From: Peter Krempa Date: Thu, 15 Aug 2019 17:29:43 +0000 (+0200) Subject: util: storagefile: Flag backing store strings with authentication X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=6ff9241058dba35565ed594c7931e52a46a82b13;p=libvirt.git util: storagefile: Flag backing store strings with authentication Using inline authentication for storage volumes will not work properly as libvirt requires use of the secret driver for the auth data and thus would not be able to represent the passwords stored in the backing store string. Make sure that the backing store parsers return 1 which is a sign for the caller to not use the file in certain cases. The test data include iscsi via a json pseudo-protocol string and URIs with the userinfo part being present. Signed-off-by: Peter Krempa Reviewed-by: Ján Tomko --- diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index 2a5ae8b1fd..3201f57e62 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2705,8 +2705,6 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src, return -1; } - /* XXX We currently don't support auth, so don't bother parsing it */ - /* uri->path is NULL if the URI does not contain slash after host: * transport://host:port */ if (uri->path) @@ -2756,6 +2754,10 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src, if (VIR_STRDUP(src->hosts->name, uri->server) < 0) return -1; + /* Libvirt doesn't handle inline authentication. Make the caller aware. */ + if (uri->user) + return 1; + return 0; } @@ -3313,6 +3315,11 @@ virStorageSourceParseBackingJSONiSCSI(virStorageSourcePtr src, if (virAsprintf(&src->path, "%s/%s", target, lun) < 0) return -1; + /* Libvirt doesn't handle inline authentication. Make the caller aware. */ + if (virJSONValueObjectGetString(json, "user") || + virJSONValueObjectGetString(json, "password")) + return 1; + return 0; } diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c index 45586cbd46..8ebad89da7 100644 --- a/tests/virstoragetest.c +++ b/tests/virstoragetest.c @@ -1260,6 +1260,10 @@ mymain(void) "\n" " \n" "\n"); + TEST_BACKING_PARSE_FULL("http://user:pass@example.com/file", + "\n" + " \n" + "\n", 1); TEST_BACKING_PARSE("rbd:testshare:id=asdf:mon_host=example.com", "\n" " \n" @@ -1288,6 +1292,10 @@ mymain(void) "\n" " \n" "\n"); + TEST_BACKING_PARSE_FULL("iscsi://testuser:testpass@example.org:1234/exportname", + "\n" + " \n" + "\n", 1); #ifdef WITH_YAJL TEST_BACKING_PARSE("json:", NULL); @@ -1492,6 +1500,26 @@ mymain(void) "\n" " \n" "\n"); + TEST_BACKING_PARSE_FULL("json:{\"file\":{\"driver\":\"iscsi\"," + "\"transport\":\"tcp\"," + "\"portal\":\"test.org\"," + "\"user\":\"testuser\"," + "\"target\":\"iqn.2016-12.com.virttest:emulated-iscsi-auth.target\"" + "}" + "}", + "\n" + " \n" + "\n", 1); + TEST_BACKING_PARSE_FULL("json:{\"file\":{\"driver\":\"iscsi\"," + "\"transport\":\"tcp\"," + "\"portal\":\"test.org\"," + "\"password\":\"testpass\"," + "\"target\":\"iqn.2016-12.com.virttest:emulated-iscsi-auth.target\"" + "}" + "}", + "\n" + " \n" + "\n", 1); TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"iscsi\"," "\"transport\":\"tcp\"," "\"portal\":\"test.org:1234\","