[PATCH 10/12] qemu: Simplify qemuDomainSecretInfo
Peter Krempa
pkrempa at redhat.com
Wed Sep 22 11:35:29 UTC 2021
Now that we've removed support for plaintext secrets qemuDomainSecretInfo
can be simplified by removing the 'type' field and merging in all the
fields from 'qemuDomainSecretAES'.
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
src/qemu/qemu_backup.c | 2 +-
src/qemu/qemu_block.c | 40 ++++++++++++----------------
src/qemu/qemu_command.c | 41 +++++++++++------------------
src/qemu/qemu_domain.c | 45 +++++++++-----------------------
src/qemu/qemu_domain.h | 20 +++-----------
src/qemu/qemu_hotplug.c | 4 +--
src/qemu/qemu_migration_params.c | 2 +-
tests/qemublocktest.c | 13 ++++-----
8 files changed, 56 insertions(+), 111 deletions(-)
diff --git a/src/qemu/qemu_backup.c b/src/qemu/qemu_backup.c
index 4f1e3b7bad..d7583e7399 100644
--- a/src/qemu/qemu_backup.c
+++ b/src/qemu/qemu_backup.c
@@ -723,7 +723,7 @@ qemuBackupBeginPrepareTLS(virDomainObj *vm,
if (qemuBuildSecretInfoProps(secinfo, tlsSecretProps) < 0)
return -1;
- tlsKeySecretAlias = secinfo->s.aes.alias;
+ tlsKeySecretAlias = secinfo->alias;
}
if (qemuBuildTLSx509BackendProps(cfg->backupTLSx509certdir, true,
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 0bc92f6a23..393d3f44d7 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -746,12 +746,12 @@ qemuBlockStorageSourceGetCURLProps(virStorageSource *src,
if (!onlytarget) {
if (src->auth) {
username = src->auth->username;
- passwordalias = srcPriv->secinfo->s.aes.alias;
+ passwordalias = srcPriv->secinfo->alias;
}
if (srcPriv &&
srcPriv->httpcookie)
- cookiealias = srcPriv->httpcookie->s.aes.alias;
+ cookiealias = srcPriv->httpcookie->alias;
} else {
/* format target string along with cookies */
cookiestr = qemuBlockStorageSourceGetCookieString(src);
@@ -819,7 +819,7 @@ qemuBlockStorageSourceGetISCSIProps(virStorageSource *src,
if (!onlytarget && src->auth) {
username = src->auth->username;
- objalias = srcPriv->secinfo->s.aes.alias;
+ objalias = srcPriv->secinfo->alias;
}
ignore_value(virJSONValueObjectCreate(&ret,
@@ -885,8 +885,8 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src,
return NULL;
if (!onlytarget && src->auth) {
- username = srcPriv->secinfo->s.aes.username;
- keysecret = srcPriv->secinfo->s.aes.alias;
+ username = srcPriv->secinfo->username;
+ keysecret = srcPriv->secinfo->alias;
/* the auth modes are modelled after our old command line generator */
authmodes = virJSONValueNewArray();
@@ -1267,7 +1267,7 @@ qemuBlockStorageSourceGetFormatLUKSProps(virStorageSource *src,
{
qemuDomainStorageSourcePrivate *srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
- if (!srcPriv || !srcPriv->encinfo || !srcPriv->encinfo->s.aes.alias) {
+ if (!srcPriv || !srcPriv->encinfo || !srcPriv->encinfo->alias) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("missing secret info for 'luks' driver"));
return -1;
@@ -1275,7 +1275,7 @@ qemuBlockStorageSourceGetFormatLUKSProps(virStorageSource *src,
if (virJSONValueObjectAdd(props,
"s:driver", "luks",
- "s:key-secret", srcPriv->encinfo->s.aes.alias,
+ "s:key-secret", srcPriv->encinfo->alias,
NULL) < 0)
return -1;
@@ -1313,14 +1313,9 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource *src,
*encprops = NULL;
- /* qemu requires encrypted secrets regardless of encryption method used when
- * passed using the blockdev infrastructure, thus only
- * VIR_DOMAIN_SECRET_INFO_TYPE_AES works here. The correct type needs to be
- * instantiated elsewhere. */
if (!src->encryption ||
!srcpriv ||
- !srcpriv->encinfo ||
- srcpriv->encinfo->type != VIR_DOMAIN_SECRET_INFO_TYPE_AES)
+ !srcpriv->encinfo)
return 0;
switch ((virStorageEncryptionFormatType) src->encryption->format) {
@@ -1342,7 +1337,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource *src,
