diff options
author | Peter Krempa <pkrempa@redhat.com> | 2022-04-22 16:59:37 +0200 |
---|---|---|
committer | Peter Krempa <pkrempa@redhat.com> | 2022-04-25 16:34:59 +0200 |
commit | 4c6498d48a45867821376767fcb5cfc2d50aafd1 (patch) | |
tree | 595c3729bea567e8c0e88af2c3150923b508bd5d | |
parent | b1f5f14a5c53145d9f078382d3b1bc8328030c83 (diff) | |
download | libvirt-4c6498d48a45867821376767fcb5cfc2d50aafd1.tar.gz |
virDomainDiskDefValidateSourceChainOne: Reject authentication for protocols which don't support it
Only certain disk protocols support authentication. Add validation for
this field.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
-rw-r--r-- | src/conf/domain_validate.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index 68190fc3e2..3f03feee4f 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -473,10 +473,44 @@ virDomainDiskVhostUserValidate(const virDomainDiskDef *disk) static int virDomainDiskDefValidateSourceChainOne(const virStorageSource *src) { + virStorageType actualType = virStorageSourceGetActualType(src); + if (src->type == VIR_STORAGE_TYPE_NETWORK && src->auth) { virStorageAuthDef *authdef = src->auth; int actUsage; + if (actualType != VIR_STORAGE_TYPE_NETWORK) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("authentication is supported only for network backed disks")); + return -1; + } + + switch ((virStorageNetProtocol) src->protocol) { + case VIR_STORAGE_NET_PROTOCOL_ISCSI: + case VIR_STORAGE_NET_PROTOCOL_HTTP: + case VIR_STORAGE_NET_PROTOCOL_HTTPS: + case VIR_STORAGE_NET_PROTOCOL_FTP: + case VIR_STORAGE_NET_PROTOCOL_FTPS: + case VIR_STORAGE_NET_PROTOCOL_SSH: + case VIR_STORAGE_NET_PROTOCOL_RBD: + break; + + case VIR_STORAGE_NET_PROTOCOL_NBD: + case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG: + case VIR_STORAGE_NET_PROTOCOL_GLUSTER: + case VIR_STORAGE_NET_PROTOCOL_TFTP: + case VIR_STORAGE_NET_PROTOCOL_VXHS: + case VIR_STORAGE_NET_PROTOCOL_NFS: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("authentication is not supported for protocol '%s'"), + virStorageNetProtocolTypeToString(src->protocol)); + return -1; + + case VIR_STORAGE_NET_PROTOCOL_NONE: + case VIR_STORAGE_NET_PROTOCOL_LAST: + break; + } + if ((actUsage = virSecretUsageTypeFromString(authdef->secrettype)) < 0) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("unknown secret type '%s'"), |