[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 14/14] util: storagefile: Flag backing store strings with authentication



Using inline authentication for storage volumes will not work properly
as libvirt requires use of the secret driver for the auth data and
thus would not be able to represent the passwords stored in the backing
store string.

Make sure that the backing store parsers return 1 which is a sign for
the caller to not use the file in certain cases.

The test data include iscsi via a json pseudo-protocol string and URIs
with the userinfo part being present.

Signed-off-by: Peter Krempa <pkrempa redhat com>
---
 src/util/virstoragefile.c | 11 +++++++++--
 tests/virstoragetest.c    | 28 ++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index efc1d84048..437dcc015d 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -2705,8 +2705,6 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src,
             return -1;
     }

-    /* XXX We currently don't support auth, so don't bother parsing it */
-
     /* uri->path is NULL if the URI does not contain slash after host:
      * transport://host:port */
     if (uri->path)
@@ -2756,6 +2754,10 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src,
     if (VIR_STRDUP(src->hosts->name, uri->server) < 0)
         return -1;

+    /* Libvirt doesn't handle inline authentication. Make the caller aware. */
+    if (uri->user)
+        return 1;
+
     return 0;
 }

@@ -3311,6 +3313,11 @@ virStorageSourceParseBackingJSONiSCSI(virStorageSourcePtr src,
     if (virAsprintf(&src->path, "%s/%s", target, lun) < 0)
         return -1;

+    /* Libvirt doesn't handle inline authentication. Make the caller aware. */
+    if (virJSONValueObjectGetString(json, "user") ||
+        virJSONValueObjectGetString(json, "password"))
+        return 1;
+
     return 0;
 }

diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c
index be5cb98262..1d06abe8b6 100644
--- a/tests/virstoragetest.c
+++ b/tests/virstoragetest.c
@@ -1260,6 +1260,10 @@ mymain(void)
                        "<source protocol='http' name='file'>\n"
                        "  <host name='example.com' port='80'/>\n"
                        "</source>\n");
+    TEST_BACKING_PARSE_FULL("http://user:pass example com/file",
+                            "<source protocol='http' name='file'>\n"
+                            "  <host name='example.com' port='80'/>\n"
+                            "</source>\n", 1);
     TEST_BACKING_PARSE("rbd:testshare:id=asdf:mon_host=example.com",
                        "<source protocol='rbd' name='testshare'>\n"
                        "  <host name='example.com'/>\n"
@@ -1280,6 +1284,10 @@ mymain(void)
                        "<source protocol='nbd' name='exportname'>\n"
                        "  <host name='example.org' port='1234'/>\n"
                        "</source>\n");
+    TEST_BACKING_PARSE_FULL("iscsi://testuser:testpass example org:1234/exportname",
+                            "<source protocol='iscsi' name='exportname'>\n"
+                            "  <host name='example.org' port='1234'/>\n"
+                            "</source>\n", 1);

 #ifdef WITH_YAJL
     TEST_BACKING_PARSE("json:", NULL);
@@ -1484,6 +1492,26 @@ mymain(void)
                        "<source protocol='iscsi' name='iqn.2016-12.com.virttest:emulated-iscsi-noauth.target/0'>\n"
                        "  <host name='test.org' port='3260'/>\n"
                        "</source>\n");
+    TEST_BACKING_PARSE_FULL("json:{\"file\":{\"driver\":\"iscsi\","
+                                            "\"transport\":\"tcp\","
+                                            "\"portal\":\"test.org\","
+                                            "\"user\":\"testuser\","
+                                            "\"target\":\"iqn.2016-12.com.virttest:emulated-iscsi-auth.target\""
+                                            "}"
+                            "}",
+                       "<source protocol='iscsi' name='iqn.2016-12.com.virttest:emulated-iscsi-auth.target/0'>\n"
+                       "  <host name='test.org' port='3260'/>\n"
+                       "</source>\n", 1);
+    TEST_BACKING_PARSE_FULL("json:{\"file\":{\"driver\":\"iscsi\","
+                                            "\"transport\":\"tcp\","
+                                            "\"portal\":\"test.org\","
+                                            "\"password\":\"testpass\","
+                                            "\"target\":\"iqn.2016-12.com.virttest:emulated-iscsi-auth.target\""
+                                            "}"
+                            "}",
+                       "<source protocol='iscsi' name='iqn.2016-12.com.virttest:emulated-iscsi-auth.target/0'>\n"
+                       "  <host name='test.org' port='3260'/>\n"
+                       "</source>\n", 1);
     TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"iscsi\","
                                        "\"transport\":\"tcp\","
                                        "\"portal\":\"test.org:1234\","
-- 
2.21.0


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]