From nobody Tue Feb 10 11:55:40 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1674252348; cv=none; d=zohomail.com; s=zohoarc; b=ZDhAdwpUIrm6EsCm8xMcQkZNUxiKeZVWpm+InaZ9FkyRUQq/RJrpHoMlBqti3Sf7EVSbn6eCWpHxehswLB84WoLW8/mVzdoYFXGUbjHzOMRpMy4VXfYD4Yet8HEllYh3zrZ2GDfW0l7A/Wt7ZI9MSC68x/myTF7VuAvZCuQ7Icw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674252348; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=3ldjDjgo3sUgxdEoto5V4vQzfmcqNb+kfEXGjoPKILY=; b=b9DHXyVcqorIDjix4ATT9TQ6qsFkCTlWeLZM2ygxbRy2r9R9fRZFRWY6fr9P2hmlGHhgUXEMvjc6oEQ0bVGp2l8rZ/MTqCue/uGUc61/k1k/deuDYSlWF5bYQpqU6GbBvWGM9kzLL86fQN5BGXeZh0gUhuyS0hs0VJY/yB+GqE0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1674252348489546.802183317497; Fri, 20 Jan 2023 14:05:48 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-599-IJ12LBdoPzehdzO3dtDJug-1; Fri, 20 Jan 2023 17:03:52 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C9E381816ED0; Fri, 20 Jan 2023 22:03:34 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id B345840C2064; Fri, 20 Jan 2023 22:03:34 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 90EF01947043; Fri, 20 Jan 2023 22:03:34 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 643891946588 for ; Fri, 20 Jan 2023 22:03:30 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 37E7E14171C7; Fri, 20 Jan 2023 22:03:30 +0000 (UTC) Received: from himantopus.redhat.com (unknown [10.22.18.185]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1108314171CA for ; Fri, 20 Jan 2023 22:03:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1674252347; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=3ldjDjgo3sUgxdEoto5V4vQzfmcqNb+kfEXGjoPKILY=; b=f4WzjMTcr12uCKjU+A0+sfTMoCACC5zo3XU99mNAU8mdJYuSRVUduycuMz3qj/5+pIx+GP u/Z87wHF+AZ2K7zDgHTNldAxfB4KmBETYeemJrUbLwWCg3ajD3qnsALNB+8wsH3ApBB/JY tM59r/toz9GZfPIKVdmB4nDG3y2264Q= X-MC-Unique: IJ12LBdoPzehdzO3dtDJug-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Jonathon Jongsma To: libvir-list@redhat.com Subject: [libvirt PATCH v4 19/31] qemu: pass sensitive data to nbdkit via pipe Date: Fri, 20 Jan 2023 16:03:13 -0600 Message-Id: <20230120220325.1015090-20-jjongsma@redhat.com> In-Reply-To: <20230120220325.1015090-1-jjongsma@redhat.com> References: <20230120220325.1015090-1-jjongsma@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1674252349819100001 Content-Type: text/plain; charset="utf-8"; x-default="true" Rather than passing passwords and cookies (which could contain passwords) to nbdkit via commandline arguments, use the alternate format that nbdkit supports where we can specify a file descriptor which nbdkit will read to get the password or cookies. Signed-off-by: Jonathon Jongsma Reviewed-by: Peter Krempa --- src/qemu/qemu_nbdkit.c | 55 ++++++++++++++++++++++++++++++------------ 1 file changed, 40 insertions(+), 15 deletions(-) diff --git a/src/qemu/qemu_nbdkit.c b/src/qemu/qemu_nbdkit.c index 2b26e9bc08..ba84958e8d 100644 --- a/src/qemu/qemu_nbdkit.c +++ b/src/qemu/qemu_nbdkit.c @@ -67,6 +67,12 @@ struct _qemuNbdkitCaps { G_DEFINE_TYPE(qemuNbdkitCaps, qemu_nbdkit_caps, G_TYPE_OBJECT); =20 =20 +enum { + PIPE_FD_READ =3D 0, + PIPE_FD_WRITE =3D 1 +}; + + static void qemuNbdkitCheckCommandCap(qemuNbdkitCaps *nbdkit, virCommand *cmd, @@ -759,6 +765,29 @@ qemuNbdkitInitStorageSource(qemuNbdkitCaps *caps, } =20 =20 +static int +qemuNbdkitCommandPassDataByPipe(virCommand *cmd, + const char *argName, + unsigned char **buf, + size_t buflen) +{ + g_autofree char *fdfmt =3D NULL; + int fd =3D virCommandSetSendBuffer(cmd, buf, buflen); + + if (fd < 0) + return -1; + + /* some nbdkit arguments accept a variation where nbdkit will read the= data + * from a file descriptor, e.g. password=3D-FD */ + fdfmt =3D g_strdup_printf("-%i", fd); + virCommandAddArgPair(cmd, argName, fdfmt); + + virCommandDoAsyncIO(cmd); + + return 0; +} + + static int qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *proc, virCommand *cmd) @@ -784,7 +813,6 @@ qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *pr= oc, g_autoptr(virConnect) conn =3D virGetConnectSecret(); g_autofree uint8_t *secret =3D NULL; size_t secretlen =3D 0; - g_autofree char *password =3D NULL; int secrettype; virStorageAuthDef *authdef =3D proc->source->auth; =20 @@ -808,22 +836,19 @@ qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *= proc, return -1; } =20 - /* ensure that the secret is a NULL-terminated string */ - password =3D g_strndup((char*)secret, secretlen); - - /* for now, just report an error rather than passing the password = in - * cleartext on the commandline */ - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Password not yet supported for nbdkit sources")); - return -1; + if (qemuNbdkitCommandPassDataByPipe(cmd, "password", + &secret, secretlen) < 0) + return -1; } =20 - if (proc->source->ncookies > 0) { - /* for now, just report an error rather than passing cookies in - * cleartext on the commandline */ - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Cookies not yet supported for nbdkit sources")); - return -1; + /* Create a pipe to send the cookies to the nbdkit process. */ + if (proc->source->ncookies) { + g_autofree char *cookies =3D qemuBlockStorageSourceGetCookieString= (proc->source); + + if (qemuNbdkitCommandPassDataByPipe(cmd, "cookie", + (unsigned char**)&cookies, + strlen(cookies)) < 0) + return -1; } =20 if (proc->source->sslverify =3D=3D VIR_TRISTATE_BOOL_NO) { --=20 2.39.0