return virJSONValueObjectCreate(encprops,
"s:format", encformat,
- "s:key-secret", srcpriv->encinfo->s.aes.alias,
+ "s:key-secret", srcpriv->encinfo->alias,
NULL);
}
@@ -1906,17 +1901,17 @@ qemuBlockStorageSourceDetachPrepare(virStorageSource *src,
data->tlsAlias = g_strdup(src->tlsAlias);
if (srcpriv) {
- if (srcpriv->secinfo && srcpriv->secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
- data->authsecretAlias = g_strdup(srcpriv->secinfo->s.aes.alias);
+ if (srcpriv->secinfo)
+ data->authsecretAlias = g_strdup(srcpriv->secinfo->alias);
- if (srcpriv->encinfo && srcpriv->encinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
- data->encryptsecretAlias = g_strdup(srcpriv->encinfo->s.aes.alias);
+ if (srcpriv->encinfo)
+ data->encryptsecretAlias = g_strdup(srcpriv->encinfo->alias);
if (srcpriv->httpcookie)
- data->httpcookiesecretAlias = g_strdup(srcpriv->httpcookie->s.aes.alias);
+ data->httpcookiesecretAlias = g_strdup(srcpriv->httpcookie->alias);
if (srcpriv->tlsKeySecret)
- data->tlsKeySecretAlias = g_strdup(srcpriv->tlsKeySecret->s.aes.alias);
+ data->tlsKeySecretAlias = g_strdup(srcpriv->tlsKeySecret->alias);
}
return g_steal_pointer(&data);
@@ -2319,9 +2314,8 @@ qemuBlockStorageSourceCreateGetEncryptionLUKS(virStorageSource *src,
const char *keysecret = NULL;
if (srcpriv &&
- srcpriv->encinfo &&
- srcpriv->encinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
- keysecret = srcpriv->encinfo->s.aes.alias;
+ srcpriv->encinfo)
+ keysecret = srcpriv->encinfo->alias;
if (virJSONValueObjectCreate(&props,
"s:key-secret", keysecret,
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 0b87719f75..5b738b230e 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -707,9 +707,9 @@ qemuBuildSecretInfoProps(qemuDomainSecretInfo *secinfo,
return -1;
return qemuMonitorCreateObjectProps(propsret, "secret",
- secinfo->s.aes.alias, "s:data",
- secinfo->s.aes.ciphertext, "s:keyid",
- keyid, "s:iv", secinfo->s.aes.iv,
+ secinfo->alias, "s:data",
+ secinfo->ciphertext, "s:keyid",
+ keyid, "s:iv", secinfo->iv,
"s:format", "base64", NULL);
}
@@ -763,20 +763,11 @@ static int
qemuBuildRBDSecinfoURI(virBuffer *buf,
qemuDomainSecretInfo *secinfo)
{
- if (!secinfo) {
+ if (!secinfo)
virBufferAddLit(buf, ":auth_supported=none");
- return 0;
- }
-
- switch ((qemuDomainSecretInfoType) secinfo->type) {
- case VIR_DOMAIN_SECRET_INFO_TYPE_AES:
+ else
virBufferEscape(buf, '\\', ":", ":id=%s:auth_supported=cephx\\;none",
- secinfo->s.aes.username);
- break;
-
- case VIR_DOMAIN_SECRET_INFO_TYPE_LAST:
- return -1;
- }
+ secinfo->username);
return 0;
}
@@ -1264,8 +1255,8 @@ qemuBuildDriveSourceStr(virDomainDiskDef *disk,
virQEMUBuildBufferEscapeComma(buf, source);
- if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
- virBufferAsprintf(buf, ",file.password-secret=%s", secinfo->s.aes.alias);
+ if (secinfo)
+ virBufferAsprintf(buf, ",file.password-secret=%s", secinfo->alias);
if (disk->src->debug)
virBufferAsprintf(buf, ",file.debug=%d", disk->src->debugLevel);
@@ -1282,12 +1273,12 @@ qemuBuildDriveSourceStr(virDomainDiskDef *disk,
if (encinfo) {
if (disk->src->format == VIR_STORAGE_FILE_RAW) {
- virBufferAsprintf(buf, "key-secret=%s,", encinfo->s.aes.alias);
+ virBufferAsprintf(buf, "key-secret=%s,", encinfo->alias);
rawluks = true;
} else if (disk->src->format == VIR_STORAGE_FILE_QCOW2 &&
disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
virBufferAddLit(buf, "encrypt.format=luks,");
- virBufferAsprintf(buf, "encrypt.key-secret=%s,", encinfo->s.aes.alias);
+ virBufferAsprintf(buf, "encrypt.key-secret=%s,", encinfo->alias);
}
}
@@ -4886,7 +4877,7 @@ qemuBuildChrChardevStr(virLogManager *logManager,
qemuCaps) < 0)
return NULL;
- tlsCertEncSecAlias = chrSourcePriv->secinfo->s.aes.alias;
+ tlsCertEncSecAlias = chrSourcePriv->secinfo->alias;
}
