[PATCH 04/11] storage: Introduce XMLs to use secret object for pool auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Using plain password is still supported for back-compat reason.

Example XML:
    <auth type='chap' username='foo'>
      <secret uuid='48dcd4a4-b25f-4fc6-8874-84797c6e3678'/>
    </auth>

* docs/schemas/storagepool.rng (Add sourceinfoauthsecret as a choice)
* src/conf/storage_conf.h (union "passwd" and virStoragePoolAuthSecret)
* src/conf/storage_conf.c (s/chap\.passwd/chap\.u\.passwd/;
                           Add a helper virStoragePoolAuthDefFormat;
                           Parse the secret XMLs for "chap" auth)
* tests/storagepoolxml2xmlin/pool-iscsi-auth-secret.xml: (New tests)
* tests/storagepoolxml2xmlout/pool-iscsi-auth-secret.xml: (Likewise)
---
 docs/schemas/storagepool.rng                       |  9 ++-
 src/conf/storage_conf.c                            | 71 +++++++++++++++-------
 src/conf/storage_conf.h                            | 11 +++-
 .../pool-iscsi-auth-secret.xml                     | 19 ++++++
 .../pool-iscsi-auth-secret.xml                     | 22 +++++++
 5 files changed, 107 insertions(+), 25 deletions(-)
 create mode 100644 tests/storagepoolxml2xmlin/pool-iscsi-auth-secret.xml
 create mode 100644 tests/storagepoolxml2xmlout/pool-iscsi-auth-secret.xml

diff --git a/docs/schemas/storagepool.rng b/docs/schemas/storagepool.rng
index ba6c741..386de1b 100644
--- a/docs/schemas/storagepool.rng
+++ b/docs/schemas/storagepool.rng
@@ -295,9 +295,12 @@
                 <text/>
               </attribute>
             </choice>
-            <attribute name='passwd'>
-              <text/>
-            </attribute>
+            <choice>
+              <attribute name='passwd'>
+                <text/>
+              </attribute>
+              <ref name='sourceinfoauthsecret'/>
+            </choice>
           </interleave>
         </group>
         <group>
diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c
index 0047372..8f83bae 100644
--- a/src/conf/storage_conf.c
+++ b/src/conf/storage_conf.c
@@ -349,7 +349,10 @@ virStoragePoolSourceClear(virStoragePoolSourcePtr source)
 
     if (source->authType == VIR_STORAGE_POOL_AUTH_CHAP) {
         VIR_FREE(source->auth.chap.login);
-        VIR_FREE(source->auth.chap.passwd);
+        if (source->auth.chap.type == VIR_STORAGE_POOL_AUTH_CHAP_PLAIN_PASSWORD)
+            VIR_FREE(source->auth.chap.u.passwd);
+        else if (source->auth.chap.type == VIR_STORAGE_POOL_AUTH_CHAP_SECRET)
+            VIR_FREE(source->auth.chap.u.secret.usage);
     }
 
     if (source->authType == VIR_STORAGE_POOL_AUTH_CEPHX) {
@@ -483,6 +486,8 @@ virStoragePoolDefParseAuthChap(xmlXPathContextPtr ctxt,
 {
     char *login = NULL;
     char *username = NULL;
+    char *passwd = NULL;
+    int rc;
 
     login = virXPathString("string(./auth/@login)", ctxt);
     username = virXPathString("string(./auth/@username)", ctxt);
@@ -507,10 +512,20 @@ virStoragePoolDefParseAuthChap(xmlXPathContextPtr ctxt,
     else if (username)
         auth->login = username;
 
-    auth->passwd = virXPathString("string(./auth/@passwd)", ctxt);
-    if (auth->passwd == NULL) {
+    passwd = virXPathString("string(./auth/@passwd)", ctxt);
+    rc = virStoragePoolDefParseAuthSecret(ctxt, &auth->u.secret);
+
+    if (passwd) {
+        auth->type = VIR_STORAGE_POOL_AUTH_CHAP_PLAIN_PASSWORD;
+        auth->u.passwd = passwd;
+    } else if (rc == 0) {
+        auth->type = VIR_STORAGE_POOL_AUTH_CHAP_SECRET;
+    } else if (rc < 0) {
+        return -1;
+    } else {
         virReportError(VIR_ERR_XML_ERROR, "%s",
-                       _("missing auth passwd attribute"));
+                       _("Either 'passwd' attribute or 'secret' element "
+                         "should be specified"));
         return -1;
     }
 
@@ -1048,13 +1063,30 @@ virStoragePoolDefParseFile(const char *filename)
     return virStoragePoolDefParse(NULL, filename);
 }
 
+static void
+virStoragePoolAuthDefFormat(virBufferPtr buf,
+                            virStoragePoolAuthSecret secret)
+{
+    char uuid[VIR_UUID_STRING_BUFLEN];
+
+    virBufferAddLit(buf, "      <secret");
+    if (secret.uuidUsable) {
+        virUUIDFormat(secret.uuid, uuid);
+        virBufferAsprintf(buf, " uuid='%s'", uuid);
+    }
+
+    if (secret.usage != NULL) {
+        virBufferAsprintf(buf, " usage='%s'", secret.usage);
+    }
+    virBufferAddLit(buf, "/>\n");
+}
+
 static int
 virStoragePoolSourceFormat(virBufferPtr buf,
                            virStoragePoolOptionsPtr options,
                            virStoragePoolSourcePtr src)
 {
     int i, j;
-    char uuid[VIR_UUID_STRING_BUFLEN];
 
     virBufferAddLit(buf,"  <source>\n");
     if ((options->flags & VIR_STORAGE_POOL_SOURCE_HOST) && src->nhost) {
@@ -1129,26 +1161,23 @@ virStoragePoolSourceFormat(virBufferPtr buf,
         virBufferAsprintf(buf,"    <format type='%s'/>\n", format);
     }
 
