
d76c62 |
From 055d76ce856aecab3dfe3106429c926df405143b Mon Sep 17 00:00:00 2001
|
|
|
d76c62 |
Message-Id: <055d76ce856aecab3dfe3106429c926df405143b@dist-git>
|
|
|
d76c62 |
From: Peter Krempa <pkrempa@redhat.com>
|
|
|
d76c62 |
Date: Mon, 16 Mar 2020 22:11:53 +0100
|
|
|
d76c62 |
Subject: [PATCH] qemuDomainSecretAESSetupFromSecret: Use 'qemuAliasForSecret'
|
|
|
d76c62 |
MIME-Version: 1.0
|
|
|
d76c62 |
Content-Type: text/plain; charset=UTF-8
|
|
|
d76c62 |
Content-Transfer-Encoding: 8bit
|
|
|
d76c62 |
|
|
|
d76c62 |
Replace qemuDomainGetSecretAESAlias by the new function so that we can
|
|
|
d76c62 |
reuse qemuDomainSecretAESSetupFromSecret also for setting up other kinds
|
|
|
d76c62 |
of objects.
|
|
|
d76c62 |
|
|
|
d76c62 |
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
|
|
|
d76c62 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
d76c62 |
(cherry picked from commit 86fecaedf556dbd4d32efe28638c811be0e595d3)
|
|
|
d76c62 |
|
|
|
d76c62 |
https://bugzilla.redhat.com/show_bug.cgi?id=1804750
|
|
|
d76c62 |
Message-Id: <88a582c0e5b8a73dd88f6872530c80b404149fb3.1584391727.git.pkrempa@redhat.com>
|
|
|
d76c62 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
d76c62 |
---
|
|
|
d76c62 |
src/qemu/qemu_domain.c | 30 ++++++++++++++----------------
|
|
|
d76c62 |
1 file changed, 14 insertions(+), 16 deletions(-)
|
|
|
d76c62 |
|
|
|
d76c62 |
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
|
|
|
d76c62 |
index 0047a1d316..3599e0c9aa 100644
|
|
|
d76c62 |
--- a/src/qemu/qemu_domain.c
|
|
|
d76c62 |
+++ b/src/qemu/qemu_domain.c
|
|
|
d76c62 |
@@ -1583,34 +1583,32 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
|
|
|
d76c62 |
* qemuDomainSecretAESSetupFromSecret:
|
|
|
d76c62 |
* @priv: pointer to domain private object
|
|
|
d76c62 |
* @srcalias: Alias of the disk/hostdev used to generate the secret alias
|
|
|
d76c62 |
+ * @secretuse: specific usage for the secret (may be NULL if main object is using it)
|
|
|
d76c62 |
* @usageType: The virSecretUsageType
|
|
|
d76c62 |
* @username: username to use for authentication (may be NULL)
|
|
|
d76c62 |
* @seclookupdef: Pointer to seclookupdef data
|
|
|
d76c62 |
- * @isLuks: True/False for is for luks (alias generation)
|
|
|
d76c62 |
*
|
|
|
d76c62 |
* Looks up a secret in the secret driver based on @usageType and @seclookupdef
|
|
|
d76c62 |
- * and builds qemuDomainSecretInfoPtr from it.
|
|
|
d76c62 |
+ * and builds qemuDomainSecretInfoPtr from it. @use describes the usage of the
|
|
|
d76c62 |
+ * secret in case if @srcalias requires more secrets for various usage cases.
