From nobody Fri Apr 19 18:39:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1620150260; cv=none; d=zohomail.com; s=zohoarc; b=C1DxPFJ1MAoNNHiMfA+0u2OeVKKNG7ss1sMPSepLIe1NOL+N/Kaap07l73yG+js1tsLr7/q1HMm0NfzU9DHOFH3RPd0LCvooT1RU2TAFay7j5mdJhmuxZzniJBOQKTXr3dH53paDkAmfm2LfhQukSxaEQgl7jcQURro1912mtw8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620150260; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=VbNJr2S7TCQ6HyfcvnvMEfES4hUisnVcRRxK3YCf2uE=; b=N1xS1F832Kl7xUbvHbTmDS1oia3vbEryXyqO9jlaAi+ABW64/XaCzsmP66wEloM8TtY2XHSnU86GumAe6xdtW/TJ7LKQysGe+JNe2MtOjCU33kazg3vn4WzewQ4Sw0OH7VgKxryoP6gjWRxAVqM+iTmCM4LRZJ9VOgG267MOcFo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 162015026064446.51366787243694; Tue, 4 May 2021 10:44:20 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-191-4jpMSw_lPpWPhbkIDt_P8Q-1; Tue, 04 May 2021 13:44:16 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 98C6E64098; Tue, 4 May 2021 17:44:09 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 75B195D9DE; Tue, 4 May 2021 17:44:09 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 13CD15534E; Tue, 4 May 2021 17:44:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 144Hhu9A003875 for ; Tue, 4 May 2021 13:43:56 -0400 Received: by smtp.corp.redhat.com (Postfix) id 700365944C; Tue, 4 May 2021 17:43:56 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-113-37.ams2.redhat.com [10.36.113.37]) by smtp.corp.redhat.com (Postfix) with ESMTP id A7ECC50A8B; Tue, 4 May 2021 17:43:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620150259; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=VbNJr2S7TCQ6HyfcvnvMEfES4hUisnVcRRxK3YCf2uE=; b=Dz4bLnMseFX1LOsxzAt1g+WqwFnldupTO4NojEZIilmdBZKe5S3WgJwxwpieEBnJlU+zSS a9tpo3sDJClHqUK8MuWPyicjIwMXvcN7X2k5l/vb9jmpcVvdFaUmGcWaY1EtecZENAdhI/ GZ/b0VHWFBOqp8lsklsOrAQ7XrCnAY4= X-MC-Unique: 4jpMSw_lPpWPhbkIDt_P8Q-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 1/9] util: add virRandomToken API Date: Tue, 4 May 2021 18:43:42 +0100 Message-Id: <20210504174350.488942-2-berrange@redhat.com> In-Reply-To: <20210504174350.488942-1-berrange@redhat.com> References: <20210504174350.488942-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) A random token is simply a string of random bytes formatted in hexidecimal. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- src/libvirt_private.syms | 1 + src/util/virrandom.c | 18 ++++++++++++++++++ src/util/virrandom.h | 1 + 3 files changed, 20 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 9f761c2c00..418688a4fa 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -3081,6 +3081,7 @@ virRandomBits; virRandomBytes; virRandomGenerateWWN; virRandomInt; +virRandomToken; =20 =20 # util/virresctrl.h diff --git a/src/util/virrandom.c b/src/util/virrandom.c index 3ae1297e6b..c3f3aa1fa6 100644 --- a/src/util/virrandom.c +++ b/src/util/virrandom.c @@ -161,3 +161,21 @@ virRandomGenerateWWN(char **wwn, (unsigned long long)virRandomBits(36)); return 0; } + +char *virRandomToken(size_t len) +{ + g_autofree unsigned char *data =3D g_new0(unsigned char, len); + g_autofree char *token =3D g_new0(char, (len * 2) + 1); + static const char hex[] =3D "0123456789abcdef"; + size_t i; + + if (virRandomBytes(data, len) < 0) + return NULL; + + for (i =3D 0; i < len; i++) { + token[(i*2)] =3D hex[data[i] & 0xf]; + token[(i*2)+1] =3D hex[(data[i] >> 4) & 0xf]; + } + + return g_steal_pointer(&token); +} diff --git a/src/util/virrandom.h b/src/util/virrandom.h index 297721f912..aac684ada9 100644 --- a/src/util/virrandom.h +++ b/src/util/virrandom.h @@ -26,3 +26,4 @@ uint32_t virRandomInt(uint32_t max); int virRandomBytes(unsigned char *buf, size_t buflen) ATTRIBUTE_NONNULL(1) G_GNUC_WARN_UNUSED_RESULT G_GNUC_NO_INLINE; int virRandomGenerateWWN(char **wwn, const char *virt_type) G_GNUC_NO_INLI= NE; +char *virRandomToken(size_t len); --=20 2.31.1 From nobody Fri Apr 19 18:39:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1620150310; cv=none; d=zohomail.com; s=zohoarc; b=YO5aaHW5LLcEeTFlZkyk14p9is5urKyOXYVELNjYqSS+Z/kY9Ppgn4h8emFOIa0Mhq8VRGE3OHw2hX5ecJxNa+AkUV7UTJerWxvhHuR0QO5WbuLuQ6eLmWv5q/t163MAGBbS5MwB8KN6eqEWDciQZ5YouETXXqTMXwD3J04pP04= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620150310; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=9+xLZb3dVRD3NiEhd8kidOmE3dHG2Snpnk0YzYL5dNo=; b=F3EEZ17vcktWGNXFnByP1JsQOX6p3BykASC0ihMR6IToirMhH6RGgTGh7C2n+nRRl22MSDpc8gDykiXECjdmiHsqcs8keME/dPhHKRM0CVoZ9y+D3wxF4RYMWXP8AIZJzEYCdKiPn2t8xKBMaTAv35uIsL5R1sTLKYLyM2ryOAY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1620150310378220.24014504833588; Tue, 4 May 2021 10:45:10 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-216-TdXEhyvUNIuYA8Btu_3q-Q-1; Tue, 04 May 2021 13:44:19 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3B543824FB3; Tue, 4 May 2021 17:44:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1C7C159468; Tue, 4 May 2021 17:44:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DED4C1800BB8; Tue, 4 May 2021 17:44:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 144HhvdG003886 for ; Tue, 4 May 2021 13:43:57 -0400 Received: by smtp.corp.redhat.com (Postfix) id B55422C01B; Tue, 4 May 2021 17:43:57 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-113-37.ams2.redhat.com [10.36.113.37]) by smtp.corp.redhat.com (Postfix) with ESMTP id DE9AA421F; Tue, 4 May 2021 