From nobody Mon Feb 9 21:21:08 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1666303204; cv=none; d=zohomail.com; s=zohoarc; b=IH7Gbj5ufMa15+lmGj1Yu8L5qqD9nsjHXL2o3wzyRNbZCGkStS9GdOHHoGtGFqfp0RRKkg0C1urLy3ywAQW4SaIcLSxHss/2h4nhH6XEsyiO3SdhzAHv2UtjyHfKHqW/DkhzEMsszedJZ6R6uZDqbmbY6k0sFfJeINxbsQOSFNE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1666303204; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=0fwzLRzJNBF/P+q01W+aKtddXbLG+dGE6cMHcJIF1pY=; b=NrcTJ/5NF0yKkl/sXvx4tIqNA6V9eFlUHTbex10Nd2ewLOTrUDbPeczJn92DnzmOR7V/F5XqXr5S5CaH5AJXFdnl7e6pevODEnrLGp7BwlpdGhgJTfJmUOHdhpdKhcZvIb9plkGlglvzXNr8rMgw977jR16yQyMjdOdpnSFQ9Ng= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1666303204813928.1282631346884; Thu, 20 Oct 2022 15:00:04 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-554-nH6xOg-CPAKYTi8XI1iKAg-1; Thu, 20 Oct 2022 17:59:30 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0661B1C199C6; Thu, 20 Oct 2022 21:59:23 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E44501401C23; Thu, 20 Oct 2022 21:59:22 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id CE89A1946595; Thu, 20 Oct 2022 21:59:22 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id AAFFD1946597 for ; Thu, 20 Oct 2022 21:59:16 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id A1DD94047AA; Thu, 20 Oct 2022 21:59:16 +0000 (UTC) Received: from himantopus.redhat.com (unknown [10.22.18.111]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7646B4047A7 for ; Thu, 20 Oct 2022 21:59:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1666303202; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=0fwzLRzJNBF/P+q01W+aKtddXbLG+dGE6cMHcJIF1pY=; b=E0Z4tu/BsARiu+6GFxyl/dQpMCwCHVtKMrpceGbGs1whnoNWoR6s521bYu8+dDYDWLwZUL Fgx3QWjlYwlXiQpf7i5eFe4STPhJHJ+KyzSl75qgSWOkUmFaShT+ExxMPm2Sye28CnWACB Zx6fOqeruUIifspCbUNgW/sP5PYbg1E= X-MC-Unique: nH6xOg-CPAKYTi8XI1iKAg-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Jonathon Jongsma To: libvir-list@redhat.com Subject: [libvirt PATCH v3 16/18] qemu: pass sensitive data to nbdkit via pipe Date: Thu, 20 Oct 2022 16:59:07 -0500 Message-Id: <20221020215909.1751428-17-jjongsma@redhat.com> In-Reply-To: <20221020215909.1751428-1-jjongsma@redhat.com> References: <20221020215909.1751428-1-jjongsma@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1666303206745100003 Content-Type: text/plain; charset="utf-8"; x-default="true" Rather than passing passwords and cookies (which could contain passwords) to nbdkit via commandline arguments, use the alternate format that nbdkit supports where we can specify a file descriptor which nbdkit will read to get the password or cookies. Signed-off-by: Jonathon Jongsma --- build-aux/syntax-check.mk | 4 +- src/qemu/qemu_nbdkit.c | 64 ++++++++++++----- src/util/vircommand.c | 3 +- src/util/virutil.h | 2 +- .../disk-cdrom-network.args.disk0 | 7 ++ .../disk-cdrom-network.args.disk1 | 9 +++ .../disk-cdrom-network.args.disk1.pipe.1778 | 1 + .../disk-cdrom-network.args.disk2 | 9 +++ .../disk-cdrom-network.args.disk2.pipe.1780 | 1 + .../disk-network-http.args.disk0 | 7 ++ .../disk-network-http.args.disk1 | 6 ++ .../disk-network-http.args.disk2 | 7 ++ .../disk-network-http.args.disk2.pipe.1778 | 1 + .../disk-network-http.args.disk3 | 8 +++ .../disk-network-http.args.disk3.pipe.1780 | 1 + ...work-source-curl-nbdkit-backing.args.disk0 | 8 +++ ...e-curl-nbdkit-backing.args.disk0.pipe.1778 | 1 + .../disk-network-source-curl.args.disk0 | 8 +++ ...k-network-source-curl.args.disk0.pipe.1778 | 1 + .../disk-network-source-curl.args.disk1 | 8 +++ ...k-network-source-curl.args.disk1.pipe.1780 | 1 + .../disk-network-source-curl.args.disk2 | 8 +++ ...k-network-source-curl.args.disk2.pipe.1782 | 1 + .../disk-network-source-curl.args.disk3 | 7 ++ .../disk-network-source-curl.args.disk4 | 7 ++ tests/qemunbdkittest.c | 69 +++++++++++++++++-- 26 files changed, 219 insertions(+), 30 deletions(-) create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk1 create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk1.pipe= .1778 create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk2 create mode 100644 tests/qemunbdkitdata/disk-cdrom-network.args.disk2.pipe= .1780 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk1 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk2 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk2.pipe.= 1778 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk3 create mode 100644 tests/qemunbdkitdata/disk-network-http.args.disk3.pipe.= 1780 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl-nbdkit-ba= cking.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl-nbdkit-ba= cking.args.disk0.pipe.1778 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk= 0.pipe.1778 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk1 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk= 1.pipe.1780 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk2 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk= 2.pipe.1782 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk3 create mode 100644 tests/qemunbdkitdata/disk-network-source-curl.args.disk4 diff --git a/build-aux/syntax-check.mk b/build-aux/syntax-check.mk index 68cd9dff5f..d44b1e5b17 100644 --- a/build-aux/syntax-check.mk +++ b/build-aux/syntax-check.mk @@ -1355,10 +1355,10 @@ exclude_file_name_regexp--sc_prohibit_strdup =3D \ ^(docs/|examples/|tests/virnetserverclientmock.c|tests/commandhelper.c|t= ools/nss/libvirt_nss_(leases|macs)\.c$$) =20 exclude_file_name_regexp--sc_prohibit_close =3D \ - (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/vir(file|event)\.c|src/libvirt= -stream\.c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c)|tools/= nss/libvirt_nss_(leases|macs)\.c)|tools/virt-qemu-qmp-proxy$$) + (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/vir(file|event)\.c|src/libvirt= -stream\.c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c|qemunbd= kittest\.c)|tools/nss/libvirt_nss_(leases|macs)\.c)|tools/virt-qemu-qmp-pro= xy$$) =20 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF =3D \ - (^tests/(nodedevmdevctl|virhostcpu|virpcitest|virstoragetest)data/|docs/= js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$) + (^tests/(nodedevmdevctl|virhostcpu|virpcitest|virstoragetest|qemunbdkit)= data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newlin= e\.conf$$) =20 exclude_file_name_regexp--sc_prohibit_fork_wrappers =3D \ (^(src/(util/(vircommand|virdaemon)|lxc/lxc_controller)|tests/testutils)= \.c$$) diff --git a/src/qemu/qemu_nbdkit.c