mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 14:15:28 +00:00
secret: Alter virSecretGetSecretString
Rather than returning a "char *" indicating perhaps some sized set of characters that is NUL terminated, alter the function to return 0 or -1 for success/failure and add two parameters to handle returning the buffer and it's size. The function no longer encodes the returned secret, rather it returns the unencoded secret forcing callers to make the necessary adjustments. Alter the callers to handle the adjusted model. Signed-off-by: John Ferlan <jferlan@redhat.com>
This commit is contained in:
parent
fb1dddfb00
commit
abd2272c02
@ -1021,7 +1021,9 @@ static int
|
|||||||
libxlMakeNetworkDiskSrc(virStorageSourcePtr src, char **srcstr)
|
libxlMakeNetworkDiskSrc(virStorageSourcePtr src, char **srcstr)
|
||||||
{
|
{
|
||||||
virConnectPtr conn = NULL;
|
virConnectPtr conn = NULL;
|
||||||
char *secret = NULL;
|
uint8_t *secret = NULL;
|
||||||
|
char *base64secret = NULL;
|
||||||
|
size_t secretlen = 0;
|
||||||
char *username = NULL;
|
char *username = NULL;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
|
||||||
@ -1031,20 +1033,24 @@ libxlMakeNetworkDiskSrc(virStorageSourcePtr src, char **srcstr)
|
|||||||
if (!(conn = virConnectOpen("xen:///system")))
|
if (!(conn = virConnectOpen("xen:///system")))
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
if (!(secret = virSecretGetSecretString(conn,
|
if (virSecretGetSecretString(conn, src->auth,
|
||||||
true,
|
VIR_SECRET_USAGE_TYPE_CEPH,
|
||||||
src->auth,
|
&secret, &secretlen) < 0)
|
||||||
VIR_SECRET_USAGE_TYPE_CEPH)))
|
goto cleanup;
|
||||||
|
|
||||||
|
/* RBD expects an encoded secret */
|
||||||
|
if (!(base64secret = virStringEncodeBase64(secret, secretlen)))
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(*srcstr = libxlMakeNetworkDiskSrcStr(src, username, secret)))
|
if (!(*srcstr = libxlMakeNetworkDiskSrcStr(src, username, base64secret)))
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
VIR_FREE(secret);
|
VIR_DISPOSE_N(secret, secretlen);
|
||||||
|
VIR_DISPOSE_STRING(base64secret);
|
||||||
virObjectUnref(conn);
|
virObjectUnref(conn);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -628,6 +628,12 @@ qemuBuildGeneralSecinfoURI(virURIPtr uri,
|
|||||||
switch ((qemuDomainSecretInfoType) secinfo->type) {
|
switch ((qemuDomainSecretInfoType) secinfo->type) {
|
||||||
case VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN:
|
case VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN:
|
||||||
if (secinfo->s.plain.secret) {
|
if (secinfo->s.plain.secret) {
|
||||||
|
if (!virStringBufferIsPrintable(secinfo->s.plain.secret,
|
||||||
|
secinfo->s.plain.secretlen)) {
|
||||||
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||||
|
_("found non printable characters in secret"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
if (virAsprintf(&uri->user, "%s:%s",
|
if (virAsprintf(&uri->user, "%s:%s",
|
||||||
secinfo->s.plain.username,
|
secinfo->s.plain.username,
|
||||||
secinfo->s.plain.secret) < 0)
|
secinfo->s.plain.secret) < 0)
|
||||||
@ -662,6 +668,8 @@ static int
|
|||||||
qemuBuildRBDSecinfoURI(virBufferPtr buf,
|
qemuBuildRBDSecinfoURI(virBufferPtr buf,
|
||||||
qemuDomainSecretInfoPtr secinfo)
|
qemuDomainSecretInfoPtr secinfo)
|
||||||
{
|
{
|
||||||
|
char *base64secret = NULL;
|
||||||
|
|
||||||
if (!secinfo) {
|
if (!secinfo) {
|
||||||
virBufferAddLit(buf, ":auth_supported=none");
|
virBufferAddLit(buf, ":auth_supported=none");
|
||||||
return 0;
|
return 0;
|
||||||
@ -669,11 +677,14 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
|
|||||||
|
|
||||||
switch ((qemuDomainSecretInfoType) secinfo->type) {
|
switch ((qemuDomainSecretInfoType) secinfo->type) {
|
||||||
case VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN:
|
case VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN:
|
||||||
virBufferEscape(buf, '\\', ":", ":id=%s",
|
if (!(base64secret = virStringEncodeBase64(secinfo->s.plain.secret,
|
||||||
secinfo->s.plain.username);
|
secinfo->s.plain.secretlen)))
|
||||||
|
return -1;
|
||||||
|
