From c9a7b7b6ea3232ab2bfe50d5c41f0ae698e6b91e Mon Sep 17 00:00:00 2001 From: John Ferlan Date: Mon, 20 Feb 2017 15:04:58 -0500 Subject: [PATCH] qemu: Introduce qemuDomainSecretInfoNew Create a helper which will create the secinfo used for disks, hostdevs, and chardevs. Signed-off-by: John Ferlan --- src/qemu/qemu_domain.c | 137 +++++++++++++++++++++-------------------- 1 file changed, 71 insertions(+), 66 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 9be78bdbd4..ced7bcc9f7 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1112,6 +1112,52 @@ qemuDomainSecretSetup(virConnectPtr conn, } +/* qemuDomainSecretInfoNew: + * @conn: Pointer to connection + * @priv: pointer to domain private object + * @srcAlias: Alias base to use for TLS object + * @usageType: Secret usage type + * @username: username for plain secrets (only) + * @looupdef: lookup def describing secret + * @isLuks: boolean for luks lookup + * + * Helper function to create a secinfo to be used for secinfo consumers + * + * Returns @secinfo on success, NULL on failure. Caller is responsible + * to eventually free @secinfo. + */ +static qemuDomainSecretInfoPtr +qemuDomainSecretInfoNew(virConnectPtr conn, + qemuDomainObjPrivatePtr priv, + const char *srcAlias, + virSecretUsageType usageType, + const char *username, + virSecretLookupTypeDefPtr lookupDef, + bool isLuks) +{ + qemuDomainSecretInfoPtr secinfo = NULL; + + if (VIR_ALLOC(secinfo) < 0) + return NULL; + + if (qemuDomainSecretSetup(conn, priv, secinfo, srcAlias, usageType, + username, lookupDef, isLuks) < 0) + goto error; + + if (!username && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("encrypted secrets are not supported")); + goto error; + } + + return secinfo; + + error: + qemuDomainSecretInfoFree(&secinfo); + return NULL; +} + + /* qemuDomainSecretDiskDestroy: * @disk: Pointer to a disk definition * @@ -1171,51 +1217,30 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn, { virStorageSourcePtr src = disk->src; qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk); - qemuDomainSecretInfoPtr secinfo = NULL; if (qemuDomainSecretDiskCapable(src)) { virSecretUsageType secretUsageType = VIR_SECRET_USAGE_TYPE_ISCSI; - if (VIR_ALLOC(secinfo) < 0) - return -1; - if (src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD) secretUsageType = VIR_SECRET_USAGE_TYPE_CEPH; - if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias, - secretUsageType, src->auth->username, - &src->auth->seclookupdef, false) < 0) - goto error; - - diskPriv->secinfo = secinfo; + if (!(diskPriv->secinfo = + qemuDomainSecretInfoNew(conn, priv, disk->info.alias, + secretUsageType, src->auth->username, + &src->auth->seclookupdef, false))) + return -1; } if (qemuDomainDiskHasEncryptionSecret(src)) { - - if (VIR_ALLOC(secinfo) < 0) - return -1; - - if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias, - VIR_SECRET_USAGE_TYPE_VOLUME, NULL, - &src->encryption->secrets[0]->seclookupdef, - true) < 0) - goto error; - - if (secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("luks encryption requires encrypted secrets " - "to be supported")); - goto error; - } - - diskPriv->encinfo = secinfo; + if (!(diskPriv->encinfo = + qemuDomainSecretInfoNew(conn, priv, disk->info.alias, + VIR_SECRET_USAGE_TYPE_VOLUME, NULL, + &src->encryption->secrets[0]->seclookupdef, + true))) + return -1; } return 0; - - error: - qemuDomainSecretInfoFree(&secinfo); - return -1; } @@ -1251,8 +1276,6 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn, qemuDomainObjPrivatePtr priv, virDomainHostdevDefPtr hostdev) { - qemuDomainSecretInfoPtr secinfo = NULL; - if (virHostdevIsSCSIDevice(hostdev)) { virDomainHostdevSubsysSCSIPtr scsisrc = &hostdev->source.subsys.u.scsi; virDomainHostdevSubsysSCSIiSCSIPtr iscsisrc = &scsisrc->u.iscsi; @@ -1263,24 +1286,17 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn, qemuDomainHostdevPrivatePtr hostdevPriv = QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev); - if (VIR_ALLOC(secinfo) < 0) + if (!(hostdevPriv->secinfo = + qemuDomainSecretInfoNew(conn, priv, hostdev->info->alias, + VIR_SECRET_USAGE_TYPE_ISCSI, + iscsisrc->auth->username, + &iscsisrc->auth->seclookupdef, + false))) return -1; - - if (qemuDomainSecretSetup(conn, priv, secinfo, hostdev->info->alias, - VIR_SECRET_USAGE_TYPE_ISCSI, - iscsisrc->auth->username, - &iscsisrc->auth->seclookupdef, false) < 0) - goto error; - - hostdevPriv->secinfo = secinfo; } } return 0; - - error: - qemuDomainSecretInfoFree(&secinfo); - return -1; } @@ -1322,7 +1338,6 @@ qemuDomainSecretChardevPrepare(virConnectPtr conn, virDomainChrSourceDefPtr dev) { virSecretLookupTypeDef seclookupdef = {0}; - qemuDomainSecretInfoPtr secinfo = NULL; char *charAlias = NULL; if (dev->type != VIR_DOMAIN_CHR_TYPE_TCP) @@ -1337,36 +1352,26 @@ qemuDomainSecretChardevPrepare(virConnectPtr conn, seclookupdef.u.uuid) < 0) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("malformed chardev TLS secret uuid in qemu.conf")); - goto error; + return -1; } seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID; - if (VIR_ALLOC(secinfo) < 0) - goto error; - if (!(charAlias = qemuAliasChardevFromDevAlias(chrAlias))) - goto error; - - if (qemuDomainSecretSetup(conn, priv, secinfo, charAlias, - VIR_SECRET_USAGE_TYPE_TLS, NULL, - &seclookupdef, false) < 0) - goto error; + return -1; - if (secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("TLS X.509 requires encrypted secrets " - "to be supported")); + if (!(chrSourcePriv->secinfo = + qemuDomainSecretInfoNew(conn, priv, charAlias, + VIR_SECRET_USAGE_TYPE_TLS, NULL, + &seclookupdef, false))) goto error; - } - chrSourcePriv->secinfo = secinfo; + VIR_FREE(charAlias); } - VIR_FREE(charAlias); return 0; error: - qemuDomainSecretInfoFree(&secinfo); + VIR_FREE(charAlias); return -1; } -- GitLab