From 6ff9241058dba35565ed594c7931e52a46a82b13 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Thu, 15 Aug 2019 19:29:43 +0200 Subject: [PATCH] util: storagefile: Flag backing store strings with authentication MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Using inline authentication for storage volumes will not work properly as libvirt requires use of the secret driver for the auth data and thus would not be able to represent the passwords stored in the backing store string. Make sure that the backing store parsers return 1 which is a sign for the caller to not use the file in certain cases. The test data include iscsi via a json pseudo-protocol string and URIs with the userinfo part being present. Signed-off-by: Peter Krempa Reviewed-by: Ján Tomko --- src/util/virstoragefile.c | 11 +++++++++-- tests/virstoragetest.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index 2a5ae8b1fd..3201f57e62 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2705,8 +2705,6 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src, return -1; } - /* XXX We currently don't support auth, so don't bother parsing it */ - /* uri->path is NULL if the URI does not contain slash after host: * transport://host:port */ if (uri->path) @@ -2756,6 +2754,10 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src, if (VIR_STRDUP(src->hosts->name, uri->server) < 0) return -1; + /* Libvirt doesn't handle inline authentication. Make the caller aware. */ + if (uri->user) + return 1; + return 0; } @@ -3313,6 +3315,11 @@ virStorageSourceParseBackingJSONiSCSI(virStorageSourcePtr src, if (virAsprintf(&src->path, "%s/%s", target, lun) < 0) return -1; + /* Libvirt doesn't handle inline authentication. Make the caller aware. */ + if (virJSONValueObjectGetString(json, "user") || + virJSONValueObjectGetString(json, "password")) + return 1; + return 0; } diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c index 45586cbd46..8ebad89da7 100644 --- a/tests/virstoragetest.c +++ b/tests/virstoragetest.c @@ -1260,6 +1260,10 @@ mymain(void) "\n" " \n" "\n"); + TEST_BACKING_PARSE_FULL("http://user:pass@example.com/file", + "\n" + " \n" + "\n", 1); TEST_BACKING_PARSE("rbd:testshare:id=asdf:mon_host=example.com", "\n" " \n" @@ -1288,6 +1292,10 @@ mymain(void) "\n" " \n" "\n"); + TEST_BACKING_PARSE_FULL("iscsi://testuser:testpass@example.org:1234/exportname", + "\n" + " \n" + "\n", 1); #ifdef WITH_YAJL TEST_BACKING_PARSE("json:", NULL); @@ -1492,6 +1500,26 @@ mymain(void) "\n" " \n" "\n"); + TEST_BACKING_PARSE_FULL("json:{\"file\":{\"driver\":\"iscsi\"," + "\"transport\":\"tcp\"," + "\"portal\":\"test.org\"," + "\"user\":\"testuser\"," + "\"target\":\"iqn.2016-12.com.virttest:emulated-iscsi-auth.target\"" + "}" + "}", + "\n" + " \n" + "\n", 1); + TEST_BACKING_PARSE_FULL("json:{\"file\":{\"driver\":\"iscsi\"," + "\"transport\":\"tcp\"," + "\"portal\":\"test.org\"," + "\"password\":\"testpass\"," + "\"target\":\"iqn.2016-12.com.virttest:emulated-iscsi-auth.target\"" + "}" + "}", + "\n" + " \n" + "\n", 1); TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"iscsi\"," "\"transport\":\"tcp\"," "\"portal\":\"test.org:1234\"," -- 2.47.2