From nobody Thu Mar 28 13:32:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=reject dis=none) header.from=il.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1678701067; cv=none; d=zohomail.com; s=zohoarc; b=Sm40LqPLz5ojRhcbjG5ClHHU08fliqShIl5NsfHYg1HgAH6kDjtjF2GGz21tVzbQLH6vj3YSRs9UVMvVQyg8pJdgGEwUoIpRUa3brQaLS3E3OgBoiRwU9r/qXrQmLKjr0MxyDhly2aDRVyfgq3iFTUb6DqRxW4pNncNpeHYU/oY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678701067; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=oWt5VIpu4CzBkMtq/Xehx5Dl/yRv78KQ6MHxcIqgR9k=; b=mQdLE68ZAb0j0y20eFEELwO79f2ZEckOc8MgUko47BjCOsstphnVrMnt9DLDIYmrgA/KSCnjA507lZdjKi0I3uuONDsPfKrLeH817tGRPewK/idbeL9aYdB/mfkxENjJ8y2dnwiT/ITREs3nUiuR9tsFYaf9Uxa6nWcFcq9TD5k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=reject dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1678701067207368.5962052614851; Mon, 13 Mar 2023 02:51:07 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-507-XCB9-RyUOtmJLRuV39eS5A-1; Mon, 13 Mar 2023 05:51:02 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7AAF1101A52E; Mon, 13 Mar 2023 09:50:59 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 664C418EC6; Mon, 13 Mar 2023 09:50:59 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 5BDE5194658F; Mon, 13 Mar 2023 09:50:59 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 1C4141946588 for ; Mon, 13 Mar 2023 09:50:56 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 00892175AD; Mon, 13 Mar 2023 09:50:56 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EC5FA2A68 for ; Mon, 13 Mar 2023 09:50:55 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C7F6F101A521 for ; Mon, 13 Mar 2023 09:50:55 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-148-NQG8sS0nPAWXCvJPm8YNPw-1; Mon, 13 Mar 2023 05:50:51 -0400 Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 32D8QNS5023744 for ; Mon, 13 Mar 2023 09:50:49 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p93et8n6d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 13 Mar 2023 09:50:49 +0000 Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 32D9BbKp026647 for ; Mon, 13 Mar 2023 09:50:49 GMT Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3p93et8n5v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Mar 2023 09:50:49 +0000 Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 32D7MTl4000859; Mon, 13 Mar 2023 09:50:48 GMT Received: from smtprelay02.wdc07v.mail.ibm.com ([9.208.129.120]) by ppma05wdc.us.ibm.com (PPS) with ESMTPS id 3p8h97cuur-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Mar 2023 09:50:47 +0000 Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232]) by smtprelay02.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 32D9oipp25231918 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Mar 2023 09:50:44 GMT Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A377E58043; Mon, 13 Mar 2023 09:50:44 +0000 (GMT) Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CEE1C58053; Mon, 13 Mar 2023 09:50:43 +0000 (GMT) Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176]) by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 13 Mar 2023 09:50:43 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678701066; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=oWt5VIpu4CzBkMtq/Xehx5Dl/yRv78KQ6MHxcIqgR9k=; b=Y4UWB4xVYhEhRgHdKnKWESqA+BGbhajvZdo4fY94H5/YUDh7a7z2+Bp3niwskQyUspWbFZ FPNBSWKnoMCdg/kfouqtUNbpsf0rvOhGQbm4gfRwpnX3R/6nuTIWg8tjD4XLQsZHDYY4qD i1yoVHSzekFSGfKXnPOp1+kdCn364DA= X-MC-Unique: XCB9-RyUOtmJLRuV39eS5A-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: NQG8sS0nPAWXCvJPm8YNPw-1 From: Or Ozeri To: libvir-list@redhat.com Subject: [PATCH v2 2/7] qemu: add support for multiple secret aliases Date: Mon, 13 Mar 2023 04:50:18 -0500 Message-Id: <20230313095023.3477917-3-oro@il.ibm.com> In-Reply-To: <20230313095023.3477917-1-oro@il.ibm.com> References: <20230313095023.3477917-1-oro@il.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: cT5MBisgleP0MwGCs0hFGCgfbUnQt7LD X-Proofpoint-ORIG-GUID: sXdSsdFSsETJzboLWj7HG3GD4fI0whY2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-13_02,2023-03-10_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 phishscore=0 mlxscore=0 spamscore=0 suspectscore=0 adultscore=0 lowpriorityscore=0 mlxlogscore=914 bulkscore=0 impostorscore=0 clxscore=1015 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303130069 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: oro@il.ibm.com, idryomov@gmail.com, dannyh@il.ibm.