17:43:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620150309; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=9+xLZb3dVRD3NiEhd8kidOmE3dHG2Snpnk0YzYL5dNo=; b=M1cWPpyjf/5mqnNJbWvh2R9xW0t72Evm9d2/ysa6hpQmYcIU8Kl9l0192gzeVCiRYlqMgD XS8naWcT+p9lxSwAR7FWQCeTyT1uat1qy6Qd9dzQ7IYvI5b76F0mSIDwxuPGbhCRCNtR4r dMtdCvl03Zboe/+z+DDTWL+OQEI3cv0= X-MC-Unique: TdXEhyvUNIuYA8Btu_3q-Q-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 2/9] util: introduce concept of a system token into identities Date: Tue, 4 May 2021 18:43:43 +0100 Message-Id: <20210504174350.488942-3-berrange@redhat.com> In-Reply-To: <20210504174350.488942-1-berrange@redhat.com> References: <20210504174350.488942-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) We want a way to distinguish between calls from a libvirt daemon, and a regular client application when both are running as the same user account. This is not possible with the current set of attributes recorded against an identity, as there is nothing that is common to all of the modular libvirt daemons, while distinct to all other processes. We thus introduce the idea of a system token, which is simply a random hex string that is only known by the libvirt daemons, to be recored against the system identity. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- src/libvirt_private.syms | 2 ++ src/util/viridentity.c | 34 ++++++++++++++++++++++++++++++++++ src/util/viridentity.h | 4 ++++ 3 files changed, 40 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 418688a4fa..c5f6c90365 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2404,6 +2404,7 @@ virIdentityGetProcessTime; virIdentityGetSASLUserName; virIdentityGetSELinuxContext; virIdentityGetSystem; +virIdentityGetSystemToken; virIdentityGetUNIXGroupID; virIdentityGetUNIXUserID; virIdentityGetUserName; @@ -2416,6 +2417,7 @@ virIdentitySetProcessID; virIdentitySetProcessTime; virIdentitySetSASLUserName; virIdentitySetSELinuxContext; +virIdentitySetSystemToken; virIdentitySetUNIXGroupID; virIdentitySetUNIXUserID; virIdentitySetUserName; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 7edb6a171a..7da4ea12f5 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -40,6 +40,8 @@ =20 #define VIR_FROM_THIS VIR_FROM_IDENTITY =20 +#define VIR_CONNECT_IDENTITY_SYSTEM_TOKEN "system.token" + VIR_LOG_INIT("util.identity"); =20 struct _virIdentity { @@ -382,6 +384,17 @@ int virIdentityGetSELinuxContext(virIdentity *ident, } =20 =20 +int virIdentityGetSystemToken(virIdentity *ident, + const char **token) +{ + *token =3D NULL; + return virTypedParamsGetString(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_SYSTEM_TOKEN, + token); +} + + int virIdentitySetUserName(virIdentity *ident, const char *username) { @@ -554,6 +567,25 @@ int virIdentitySetSELinuxContext(virIdentity *ident, } =20 =20 +int virIdentitySetSystemToken(virIdentity *ident, + const char *token) +{ + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_SYSTEM_TOKEN)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); + return -1; + } + + return virTypedParamsAddString(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_SYSTEM_TOKEN, + token); +} + + int virIdentitySetParameters(virIdentity *ident, virTypedParameterPtr params, int nparams) @@ -577,6 +609,8 @@ int virIdentitySetParameters(virIdentity *ident, VIR_TYPED_PARAM_STRING, VIR_CONNECT_IDENTITY_SELINUX_CONTEXT, VIR_TYPED_PARAM_STRING, + VIR_CONNECT_IDENTITY_SYSTEM_TOKEN, + VIR_TYPED_PARAM_STRING, NULL) < 0) return -1; =20 diff --git a/src/util/viridentity.h b/src/util/viridentity.h index fa3f46788c..640a7ba2e4 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -52,6 +52,8 @@ int virIdentityGetX509DName(virIdentity *ident, const char **dname); int virIdentityGetSELinuxContext(virIdentity *ident, const char **context); +int virIdentityGetSystemToken(virIdentity *ident, + const char **token); =20 =20 int virIdentitySetUserName(virIdentity *ident, @@ -72,6 +74,8 @@ int virIdentitySetX509DName(virIdentity *ident, const char *dname); int virIdentitySetSELinuxContext(virIdentity *ident, const char *context); +int virIdentitySetSystemToken(virIdentity *ident, + const char *token); =20 int virIdentitySetParameters(virIdentity *ident, virTypedParameterPtr params, --=20 2.31.1 From nobody Fri Apr 19 18:39:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1620150263; cv=none; d=zohomail.com; s=zohoarc; b=eQlb2FQuDjcj125y2G12uWFz1ncisD/7qrmqcbZ/6AMxsXaPqSraIcX7o/wV/M6Vi7go6WRyEgDGqQIS8UK/L1/ffIUlJSIsvYULTBFRlameF0ZwMTMpruwCwQaoGlkAom7Hpr8PmGfgdgDd3Ufkm2YZYcUSwCEaqZR0TNizJdg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620150263; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Xhy9iowtnSAld6hoAlzN3Q8TA+LMllrIJ1weRuQpHmE=; b=VgUEcvUTstVUZcFYP9z7VrUR69yLsGfHe/8ZLcx+D84rn6dBTqlsT+r9BarS4hGFgL1JB4kDW5ItbTWOUWYFdOqyA6NFsapQhPe4H8/3RX8Ke3YpIOBFwywsYqBME1aRqRxXwnx0Qf5hgvTMTOeQ7zWWtNoNk89IjqL8PyNcDhs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1620150263450872.0165935595969; Tue, 4 May 2021 10:44:23 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-570-wF75kpWIOxyfwhUEra0tkg-1; Tue, 04 May 2021 13:44:19 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E97FC1020C21; Tue, 4 May 2021 17:44:14 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CC0565D735; Tue, 4 May 2021 17:44:14 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9315B55352; Tue, 4 May 2021 17:44:14 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 144HhweO003892 for ; Tue, 4 May 2021 13:43:58 -0400 Received: by smtp.corp.redhat.com (Postfix) id D51872C01B; Tue, 4 May 2021 