Re: [libvirt] [PATCH 9/9] Add support for qcow encrypted volumes to qemu.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 21, 2009 at 01:12:05PM +0200, Miloslav Trma?? wrote:
> ---
>  src/qemu_driver.c |   51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
>  1 files changed, 50 insertions(+), 1 deletions(-)

IIUC this should only be needed when starting a QEMU guest.

The 'cont' method is called from quite a few different contexts.
So it might be nice to pass a flag down from qemudStartVMDaemon
such that the passphrase handling is guarenteed to only be run
during startup (qemudStartVMDaemon is also used for migrate
and restore, so covers those scenarios OK)

Daniel

> 
> diff --git a/src/qemu_driver.c b/src/qemu_driver.c
> index 9ead5fd..b57db31 100644
> --- a/src/qemu_driver.c
> +++ b/src/qemu_driver.c
> @@ -2172,10 +2172,59 @@ qemudMonitorCommand(const virDomainObjPtr vm,
>  }
>  
>  static int
> +qemudMonitorSendVolumePassphrase(const virDomainObjPtr vm,
> +                                 const char *buf,
> +                                 const char *prompt,
> +                                 void *data ATTRIBUTE_UNUSED)
> +{
> +    const char *path;
> +    size_t path_len;
> +    int i;
> +
> +    /* The complete prompt looks like this:
> +           ide0-hd0 (/path/to/volume) is encrypted.
> +           Password:
> +       prompt starts with ") is encrypted".  Extract /path/to/volume. */
> +    for (path = prompt; path > buf && path[-1] != '('; path-- )
> +        ;
> +    if (path == buf)
> +        return -1;
> +    path_len = prompt - path;
> +
> +    for (i = 0; i < vm->def->ndisks; i++) {
> +        virDomainDiskDefPtr disk;
> +
> +        disk = vm->def->disks[i];
> +        if (disk->src != NULL && memcmp(disk->src, path, path_len) == 0 &&
> +            disk->src[path_len] == '\0' &&
> +            disk->encryption != NULL &&
> +            disk->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW) {
> +            const char *passphrase;
> +
> +            passphrase = disk->encryption->v.qcow.passphrase;
> +            if (passphrase != NULL) {
> +                size_t passphrase_len;
> +
> +                passphrase_len = strlen(passphrase);
> +                if (safewrite(vm->monitor, passphrase, passphrase_len) !=
> +                    passphrase_len)
> +                    return -1;
> +                if (safewrite(vm->monitor, "\r", 1) != 1)
> +                    return -1;
> +                return 0;
> +            }
> +        }
> +    }
> +    return -1;
> +}
> +
> +static int
>  qemudMonitorSendCont(const virDomainObjPtr vm) {
>      char *reply;
>  
> -    if (qemudMonitorCommand(vm, "cont", &reply) < 0)
> +    if (qemudMonitorCommandWithHandler(vm, "cont", ") is encrypted.",
> +                                       qemudMonitorSendVolumePassphrase,
> +                                       NULL, &reply) < 0)
>          return -1;
>      qemudDebug ("%s: cont reply: %s", vm->def->name, info);
>      VIR_FREE(reply);
> -- 
> 1.6.2.5
> 
> --
> Libvir-list mailing list
> Libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list

-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]