[PATCH 05/11] virDomainDiskDefValidateSourceChainOne: Reject authentication for protocols which don't support it
Peter Krempa
pkrempa at redhat.com
Fri Apr 22 15:31:49 UTC 2022
Only certain disk protocols support authentication. Add validation for
this field.
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
src/conf/domain_validate.c | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 68190fc3e2..3f03feee4f 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -473,10 +473,44 @@ virDomainDiskVhostUserValidate(const virDomainDiskDef *disk)
static int
virDomainDiskDefValidateSourceChainOne(const virStorageSource *src)
{
+ virStorageType actualType = virStorageSourceGetActualType(src);
+
if (src->type == VIR_STORAGE_TYPE_NETWORK && src->auth) {
virStorageAuthDef *authdef = src->auth;
int actUsage;
+ if (actualType != VIR_STORAGE_TYPE_NETWORK) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("authentication is supported only for network backed disks"));
+ return -1;
+ }
+
+ switch ((virStorageNetProtocol) src->protocol) {
+ case VIR_STORAGE_NET_PROTOCOL_ISCSI:
+ case VIR_STORAGE_NET_PROTOCOL_HTTP:
+ case VIR_STORAGE_NET_PROTOCOL_HTTPS:
+ case VIR_STORAGE_NET_PROTOCOL_FTP:
+ case VIR_STORAGE_NET_PROTOCOL_FTPS:
+ case VIR_STORAGE_NET_PROTOCOL_SSH:
+ case VIR_STORAGE_NET_PROTOCOL_RBD:
+ break;
+
+ case VIR_STORAGE_NET_PROTOCOL_NBD:
+ case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
+ case VIR_STORAGE_NET_PROTOCOL_GLUSTER:
+ case VIR_STORAGE_NET_PROTOCOL_TFTP:
+ case VIR_STORAGE_NET_PROTOCOL_VXHS:
+ case VIR_STORAGE_NET_PROTOCOL_NFS:
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("authentication is not supported for protocol '%s'"),
+ virStorageNetProtocolTypeToString(src->protocol));
+ return -1;
+
+ case VIR_STORAGE_NET_PROTOCOL_NONE:
+ case VIR_STORAGE_NET_PROTOCOL_LAST:
+ break;
+ }
+
if ((actUsage = virSecretUsageTypeFromString(authdef->secrettype)) < 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("unknown secret type '%s'"),
--
2.35.1
More information about the libvir-list
mailing list