b/src/qemu/qemu_nbdkit.c index 882a074211..0a0dc5d2a4 100644 --- a/src/qemu/qemu_nbdkit.c +++ b/src/qemu/qemu_nbdkit.c @@ -55,6 +55,7 @@ VIR_ENUM_IMPL(qemuNbdkitCaps, "filter-readahead", /* QEMU_NBDKIT_CAPS_FILTER_READAHEAD */ ); =20 + struct _qemuNbdkitCaps { GObject parent; =20 @@ -71,6 +72,12 @@ struct _qemuNbdkitCaps { G_DEFINE_TYPE(qemuNbdkitCaps, qemu_nbdkit_caps, G_TYPE_OBJECT); =20 =20 +enum { + PIPE_FD_READ =3D 0, + PIPE_FD_WRITE =3D 1 +}; + + static void qemuNbdkitCheckCommandCap(qemuNbdkitCaps *nbdkit, virCommand *cmd, @@ -729,6 +736,29 @@ qemuNbdkitStopStorageSource(virStorageSource *src) } =20 =20 +static int +qemuNbdkitCommandPassDataByPipe(virCommand *cmd, + const char *argName, + unsigned char *buf, + size_t buflen) +{ + g_autofree char *fdfmt =3D NULL; + int fd =3D virCommandSetSendBuffer(cmd, buf, buflen); + + if (fd < 0) + return -1; + + /* some nbdkit arguments accept a variation where nbdkit will read the= data + * from a file descriptor, e.g. password=3D-FD */ + fdfmt =3D g_strdup_printf("-%i", fd); + virCommandAddArgPair(cmd, argName, fdfmt); + + virCommandDoAsyncIO(cmd); + + return 0; +} + + static int qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *proc, virCommand *cmd) @@ -744,10 +774,10 @@ qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *= proc, =20 if (proc->source->auth) { g_autoptr(virConnect) conn =3D virGetConnectSecret(); - g_autofree uint8_t *secret =3D NULL; + uint8_t *secret =3D NULL; size_t secretlen =3D 0; - g_autofree char *password =3D NULL; int secrettype; + virStorageAuthDef *authdef =3D proc->source->auth; =20 virCommandAddArgPair(cmd, "user", proc->source->auth->username); @@ -760,7 +790,7 @@ qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *pr= oc, } =20 if (virSecretGetSecretString(conn, - &proc->source->auth->seclookupdef, + &authdef->seclookupdef, secrettype, &secret, &secretlen) < 0) { @@ -769,24 +799,20 @@ qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *= proc, return -1; } =20 - /* ensure that the secret is a NULL-terminated string */ - password =3D g_strndup((char*)secret, secretlen); - - /* for now, just report an error rather than passing the password = in - * cleartext on the commandline */ - virReportError(VIR_ERR_INTERNAL_ERROR, - "%s", - "Password not yet supported for nbdkit sources"); - return -1; + if (qemuNbdkitCommandPassDataByPipe(cmd, "password", + secret, secretlen) < 0) + return -1; } =20 - if (proc->source->ncookies > 0) { - /* for now, just report an error rather than passing cookies in - * cleartext on the commandline */ - virReportError(VIR_ERR_INTERNAL_ERROR, - "%s", - "Cookies not yet supported for nbdkit sources"); - return -1; + /* Create a pipe to send the cookies to the nbdkit process. */ + if (proc->source->ncookies) { + char *cookies =3D + qemuBlockStorageSourceGetCookieString(proc->source); + + if (qemuNbdkitCommandPassDataByPipe(cmd, "cookie", + (unsigned char*)cookies, + strlen(cookies)) < 0) + return -1; } =20 if (proc->source->sslverify =3D=3D VIR_TRISTATE_BOOL_NO) { diff --git a/src/util/vircommand.c b/src/util/vircommand.c index 014bab9196..838eb6bd16 100644 --- a/src/util/vircommand.c +++ b/src/util/vircommand.c @@ -1703,7 +1703,8 @@ virCommandSetSendBuffer(virCommand *cmd, return -1; } =20 - if (fcntl(pipefd[1], F_SETFL, O_NONBLOCK) < 0) { + if (!