virBufferEscape(buf, '\\', ":", ":id=%s", secinfo->s.plain.username);
|
||||||
virBufferEscape(buf, '\\', ":",
|
virBufferEscape(buf, '\\', ":",
|
||||||
":key=%s:auth_supported=cephx\\;none",
|
":key=%s:auth_supported=cephx\\;none",
|
||||||
secinfo->s.plain.secret);
|
base64secret);
|
||||||
|
VIR_DISPOSE_STRING(base64secret);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case VIR_DOMAIN_SECRET_INFO_TYPE_AES:
|
case VIR_DOMAIN_SECRET_INFO_TYPE_AES:
|
||||||
|
@ -731,8 +731,7 @@ static void
|
|||||||
qemuDomainSecretPlainClear(qemuDomainSecretPlain secret)
|
qemuDomainSecretPlainClear(qemuDomainSecretPlain secret)
|
||||||
{
|
{
|
||||||
VIR_FREE(secret.username);
|
VIR_FREE(secret.username);
|
||||||
memset(secret.secret, 0, strlen(secret.secret));
|
VIR_DISPOSE_N(secret.secret, secret.secretlen);
|
||||||
VIR_FREE(secret.secret);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -870,24 +869,18 @@ qemuDomainSecretPlainSetup(virConnectPtr conn,
|
|||||||
virStorageNetProtocol protocol,
|
virStorageNetProtocol protocol,
|
||||||
virStorageAuthDefPtr authdef)
|
virStorageAuthDefPtr authdef)
|
||||||
{
|
{
|
||||||
bool encode = false;
|
|
||||||
int secretType = VIR_SECRET_USAGE_TYPE_ISCSI;
|
int secretType = VIR_SECRET_USAGE_TYPE_ISCSI;
|
||||||
|
|
||||||
secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN;
|
secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN;
|
||||||
if (VIR_STRDUP(secinfo->s.plain.username, authdef->username) < 0)
|
if (VIR_STRDUP(secinfo->s.plain.username, authdef->username) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (protocol == VIR_STORAGE_NET_PROTOCOL_RBD) {
|
if (protocol == VIR_STORAGE_NET_PROTOCOL_RBD)
|
||||||
/* qemu requires the secret to be encoded for RBD */
|
|
||||||
encode = true;
|
|
||||||
secretType = VIR_SECRET_USAGE_TYPE_CEPH;
|
secretType = VIR_SECRET_USAGE_TYPE_CEPH;
|
||||||
}
|
|
||||||
|
|
||||||
if (!(secinfo->s.plain.secret =
|
return virSecretGetSecretString(conn, authdef, secretType,
|
||||||
virSecretGetSecretString(conn, encode, authdef, secretType)))
|
&secinfo->s.plain.secret,
|
||||||
return -1;
|
&secinfo->s.plain.secretlen);
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -251,7 +251,8 @@ typedef struct _qemuDomainSecretPlain qemuDomainSecretPlain;
|
|||||||
typedef struct _qemuDomainSecretPlain *qemuDomainSecretPlainPtr;
|
typedef struct _qemuDomainSecretPlain *qemuDomainSecretPlainPtr;
|
||||||
struct _qemuDomainSecretPlain {
|
struct _qemuDomainSecretPlain {
|
||||||
char *username;
|
char *username;
|
||||||
char *secret;
|
uint8_t *secret;
|
||||||
|
size_t secretlen;
|
||||||
};
|
};
|
||||||
|
|
||||||
# define QEMU_DOMAIN_AES_IV_LEN 16 /* 16 bytes for 128 bit random */
|
# define QEMU_DOMAIN_AES_IV_LEN 16 /* 16 bytes for 128 bit random */
|
||||||
|
@ -27,7 +27,6 @@
|
|||||||
#include "virlog.h"
|
#include "virlog.h"
|
||||||
#include "virobject.h"
|
#include "virobject.h"
|
||||||
#include "viruuid.h"
|
#include "viruuid.h"
|
||||||
#include "base64.h"
|
|
||||||
#include "datatypes.h"
|
#include "datatypes.h"
|
||||||
|
|
||||||
#define VIR_FROM_THIS VIR_FROM_SECRET
|
#define VIR_FROM_THIS VIR_FROM_SECRET
|
||||||
@ -37,25 +36,26 @@ VIR_LOG_INIT("secret.secret_util");
|
|||||||
|
|
||||||
/* virSecretGetSecretString:
|
/* virSecretGetSecretString:
|
||||||
* @conn: Pointer to the connection driver to make secret driver call
|
* @conn: Pointer to the connection driver to make secret driver call
|
||||||
* @encoded: Whether the returned secret needs to be base64 encoded
|
|
||||||
* @authdef: Pointer to the disk storage authentication
|
* @authdef: Pointer to the disk storage authentication
|
||||||
* @secretUsageType: Type of secret usage for authdef lookup
|
* @secretUsageType: Type of secret usage for authdef lookup
|
||||||
|
* @secret: returned secret as a sized stream of unsigned chars
|
||||||
|
* @secret_size: Return size of the secret - either raw text or base64
|
||||||
*
|
*
|
||||||
* Lookup the secret for the authdef usage type and return it either as
|
* Lookup the secret for the authdef usage type and return it as raw text.
