[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 5/9] Attach encryption information to virDomainDiskDef.



The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "disk->encryption" is
non-NULL iff encryption information is available.

Note that partial encryption information (e.g. specifying an encryption
format, but not the key/passphrase) is valid:
* virDomainGetXMLDesc() will only reveal the key/passphrase if
  VIR_DOMAIN_XML_SECURE is used.
* A domain with partial encryption information can be defined,
  completenes of the information is not verified.  The domain won't
  start until the remaining information is added, of course.
---
 src/domain_conf.c |   25 +++++++++++++++++++++++--
 src/domain_conf.h |    2 ++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/domain_conf.c b/src/domain_conf.c
index f3e4c6c..507abd8 100644
--- a/src/domain_conf.c
+++ b/src/domain_conf.c
@@ -287,6 +287,7 @@ void virDomainDiskDefFree(virDomainDiskDefPtr def)
     VIR_FREE(def->dst);
     VIR_FREE(def->driverName);
     VIR_FREE(def->driverType);
+    virStorageEncryptionFree(def->encryption);
 
     VIR_FREE(def);
 }
@@ -654,6 +655,7 @@ virDomainDiskDefParseXML(virConnectPtr conn,
     char *target = NULL;
     char *bus = NULL;
     char *cachetag = NULL;
+    virStorageEncryptionPtr encryption = NULL;
 
     if (VIR_ALLOC(def) < 0) {
         virReportOOMError(conn);
@@ -708,6 +710,17 @@ virDomainDiskDefParseXML(virConnectPtr conn,
                 def->readonly = 1;
             } else if (xmlStrEqual(cur->name, BAD_CAST "shareable")) {
                 def->shared = 1;
+            } else if (encryption == NULL &&
+                       xmlStrEqual(cur->name, BAD_CAST "encryption")) {
+                encryption = virStorageEncryptionParseNode(conn, node->doc,
+                                                           cur);
+                if (encryption == NULL)
+                    goto error;
+                if (encryption->format ==
+                    VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED) {
+                    virStorageEncryptionFree(encryption);
+                    encryption = NULL;
+                }
             }
         }
         cur = cur->next;
@@ -815,6 +828,8 @@ virDomainDiskDefParseXML(virConnectPtr conn,
     driverName = NULL;
     def->driverType = driverType;
     driverType = NULL;
+    def->encryption = encryption;
+    encryption = NULL;
 
 cleanup:
     VIR_FREE(bus);
@@ -825,6 +840,7 @@ cleanup:
     VIR_FREE(driverType);
     VIR_FREE(driverName);
     VIR_FREE(cachetag);
+    virStorageEncryptionFree(encryption);
 
     return def;
 
@@ -3387,7 +3403,8 @@ virDomainLifecycleDefFormat(virConnectPtr conn,
 static int
 virDomainDiskDefFormat(virConnectPtr conn,
                        virBufferPtr buf,
-                       virDomainDiskDefPtr def)
+                       virDomainDiskDefPtr def,
+                       int flags)
 {
     const char *type = virDomainDiskTypeToString(def->type);
     const char *device = virDomainDiskDeviceTypeToString(def->device);
@@ -3444,6 +3461,10 @@ virDomainDiskDefFormat(virConnectPtr conn,
         virBufferAddLit(buf, "      <readonly/>\n");
     if (def->shared)
         virBufferAddLit(buf, "      <shareable/>\n");
+    if (def->encryption != NULL &&
+        virStorageEncryptionFormat(conn, buf, def->encryption,
+                                   (flags & VIR_DOMAIN_XML_SECURE)) < 0)
+        return -1;
 
     virBufferAddLit(buf, "    </disk>\n");
 
@@ -4047,7 +4068,7 @@ char *virDomainDefFormat(virConnectPtr conn,
                               def->emulator);
 
     for (n = 0 ; n < def->ndisks ; n++)
-        if (virDomainDiskDefFormat(conn, &buf, def->disks[n]) < 0)
+        if (virDomainDiskDefFormat(conn, &buf, def->disks[n], flags) < 0)
             goto cleanup;
 
     for (n = 0 ; n < def->nfss ; n++)
diff --git a/src/domain_conf.h b/src/domain_conf.h
index 6e111fa..32d03ac 100644
--- a/src/domain_conf.h
+++ b/src/domain_conf.h
@@ -30,6 +30,7 @@
 
 #include "internal.h"
 #include "capabilities.h"
+#include "storage_encryption.h"
 #include "util.h"
 #include "threads.h"
 
@@ -107,6 +108,7 @@ struct _virDomainDiskDef {
     unsigned int readonly : 1;
     unsigned int shared : 1;
     int slotnum; /* pci slot number for unattach */
+    virStorageEncryptionPtr encryption;
 };
 
 
-- 
1.6.2.5


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]