Re: [libvirt] [PATCH 3/4] Fill in secret UUID for qcow encryption

Daniel Veillard <veillard@xxxxxxxxxx> · Fri, 11 Sep 2009 18:18:41 +0200



On Fri, Sep 11, 2009 at 03:19:19PM +0100, Daniel P. Berrange wrote:
> * src/storage_backend_fs.c: Lookup & fill in secret passphrase UUID
>   for storage volumes using encryption
> ---
>  src/storage_backend_fs.c |   41 ++++++++++++++++++++++++++++++++++++++++-
>  1 files changed, 40 insertions(+), 1 deletions(-)
> 
> diff --git a/src/storage_backend_fs.c b/src/storage_backend_fs.c
> index 5ff0ed8..01cb171 100644
> --- a/src/storage_backend_fs.c
> +++ b/src/storage_backend_fs.c
> @@ -430,6 +430,11 @@ static int virStorageBackendProbeTarget(virConnectPtr conn,
>              }
>              enc->format = VIR_STORAGE_ENCRYPTION_FORMAT_QCOW;
>              *encryption = enc;
> +            /* XXX ideally we'd fill in secret UUID here
> +             * but we cannot guarentee 'conn' is non-NULL
> +             * at this point in time :-(  So we only fill
> +             * in secrets when someone first queries a vol
> +             */
>          }
>          return 0;
>      }
> @@ -1230,8 +1235,42 @@ virStorageBackendFileSystemVolRefresh(virConnectPtr conn,
>                                        virStoragePoolObjPtr pool ATTRIBUTE_UNUSED,
>                                        virStorageVolDefPtr vol)
>  {
> +    int ret;
> +
>      /* Refresh allocation / permissions info in case its changed */
> -    return virStorageBackendUpdateVolInfo(conn, vol, 0);
> +    ret = virStorageBackendUpdateVolInfo(conn, vol, 0);
> +    if (ret < 0)
> +        return ret;
> +
> +    /* Load any secrets if posible */
> +    if (vol->target.encryption &&
> +        vol->target.encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW &&
> +        vol->target.encryption->nsecrets == 0) {
> +        virSecretPtr sec;
> +        virStorageEncryptionSecretPtr encsec = NULL;
> +
> +        sec = virSecretLookupByUsage(conn,
> +                                     VIR_SECRET_USAGE_TYPE_VOLUME,
> +                                     vol->target.path);
> +        if (sec) {
> +            if (VIR_ALLOC_N(vol->target.encryption->secrets, 1) < 0 ||
> +                VIR_ALLOC(encsec) < 0) {
> +                VIR_FREE(vol->target.encryption->secrets);
> +                virReportOOMError(conn);
> +                virSecretFree(sec);
> +                return -1;
> +            }
> +
> +            vol->target.encryption->nsecrets = 1;
> +            vol->target.encryption->secrets[0] = encsec;
> +
> +            encsec->type = VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE;
> +            virSecretGetUUID(sec, encsec->uuid);
> +            virSecretFree(sec);
> +        }
> +    }
> +
> +    return 0;
>  }
>  
>  virStorageBackend virStorageBackendDirectory = {

  ACK,

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel@xxxxxxxxxxxx  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list