[libvirt] [PATCH 07/11] storage: Support to use secret object for iscsi chap "auth"

Osier Yang jyang at redhat.com
Thu Jun 20 09:00:24 UTC 2013 

On 07/06/13 00:51, John Ferlan wrote:
> On 05/28/2013 02:39 AM, Osier Yang wrote:
>> Based on the plain password chap "auth" support, this gets
>> the secret value (password) with the secret driver methods,
>> and apply it for the "iscsiadm" update command.
> Ugh.  Of course - it's the "next" patch (gets me every time).
>
> In any case, since 6/11 cannot "assume" the passwd field is filled in,
> you probably need to combine the two or just make the check in 6/11 for
> type != PLAIN_PASSWORD - return 0;

Prefer the later.

>
>
>> ---
>>   src/storage/storage_backend_iscsi.c | 56 +++++++++++++++++++++++++++++++++----
>>   1 file changed, 50 insertions(+), 6 deletions(-)
>>
>> diff --git a/src/storage/storage_backend_iscsi.c b/src/storage/storage_backend_iscsi.c
>> index 6a17b5a..516025a 100644
>> --- a/src/storage/storage_backend_iscsi.c
>> +++ b/src/storage/storage_backend_iscsi.c
>> @@ -35,6 +35,8 @@
>>   #include <unistd.h>
>>   #include <sys/stat.h>
>>   
>> +#include "datatypes.h"
>> +#include "driver.h"
>>   #include "virerror.h"
>>   #include "storage_backend_scsi.h"
>>   #include "storage_backend_iscsi.h"
>> @@ -42,6 +44,7 @@
>>   #include "virlog.h"
>>   #include "virfile.h"
>>   #include "vircommand.h"
>> +#include "virobject.h"
>>   #include "virrandom.h"
>>   #include "virstring.h"
>>   
>> @@ -746,10 +749,17 @@ cleanup:
>>   }
>>   
>>   static int
>> -virStorageBackendISCSISetAuth(virStoragePoolDefPtr def,
>> +virStorageBackendISCSISetAuth(virConnectPtr conn,
>> +                              virStoragePoolDefPtr def,
>>                                 const char *portal,
>>                                 const char *target)
>>   {
>> +    virSecretPtr secret = NULL;
>> +    unsigned char *secret_value = NULL;
>> +    const char *passwd = NULL;
>> +    virStoragePoolAuthChap chap = def->source.auth.chap;
>> +    int ret = -1;
>> +
>>       if (def->source.authType == VIR_STORAGE_POOL_AUTH_NONE)
>>           return 0;
>>   
>> @@ -759,6 +769,35 @@ virStorageBackendISCSISetAuth(virStoragePoolDefPtr def,
>>           return -1;
>>       }
>>   
>> +    if (chap.type == VIR_STORAGE_POOL_AUTH_CHAP_SECRET) {
>> +        if (chap.u.secret.uuidUsable)
>> +            secret = virSecretLookupByUUID(conn, chap.u.secret.uuid);
>> +        else
>> +            secret = virSecretLookupByUsage(conn, VIR_SECRET_USAGE_TYPE_ISCSI,
>> +                                            chap.u.secret.usage);
>> +
>> +        if (secret) {
>> +            size_t secret_size;
>> +            secret_value = conn->secretDriver->secretGetValue(secret, &secret_size, 0,
>> +                                                              VIR_SECRET_GET_VALUE_INTERNAL_CALL);
>> +            if (!secret_value) {
>> +                virReportError(VIR_ERR_INTERNAL_ERROR,
>> +                               _("could not get the value of the secret "
>> +                                 "for username %s"), chap.login);
>> +                goto cleanup;
>> +            }
>> +        } else {
>> +            virReportError(VIR_ERR_INTERNAL_ERROR,
>> +                           _("username '%s' specified but secret not found"),
>> +                           chap.login);
>> +            goto cleanup;
>> +        }
>> +
>> +        passwd = (const char *)secret_value;
>> +    } else if (chap.type == VIR_STORAGE_POOL_AUTH_CHAP_PLAIN_PASSWORD) {
>> +        passwd = chap.u.passwd;
>> +    }
>> +
>>       if (virStorageBackendISCSINodeUpdate(portal,
>>                                            target,
>>                                            "node.session.auth.authmethod",
>> @@ -770,14 +809,18 @@ virStorageBackendISCSISetAuth(virStoragePoolDefPtr def,
>>           virStorageBackendISCSINodeUpdate(portal,
>>                                            target,
>>                                            "node.session.auth.password",
>> -                                         def->source.auth.chap.u.passwd) < 0)
>> -        return -1;
>> +                                         passwd) < 0)
>> +        goto cleanup;
>>   
>> -    return 0;
>> +    ret = 0;
>> +cleanup:
>> +    virObjectUnref(secret);
>> +    VIR_FREE(secret_value);
>> +    return ret;
>>   }
>>   
>>   static int
>> -virStorageBackendISCSIStartPool(virConnectPtr conn ATTRIBUTE_UNUSED,
>> +virStorageBackendISCSIStartPool(virConnectPtr conn,
> Seeing this change to used now makes me wonder... Do we need to now
> check that conn != NULL anywhere?
>
> Since "virStorageBackendISCSIStartPool" is the "startPool" entry point -
> I used cscope and looked for "startPool", I found one reference where
> a NULL was passed:
>
> src/storage/storage_driver.c
> storageDriverAutostart()
> ...
>              if (backend->startPool &&
>                  backend->startPool(NULL, pool) < 0) {
>                  virErrorPtr err = virGetLastError();
> ...
>
> If I'm reading things right, I think that will cause issues in
> virSecretLookupByUUID() and virSecretLookupByUsage() when called by
> virStorageBackendISCSISetAuth().

Reasonable, will update.

Osier

More information about the libvir-list mailing list