|
||||||
* raw text or encoded based on the caller's need.
|
* It is up to the caller to encode the secret further.
|
||||||
*
|
*
|
||||||
* Returns a pointer to memory that needs to be cleared and free'd after
|
* Returns 0 on success, -1 on failure. On success the memory in secret
|
||||||
* usage or NULL on error.
|
* needs to be cleared and free'd after usage.
|
||||||
*/
|
*/
|
||||||
char *
|
int
|
||||||
virSecretGetSecretString(virConnectPtr conn,
|
virSecretGetSecretString(virConnectPtr conn,
|
||||||
bool encoded,
|
|
||||||
virStorageAuthDefPtr authdef,
|
virStorageAuthDefPtr authdef,
|
||||||
virSecretUsageType secretUsageType)
|
virSecretUsageType secretUsageType,
|
||||||
|
uint8_t **secret,
|
||||||
|
size_t *secret_size)
|
||||||
{
|
{
|
||||||
size_t secret_size;
|
|
||||||
virSecretPtr sec = NULL;
|
virSecretPtr sec = NULL;
|
||||||
char *secret = NULL;
|
int ret = -1;
|
||||||
|
|
||||||
switch (authdef->secretType) {
|
switch (authdef->secretType) {
|
||||||
case VIR_STORAGE_SECRET_TYPE_UUID:
|
case VIR_STORAGE_SECRET_TYPE_UUID:
|
||||||
@ -71,25 +71,15 @@ virSecretGetSecretString(virConnectPtr conn,
|
|||||||
if (!sec)
|
if (!sec)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
secret = (char *)conn->secretDriver->secretGetValue(sec, &secret_size, 0,
|
*secret = conn->secretDriver->secretGetValue(sec, secret_size, 0,
|
||||||
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
|
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
|
||||||
|
|
||||||
if (!secret)
|
if (!*secret)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
if (encoded) {
|
ret = 0;
|
||||||
char *base64 = NULL;
|
|
||||||
|
|
||||||
base64_encode_alloc(secret, secret_size, &base64);
|
|
||||||
VIR_FREE(secret);
|
|
||||||
if (!base64) {
|
|
||||||
virReportOOMError();
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
secret = base64;
|
|
||||||
}
|
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
virObjectUnref(sec);
|
virObjectUnref(sec);
|
||||||
return secret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -25,9 +25,11 @@
|
|||||||
# include "internal.h"
|
# include "internal.h"
|
||||||
# include "virstoragefile.h"
|
# include "virstoragefile.h"
|
||||||
|
|
||||||
char *virSecretGetSecretString(virConnectPtr conn,
|
int virSecretGetSecretString(virConnectPtr conn,
|
||||||
bool encoded,
|
|
||||||
virStorageAuthDefPtr authdef,
|
virStorageAuthDefPtr authdef,
|
||||||
virSecretUsageType secretUsageType)
|
virSecretUsageType secretUsageType,
|
||||||
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(3) ATTRIBUTE_RETURN_CHECK;
|
uint8_t **ret_secret,
|
||||||
|
size_t *ret_secret_size)
|
||||||
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(4)
|
||||||
|
ATTRIBUTE_NONNULL(5) ATTRIBUTE_RETURN_CHECK;
|
||||||
#endif /* __VIR_SECRET_H__ */
|
#endif /* __VIR_SECRET_H__ */
|
||||||
|
Loading…
Reference in New Issue
Block a user