openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

util: storagefile: Flag backing store strings with authentication 

Using inline authentication for storage volumes will not work properly
as libvirt requires use of the secret driver for the auth data and
thus would not be able to represent the passwords stored in the backing
store string.

Make sure that the backing store parsers return 1 which is a sign for
the caller to not use the file in certain cases.

The test data include iscsi via a json pseudo-protocol string and URIs
with the userinfo part being present.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2019-08-15 19:29:43 +02:00
parent b1c778d854
commit 6ff9241058
2 changed files with 37 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/util/virstoragefile.c
View File

@ -2705,8 +2705,6 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src,
return -1;
}
/* XXX We currently don't support auth, so don't bother parsing it */
/* uri->path is NULL if the URI does not contain slash after host:
* transport://host:port */
if (uri->path)
@ -2756,6 +2754,10 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src,
if (VIR_STRDUP(src->hosts->name, uri->server) < 0)
return -1;
/* Libvirt doesn't handle inline authentication. Make the caller aware. */
if (uri->user)
return 1;
return 0;
}
@ -3313,6 +3315,11 @@ virStorageSourceParseBackingJSONiSCSI(virStorageSourcePtr src,
if (virAsprintf(&src->path, "%s/%s", target, lun) < 0)
return -1;
/* Libvirt doesn't handle inline authentication. Make the caller aware. */
if (virJSONValueObjectGetString(json, "user") ||
virJSONValueObjectGetString(json, "password"))
return 1;
return 0;
}

28
tests/virstoragetest.c
View File

@ -1260,6 +1260,10 @@ mymain(void)
"<source protocol='http' name='file'>\n"
" <host name='example.com' port='80'/>\n"
"</source>\n");
TEST_BACKING_PARSE_FULL("http://user:pass@example.com/file",
"<source protocol='http' name='file'>\n"
" <host name='example.com' port='80'/>\n"
"</source>\n", 1);
TEST_BACKING_PARSE("rbd:testshare:id=asdf:mon_host=example.com",
"<source protocol='rbd' name='testshare'>\n"
" <host name='example.com'/>\n"
@ -1288,6 +1292,10 @@ mymain(void)
"<source protocol='nbd' name='exportname'>\n"
" <host name='example.org' port='1234'/>\n"
"</source>\n");
TEST_BACKING_PARSE_FULL("iscsi://testuser:testpass@example.org:1234/exportname",
"<source protocol='iscsi' name='exportname'>\n"
" <host name='example.org' port='1234'/>\n"
"</source>\n", 1);
#ifdef WITH_YAJL
TEST_BACKING_PARSE("json:", NULL);
@ -1492,6 +1500,26 @@ mymain(void)
"<source protocol='iscsi' name='iqn.2016-12.com.virttest:emulated-iscsi-noauth.target/0'>\n"
" <host name='test.org' port='3260'/>\n"
"</source>\n");
TEST_BACKING_PARSE_FULL("json:{\"file\":{\"driver\":\"iscsi\","
"\"transport\":\"tcp\","
"\"portal\":\"test.org\","
"\"user\":\"testuser\","
"\"target\":\"iqn.2016-12.com.virttest:emulated-iscsi-auth.target\""
"}"
"}",
"<source protocol='iscsi' name='iqn.2016-12.com.virttest:emulated-iscsi-auth.target/0'>\n"
" <host name='test.org' port='3260'/>\n"
"</source>\n", 1);
TEST_BACKING_PARSE_FULL("json:{\"file\":{\"driver\":\"iscsi\","
"\"transport\":\"tcp\","
"\"portal\":\"test.org\","
"\"password\":\"testpass\","
"\"target\":\"iqn.2016-12.com.virttest:emulated-iscsi-auth.target\""
"}"
"}",
"<source protocol='iscsi' name='iqn.2016-12.com.virttest:emulated-iscsi-auth.target/0'>\n"
" <host name='test.org' port='3260'/>\n"
"</source>\n", 1);
TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"iscsi\","
"\"transport\":\"tcp\","
"\"portal\":\"test.org:1234\","