External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-24 04:12:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

virStorageBackendRBDOpenRADOSConn: Don't log the RBD key

Browse Source 
'virStorageBackendRBDRADOSConfSet' logs its arguments but it's also
used to set the RBD secret/key.

All the security theatre with securely erasing the string we do to fetch
the secret would be quite pointless if we log it thus introduce
virStorageBackendRBDRADOSConfSetQuiet and use it to avoid logging the
password.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2022-12-09 16:49:12 +01:00
parent 7df6338f4d
commit 6d661329dd
1 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/storage/storage_backend_rbd.c
View File

@ -161,12 +161,10 @@ virStoragePoolDefRBDNamespaceFormatXML(virBuffer *buf,
static int
virStorageBackendRBDRADOSConfSet(rados_t cluster,
virStorageBackendRBDRADOSConfSetQuiet(rados_t cluster,
const char *option,
const char *value)
{
VIR_DEBUG("Setting RADOS option '%s' to '%s'",
option, value);
if (rados_conf_set(cluster, option, value) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to set RADOS option: %s"),
@ -177,6 +175,19 @@ virStorageBackendRBDRADOSConfSet(rados_t cluster,
return 0;
}
static int
virStorageBackendRBDRADOSConfSet(rados_t cluster,
const char *option,
const char *value)
{
VIR_DEBUG("Setting RADOS option '%s' to '%s'",
option, value);
return virStorageBackendRBDRADOSConfSetQuiet(cluster, option, value);
}
static int
virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDState *ptr,
virStoragePoolDef *def)
@ -222,7 +233,8 @@ virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDState *ptr,
rados_key = g_base64_encode(secret_value, secret_value_size);
virSecureErase(secret_value, secret_value_size);
rc = virStorageBackendRBDRADOSConfSet(ptr->cluster, "key", rados_key);
VIR_DEBUG("Setting RADOS option 'key'");
rc = virStorageBackendRBDRADOSConfSetQuiet(ptr->cluster, "key", rados_key);
virSecureEraseString(rados_key);
if (rc < 0)