17:43:58 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-113-37.ams2.redhat.com [10.36.113.37]) by smtp.corp.redhat.com (Postfix) with ESMTP id 21FA6421F; Tue, 4 May 2021 17:43:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620150262; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=Xhy9iowtnSAld6hoAlzN3Q8TA+LMllrIJ1weRuQpHmE=; b=KcvNiyjRX75XrggcBVoUKb/GU+a9qxD7JeRbhn+smW6AVfwKMClHqCf9uGxL/9j8keqks5 q1YzzX5++O7Hqy60pVDbt1RO8chWzuWkHHbtFxHQsoTVK3xbfXusBSrzVyNb4eg8BmTQTX UlTyy8wmGSxNvg81fN0XQfZsWZQ9b7Y= X-MC-Unique: wF75kpWIOxyfwhUEra0tkg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 3/9] util: generate a persistent system token Date: Tue, 4 May 2021 18:43:44 +0100 Message-Id: <20210504174350.488942-4-berrange@redhat.com> In-Reply-To: <20210504174350.488942-1-berrange@redhat.com> References: <20210504174350.488942-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) When creating the system identity set the system token. The system token is currently stored in a local path /var/run/libvirt/common/system.token Obviously with only traditional UNIX DAC in effect, this is largely security through obscurity, if the client is running at the same privilege level as the daemon. It does, however, reliably distinguish an unprivilegd client from the system daemons. With a MAC system like SELinux though, or possible use of containers, access can be further restricted. A possible future improvement for Linux would be to populate the kernel keyring with a secret for libvirt daemons to share. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- src/util/viridentity.c | 107 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 7da4ea12f5..065db06e49 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -22,6 +22,7 @@ #include =20 #include +#include #if WITH_SELINUX # include #endif @@ -32,11 +33,14 @@ #include "viridentity.h" #include "virlog.h" #include "virobject.h" +#include "virrandom.h" #include "virthread.h" #include "virutil.h" #include "virstring.h" #include "virprocess.h" #include "virtypedparam.h" +#include "virfile.h" +#include "configmake.h" =20 #define VIR_FROM_THIS VIR_FROM_IDENTITY =20 @@ -54,7 +58,10 @@ struct _virIdentity { =20 G_DEFINE_TYPE(virIdentity, vir_identity, G_TYPE_OBJECT) =20 +static char *virIdentityEnsureSystemToken(void); + static virThreadLocal virIdentityCurrent; +static char *systemToken; =20 static void virIdentityFinalize(GObject *obj); =20 @@ -73,6 +80,9 @@ static int virIdentityOnceInit(void) return -1; } =20 + if (!(systemToken =3D virIdentityEnsureSystemToken())) + return -1; + return 0; } =20 @@ -144,6 +154,103 @@ int virIdentitySetCurrent(virIdentity *ident) } =20 =20 +#define TOKEN_BYTES 16 +#define TOKEN_STRLEN (TOKEN_BYTES * 2) + +static char * +virIdentityConstructSystemTokenPath(void) +{ + g_autofree char *commondir =3D NULL; + if (geteuid() =3D=3D 0) { + commondir =3D g_strdup(RUNSTATEDIR "/libvirt/common"); + } else { + g_autofree char *rundir =3D virGetUserRuntimeDirectory(); + commondir =3D g_strdup_printf("%s/common", rundir); + } + + if (g_mkdir_with_parents(commondir, 0700) < 0) { + virReportSystemError(errno, + _("Cannot create daemon common directory '%s'= "), + commondir); + return NULL; + } + + return g_strdup_printf("%s/system.token", commondir); +} + + +static char * +virIdentityEnsureSystemToken(void) +{ + g_autofree char *tokenfile =3D virIdentityConstructSystemTokenPath(); + g_autofree char *token =3D NULL; + int fd =3D -1; + struct stat st; + + fd =3D open(tokenfile, O_RDWR|O_APPEND|O_CREAT, 0600); + if (fd < 0) { + virReportSystemError(errno, + _("Unable to open system token %s"), + tokenfile); + goto error; + } + + if (virSetCloseExec(fd) < 0) { + virReportSystemError(errno, + _("Failed to set close-on-exec flag '%s'"), + tokenfile); + goto error; + } + + if (virFileLock(fd, false, 0, 1, true) < 0) { + virReportSystemError(errno, + _("Failed to lock system token '%s'"), + tokenfile); + goto error; + } + + if (fstat(fd, &st) < 0) { + virReportSystemError(errno, + _("Failed to check system token '%s'"), + tokenfile); + goto error; + } + + /* Ok, we're the first one here, so we must populate it */ + if (st.st_size =3D=3D 0) { + if (!(token =3D virRandomToken(TOKEN_BYTES))) { + goto error; + } + if (safewrite(fd, token, TOKEN_STRLEN) !=3D TOKEN_STRLEN) { + virReportSystemError(errno, + _("Failed to write system token '%s'"), + tokenfile); + goto error; + } + } else { + if (virFileReadLimFD(fd, TOKEN_STRLEN, &token) < 0) { + virReportSystemError(errno, + _("Failed to write system token '%s'"), + tokenfile); + goto error; + } + if (strlen(token) !=3D TOKEN_STRLEN) { + virReportSystemError(errno, + _("System token in %s was corrupt"), + tokenfile); + goto error; + } + } + + VIR_FORCE_CLOSE(fd); + return g_steal_pointer(&token); + + error: + VIR_FORCE_CLOSE(fd); + return NULL; +} + + /** * virIdentityGetSystem: * --=20 2.31.1 From nobody Fri Apr 19 18:39:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1620150267; cv=none; d=zohomail.com; s=zohoarc; b=fdo9fk8lARUnmB3vlVZ7cqbsZs3Erkc4mDLF90UBmMxcLcrVI1LsmvyGaF+WePADp9S3vg/k3nVGn7hVAtrhPgqfJy5vmIRVic8sG3Yz1PHYiAgDTctx+ceoXrFr6cywLuXq1Np7R9yXcS7jg/MUJDGjIl9T1leEufww9Rl2fHY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620150267; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=LTxITjR/iFCBjgrePs7PhKp4KgSi2Ml/S6EGvcJ1b4g=; b=ZLVPt6WG3DQaWgGzSHoC3oRl/Ni8QW9vuyJkJgfcboEo3rnowtZfGExOMNnQCTFCX+6LxOOJhtzSMhlzVKhsapDKogSstz1YIzHThg5xWLkbNOjGTtU+Vr93MVzOYSM05mnBwJvhEALd1YiprLgm8gjgV3gaMBB/N3R5k3etX1Y= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1620150267860727.1162291239984; Tue, 