(dryRunBuffer || dryRunCallback) && + fcntl(pipefd[1], F_SETFL, O_NONBLOCK) < 0) { cmd->has_error =3D errno; VIR_FORCE_CLOSE(pipefd[0]); VIR_FORCE_CLOSE(pipefd[1]); diff --git a/src/util/virutil.h b/src/util/virutil.h index ab8511bf8d..094b399859 100644 --- a/src/util/virutil.h +++ b/src/util/virutil.h @@ -186,7 +186,7 @@ char *virGetPassword(void); * * Returns: -1 on error, 0 on success */ -int virPipe(int fds[2]); +int virPipe(int fds[2]) G_NO_INLINE; =20 /* * virPipeQuiet: diff --git a/tests/qemunbdkitdata/disk-cdrom-network.args.disk0 b/tests/qem= unbdkitdata/disk-cdrom-network.args.disk0 new file mode 100644 index 0000000000..5f3a795ba0 --- /dev/null +++ b/tests/qemunbdkitdata/disk-cdrom-network.args.disk0 @@ -0,0 +1,7 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-0/nbdkit-test-disk-0.socket \ +--foreground \ +--readonly curl \ +protocols=3Dftp \ +url=3Dftp://host.name:21/url/path/file.iso diff --git a/tests/qemunbdkitdata/disk-cdrom-network.args.disk1 b/tests/qem= unbdkitdata/disk-cdrom-network.args.disk1 new file mode 100644 index 0000000000..12c0dcaf0e --- /dev/null +++ b/tests/qemunbdkitdata/disk-cdrom-network.args.disk1 @@ -0,0 +1,9 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-1/nbdkit-test-disk-1.socket \ +--foreground \ +--readonly curl \ +protocols=3Dftps \ +url=3Dftps://host.name:990/url/path/file.iso \ +user=3Dtestuser \ +password=3D-1777 diff --git a/tests/qemunbdkitdata/disk-cdrom-network.args.disk1.pipe.1778 b= /tests/qemunbdkitdata/disk-cdrom-network.args.disk1.pipe.1778 new file mode 100644 index 0000000000..ccdd4033fc --- /dev/null +++ b/tests/qemunbdkitdata/disk-cdrom-network.args.disk1.pipe.1778 @@ -0,0 +1 @@ +iscsi-mycluster_myname-secret \ No newline at end of file diff --git a/tests/qemunbdkitdata/disk-cdrom-network.args.disk2 b/tests/qem= unbdkitdata/disk-cdrom-network.args.disk2 new file mode 100644 index 0000000000..d41337a089 --- /dev/null +++ b/tests/qemunbdkitdata/disk-cdrom-network.args.disk2 @@ -0,0 +1,9 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-2/nbdkit-test-disk-2.socket \ +--foreground \ +--readonly curl \ +protocols=3Dhttps \ +'url=3Dhttps://host.name:443/url/path/file.iso?test=3Dval' \ +user=3Dtestuser \ +password=3D-1779 diff --git a/tests/qemunbdkitdata/disk-cdrom-network.args.disk2.pipe.1780 b= /tests/qemunbdkitdata/disk-cdrom-network.args.disk2.pipe.1780 new file mode 100644 index 0000000000..ccdd4033fc --- /dev/null +++ b/tests/qemunbdkitdata/disk-cdrom-network.args.disk2.pipe.1780 @@ -0,0 +1 @@ +iscsi-mycluster_myname-secret \ No newline at end of file diff --git a/tests/qemunbdkitdata/disk-network-http.args.disk0 b/tests/qemu= nbdkitdata/disk-network-http.args.disk0 new file mode 100644 index 0000000000..fa8ef90cd1 --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-http.args.disk0 @@ -0,0 +1,7 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-0/nbdkit-test-disk-0.socket \ +--foreground curl \ +protocols=3Dhttp \ +url=3Dhttp://example.org:80/test.img \ +timeout=3D1234 diff --git a/tests/qemunbdkitdata/disk-network-http.args.disk1 b/tests/qemu= nbdkitdata/disk-network-http.args.disk1 new file mode 100644 index 0000000000..9bac3fe229 --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-http.args.disk1 @@ -0,0 +1,6 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-1/nbdkit-test-disk-1.socket \ +--foreground curl \ +protocols=3Dhttps \ +url=3Dhttps://example.org:443/test2.img diff --git a/tests/qemunbdkitdata/disk-network-http.args.disk2 b/tests/qemu= nbdkitdata/disk-network-http.args.disk2 new file mode 100644 index 0000000000..2d39b6c259 --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-http.args.disk2 @@ -0,0 +1,7 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-2/nbdkit-test-disk-2.socket \ +--foreground curl \ +protocols=3Dhttp \ +url=3Dhttp://example.org:1234/test3.img \ +cookie=3D-1777 diff --git a/tests/qemunbdkitdata/disk-network-http.args.disk2.pipe.1778 b/= tests/qemunbdkitdata/disk-network-http.args.disk2.pipe.1778 new file mode 100644 index 0000000000..2c42c95930 --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-http.args.disk2.pipe.1778 @@ -0,0 +1 @@ +test=3Dtestcookievalue; test2=3D"blurb" \ No newline at end of file diff --git a/tests/qemunbdkitdata/disk-network-http.args.disk3 b/tests/qemu= nbdkitdata/disk-network-http.args.disk3 new file mode 100644 index 0000000000..54f12f5c9e --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-http.args.disk3 @@ -0,0 +1,8 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-3/nbdkit-test-disk-3.socket \ +--foreground curl \ +protocols=3Dhttps \ +'url=3Dhttps://example.org:1234/test4.img?par=3Dval&other=3Dble' \ +cookie=3D-1779 \ +sslverify=3Dfalse diff --git a/tests/qemunbdkitdata/disk-network-http.args.disk3.pipe.1780 b/= tests/qemunbdkitdata/disk-network-http.args.disk3.pipe.1780 new file mode 100644 index 0000000000..2c42c95930 --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-http.args.disk3.pipe.1780 @@ -0,0 +1 @@ +test=3Dtestcookievalue; test2=3D"blurb" \ No newline at end of file diff --git a/tests/qemunbdkitdata/disk-network-source-curl-nbdkit-backing.a= rgs.disk0 b/tests/qemunbdkitdata/disk-network-source-curl-nbdkit-backing.ar= gs.disk0 new file mode 100644 index 0000000000..eb479b996f --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-source-curl-nbdkit-backing.args.dis= k0 @@ -0,0 +1,8 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-0/nbdkit-test-disk-0.socket \ +--foreground \ +--readonly curl \ +protocols=3Dhttps \ +url=3Dhttps://https.example.org:8443/path/to/disk1.qcow2 \ +cookie=3D-1777 diff --git a/tests/qemunbdkitdata/disk-network-source-curl-nbdkit-backing.a= rgs.disk0.pipe.1778 b/tests/qemunbdkitdata/disk-network-source-curl-nbdkit-= backing.args.disk0.pipe.1778 new file mode 100644 index 0000000000..20af4ae383 --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-source-curl-nbdkit-backing.args.dis= k0.pipe.1778 @@ -0,0 +1 @@ +cookie1=3Dcookievalue1; cookie2=3Dcookievalue2 \ No newline at end of file diff --git a/tests/qemunbdkitdata/disk-network-source-curl.args.disk0 b/tes= ts/qemunbdkitdata/disk-network-source-curl.args.disk0 new file mode 100644 index 0000000000..cf2c0b7184 --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-source-curl.args.disk0 @@ -0,0 +1,8 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-0/nbdkit-test-disk-0.socket \ +--foreground \ +--readonly curl \ +protocols=3Dhttps \ +url=3Dhttps://https.example.org:8443/path/to/disk1.iso \ +cookie=3D-1777 diff --git a/tests/qemunbdkitdata/disk-network-source-curl.args.disk0.pipe.