|
|
|
d76c62 |
*/
|
|
|
d76c62 |
static qemuDomainSecretInfoPtr
|
|
|
d76c62 |
qemuDomainSecretAESSetupFromSecret(qemuDomainObjPrivatePtr priv,
|
|
|
d76c62 |
const char *srcalias,
|
|
|
d76c62 |
+ const char *secretuse,
|
|
|
d76c62 |
virSecretUsageType usageType,
|
|
|
d76c62 |
const char *username,
|
|
|
d76c62 |
- virSecretLookupTypeDefPtr seclookupdef,
|
|
|
d76c62 |
- bool isLuks)
|
|
|
d76c62 |
+ virSecretLookupTypeDefPtr seclookupdef)
|
|
|
d76c62 |
{
|
|
|
d76c62 |
g_autoptr(virConnect) conn = virGetConnectSecret();
|
|
|
d76c62 |
qemuDomainSecretInfoPtr secinfo;
|
|
|
d76c62 |
- g_autofree char *alias = NULL;
|
|
|
d76c62 |
+ g_autofree char *alias = qemuAliasForSecret(srcalias, secretuse);
|
|
|
d76c62 |
uint8_t *secret = NULL;
|
|
|
d76c62 |
size_t secretlen = 0;
|
|
|
d76c62 |
|
|
|
d76c62 |
if (!conn)
|
|
|
d76c62 |
return NULL;
|
|
|
d76c62 |
|
|
|
d76c62 |
- if (!(alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
|
|
|
d76c62 |
- return NULL;
|
|
|
d76c62 |
-
|
|
|
d76c62 |
if (virSecretGetSecretString(conn, seclookupdef, usageType,
|
|
|
d76c62 |
&secret, &secretlen) < 0)
|
|
|
d76c62 |
return NULL;
|
|
|
d76c62 |
@@ -1695,9 +1693,9 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivatePtr priv,
|
|
|
d76c62 |
}
|
|
|
d76c62 |
seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
|
|
|
d76c62 |
|
|
|
d76c62 |
- return qemuDomainSecretAESSetupFromSecret(priv, srcAlias,
|
|
|
d76c62 |
+ return qemuDomainSecretAESSetupFromSecret(priv, srcAlias, NULL,
|
|
|
d76c62 |
VIR_SECRET_USAGE_TYPE_TLS,
|
|
|
d76c62 |
- NULL, &seclookupdef, false);
|
|
|
d76c62 |
+ NULL, &seclookupdef);
|
|
|
d76c62 |
}
|
|
|
d76c62 |
|
|
|
d76c62 |
|
|
|
d76c62 |
@@ -1788,10 +1786,10 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv,
|
|
|
d76c62 |
&src->auth->seclookupdef);
|
|
|
d76c62 |
} else {
|
|
|
d76c62 |
srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv, aliasprotocol,
|
|
|
d76c62 |
+ NULL,
|
|
|
d76c62 |
usageType,
|
|
|
d76c62 |
src->auth->username,
|
|
|
d76c62 |
- &src->auth->seclookupdef,
|
|
|
d76c62 |
- false);
|
|
|
d76c62 |
+ &src->auth->seclookupdef);
|
|
|
d76c62 |
}
|
|
|
d76c62 |
|
|
|
d76c62 |
if (!srcPriv->secinfo)
|
|
|
d76c62 |
@@ -1800,10 +1798,10 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv,
|
|
|
d76c62 |
|
|
|
d76c62 |
if (hasEnc) {
|
|
|
d76c62 |
if (!(srcPriv->encinfo = qemuDomainSecretAESSetupFromSecret(priv, aliasformat,
|
|
|
d76c62 |
+ "luks",
|
|
|
d76c62 |
VIR_SECRET_USAGE_TYPE_VOLUME,
|
|
|
d76c62 |
NULL,
|
|
|
d76c62 |
- &src->encryption->secrets[0]->seclookupdef,
|
|
|
d76c62 |
- true)))
|
|
|
d76c62 |
+ &src->encryption->secrets[0]->seclookupdef)))
|
|
|
d76c62 |
return -1;
|
|
|
d76c62 |
}
|
|
|
d76c62 |
|
|
|
d76c62 |
@@ -1864,10 +1862,10 @@ qemuDomainSecretHostdevPrepare(qemuDomainObjPrivatePtr priv,
|
|
|
d76c62 |
} else {
|
|
|
d76c62 |
srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv,
|
|
|
d76c62 |
hostdev->info->alias,
|
|
|
d76c62 |
+ NULL,
|
|
|
d76c62 |
usageType,
|
|
|
d76c62 |
src->auth->username,
|
|
|
d76c62 |
- &src->auth->seclookupdef,
|
|
|
d76c62 |
- false);
|
|
|
d76c62 |
+ &src->auth->seclookupdef);
|
|
|
d76c62 |
}
|
|
|
d76c62 |
|
|
|
d76c62 |
if (!srcPriv->secinfo)
|
|
|
d76c62 |
--
|
|
|
d76c62 |
2.25.1
|
|
|
d76c62 |
|