if (!(objalias = qemuAliasTLSObjFromSrcAlias(charAlias)))
@@ -5046,9 +5037,8 @@ qemuBuildHostdevSCSIDetachPrepare(virDomainHostdevDef *hostdev,
ret->storageNodeName = src->nodestorage;
ret->storageAttached = true;
- if (srcpriv && srcpriv->secinfo &&
- srcpriv->secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
- ret->authsecretAlias = g_strdup(srcpriv->secinfo->s.aes.alias);
+ if (srcpriv && srcpriv->secinfo)
+ ret->authsecretAlias = g_strdup(srcpriv->secinfo->alias);
} else {
ret->driveAlias = qemuAliasFromHostdev(hostdev);
@@ -8012,7 +8002,7 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfig *cfg,
gfxPriv->secinfo,
qemuCaps) < 0)
return -1;
- secretAlias = gfxPriv->secinfo->s.aes.alias;
+ secretAlias = gfxPriv->secinfo->alias;
}
if (qemuBuildTLSx509CommandLine(cmd,
@@ -10898,7 +10888,6 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSource *src,
if (srcpriv) {
if (srcpriv->secinfo &&
- srcpriv->secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES &&
qemuBuildSecretInfoProps(srcpriv->secinfo, &data->authsecretProps) < 0)
return -1;
@@ -10914,7 +10903,7 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSource *src,
if (qemuBuildSecretInfoProps(srcpriv->tlsKeySecret, &data->tlsKeySecretProps) < 0)
return -1;
- tlsKeySecretAlias = srcpriv->tlsKeySecret->s.aes.alias;
+ tlsKeySecretAlias = srcpriv->tlsKeySecret->alias;
}
}
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index e9c1f3eacb..befe6bd476 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -657,19 +657,6 @@ qemuDomainMasterKeyCreate(virDomainObj *vm)
}
-static void
-qemuDomainSecretAESClear(struct _qemuDomainSecretAES *secret,
- bool keepAlias)
-{
- if (!keepAlias)
- VIR_FREE(secret->alias);
-
- VIR_FREE(secret->username);
- VIR_FREE(secret->iv);
- VIR_FREE(secret->ciphertext);
-}
-
-
static void
qemuDomainSecretInfoClear(qemuDomainSecretInfo *secinfo,
bool keepAlias)
@@ -677,14 +664,12 @@ qemuDomainSecretInfoClear(qemuDomainSecretInfo *secinfo,
if (!secinfo)
return;
- switch ((qemuDomainSecretInfoType) secinfo->type) {
- case VIR_DOMAIN_SECRET_INFO_TYPE_AES:
- qemuDomainSecretAESClear(&secinfo->s.aes, keepAlias);
- break;
+ if (!keepAlias)
+ VIR_FREE(secinfo->alias);
- case VIR_DOMAIN_SECRET_INFO_TYPE_LAST:
- break;
- }
+ VIR_FREE(secinfo->username);
+ VIR_FREE(secinfo->iv);
+ VIR_FREE(secinfo->ciphertext);
}
@@ -1106,9 +1091,8 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivate *priv,
secinfo = g_new0(qemuDomainSecretInfo, 1);
- secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
- secinfo->s.aes.alias = g_strdup(alias);
- secinfo->s.aes.username = g_strdup(username);
+ secinfo->alias = g_strdup(alias);
+ secinfo->username = g_strdup(username);
raw_iv = g_new0(uint8_t, ivlen);
@@ -1117,7 +1101,7 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivate *priv,
return NULL;
/* Encode the IV and save that since qemu will need it */
- secinfo->s.aes.iv = g_base64_encode(raw_iv, ivlen);
+ secinfo->iv = g_base64_encode(raw_iv, ivlen);
if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC,
priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN,
@@ -1126,8 +1110,7 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivate *priv,
return NULL;
/* Now encode the ciphertext and store to be passed to qemu */
- secinfo->s.aes.ciphertext = g_base64_encode(ciphertext,
- ciphertextlen);
+ secinfo->ciphertext = g_base64_encode(ciphertext, ciphertextlen);
return g_steal_pointer(&secinfo);
}
@@ -1809,11 +1792,9 @@ qemuStorageSourcePrivateDataAssignSecinfo(qemuDomainSecretInfo **secinfo,
if (!*secinfo) {
*secinfo = g_new0(qemuDomainSecretInfo, 1);
- (*secinfo)->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
}
- if ((*secinfo)->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
- (*secinfo)->s.aes.alias = g_steal_pointer(&*alias);
+ (*secinfo)->alias = g_steal_pointer(&*alias);