4 May 2021 10:44:27 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-257-HuhpbRklPXCCTmBXNKIDHw-1; Tue, 04 May 2021 13:44:23 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C7845824FB7; Tue, 4 May 2021 17:44:17 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A7E8F2AE8B; Tue, 4 May 2021 17:44:17 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6F5781801262; Tue, 4 May 2021 17:44:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 144HhxF2003907 for ; Tue, 4 May 2021 13:43:59 -0400 Received: by smtp.corp.redhat.com (Postfix) id E618A421F; Tue, 4 May 2021 17:43:59 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-113-37.ams2.redhat.com [10.36.113.37]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2D0F85B4A0; Tue, 4 May 2021 17:43:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620150266; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=LTxITjR/iFCBjgrePs7PhKp4KgSi2Ml/S6EGvcJ1b4g=; b=MBOphoOMSQj1rMg4+uPV5hLHUN2zF42fHXjFYTgKd7VVh5Z8OsPJBLUwTACoaABTVPU4OE RsbC2e16uHJAxYIoavNw9p3GSuxyB3U8NhZPOAEstrvQoit2ly3X3f12sNM/eCdQcjvrdK Qhi3maMAE6Ys60l5vOnn+YVg3xp4vbc= X-MC-Unique: HuhpbRklPXCCTmBXNKIDHw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 4/9] src: set system token for system identity Date: Tue, 4 May 2021 18:43:45 +0100 Message-Id: <20210504174350.488942-5-berrange@redhat.com> In-Reply-To: <20210504174350.488942-1-berrange@redhat.com> References: <20210504174350.488942-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- src/util/viridentity.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 065db06e49..83044a3de1 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -268,6 +268,7 @@ virIdentity *virIdentityGetSystem(void) #if WITH_SELINUX char *con; #endif + g_autofree char *token =3D virIdentityEnsureSystemToken(); =20 if (!(ret =3D virIdentityNew())) return NULL; @@ -310,6 +311,9 @@ virIdentity *virIdentityGetSystem(void) } #endif =20 + if (virIdentitySetSystemToken(ret, token) < 0) + return NULL; + return g_steal_pointer(&ret); } =20 --=20 2.31.1 From nobody Fri Apr 19 18:39:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1620150252; cv=none; d=zohomail.com; s=zohoarc; b=JBSYTnEZUiRPYgWdcSVDpkqC8wwtZ85rsc7SM9NWLEihjhsKknoGphf54Jqs51BA5nrKTNuBxf56zb3YZe8HTCaeEEpm2dq5I6kP2jQSvhVJ5eOKEuOODuG6LxZlcItSRHF296AJeZqRu9OAkhMQ5ey8bfAqdhhgamKt/iKfgGM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620150252; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=D6C/ItJxoGBhknZcW/gAQiNiZaAn1Kiu6QBHoOndBCQ=; b=RgcYYZr2vBGeU0Frh8EYxFGDJdsWvXOwzVNGfbnyfnoG9auMkuIizr6/l2Xj8r12pdG3wgEZ4ohub8xTIpBSJPcPmAuRLPcVUKXS2tZYfe4fdGrBQV9ktZ1dWflrIqA30PmPJ8hSn1C03ef+S4j4Vu3yYGm3H7K6HEj61wvk8iw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1620150252213577.6789474689486; Tue, 4 May 2021 10:44:12 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-300-pacSgK9EOJWJbQPcqDrzlg-1; Tue, 04 May 2021 13:44:08 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1D5B5824FA6; Tue, 4 May 2021 17:44:04 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F2459608BA; Tue, 4 May 2021 17:44:03 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 53F43180B465; Tue, 4 May 2021 17:44:03 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 144Hi18l003922 for ; Tue, 4 May 2021 13:44:01 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3512A1964B; Tue, 4 May 2021 17:44:01 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-113-37.ams2.redhat.com [10.36.113.37]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5FE535B4A0; Tue, 4 May 2021 17:44:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620150251; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=D6C/ItJxoGBhknZcW/gAQiNiZaAn1Kiu6QBHoOndBCQ=; b=eSItoYIMNQqO/gcrgW8vrM9dqAaJaDhq80dLCywBD/1JbFHLPzWIq2PssXw06w7jiauM4L wBZmaoReR17AUqBf6BnszbHPyfMYtwI7u7VkTvYjPGyS9xvKrixyCm2f19F3BBL4bUYjxj eekmwi+kYh2FUfWGI4dCUYXF5bKkHJg= X-MC-Unique: pacSgK9EOJWJbQPcqDrzlg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 5/9] util: add API for copying identity objects Date: Tue, 4 May 2021 18:43:46 +0100 Message-Id: <20210504174350.488942-6-berrange@redhat.com> In-Reply-To: <20210504174350.488942-1-berrange@redhat.com> References: <20210504174350.488942-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- src/libvirt_private.syms | 1 + src/util/viridentity.c | 21 +++++++++++++++++++++ src/util/viridentity.h | 1 + 3 files changed, 23 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index c5f6c90365..90ca52c95c 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2410,6 +2410,7 @@ virIdentityGetUNIXUserID; virIdentityGetUserName; virIdentityGetX509DName; virIdentityNew; +virIdentityNewCopy; virIdentitySetCurrent; virIdentitySetGroupName; virIdentitySetParameters; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 83044a3de1..3b523d7a2d 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -332,6 +332,27 @@ virIdentity *virIdentityNew(void) } =20 =20 +/** + * virIdentityNewCopy: + * + * Creates a new identity object that is a deep copy of an + * existing identity. + * + * Returns: a copy of the source identity + */ +virIdentity *virIdentityNewCopy(virIdentity *src) +{ + g_autoptr(virIdentity) ident =3D virIdentityNew(); + + if (virTypedParamsCopy(&ident->params, src->params, src->nparams) < 0) + return NULL; + ident->nparams =3D