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1678701067616100003 Content-Type: text/plain; charset="utf-8"; x-default="true" Change secret aliases from %s-%s-secret0 to %s-%s-secret%lu, which will later be used for storage encryption requiring more than a single secret. Signed-off-by: Or Ozeri --- src/qemu/qemu_alias.c | 8 +++++--- src/qemu/qemu_alias.h | 3 ++- src/qemu/qemu_domain.c | 14 ++++++++------ src/qemu/qemu_hotplug.c | 2 +- src/qemu/qemu_migration_params.c | 2 +- 5 files changed, 17 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index a9809797d5..2e0a50b68b 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -801,17 +801,19 @@ qemuDomainGetMasterKeyAlias(void) /* qemuAliasForSecret: * @parentalias: alias of the parent object * @obj: optional sub-object of the parent device the secret is for + * @secret_idx: secret index number (0 in the case of a single secret) * * Generate alias for a secret object used by @parentalias device or one of * the dependencies of the device described by @obj. */ char * qemuAliasForSecret(const char *parentalias, - const char *obj) + const char *obj, + size_t secret_idx) { if (obj) - return g_strdup_printf("%s-%s-secret0", parentalias, obj); - return g_strdup_printf("%s-secret0", parentalias); + return g_strdup_printf("%s-%s-secret%lu", parentalias, obj, secret= _idx); + return g_strdup_printf("%s-secret%lu", parentalias, secret_idx); } =20 /* qemuAliasTLSObjFromSrcAlias diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h index f13f4cc5f8..eae08020dc 100644 --- a/src/qemu/qemu_alias.h +++ b/src/qemu/qemu_alias.h @@ -86,7 +86,8 @@ char *qemuAliasFromHostdev(const virDomainHostdevDef *hos= tdev); char *qemuDomainGetMasterKeyAlias(void); =20 char *qemuAliasForSecret(const char *parentalias, - const char *obj); + const char *obj, + size_t secret_idx); =20 char *qemuAliasTLSObjFromSrcAlias(const char *srcAlias) ATTRIBUTE_NONNULL(1); diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 0feab09bee..f62fb453a9 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1317,6 +1317,7 @@ qemuDomainSecretInfoSetup(qemuDomainObjPrivate *priv, * @priv: pointer to domain private object * @srcalias: Alias of the disk/hostdev used to generate the secret alias * @secretuse: specific usage for the secret (may be NULL if main object i= s using it) + * @secret_idx: secret index number (0 in the case of a single secret) * @usageType: The virSecretUsageType * @username: username to use for authentication (may be NULL) * @seclookupdef: Pointer to seclookupdef data @@ -1329,12 +1330,13 @@ static qemuDomainSecretInfo * qemuDomainSecretInfoSetupFromSecret(qemuDomainObjPrivate *priv, const char *srcalias, const char *secretuse, + size_t secret_idx, virSecretUsageType usageType, const char *username, virSecretLookupTypeDef *seclookupdef) { qemuDomainSecretInfo *secinfo; - g_autofree char *alias =3D qemuAliasForSecret(srcalias, secretuse); + g_autofree char *alias =3D qemuAliasForSecret(srcalias, secretuse, sec= ret_idx); g_autofree uint8_t *secret =3D NULL; size_t secretlen =3D 0; VIR_IDENTITY_AUTORESTORE virIdentity *oldident =3D virIdentityElevateC= urrent(); @@ -1384,7 +1386,7 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivate *priv, } seclookupdef.type =3D VIR_SECRET_LOOKUP_TYPE_UUID; =20 - return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL, + return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL, 0, VIR_SECRET_USAGE_TYPE_TLS, NULL, &seclookupdef); } @@ -1411,7 +1413,7 @@ qemuDomainSecretStorageSourcePrepareCookies(qemuDomai= nObjPrivate *priv, virStorageSource *src, const char *aliasprotocol) { - g_autofree char *secretalias =3D qemuAliasForSecret(aliasprotocol, "ht= tpcookie"); + g_autofree char *secretalias =3D qemuAliasForSecret(aliasprotocol, "ht= tpcookie", 0); g_autofree char *cookies =3D qemuBlockStorageSourceGetCookieString(src= ); =20 return qemuDomainSecretInfoSetup(priv, secretalias, NULL, @@ -1460,7 +1462,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPri= vate *priv, usageType =3D VIR_SECRET_USAGE_TYPE_CEPH; =20 if (!(srcPriv->secinfo =3D qemuDomainSecretInfoSetupFromSecret(pri= v, aliasprotocol, - "auth= ", + "auth= ", 0, usage= Type, src->= auth->username, &src-= >auth->seclookupdef))) @@ -1469,7 +1471,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPri= vate *priv, =20 if (hasEnc) { if (!(srcPriv->encinfo =3D qemuDomainSecretInfoSetupFromSecret(pri= v, aliasformat, - "encr= yption", + "encr= yption", 0, VIR_S= ECRET_USAGE_TYPE_VOLUME, NULL, &src-= >encryption->secrets[0]->seclookupdef))) @@ -11185,7 +11187,7 @@ qemuDomainPrepareHostdev(virDomainHostdevDef *hostd= ev, =20 if (!(srcPriv->secinfo =3D qemuDomainSecretInfoSetupFromSe= cret(priv, = backendalias, - = NULL, + = NULL, 0, = usageType, = src->auth->username, = &src->auth->seclookupdef))) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index da17525824..f15b4ea31f 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1753,7 +1753,7 @@ qemuDomainDelChardevTLSObjects(virQEMUDriver *driver, * secret UUID and we have a serial TCP chardev, then formulate a * secAlias which we'll attempt to destroy. */ if (cfg->chardevTLSx509secretUUID && - !(secAlias =3D qemuAliasForSecret(inAlias, NULL))) + !(secAlias =3D qemuAliasForSecret(inAlias, NULL, 0))) return -1; =20 qemuDomainObjEnterMonitor(vm); diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_par= ams.c index bd09dcfb23..0d747580f4 100644 --- a/src/qemu/qemu_migration_params.c +++ b/src/qemu/qemu_migration_params.c @@ -1129,7 +1129,7 @@ qemuMigrationParamsResetTLS(virDomainObj *vm, return; =20 tlsAlias =3D qemuAliasTLSObjFromSrcAlias(QEMU_MIGRATION_TLS_ALIAS_BASE= ); - secAlias =3D qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL); + secAlias =3D qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL, 0= ); =20 qemuDomainDelTLSObjects(vm, asyncJob, secAlias, tlsAlias); g_clear_pointer(&QEMU_DOMAIN_PRIVATE(vm)->migSecinfo, qemuDomainSecret= InfoFree); --=20 2.25.1