return 0;
}
@@ -1881,13 +1862,11 @@ qemuStorageSourcePrivateDataFormatSecinfo(virBuffer *buf,
qemuDomainSecretInfo *secinfo,
const char *type)
{
- if (!secinfo ||
- secinfo->type != VIR_DOMAIN_SECRET_INFO_TYPE_AES ||
- !secinfo->s.aes.alias)
+ if (!secinfo || !secinfo->alias)
return;
virBufferAsprintf(buf, "<secret type='%s' alias='%s'/>\n",
- type, secinfo->s.aes.alias);
+ type, secinfo->alias);
}
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index cb5c665766..f8004efbb1 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -90,31 +90,17 @@ struct _qemuDomainUnpluggingDevice {
#define QEMU_DEVICE_MAPPER_CONTROL_PATH "/dev/mapper/control"
-/* Type of domain secret */
-typedef enum {
- VIR_DOMAIN_SECRET_INFO_TYPE_AES, /* utilize GNUTLS_CIPHER_AES_256_CBC */
-
- VIR_DOMAIN_SECRET_INFO_TYPE_LAST
-} qemuDomainSecretInfoType;
-
#define QEMU_DOMAIN_AES_IV_LEN 16 /* 16 bytes for 128 bit random */
/* initialization vector */
-typedef struct _qemuDomainSecretAES qemuDomainSecretAES;
-struct _qemuDomainSecretAES {
+
+typedef struct _qemuDomainSecretInfo qemuDomainSecretInfo;
+struct _qemuDomainSecretInfo {
char *username;
char *alias; /* generated alias for secret */
char *iv; /* base64 encoded initialization vector */
char *ciphertext; /* encoded/encrypted secret */
};
-typedef struct _qemuDomainSecretInfo qemuDomainSecretInfo;
-struct _qemuDomainSecretInfo {
- qemuDomainSecretInfoType type;
- union {
- qemuDomainSecretAES aes;
- } s;
-};
-
typedef struct _qemuDomainObjPrivate qemuDomainObjPrivate;
struct _qemuDomainObjPrivate {
virQEMUDriver *driver;
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 9c16ab4567..9b0dcf2629 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1846,7 +1846,7 @@ qemuDomainGetTLSObjects(virQEMUCaps *qemuCaps,
if (qemuBuildSecretInfoProps(secinfo, secProps) < 0)
return -1;
- secAlias = secinfo->s.aes.alias;
+ secAlias = secinfo->alias;
}
if (qemuBuildTLSx509BackendProps(tlsCertdir, tlsListen, tlsVerify,
@@ -1890,7 +1890,7 @@ qemuDomainAddChardevTLSObjects(virQEMUDriver *driver,
secinfo = chrSourcePriv->secinfo;
if (secinfo)
- *secAlias = secinfo->s.aes.alias;
+ *secAlias = secinfo->alias;
if (!(*tlsAlias = qemuAliasTLSObjFromSrcAlias(charAlias)))
goto cleanup;
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index 018e62cf6e..88dba3b999 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -955,7 +955,7 @@ qemuMigrationParamsEnableTLS(virQEMUDriver *driver,
qemuDomainSecretInfoTLSNew(priv, QEMU_MIGRATION_TLS_ALIAS_BASE,
cfg->migrateTLSx509secretUUID)))
return -1;
- secAlias = priv->migSecinfo->s.aes.alias;
+ secAlias = priv->migSecinfo->alias;
}
if (!(*tlsAlias = qemuAliasTLSObjFromSrcAlias(QEMU_MIGRATION_TLS_ALIAS_BASE)))
diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c
index 4af8862c5b..3e61e923a9 100644
--- a/tests/qemublocktest.c
+++ b/tests/qemublocktest.c
@@ -235,19 +235,16 @@ testQemuDiskXMLToJSONFakeSecrets(virStorageSource *src)
if (src->auth) {
srcpriv->secinfo = g_new0(qemuDomainSecretInfo, 1);
- srcpriv->secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
- srcpriv->secinfo->s.aes.username = g_strdup(src->auth->username);
-
- srcpriv->secinfo->s.aes.alias = g_strdup_printf("%s-secalias",
- NULLSTR(src->nodestorage));
+ srcpriv->secinfo->username = g_strdup(src->auth->username);
+ srcpriv->secinfo->alias = g_strdup_printf("%s-secalias",
+ NULLSTR(src->nodestorage));
}
if (src->encryption) {
srcpriv->encinfo = g_new0(qemuDomainSecretInfo, 1);
- srcpriv->encinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
- srcpriv->encinfo->s.aes.alias = g_strdup_printf("%s-encalias",
- NULLSTR(src->nodeformat));
+ srcpriv->encinfo->alias = g_strdup_printf("%s-encalias",
+ NULLSTR(src->nodeformat));
}
return 0;
--
2.31.1
More information about the libvir-list
mailing list