src->nparams; + ident->maxparams =3D src->nparams; + + return g_steal_pointer(&ident); +} + + static void virIdentityFinalize(GObject *object) { virIdentity *ident =3D VIR_IDENTITY(object); diff --git a/src/util/viridentity.h b/src/util/viridentity.h index 640a7ba2e4..512bca286d 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -33,6 +33,7 @@ int virIdentitySetCurrent(virIdentity *ident); virIdentity *virIdentityGetSystem(void); =20 virIdentity *virIdentityNew(void); +virIdentity *virIdentityNewCopy(virIdentity *src); =20 int virIdentityGetUserName(virIdentity *ident, const char **username); --=20 2.31.1 From nobody Fri Apr 19 18:39:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1620150252; cv=none; d=zohomail.com; s=zohoarc; b=Wb5Y+gtLE4MDz2VCC8xI3uCQMW5E4u5+vDkd+yexJA5d4Sz2v0pWLiAStVbF4p75HeVTwUVKsbe78jbdR0mXvn3M+xyDVZiUWI7BFg0cMyGlv+sIGU5rBAD2nA5PXy07Fh/xGcK+BDm2c893XHY8UpAbjucidR0sYQVm8I1bHoE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620150252; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Km5pUIoNjmSI7acWlU81yo+CavQQ7XaDZQnvOoI/PI0=; b=L4ryI6JTMBdba9XqCEWdDWZZaGn/EZwIBgtOeZYjtrHMUD5vIBhH5AZ7KO3CyMFxMZLgKR3aSny7aVPXQt0ePidE1xUHKr9dis2dCYWWh5FbatfV5r7LLCSnyKbtf+I79pPoXUnaRUZcbT6emvOwjivpbaoER8G5ZKQzx9ZhVKY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1620150252976983.410452080434; Tue, 4 May 2021 10:44:12 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-374-Kk6b7j5oOVGEf6kbwPNJJg-1; Tue, 04 May 2021 13:44:09 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 01C588049CB; Tue, 4 May 2021 17:44:05 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BE8FE19C44; Tue, 4 May 2021 17:44:04 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 827765534E; Tue, 4 May 2021 17:44:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 144Hi2SU003927 for ; Tue, 4 May 2021 13:44:02 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6701E50B44; Tue, 4 May 2021 17:44:02 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-113-37.ams2.redhat.com [10.36.113.37]) by smtp.corp.redhat.com (Postfix) with ESMTP id 98C311964B; Tue, 4 May 2021 17:44:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620150252; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=Km5pUIoNjmSI7acWlU81yo+CavQQ7XaDZQnvOoI/PI0=; b=dpeCLWkTEZQZtFDoU7uagFhXP8aJeMfz2rMI5OrDPmnoM3cTbKt0HUcY11MfkED54CvNzk v8rPIhu2463sadRzfyqmVPXx7jqHlHVgh48B0Aa5LwqYEL0O7L9USLneDAhbUSapUwJtUw qVwLAcId+Wq5fFREB87BUy/5NdG+QOU= X-MC-Unique: Kk6b7j5oOVGEf6kbwPNJJg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 6/9] util: add method for getting the current identity with system token Date: Tue, 4 May 2021 18:43:47 +0100 Message-Id: <20210504174350.488942-7-berrange@redhat.com> In-Reply-To: <20210504174350.488942-1-berrange@redhat.com> References: <20210504174350.488942-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) The current identity object represents the identity of the application which initiated the currently executing public API operation. Normally this is the libvirt client application identity. There are times when the libvirt daemon has to make extra public API calls on behalf of the client application. We want these API calls to still use the client appication's identity for ACL checking. At the same time we need to be able to show that the API call is coming from the daemon. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- src/util/viridentity.c | 36 ++++++++++++++++++++++++++++++++++++ src/util/viridentity.h | 1 + 2 files changed, 37 insertions(+) diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 3b523d7a2d..9fa6ab0dd0 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -123,6 +123,42 @@ virIdentity *virIdentityGetCurrent(void) } =20 =20 +/** + * virIdentityGetCurrentElevated: + * + * Get a copy of the current identity associated with this thread, + * with elevated privileges to allow it to identity a system + * initiated operation. The caller will own a reference to the + * returned identity, but must not modify the object in any way, + * other than to release the reference when done with g_object_unref + * + * Returns: a reference to the current identity, or NULL + */ +virIdentity *virIdentityGetCurrentElevated(void) +{ + g_autoptr(virIdentity) ident =3D virIdentityGetCurrent(); + const char *token; + int rc; + + if (!ident) { + return NULL; + } + + if ((rc =3D virIdentityGetSystemToken(ident, &token)) < 0) + return NULL; + + if (rc =3D=3D 0) { + g_autoptr(virIdentity) identel =3D virIdentityNewCopy(ident); + + if (virIdentitySetSystemToken(identel, systemToken) < 0) + return NULL; + + return g_steal_pointer(&identel); + } + + return g_steal_pointer(&ident); +} + /** * virIdentitySetCurrent: * diff --git a/src/util/viridentity.h b/src/util/viridentity.h index 512bca286d..420cd82854 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -28,6 +28,7 @@ G_DECLARE_FINAL_TYPE(virIdentity, vir_identity, VIR, IDENTITY, GObject); =20 virIdentity *virIdentityGetCurrent(void); +virIdentity *virIdentityGetCurrentElevated(void); int virIdentitySetCurrent(virIdentity *ident); =20 virIdentity *virIdentityGetSystem(void); --=20 2.31.1 From nobody Fri Apr 19 