= 1778 b/tests/qemunbdkitdata/disk-network-source-curl.args.disk0.pipe.1778 new file mode 100644 index 0000000000..20af4ae383 --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-source-curl.args.disk0.pipe.1778 @@ -0,0 +1 @@ +cookie1=3Dcookievalue1; cookie2=3Dcookievalue2 \ No newline at end of file diff --git a/tests/qemunbdkitdata/disk-network-source-curl.args.disk1 b/tes= ts/qemunbdkitdata/disk-network-source-curl.args.disk1 new file mode 100644 index 0000000000..13f03c545e --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-source-curl.args.disk1 @@ -0,0 +1,8 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-1/nbdkit-test-disk-1.socket \ +--foreground curl \ +protocols=3Dhttps \ +'url=3Dhttps://https.example.org:8443/path/to/disk5.iso?foo=3Dbar' \ +cookie=3D-1779 \ +sslverify=3Dfalse diff --git a/tests/qemunbdkitdata/disk-network-source-curl.args.disk1.pipe.= 1780 b/tests/qemunbdkitdata/disk-network-source-curl.args.disk1.pipe.1780 new file mode 100644 index 0000000000..20af4ae383 --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-source-curl.args.disk1.pipe.1780 @@ -0,0 +1 @@ +cookie1=3Dcookievalue1; cookie2=3Dcookievalue2 \ No newline at end of file diff --git a/tests/qemunbdkitdata/disk-network-source-curl.args.disk2 b/tes= ts/qemunbdkitdata/disk-network-source-curl.args.disk2 new file mode 100644 index 0000000000..490aea3393 --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-source-curl.args.disk2 @@ -0,0 +1,8 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-2/nbdkit-test-disk-2.socket \ +--foreground \ +--readonly curl \ +protocols=3Dhttp \ +url=3Dhttp://http.example.org:8080/path/to/disk2.iso \ +cookie=3D-1781 diff --git a/tests/qemunbdkitdata/disk-network-source-curl.args.disk2.pipe.= 1782 b/tests/qemunbdkitdata/disk-network-source-curl.args.disk2.pipe.1782 new file mode 100644 index 0000000000..5c035e84c5 --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-source-curl.args.disk2.pipe.1782 @@ -0,0 +1 @@ +cookie1=3Dcookievalue1; cookie2=3Dcookievalue2; cookie3=3Dcookievalue3 \ No newline at end of file diff --git a/tests/qemunbdkitdata/disk-network-source-curl.args.disk3 b/tes= ts/qemunbdkitdata/disk-network-source-curl.args.disk3 new file mode 100644 index 0000000000..bc28f04564 --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-source-curl.args.disk3 @@ -0,0 +1,7 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-3/nbdkit-test-disk-3.socket \ +--foreground \ +--readonly curl \ +protocols=3Dftp \ +url=3Dftp://ftp.example.org:20/path/to/disk3.iso diff --git a/tests/qemunbdkitdata/disk-network-source-curl.args.disk4 b/tes= ts/qemunbdkitdata/disk-network-source-curl.args.disk4 new file mode 100644 index 0000000000..7c3cc711ae --- /dev/null +++ b/tests/qemunbdkitdata/disk-network-source-curl.args.disk4 @@ -0,0 +1,7 @@ +nbdkit \ +--exit-with-parent \ +--unix /tmp/statedir-4/nbdkit-test-disk-4.socket \ +--foreground \ +--readonly curl \ +protocols=3Dftps \ +url=3Dftps://ftps.example.org:22/path/to/disk4.iso diff --git a/tests/qemunbdkittest.c b/tests/qemunbdkittest.c index c7fa80b9c5..49888ab8a1 100644 --- a/tests/qemunbdkittest.c +++ b/tests/qemunbdkittest.c @@ -1,5 +1,6 @@ #include =20 +#include #include "internal.h" #include "testutils.h" #include "testutilsqemu.h" @@ -13,6 +14,7 @@ #include "virutil.h" #include "virsecret.h" #include "datatypes.h" +#include "virmock.h" =20 #define VIR_FROM_THIS VIR_FROM_QEMU =20 @@ -20,6 +22,45 @@ static virQEMUDriver driver; =20 =20 /* Some mock implementations for testing */ +#define PIPE_FD_START 1777 +static int mockpipefd =3D PIPE_FD_START; +int +virPipeQuiet(int fds[2]) +{ + fds[0] =3D mockpipefd++; + fds[1] =3D mockpipefd++; + + if (fcntl(fds[0], F_GETFD) !=3D -1 || + fcntl(fds[1], F_GETFD) !=3D -1) + abort(); + + return 0; +} + +static int (*real_close)(int fd); +static void +init_syms(void) +{ + VIR_MOCK_REAL_INIT(close); +} + +int +close(int fd) +{ + int ret; + + init_syms(); + + if (fd >=3D PIPE_FD_START) + ret =3D 0; + else + ret =3D real_close(fd); + + return ret; +} + + + int virSecretGetSecretString(virConnectPtr conn G_GNUC_UNUSED, virSecretLookupTypeDef *seclookupdef, @@ -129,6 +170,9 @@ testNbdkit(const void *data) size_t i; int ret =3D 0; =20 + /* restart mock pipe fds so tests are consistent */ + mockpipefd =3D PIPE_FD_START; + if (!virFileExists(info->infile)) { virReportError(VIR_ERR_INTERNAL_ERROR, "Test input file '%s' is missing", info->infile); @@ -154,6 +198,9 @@ testNbdkit(const void *data) g_autoptr(virCommandDryRunToken) dryRunToken =3D virCommandDry= RunTokenNew(); g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; const char *actualCmdline =3D NULL; + virCommandSendBuffer *sendbuffers; + int nsendbuffers; + size_t j; =20 virCommandSetDryRun(dryRunToken, &buf, true, true, NULL, NULL); cmd =3D qemuNbdkitProcessBuildCommand(srcPriv->nbdkitProcess); @@ -162,15 +209,24 @@ testNbdkit(const void *data) ret =3D -1; continue; } + virCommandPeekSendBuffers(cmd, &sendbuffers, &nsendbuffers); =20 if (!(actualCmdline =3D virBufferContentAndReset(&buf))) { ret =3D -1; continue; } =20 - if (virTestCompareToFileFull(actualCmdline, cmdfile, false) < = 0) { + if (virTestCompareToFileFull(actualCmdline, cmdfile, false) < = 0) ret =3D -1; - continue; + + for (j =3D 0; j < nsendbuffers; j++) { + virCommandSendBuffer *buffer =3D &sendbuffers[j]; + g_autofree char *pipefile =3D g_strdup_printf("%s.pipe.%i", + cmdfile, + buffer->fd); + + if (virTestCompareToFile((const char*)buffer->buffer, pipe= file) < 0) + ret =3D -1; } } else { if (virFileExists(cmdfile)) { @@ -224,11 +280,10 @@ mymain(void) #define DO_TEST_NOCAPS(_name) \ DO_TEST_FULL(_name, NBDKIT_ARG_END) =20 - /* disks with cookies / passwords are not yet supported */ - DO_TEST_FAILURE("disk-cdrom-network", QEMU_NBDKIT_CAPS_PLUGIN_CURL); - DO_TEST_FAILURE("disk-network-http", QEMU_NBDKIT_CAPS_PLUGIN_CURL); - DO_TEST_FAILURE("disk-network-source-curl-nbdkit-backing", QEMU_NBDKIT= _CAPS_PLUGIN_CURL); - DO_TEST_FAILURE("disk-network-source-curl", QEMU_NBDKIT_CAPS_PLUGIN_CU= RL); + DO_TEST("disk-cdrom-network", QEMU_NBDKIT_CAPS_PLUGIN_CURL); + DO_TEST("disk-network-http", QEMU_NBDKIT_CAPS_PLUGIN_CURL); + DO_TEST("disk-network-source-curl-nbdkit-backing", QEMU_NBDKIT_CAPS_PL= UGIN_CURL); + DO_TEST("disk-network-source-curl", QEMU_NBDKIT_CAPS_PLUGIN_CURL); DO_TEST("disk-network-ssh", QEMU_NBDKIT_CAPS_PLUGIN_SSH); =20 qemuTestDriverFree(&driver); --=20 2.37.3