-    if (src->authType == VIR_STORAGE_POOL_AUTH_CHAP)
-        virBufferAsprintf(buf,"    <auth type='chap' username='%s' passwd='%s'/>\n",
-                          src->auth.chap.login,
-                          src->auth.chap.passwd);
+    if (src->authType == VIR_STORAGE_POOL_AUTH_CHAP) {
+        virBufferAsprintf(buf,"    <auth type='chap' username='%s'",
+                          src->auth.chap.login);
+        if (src->auth.chap.type == VIR_STORAGE_POOL_AUTH_CHAP_PLAIN_PASSWORD) {
+            virBufferAsprintf(buf, " passwd='%s'/>\n",
+                              src->auth.chap.u.passwd);
+        } else if (src->auth.chap.type == VIR_STORAGE_POOL_AUTH_CHAP_SECRET) {
+            virBufferAddLit(buf, ">\n");
+            virStoragePoolAuthDefFormat(buf, src->auth.chap.u.secret);
+            virBufferAddLit(buf,"    </auth>\n");
+        }
+    }
 
     if (src->authType == VIR_STORAGE_POOL_AUTH_CEPHX) {
         virBufferAsprintf(buf,"    <auth username='%s' type='ceph'>\n",
                           src->auth.cephx.username);
-
-        virBufferAddLit(buf,"      <secret");
-        if (src->auth.cephx.secret.uuidUsable) {
-            virUUIDFormat(src->auth.cephx.secret.uuid, uuid);
-            virBufferAsprintf(buf," uuid='%s'", uuid);
-        }
-
-        if (src->auth.cephx.secret.usage != NULL) {
-            virBufferAsprintf(buf," usage='%s'", src->auth.cephx.secret.usage);
-        }
-        virBufferAddLit(buf,"/>\n");
-
+        virStoragePoolAuthDefFormat(buf, src->auth.cephx.secret);
         virBufferAddLit(buf,"    </auth>\n");
     }
 
diff --git a/src/conf/storage_conf.h b/src/conf/storage_conf.h
index aff1393..b52cdc4 100644
--- a/src/conf/storage_conf.h
+++ b/src/conf/storage_conf.h
@@ -153,11 +153,20 @@ struct _virStoragePoolAuthSecret {
     bool uuidUsable;
 };
 
+enum virStoragePoolAuthChapType {
+    VIR_STORAGE_POOL_AUTH_CHAP_PLAIN_PASSWORD,
+    VIR_STORAGE_POOL_AUTH_CHAP_SECRET,
+};
+
 typedef struct _virStoragePoolAuthChap virStoragePoolAuthChap;
 typedef virStoragePoolAuthChap *virStoragePoolAuthChapPtr;
 struct _virStoragePoolAuthChap {
     char *login;
-    char *passwd;
+    int type; /* enum virStoragePoolAuthChapType */
+    union {
+        char *passwd;
+        virStoragePoolAuthSecret secret;
+    } u;
 };
 
 typedef struct _virStoragePoolAuthCephx virStoragePoolAuthCephx;
diff --git a/tests/storagepoolxml2xmlin/pool-iscsi-auth-secret.xml b/tests/storagepoolxml2xmlin/pool-iscsi-auth-secret.xml
new file mode 100644
index 0000000..c897cc6
--- /dev/null
+++ b/tests/storagepoolxml2xmlin/pool-iscsi-auth-secret.xml
@@ -0,0 +1,19 @@
+<pool type='iscsi'>
+  <name>virtimages</name>
+  <uuid>e9392370-2917-565e-692b-d057f46512d6</uuid>
+  <source>
+    <host name="iscsi.example.com"/>
+    <device path="demo-target"/>
+    <auth type='chap' username='foobar'>
+      <secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/>
+    </auth>
+  </source>
+  <target>
+    <path>/dev/disk/by-path</path>
+    <permissions>
+      <mode>0700</mode>
+      <owner>0</owner>
+      <group>0</group>
+    </permissions>
+  </target>
+</pool>
diff --git a/tests/storagepoolxml2xmlout/pool-iscsi-auth-secret.xml b/tests/storagepoolxml2xmlout/pool-iscsi-auth-secret.xml
new file mode 100644
index 0000000..0ab3b3d
--- /dev/null
+++ b/tests/storagepoolxml2xmlout/pool-iscsi-auth-secret.xml
@@ -0,0 +1,22 @@
+<pool type='iscsi'>
+  <name>virtimages</name>
+  <uuid>e9392370-2917-565e-692b-d057f46512d6</uuid>
+  <capacity unit='bytes'>0</capacity>
+  <allocation unit='bytes'>0</allocation>
+  <available unit='bytes'>0</available>
+  <source>
+    <host name='iscsi.example.com'/>
+    <device path='demo-target'/>
+    <auth type='chap' username='foobar'>
+      <secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/>
+    </auth>
+  </source>
+  <target>
+    <path>/dev/disk/by-path</path>
+    <permissions>
+      <mode>0700</mode>
+      <owner>0</owner>
+      <group>0</group>
+    </permissions>
+  </target>
+</pool>
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]