18:39:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1620150307; cv=none; d=zohomail.com; s=zohoarc; b=mMVQuwcRxaRyuVNPn5kWzfeLRPIKnTtkCh/UZMIBJjHMGFdXaDBOGecmtsXo+xMzij6G3FWRV0rzYBZIPqU2Cp9gfRmpmv7dxNOSOm+OYV2azJAXalJU1f1UnU+gCENwjaeo3Skndo0OWiM+yty7H3vJyWFCr1x9iCPKhMKK0IE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620150307; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=S/vODEhy3eQgO5rI5W7WjdLvXKmwR6srMdbvqWxMyiY=; b=gJXzg5ufz2fx8X5ngz+kf7OZsPblmoLSqDJ6EuGP7ZURwMKM0+RoIv6JIKnn0fe5LbQJ5kueWckfasFBnJsmZ0qg+o/u1BMbfEQHGWsWsDwmyHteCstrKAgH0eagnsMJ7R5icLlArCUs+3S56LbddM4u+sNtZ5NsfLWHoxPyLLo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1620150307493879.0724345638571; Tue, 4 May 2021 10:45:07 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-29-E7ym2FR2PxexAIdLsONxfA-1; Tue, 04 May 2021 13:44:26 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8C6F36414C; Tue, 4 May 2021 17:44:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 71037648A9; Tue, 4 May 2021 17:44:20 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3C0DB55356; Tue, 4 May 2021 17:44:20 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 144Hi33K003937 for ; Tue, 4 May 2021 13:44:03 -0400 Received: by smtp.corp.redhat.com (Postfix) id 99BF850A8B; Tue, 4 May 2021 17:44:03 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-113-37.ams2.redhat.com [10.36.113.37]) by smtp.corp.redhat.com (Postfix) with ESMTP id CFDF31964B; Tue, 4 May 2021 17:44:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620150306; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=S/vODEhy3eQgO5rI5W7WjdLvXKmwR6srMdbvqWxMyiY=; b=IxPw3NPD7TeV7wpn+RucP134mAcYE2/r6/41Kc+dLMi34SpABI6GmiYInTBX03DHMdtWXp IyJhoPWulGC8GWNeBqi5Hgo90B7YgJ2xMx357uPCmvtI6t1ZROElk2E20e4fvXorOaCmn8 Rc5kPWz3CqLqUJlXGcLHTsVZQ84baQI= X-MC-Unique: E7ym2FR2PxexAIdLsONxfA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 7/9] src: add API to determine if current identity is a system identity Date: Tue, 4 May 2021 18:43:48 +0100 Message-Id: <20210504174350.488942-8-berrange@redhat.com> In-Reply-To: <20210504174350.488942-1-berrange@redhat.com> References: <20210504174350.488942-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) This is essentially a way to determine if the current identity is that of another libvirt daemon. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- src/libvirt_private.syms | 1 + src/util/viridentity.c | 28 ++++++++++++++++++++++++++++ src/util/viridentity.h | 1 + 3 files changed, 30 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 90ca52c95c..698ba50d6b 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2409,6 +2409,7 @@ virIdentityGetUNIXGroupID; virIdentityGetUNIXUserID; virIdentityGetUserName; virIdentityGetX509DName; +virIdentityIsCurrentElevated; virIdentityNew; virIdentityNewCopy; virIdentitySetCurrent; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 9fa6ab0dd0..424de513d9 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -354,6 +354,34 @@ virIdentity *virIdentityGetSystem(void) } =20 =20 +/** + * virIdentityIsCurrentElevated: + * + * Determine if the current identity has elevated privileges. + * This indicates that it was invoked on behalf of the + * user by a libvirt daemon. + * + * Returns: true if elevated + */ +int virIdentityIsCurrentElevated(void) +{ + g_autoptr(virIdentity) current =3D virIdentityGetCurrent(); + const char *currentToken =3D NULL; + int rv; + + if (!current) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No current identity")); + return -1; + } + + rv =3D virIdentityGetSystemToken(current, ¤tToken); + if (rv <=3D 0) + return rv; + + return STREQ_NULLABLE(currentToken, systemToken); +} + /** * virIdentityNew: * diff --git a/src/util/viridentity.h b/src/util/viridentity.h index 420cd82854..37a0c1ad4c 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -31,6 +31,7 @@ virIdentity *virIdentityGetCurrent(void); virIdentity *virIdentityGetCurrentElevated(void); int virIdentitySetCurrent(virIdentity *ident); =20 +int virIdentityIsCurrentElevated(void); virIdentity *virIdentityGetSystem(void); =20 virIdentity *virIdentityNew(void); --=20 2.31.1 From nobody Fri Apr 19 18:39:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1620150260; cv=none; d=zohomail.com; s=zohoarc; b=Ei4uVkqTbjPTm8puyjXJSmKNfIqxuSHosZOMyeq9uqS3xYlkyfcHoHR1csbpQnDq05rQMJivo1ETVMg0LV5SfeXOu+WkHA+eMxD/QbwUulD+5jyP66L/BWew/CZbHZyUbIPY7+bvv3p5nYMiRzaDIIIGGGbVG5vfV1cy4AuwInM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620150260; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=jYj3mJ2k6tU3l+vm3ZYWUYtagymlEi+wRhE8ZQxgZ2s=; b=d+H/nJQYSG9f3J3rNAMttfaz0Hd8FLpQIYUDGI9Bht5rMjiC72qnPd+yTn94w6RrXOLRT70nkZC8+Re+NEKIsrGrSpwVcX+hBRlbIm3KbOWABnb8okuyrYvDvGjRMH2pzj1/nBeW9HBurwPG2Z6CWQeiInR4VGwgBkEVGARz1/I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1620150260705439.4742497879489; Tue, 4 May 2021 10:44:20 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-97-oNGNfxCPMzqZ6wre-sG8Eg-1; Tue, 04 May 2021 13:44:16 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E3F99824FA9; Tue, 4 May 2021 17:44:09 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C1DF5BA6F; Tue, 4 May 2021 17:44:09 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 87DEA55352; Tue, 4 May 2021 17:44:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 144Hi57E003950 for ; Tue, 4 May 2021 13:44:05 -0400 Received: by smtp.corp.redhat.com (Postfix) id 025975B4A6; Tue, 4 May 2021 17:44:05 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-113-37.ams2.redhat.com [10.36.113.37]) by smtp.corp.redhat.com (Postfix) with ESMTP id 104BF1964B; Tue, 4 May 2021 17:44:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620150259; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=jYj3mJ2k6tU3l+vm3ZYWUYtagymlEi+wRhE8ZQxgZ2s=; b=LBtazquMNWNqv7oLq2zrstoTes5zLyog3z9Tm0norqFYSeloE9Dp90wYylpL/hNjdXG8Ak