qemu: pass iscsi authorization credentials

A better way to do this would be to use a configuration file like

   [iscsi "target-name"]
   user = name
   password = pwd

and pass it via -readconfig.  This would remove the username and password
from the "ps" output.  For now, however, keep this solution.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 5422508ffb38edff4df471d72c8e7ddbaf12d070..006f83d18276197195bec7be74897296ccc9eb30 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -2134,8 +2134,8 @@ qemuBuildRBDString(virConnectPtr conn,
             VIR_FREE(base64);
         } else {
             virReportError(VIR_ERR_INTERNAL_ERROR,
-                           _("rbd username '%s' specified but secret not found"),
-                           disk->auth.username);
+                           _("%s username '%s' specified but secret not found"),
+                           "rbd", disk->auth.username);
             goto error;
         }
     } else {
@@ -2303,6 +2303,7 @@ qemuParseDriveURIString(virDomainDiskDefPtr def, virURIPtr uri,
     char *transp = NULL;
     char *sock = NULL;
     char *volimg = NULL;
+    char *secret = NULL;
 
     if (VIR_ALLOC(def->hosts) < 0)
         goto no_memory;
@@ -2363,6 +2364,16 @@ qemuParseDriveURIString(virDomainDiskDefPtr def, virURIPtr uri,
         def->src = NULL;
     }
 
+    if (uri->user) {
+        secret = strchr(uri->user, ':');
+        if (secret)
+            *secret = '\0';
+
+        def->auth.username = strdup(uri->user);
+        if (!def->auth.username)
+            goto no_memory;
+    }
+
     def->nhosts = 1;
     ret = 0;
 
@@ -2486,14 +2497,20 @@ error:
 }
 
 static int
-qemuBuildDriveURIString(virDomainDiskDefPtr disk, virBufferPtr opt,
-                        const char *scheme)
+qemuBuildDriveURIString(virConnectPtr conn,
+                        virDomainDiskDefPtr disk, virBufferPtr opt,
+                        const char *scheme, virSecretUsageType secretType)
 {
     int ret = -1;
     int port = 0;
+    virSecretPtr sec = NULL;
+    char *secret = NULL;
+    size_t secret_size;
+
     char *tmpscheme = NULL;
     char *volimg = NULL;
     char *sock = NULL;
+    char *user = NULL;
     char *builturi = NULL;
     const char *transp = NULL;
     virURI uri = {
@@ -2529,8 +2546,42 @@ qemuBuildDriveURIString(virDomainDiskDefPtr disk, virBufferPtr opt,
         virAsprintf(&sock, "socket=%s", disk->hosts->socket) < 0)
         goto no_memory;
 
+    if (disk->auth.username && secretType != VIR_SECRET_USAGE_TYPE_NONE) {
+        /* look up secret */
+        switch (disk->auth.secretType) {
+        case VIR_DOMAIN_DISK_SECRET_TYPE_UUID:
+            sec = virSecretLookupByUUID(conn,
+                                        disk->auth.secret.uuid);
+            break;
+        case VIR_DOMAIN_DISK_SECRET_TYPE_USAGE:
+            sec = virSecretLookupByUsage(conn, secretType,
+                                         disk->auth.secret.usage);
+            break;
+        }
+
+        if (sec) {
+            secret = (char *)conn->secretDriver->getValue(sec, &secret_size, 0,
+                                                          VIR_SECRET_GET_VALUE_INTERNAL_CALL);
+            if (secret == NULL) {
+                virReportError(VIR_ERR_INTERNAL_ERROR,
+                               _("could not get the value of the secret for username %s"),
+                               disk->auth.username);
+                ret = -1;
+                goto cleanup;
+            }
+            if (virAsprintf(&user, "%s:%s", disk->auth.username, secret) < 0)
+                goto no_memory;
+        } else {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("%s username '%s' specified but secret not found"),
+                           scheme, disk->auth.username);
+            ret = -1;
+            goto cleanup;
+        }
+    }
     uri.scheme = tmpscheme; /* gluster+<transport> */
     uri.server = disk->hosts->name;
+    uri.user = user;
     uri.port = port;
     uri.path = volimg;
     uri.query = sock;
@@ -2554,21 +2605,23 @@ no_memory:
 }
 
 static int
-qemuBuildGlusterString(virDomainDiskDefPtr disk, virBufferPtr opt)
+qemuBuildGlusterString(virConnectPtr conn, virDomainDiskDefPtr disk, virBufferPtr opt)
 {
-    return qemuBuildDriveURIString(disk, opt, "gluster");
+    return qemuBuildDriveURIString(conn, disk, opt, "gluster",
+                                   VIR_SECRET_USAGE_TYPE_NONE);
 }
 
