util: storagefile: Flag backing store strings with authentication

Using inline authentication for storage volumes will not work properly
as libvirt requires use of the secret driver for the auth data and
thus would not be able to represent the passwords stored in the backing
store string.

Make sure that the backing store parsers return 1 which is a sign for
the caller to not use the file in certain cases.

The test data include iscsi via a json pseudo-protocol string and URIs
with the userinfo part being present.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index 2a5ae8b1fd256637908d8dafce8bdb76cb323241..3201f57e62af5526249253e4896f4b56e5b3d029 100644 (file)
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -2705,8 +2705,6 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src,
             return -1;
     }
 
-    /* XXX We currently don't support auth, so don't bother parsing it */
-
     /* uri->path is NULL if the URI does not contain slash after host:
      * transport://host:port */
     if (uri->path)
@@ -2756,6 +2754,10 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src,
     if (VIR_STRDUP(src->hosts->name, uri->server) < 0)
         return -1;
 
+    /* Libvirt doesn't handle inline authentication. Make the caller aware. */
+    if (uri->user)
+        return 1;
+
     return 0;
 }
 
@@ -3313,6 +3315,11 @@ virStorageSourceParseBackingJSONiSCSI(virStorageSourcePtr src,
     if (virAsprintf(&src->path, "%s/%s", target, lun) < 0)
         return -1;
 
+    /* Libvirt doesn't handle inline authentication. Make the caller aware. */
+    if (virJSONValueObjectGetString(json, "user") ||
+        virJSONValueObjectGetString(json, "password"))
+        return 1;
+
     return 0;
 }
 

diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c
index 45586cbd463ae7b97fc10f993a3efcf6dfa905e0..8ebad89da70c07c433bb2d7f4dc61c851efdc385 100644 (file)
--- a/tests/virstoragetest.c
+++ b/tests/virstoragetest.c
@@ -1260,6 +1260,10 @@ mymain(void)
                        "<source protocol='http' name='file'>\n"
                        "  <host name='example.com' port='80'/>\n"
                        "</source>\n");
+    TEST_BACKING_PARSE_FULL("http://user:pass@example.com/file",
+                            "<source protocol='http' name='file'>\n"
+                            "  <host name='example.com' port='80'/>\n"
+                            "</source>\n", 1);
     TEST_BACKING_PARSE("rbd:testshare:id=asdf:mon_host=example.com",
                        "<source protocol='rbd' name='testshare'>\n"
                        "  <host name='example.com'/>\n"
@@ -1288,6 +1292,10 @@ mymain(void)
                        "<source protocol='nbd' name='exportname'>\n"
                        "  <host name='example.org' port='1234'/>\n"
                        "</source>\n");
+    TEST_BACKING_PARSE_FULL("iscsi://testuser:testpass@example.org:1234/exportname",
+                            "<source protocol='iscsi' name='exportname'>\n"
+                            "  <host name='example.org' port='1234'/>\n"
+                            "</source>\n", 1);
 
 #ifdef WITH_YAJL
     TEST_BACKING_PARSE("json:", NULL);
@@ -1492,6 +1500,26 @@ mymain(void)
                        "<source protocol='iscsi' name='iqn.2016-12.com.virttest:emulated-iscsi-noauth.target/0'>\n"
                        "  <host name='test.org' port='3260'/>\n"
                        "</source>\n");
+    TEST_BACKING_PARSE_FULL("json:{\"file\":{\"driver\":\"iscsi\","
+                                            "\"transport\":\"tcp\","
+                                            "\"portal\":\"test.org\","
+                                            "\"user\":\"testuser\","
+                                            "\"target\":\"iqn.2016-12.com.virttest:emulated-iscsi-auth.target\""
+                                            "}"
+                            "}",
+                       "<source protocol='iscsi' name='iqn.2016-12.com.virttest:emulated-iscsi-auth.target/0'>\n"
+                       "  <host name='test.org' port='3260'/>\n"
+                       "</source>\n", 1);
+    TEST_BACKING_PARSE_FULL("json:{\"file\":{\"driver\":\"iscsi\","
+                                            "\"transport\":\"tcp\","
+                                            "\"portal\":\"test.org\","
+                                            "\"password\":\"testpass\","
+                                            "\"target\":\"iqn.2016-12.com.virttest:emulated-iscsi-auth.target\""
+                                            "}"
+                            "}",
+                       "<source protocol='iscsi' name='iqn.2016-12.com.virttest:emulated-iscsi-auth.target/0'>\n"
+                       "  <host name='test.org' port='3260'/>\n"
+                       "</source>\n", 1);
     TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"iscsi\","
                                        "\"transport\":\"tcp\","
                                        "\"portal\":\"test.org:1234\","