uMZkomS1d2VpKgNBKm3kcqsi8sj7suUvkEDde4qwPi1aGrCKuBQtXl/ognep5hIKr/wVKN 9ju553Zbor4P0Z1WFCng61iTO0aoBew= X-MC-Unique: oNGNfxCPMzqZ6wre-sG8Eg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 8/9] secret: rework handling of private secrets Date: Tue, 4 May 2021 18:43:49 +0100 Message-Id: <20210504174350.488942-9-berrange@redhat.com> In-Reply-To: <20210504174350.488942-1-berrange@redhat.com> References: <20210504174350.488942-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) A secret can be marked with the "private" attribute. The intent was that it is not possible for any libvirt client to be able to read the secret value, it would only be accesible from within libvirtd. eg the QEMU driver can read the value to launch a guest. With the modular daemons, the QEMU, storage and secret drivers are all running in separate daemons. The QEMU and storage drivers thus appear to be normal libvirt client's from the POV of the secret driver, and thus they are not able to read a private secret. This is unhelpful. With the previous patches that introduced a "system token" to the identity object, we can now distinguish APIs invoked by libvirt daemons from those invoked by client applications. Reviewed-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- src/driver-secret.h | 9 +-------- src/libvirt-secret.c | 2 +- src/remote/remote_driver.c | 8 +------- src/secret/secret_driver.c | 34 +++++++++++++++++++++++++++------- src/util/virsecret.c | 3 +-- tests/qemuxml2argvtest.c | 3 +-- 6 files changed, 32 insertions(+), 27 deletions(-) diff --git a/src/driver-secret.h b/src/driver-secret.h index eb6e82478c..1d21f62bb3 100644 --- a/src/driver-secret.h +++ b/src/driver-secret.h @@ -24,12 +24,6 @@ # error "Don't include this file directly, only use driver.h" #endif =20 -enum { - /* This getValue call is inside libvirt, override the "private" flag. - This flag cannot be set by outside callers. */ - VIR_SECRET_GET_VALUE_INTERNAL_CALL =3D 1 << 0, -}; - typedef virSecretPtr (*virDrvSecretLookupByUUID)(virConnectPtr conn, const unsigned char *uuid); @@ -57,8 +51,7 @@ typedef int typedef unsigned char * (*virDrvSecretGetValue)(virSecretPtr secret, size_t *value_size, - unsigned int flags, - unsigned int internalFlags); + unsigned int flags); =20 typedef int (*virDrvSecretUndefine)(virSecretPtr secret); diff --git a/src/libvirt-secret.c b/src/libvirt-secret.c index 75d40f53dc..a427805c7a 100644 --- a/src/libvirt-secret.c +++ b/src/libvirt-secret.c @@ -585,7 +585,7 @@ virSecretGetValue(virSecretPtr secret, size_t *value_si= ze, unsigned int flags) if (conn->secretDriver !=3D NULL && conn->secretDriver->secretGetValue= !=3D NULL) { unsigned char *ret; =20 - ret =3D conn->secretDriver->secretGetValue(secret, value_size, fla= gs, 0); + ret =3D conn->secretDriver->secretGetValue(secret, value_size, fla= gs); if (ret =3D=3D NULL) goto error; return ret; diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 0c72d69933..eed99af127 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -5382,7 +5382,7 @@ remoteDomainBuildQemuMonitorEvent(virNetClientProgram= *prog G_GNUC_UNUSED, =20 static unsigned char * remoteSecretGetValue(virSecretPtr secret, size_t *value_size, - unsigned int flags, unsigned int internalFlags) + unsigned int flags) { unsigned char *rv =3D NULL; remote_secret_get_value_args args; @@ -5391,12 +5391,6 @@ remoteSecretGetValue(virSecretPtr secret, size_t *va= lue_size, =20 remoteDriverLock(priv); =20 - /* internalFlags intentionally do not go over the wire */ - if (internalFlags) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("no internalFlags s= upport")); - goto done; - } - make_nonnull_secret(&args.secret, secret); args.flags =3D flags; =20 diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 6ea8cc8ce9..d2175de8ed 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -36,6 +36,7 @@ #include "viruuid.h" #include "virerror.h" #include "virfile.h" +#include "viridentity.h" #include "virpidfile.h" #include "configmake.h" #include "virstring.h" @@ -352,8 +353,7 @@ secretSetValue(virSecretPtr secret, static unsigned char * secretGetValue(virSecretPtr secret, size_t *value_size, - unsigned int flags, - unsigned int internalFlags) + unsigned int flags) { unsigned char *ret =3D NULL; virSecretObj *obj; @@ -368,11 +368,31 @@ secretGetValue(virSecretPtr secret, if (virSecretGetValueEnsureACL(secret->conn, def) < 0) goto cleanup; =20 - if ((internalFlags & VIR_SECRET_GET_VALUE_INTERNAL_CALL) =3D=3D 0 && - def->isprivate) { - virReportError(VIR_ERR_INVALID_SECRET, "%s", - _("secret is private")); - goto cleanup; + /* + * For historical compat we want to deny access to + * private secrets, even if no ACL driver is + * present. + * + * We need to validate the identity requesting + * the secret value is running as the same user + * credentials as this driver. + * + * ie a non-root libvirt client should not be + * able to request the value from privileged + * libvirt driver. + * + * To apply restrictions to processes running under + * the same user account is out of scope. + */ + if (def->isprivate) { + int rv =3D virIdentityIsCurrentElevated(); + if (rv < 0) + goto cleanup; + if (rv =3D=3D 0) { + virReportError(VIR_ERR_INVALID_SECRET, "%s", + _("secret is private")); + goto cleanup; + } } =20 if (!