From b7b3a51e8ab7c95b7ffab6b8d727338d71c37c55 Mon Sep 17 00:00:00 2001 From: John Ferlan Date: Fri, 24 Jun 2016 15:31:57 -0400 Subject: [PATCH] qemu: Alter the qemuDomainGetSecretAESAlias to add new arg Soon we will be adding luks encryption support. Since a volume could require both a luks secret and a secret to give to the server to use of the device, alter the alias generation to create a slightly different alias so that we don't have two objects with the same alias. Signed-off-by: John Ferlan --- src/qemu/qemu_alias.c | 10 ++++++++-- src/qemu/qemu_alias.h | 3 ++- src/qemu/qemu_domain.c | 17 ++++++++++------- src/qemu/qemu_hotplug.c | 5 +++-- 4 files changed, 23 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index d6240710ab..51a654a850 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -485,13 +485,16 @@ qemuDomainGetMasterKeyAlias(void) /* qemuDomainGetSecretAESAlias: + * @srcalias: Source alias used to generate the secret alias + * @isLuks: True when we are generating a secret for LUKS encrypt/decrypt * * Generate and return an alias for the encrypted secret * * Returns NULL or a string containing the alias */ char * -qemuDomainGetSecretAESAlias(const char *srcalias) +qemuDomainGetSecretAESAlias(const char *srcalias, + bool isLuks) { char *alias; @@ -501,7 +504,10 @@ qemuDomainGetSecretAESAlias(const char *srcalias) return NULL; } - ignore_value(virAsprintf(&alias, "%s-secret0", srcalias)); + if (isLuks) + ignore_value(virAsprintf(&alias, "%s-luks-secret0", srcalias)); + else + ignore_value(virAsprintf(&alias, "%s-secret0", srcalias)); return alias; } diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h index e328a9b664..d1c6ba82b8 100644 --- a/src/qemu/qemu_alias.h +++ b/src/qemu/qemu_alias.h @@ -69,6 +69,7 @@ char *qemuAliasFromDisk(const virDomainDiskDef *disk); char *qemuDomainGetMasterKeyAlias(void); -char *qemuDomainGetSecretAESAlias(const char *srcalias); +char *qemuDomainGetSecretAESAlias(const char *srcalias, + bool isLuks); #endif /* __QEMU_ALIAS_H__*/ diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 319293a760..0a44abf9ac 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -895,6 +895,7 @@ qemuDomainSecretPlainSetup(virConnectPtr conn, * @secretUsageType: The virSecretUsageType * @username: username to use for authentication (may be NULL) * @seclookupdef: Pointer to seclookupdef data + * @isLuks: True/False for is for luks (alias generation) * * Taking a secinfo, fill in the AES specific information using the * @@ -907,7 +908,8 @@ qemuDomainSecretAESSetup(virConnectPtr conn, const char *srcalias, virSecretUsageType secretUsageType, const char *username, - virSecretLookupTypeDefPtr seclookupdef) + virSecretLookupTypeDefPtr seclookupdef, + bool isLuks) { int ret = -1; uint8_t *raw_iv = NULL; @@ -921,7 +923,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn, if (VIR_STRDUP(secinfo->s.aes.username, username) < 0) return -1; - if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias))) + if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks))) return -1; /* Create a random initialization vector */ @@ -970,6 +972,7 @@ qemuDomainSecretAESSetup(virConnectPtr conn, * @secretUsageType: The virSecretUsageType * @username: username to use for authentication (may be NULL) * @seclookupdef: Pointer to seclookupdef data + * @isLuks: True when is luks (generates different alias) * * If we have the encryption API present and can support a secret object, then * build the AES secret; otherwise, build the Plain secret. This is the magic @@ -985,14 +988,15 @@ qemuDomainSecretSetup(virConnectPtr conn, const char *srcalias, virSecretUsageType secretUsageType, const char *username, - virSecretLookupTypeDefPtr seclookupdef) + virSecretLookupTypeDefPtr seclookupdef, + bool isLuks) { if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) && virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) && secretUsageType == VIR_SECRET_USAGE_TYPE_CEPH) { if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias, secretUsageType, username, - seclookupdef) < 0) + seclookupdef, isLuks) < 0) return -1; } else { if (qemuDomainSecretPlainSetup(conn, secinfo, secretUsageType, @@ -1052,7 +1056,6 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn, qemuDomainSecretInfoPtr secinfo = NULL; if (conn && qemuDomainSecretDiskCapable(src)) { - virSecretUsageType secretUsageType = VIR_SECRET_USAGE_TYPE_ISCSI; qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk); @@ -1064,7 +1067,7 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn, if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias, secretUsageType, src->auth->username, - &src->auth->seclookupdef) < 0) + &src->auth->seclookupdef, false) < 0) goto error; diskPriv->secinfo = secinfo; @@ -1131,7 +1134,7 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn, if (qemuDomainSecretSetup(conn, priv, secinfo, hostdev->info->alias, VIR_SECRET_USAGE_TYPE_ISCSI, iscsisrc->auth->username, - &iscsisrc->auth->seclookupdef) < 0) + &iscsisrc->auth->seclookupdef, false) < 0) goto error; hostdevPriv->secinfo = secinfo; diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 9fc431bfda..6ed67e13ce 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -374,7 +374,7 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn, secobjProps); secobjProps = NULL; /* qemuMonitorAddObject consumes */ if (rv < 0) - goto monitor_error; + goto exit_monitor; } secobjAdded = true; @@ -2874,7 +2874,8 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver, if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) && qemuDomainSecretDiskCapable(disk->src)) { - if (!(objAlias = qemuDomainGetSecretAESAlias(disk->info.alias))) { + if (!(objAlias = + qemuDomainGetSecretAESAlias(disk->info.alias, false))) { VIR_FREE(drivestr); return -1; } -- GitLab