 #define QEMU_DEFAULT_NBD_PORT "10809"
 
 static int
-qemuBuildISCSIString(virDomainDiskDefPtr disk, virBufferPtr opt)
+qemuBuildISCSIString(virConnectPtr conn, virDomainDiskDefPtr disk, virBufferPtr opt)
 {
-    return qemuBuildDriveURIString(disk, opt, "iscsi");
+    return qemuBuildDriveURIString(conn, disk, opt, "iscsi",
+                                   VIR_SECRET_USAGE_TYPE_ISCSI);
 }
 
 static int
-qemuBuildNBDString(virDomainDiskDefPtr disk, virBufferPtr opt)
+qemuBuildNBDString(virConnectPtr conn, virDomainDiskDefPtr disk, virBufferPtr opt)
 {
     const char *transp;
 
@@ -2583,7 +2636,8 @@ qemuBuildNBDString(virDomainDiskDefPtr disk, virBufferPtr opt)
             && !disk->hosts->name)
         || (disk->hosts->transport == VIR_DOMAIN_DISK_PROTO_TRANS_UNIX
             && disk->hosts->socket && disk->hosts->socket[0] != '/'))
-        return qemuBuildDriveURIString(disk, opt, "nbd");
+        return qemuBuildDriveURIString(conn, disk, opt, "nbd",
+                                       VIR_SECRET_USAGE_TYPE_NONE);
 
     virBufferAddLit(opt, "file=nbd:");
 
@@ -2735,7 +2789,7 @@ qemuBuildDriveStr(virConnectPtr conn ATTRIBUTE_UNUSED,
         } else if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK) {
             switch (disk->protocol) {
             case VIR_DOMAIN_DISK_PROTOCOL_NBD:
-                if (qemuBuildNBDString(disk, &opt) < 0)
+                if (qemuBuildNBDString(conn, disk, &opt) < 0)
                     goto error;
                 virBufferAddChar(&opt, ',');
                 break;
@@ -2746,12 +2800,12 @@ qemuBuildDriveStr(virConnectPtr conn ATTRIBUTE_UNUSED,
                 virBufferAddChar(&opt, ',');
                 break;
             case VIR_DOMAIN_DISK_PROTOCOL_GLUSTER:
-                if (qemuBuildGlusterString(disk, &opt) < 0)
+                if (qemuBuildGlusterString(conn, disk, &opt) < 0)
                     goto error;
                 virBufferAddChar(&opt, ',');
                 break;
             case VIR_DOMAIN_DISK_PROTOCOL_ISCSI:
-                if (qemuBuildISCSIString(disk, &opt) < 0)
+                if (qemuBuildISCSIString(conn, disk, &opt) < 0)
                     goto error;
                 virBufferAddChar(&opt, ',');
                 break;

diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.args
new file mode 100644 (file)
index 0000000..fd2660a
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.args
@@ -0,0 +1 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org/iqn.1992-01.com.example,if=virtio,format=raw -net none -serial none -parallel none

diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index f126fd91c4b5325cd9c5db72565ef7700edf6dd5..5e7adf575869af390c8d52b5af6c80ab3bdf356b 100644 (file)
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -503,6 +503,8 @@ mymain(void)
             QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_FORMAT);
     DO_TEST("disk-drive-network-iscsi",
             QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_FORMAT);
+    DO_TEST("disk-drive-network-iscsi-auth",
+            QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_FORMAT);
     DO_TEST("disk-drive-network-iscsi-lun",
             QEMU_CAPS_DRIVE, QEMU_CAPS_DEVICE, QEMU_CAPS_DRIVE_FORMAT,
             QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_VIRTIO_SCSI,