(ret =3D virSecretObjGetValue(obj))) diff --git a/src/util/virsecret.c b/src/util/virsecret.c index 0695288229..604d900f77 100644 --- a/src/util/virsecret.c +++ b/src/util/virsecret.c @@ -174,8 +174,7 @@ virSecretGetSecretString(virConnectPtr conn, goto cleanup; } =20 - *secret =3D conn->secretDriver->secretGetValue(sec, secret_size, 0, - VIR_SECRET_GET_VALUE_INTE= RNAL_CALL); + *secret =3D conn->secretDriver->secretGetValue(sec, secret_size, 0); =20 if (!*secret) goto cleanup; diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index f0efe98d7e..2cd8534b47 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -42,8 +42,7 @@ static virQEMUDriver driver; static unsigned char * fakeSecretGetValue(virSecretPtr obj G_GNUC_UNUSED, size_t *value_size, - unsigned int fakeflags G_GNUC_UNUSED, - unsigned int internalFlags G_GNUC_UNUSED) + unsigned int fakeflags G_GNUC_UNUSED) { char *secret; secret =3D g_strdup("AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A"); --=20 2.31.1 From nobody Fri Apr 19 18:39:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1620150260; cv=none; d=zohomail.com; s=zohoarc; b=jcptIoDaTm6sNXZC1mfElhI5lyKbKXWihuhaMlQ+nogJX+si5onjqeN2OdSC5mQcF7A3Zv9orkQMLB4Y6fcanMXOvVCHS+b5AJb8PlvM4lkQLRk8SN/W/F4m5pgYEbkja1vs1VYvm206itNQFQ4g9Vkv4lWIHJb8zKbgkEZcfIU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620150260; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=4A611Z3bz6cpSZbHMeTpsi6bU4b6IN4UNtAmvGIffes=; b=Y3PidQ5ykgK2aVDN7d4+cl7JWGOcG1xDBbLoiUzpJfukg5jGKuxOM1PRt4WGjA5eF2Tvde9HCwnmWExS3LTl/3hWn+BhWEwyBRDDewNII3xPXy8TtP8Jww8Ael/NVwDh7n41SSUJjF9Tn7TgZIDrSzoMaWfV8vneTjwPPL32p54= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1620150260479480.5621664712288; Tue, 4 May 2021 10:44:20 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-510-TRGqeUmTNOKcpSOxnEkDTA-1; Tue, 04 May 2021 13:44:16 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 56BE7824FAC; Tue, 4 May 2021 17:44:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 35BC85C3DF; Tue, 4 May 2021 17:44:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 02326180B463; Tue, 4 May 2021 17:44:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 144Hi6hT003961 for ; Tue, 4 May 2021 13:44:06 -0400 Received: by smtp.corp.redhat.com (Postfix) id 394441964B; Tue, 4 May 2021 17:44:06 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-113-37.ams2.redhat.com [10.36.113.37]) by smtp.corp.redhat.com (Postfix) with ESMTP id 663625B4A0; Tue, 4 May 2021 17:44:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620150259; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=4A611Z3bz6cpSZbHMeTpsi6bU4b6IN4UNtAmvGIffes=; b=Pew/CKydFWc0Lem+w019vHPAkTmYnZ3ZVrBN4sn/naZ/4hxcH2IPRrDKFF1y9uOVL8ez79 sjuQdg5HoW75mqIUQ4J9ca/syRwleLws21/dcWhfxE8X+1H2h19yHXY0RK6ZrdXCU4t4Q2 XeqtU1vqAyp0bQOxZ36ZOuM50PZEkbE= X-MC-Unique: TRGqeUmTNOKcpSOxnEkDTA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 9/9] src: set identity when opening secondary drivers Date: Tue, 4 May 2021 18:43:50 +0100 Message-Id: <20210504174350.488942-10-berrange@redhat.com> In-Reply-To: <20210504174350.488942-1-berrange@redhat.com> References: <20210504174350.488942-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) The drivers can all call virGetConnectXXX to open a connection to a secondary driver. For example, when creating a encrypted storage volume, the storage driver has to open a secret driver connection, or when starting a guest, the QEMU driver has to open the network driver to lookup a virtual network. When using monolithic libvirtd, the connection has the same effective identity as the client, since everything is still in the same process. When using the modular daemons, however, the remote daemon sees the identity of the calling daemon. This is a mistake as it results in the modular daemons seeing the client with elevated privileges. We need to pass on the current identity explicitly when opening the secondary drivers. This is the same thing that is done by daemon RPC dispatcher code when it is directly forwarding top level API calls from virtproxyd and other daemons. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- src/driver.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/driver.c b/src/driver.c index f8022d2522..dc409c48fc 100644 --- a/src/driver.c +++ b/src/driver.c @@ -33,6 +33,8 @@ #include "virstring.h" #include "virthread.h" #include "virutil.h" +#include "viridentity.h" +#include "datatypes.h" #include "configmake.h" =20 VIR_LOG_INIT("driver"); @@ -136,6 +138,7 @@ static virConnectPtr virGetConnectGeneric(virThreadLocal *threadPtr, const char *name) { virConnectPtr conn; + virErrorPtr saved; =20 if (virConnectCacheInitialize() < 0) return NULL; @@ -153,8 +156,32 @@ virGetConnectGeneric(virThreadLocal *threadPtr, const = char *name) =20 conn =3D virConnectOpen(uri); VIR_DEBUG("Opened new %s connection %p", name, conn); + if (!conn) + return NULL; + + if (conn->driver->connectSetIdentity !=3D NULL) { + g_autoptr(virIdentity) ident =3D NULL; + virTypedParameterPtr identparams =3D NULL; + int nidentparams =3D 0; + + VIR_DEBUG("Attempting to delegate current identity"); + if (!(ident =3D virIdentityGetCurrentElevated())) + goto error; + + if (virIdentityGetParameters(ident, &identparams, &nidentparam= s) < 0) + goto error; + + if (virConnectSetIdentity(conn, identparams, nidentparams, 0) = < 0) + goto error; + } } return conn; + + error: + saved =3D virSaveLastError(); + virConnectClose(conn); + virSetError(saved); + return NULL; } =20 =20 --=20 2.31.1