From nobody Mon Feb 9 08:30:49 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1650641534; cv=none; d=zohomail.com; s=zohoarc; b=fOQ9+GdM+yIlBVYOlE/7dNouG25+uA+CQdMA2RKA9GKOuLssMYwtmwUMJkR99Xmkc4ajI4aj6y2QX7CW6C5g5YnpdgsYFwNEpQH1UCA+YvAYZgyEyZbOD5qzoxnva3/bthj+VKD9+eHO0eiORpGeOMPbVmOFAlV8t0bqz5pr6r4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1650641534; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=iFZHq0X9eiQlCk/MJhg6BpxMug+3UlERcGADvOAFiUA=; b=QMsCzk9el5kx2bGXD1tgzrB0ZOjC5j66ABxxUhnC3W9/rV5ZW9YC9aCp32HG+YUBC7Tqq5dxoah9fDuDhQfnKFkKnD5IvBSUuxCCnU0CD2yVISoAf+i9U8KP2RzlOqaYU2DP58fn7SRg+n6fOOv23rtOk0MxFQ58Wsm1b/dDw3w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 165064153486386.29681655022682; Fri, 22 Apr 2022 08:32:14 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-434-P0oF9RgDP-iYf9GjPCNibw-1; Fri, 22 Apr 2022 11:32:07 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5A3E13C21F9D; Fri, 22 Apr 2022 15:32:03 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 45E15409B400; Fri, 22 Apr 2022 15:32:03 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 0F3921940353; Fri, 22 Apr 2022 15:32:03 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id BBF7D1940351 for ; Fri, 22 Apr 2022 15:32:01 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 9613E416362; Fri, 22 Apr 2022 15:32:01 +0000 (UTC) Received: from speedmetal.lan (unknown [10.40.208.36]) by smtp.corp.redhat.com (Postfix) with ESMTP id 22637401475 for ; Fri, 22 Apr 2022 15:32:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650641533; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=iFZHq0X9eiQlCk/MJhg6BpxMug+3UlERcGADvOAFiUA=; b=iENcfDEXlCEqCf+wJPbfqQJb1d1Bqra9sigOes0a9u7tYAhbxTXNpec1l36FqpUt9/DXyh n4y9o33O3EGSNEg5+0ck6rJrkAeFgaSo2/H1vhCQQKwwm9sprJdCfgdtHBEaBP+FCc6qTA Elu3WNXj6Eh9TzQZ5cWKRJKp8MVVL8M= X-MC-Unique: P0oF9RgDP-iYf9GjPCNibw-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 05/11] virDomainDiskDefValidateSourceChainOne: Reject authentication for protocols which don't support it Date: Fri, 22 Apr 2022 17:31:49 +0200 Message-Id: <28597d3bec842198cfc117cdef56108e33f1d92f.1650641396.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.10 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1650641596207100003 Content-Type: text/plain; charset="utf-8" Only certain disk protocols support authentication. Add validation for this field. Signed-off-by: Peter Krempa --- src/conf/domain_validate.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index 68190fc3e2..3f03feee4f 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -473,10 +473,44 @@ virDomainDiskVhostUserValidate(const virDomainDiskDef= *disk) static int virDomainDiskDefValidateSourceChainOne(const virStorageSource *src) { + virStorageType actualType =3D virStorageSourceGetActualType(src); + if (src->type =3D=3D VIR_STORAGE_TYPE_NETWORK && src->auth) { virStorageAuthDef *authdef =3D src->auth; int actUsage; + if (actualType !=3D VIR_STORAGE_TYPE_NETWORK) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("authentication is supported only for network= backed disks")); + return -1; + } + + switch ((virStorageNetProtocol) src->protocol) { + case VIR_STORAGE_NET_PROTOCOL_ISCSI: + case VIR_STORAGE_NET_PROTOCOL_HTTP: + case VIR_STORAGE_NET_PROTOCOL_HTTPS: + case VIR_STORAGE_NET_PROTOCOL_FTP: + case VIR_STORAGE_NET_PROTOCOL_FTPS: + case VIR_STORAGE_NET_PROTOCOL_SSH: + case VIR_STORAGE_NET_PROTOCOL_RBD: + break; + + case VIR_STORAGE_NET_PROTOCOL_NBD: + case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG: + case VIR_STORAGE_NET_PROTOCOL_GLUSTER: + case VIR_STORAGE_NET_PROTOCOL_TFTP: + case VIR_STORAGE_NET_PROTOCOL_VXHS: + case VIR_STORAGE_NET_PROTOCOL_NFS: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("authentication is not supported for protocol= '%s'"), + virStorageNetProtocolTypeToString(src->protocol= )); + return -1; + + case VIR_STORAGE_NET_PROTOCOL_NONE: + case VIR_STORAGE_NET_PROTOCOL_LAST: + break; + } + if ((actUsage =3D virSecretUsageTypeFromString(authdef->secrettype= )) < 0) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("unknown secret type '%s'"), --=20 2.35.1