提交 03d33860 编写于 作者: M Miloslav Trmač 提交者: Daniel P. Berrange

Local file implementation of secret driver API

This implementation stores the secrets in an unencrypted text file,
for simplicity in implementation and debugging.

(Symmetric encryption, e.g. using gpgme, will not be difficult to add.
Because the TLS private key used by libvirtd is stored unencrypted,
encrypting the secrets file does not currently provide much additional
security.)

* include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New
  error number.
* po/POTFILES.in, src/Makefile.am: Add secret_driver.
* bootstrap: Use gnulib's base64 module.
* src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms:
  Add local secret driver.
* qemud/qemud.c (qemudInitialize): Use the local secret driver.
上级 b9a8bef4
......@@ -65,6 +65,7 @@ gnulib_tool=$GNULIB_SRCDIR/gnulib-tool
<$gnulib_tool || exit
modules='
base64
c-ctype
close
connect
......
......@@ -169,6 +169,7 @@ typedef enum {
VIR_ERR_MULTIPLE_INTERFACES, /* more than one matching interface found */
VIR_WAR_NO_SECRET, /* failed to start secret storage */
VIR_ERR_INVALID_SECRET, /* invalid secret */
VIR_ERR_NO_SECRET, /* secret not found */
} virErrorNumber;
/**
......
......@@ -31,6 +31,7 @@ src/qemu_conf.c
src/qemu_driver.c
src/remote_internal.c
src/secret_conf.c
src/secret_driver.c
src/security.c
src/security_selinux.c
src/storage_backend.c
......
......@@ -92,6 +92,7 @@
#ifdef WITH_NODE_DEVICES
#include "node_device.h"
#endif
#include "secret_driver.h"
#endif
......@@ -814,6 +815,7 @@ static struct qemud_server *qemudInitialize(int sigread) {
virDriverLoadModule("network");
virDriverLoadModule("storage");
virDriverLoadModule("nodedev");
virDriverLoadModule("secret");
virDriverLoadModule("qemu");
virDriverLoadModule("lxc");
virDriverLoadModule("uml");
......@@ -832,6 +834,7 @@ static struct qemud_server *qemudInitialize(int sigread) {
(defined(HAVE_HAL) || defined(HAVE_DEVKIT))
nodedevRegister();
#endif
secretRegister();
#ifdef WITH_QEMU
qemuRegister();
#endif
......
......@@ -182,6 +182,9 @@ NETWORK_DRIVER_SOURCES = \
INTERFACE_DRIVER_SOURCES = \
interface_driver.h interface_driver.c
SECRET_DRIVER_SOURCES = \
secret_driver.h secret_driver.c
# Storage backend specific impls
STORAGE_DRIVER_SOURCES = \
storage_driver.h storage_driver.c \
......@@ -458,6 +461,17 @@ endif
libvirt_driver_interface_la_SOURCES = $(INTERFACE_DRIVER_SOURCES)
endif
if WITH_DRIVER_MODULES
mod_LTLIBRARIES += libvirt_driver_secret.la
else
noinst_LTLIBRARIES += libvirt_driver_secret.la
libvirt_la_LIBADD += libvirt_driver_secret.la
endif
if WITH_DRIVER_MODULES
libvirt_driver_secret_la_LDFLAGS = -module -avoid-version
endif
libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES)
# Needed to keep automake quiet about conditionals
libvirt_driver_storage_la_SOURCES =
libvirt_driver_storage_la_CFLAGS =
......
......@@ -319,6 +319,9 @@ virSecretDefParseString;
virSecretDefParseFile;
virSecretDefFormat;
# secret_driver.h
secretRegister;
# security.h
virSecurityDriverVerify;
virSecurityDriverStartup;
......
此差异已折叠。
/*
* secret_driver.h: local driver for secret manipulation API
*
* Copyright (C) 2009 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* Red Hat Author: Miloslav Trmač <mitr@redhat.com>
*/
#ifndef __VIR_SECRET_DRIVER_H__
#define __VIR_SECRET_DRIVER_H__
int secretRegister(void);
#endif /* __VIR_SECRET_DRIVER_H__ */
......@@ -1082,6 +1082,11 @@ virErrorMsg(virErrorNumber error, const char *info)
errmsg = _("Invalid secret");
else
errmsg = _("Invalid secret: %s");
case VIR_ERR_NO_SECRET:
if (info == NULL)
errmsg = _("Secret not found");
else
errmsg = _("Secret not found: %s");
break;
}
return (errmsg);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册