From nobody Wed Feb 11 06:14:29 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1676394612; cv=none; d=zohomail.com; s=zohoarc; b=g7grJt2bfgxYgjcmgpY0rJqX2Gl4MT79OlN1F5JGzdYLIm53X8jchbykNgVL3GQueOiUaUdLfsTM3chepz4vq7gZwiMPGWnjGsrdFcAkYeBsqCKXTdxFF0HSaJZA60spH/d6Fl261Dau8GYoXWc4iIy6Omcx8XZuiG8ddA47cMs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1676394612; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=+NFVOv1a1Pku1ZkKl+TYehfo/LiDz6/wY/2Brpn7Des=; b=e/8aoNZy+eBWqJkdFLsgnthKj3b5+cb6kDZ1xTT1JvsJpi829mczPH2utGdBvOwp5CksyBaBeNuduCQuUaZLDr5uTkwsZEDFlJWTky5tBL2aoDwe1mnkMQ32mW0rkLQXWQ0lItbmXgcexlzyGcVyLjUDU4gck9l5Bxh/OPfAIeM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1676394612902302.965730103871; Tue, 14 Feb 2023 09:10:12 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-530-RgpGKQoVPZSf9SXrGfz2rA-1; Tue, 14 Feb 2023 12:09:20 -0500 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9C9AB857F5C; Tue, 14 Feb 2023 17:09:11 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8995D492B15; Tue, 14 Feb 2023 17:09:11 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B0078194E102; Tue, 14 Feb 2023 17:08:33 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 4804719465B7 for ; Tue, 14 Feb 2023 17:08:26 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 83CAD440E0; Tue, 14 Feb 2023 17:08:25 +0000 (UTC) Received: from himantopus.redhat.com (unknown [10.22.8.15]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 61604440D7 for ; Tue, 14 Feb 2023 17:08:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1676394610; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=+NFVOv1a1Pku1ZkKl+TYehfo/LiDz6/wY/2Brpn7Des=; b=J0rxfVLEdZVNxaCz+pGqSjVQOmeInIgWOyas97XPYQoZwkl65ckVMTbV9wq7rMZCNWjKl6 2Ki7XkJK0zU9JXlib2EM+YyqNyhFuSo+mjrAyitHNq/xTqByXLBhsSRhP+e30gsJvoSg3U 03v0EjGSnDM9/uzdELP46ud+mFkolWo= X-MC-Unique: RgpGKQoVPZSf9SXrGfz2rA-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Jonathon Jongsma To: libvir-list@redhat.com Subject: [libvirt PATCH v5 20/32] qemu: pass sensitive data to nbdkit via pipe Date: Tue, 14 Feb 2023 11:08:07 -0600 Message-Id: <20230214170819.3143132-21-jjongsma@redhat.com> In-Reply-To: <20230214170819.3143132-1-jjongsma@redhat.com> References: <20230214170819.3143132-1-jjongsma@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1676394615010100009 Content-Type: text/plain; charset="utf-8"; x-default="true" Rather than passing passwords and cookies (which could contain passwords) to nbdkit via commandline arguments, use the alternate format that nbdkit supports where we can specify a file descriptor which nbdkit will read to get the password or cookies. Signed-off-by: Jonathon Jongsma Reviewed-by: Peter Krempa --- src/qemu/qemu_nbdkit.c | 53 +++++++++++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 19 deletions(-) diff --git a/src/qemu/qemu_nbdkit.c b/src/qemu/qemu_nbdkit.c index 5f0c0c23b5..b17f9e772f 100644 --- a/src/qemu/qemu_nbdkit.c +++ b/src/qemu/qemu_nbdkit.c @@ -754,6 +754,29 @@ qemuNbdkitInitStorageSource(qemuNbdkitCaps *caps, } =20 =20 +static int +qemuNbdkitCommandPassDataByPipe(virCommand *cmd, + const char *argName, + unsigned char **buf, + size_t buflen) +{ + g_autofree char *fdfmt =3D NULL; + int fd =3D virCommandSetSendBuffer(cmd, buf, buflen); + + if (fd < 0) + return -1; + + /* some nbdkit arguments accept a variation where nbdkit will read the= data + * from a file descriptor, e.g. password=3D-FD */ + fdfmt =3D g_strdup_printf("-%i", fd); + virCommandAddArgPair(cmd, argName, fdfmt); + + virCommandDoAsyncIO(cmd); + + return 0; +} + + static int qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *proc, virCommand *cmd) @@ -776,7 +799,6 @@ qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *pr= oc, g_autoptr(virConnect) conn =3D virGetConnectSecret(); g_autofree uint8_t *secret =3D NULL; size_t secretlen =3D 0; - g_autofree char *password =3D NULL; int secrettype; virStorageAuthDef *authdef =3D proc->source->auth; =20 @@ -800,26 +822,19 @@ qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *= proc, return -1; } =20 - /* ensure that the secret is a NULL-terminated string */ - password =3D g_strndup((char*)secret, secretlen); - virSecureErase(secret, secretlen); - - /* for now, just report an error rather than passing the password = in - * cleartext on the commandline */ - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Password not yet supported for nbdkit sources")); - - virSecureEraseString(password); - - return -1; + if (qemuNbdkitCommandPassDataByPipe(cmd, "password", + &secret, secretlen) < 0) + return -1; } =20 - if (proc->source->ncookies > 0) { - /* for now, just report an error rather than passing cookies in - * cleartext on the commandline */ - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Cookies not yet supported for nbdkit sources")); - return -1; + /* Create a pipe to send the cookies to the nbdkit process. */ + if (proc->source->ncookies) { + g_autofree char *cookies =3D qemuBlockStorageSourceGetCookieString= (proc->source); + + if (qemuNbdkitCommandPassDataByPipe(cmd, "cookie", + (unsigned char**)&cookies, + strlen(cookies)) < 0) + return -1; } =20 if (proc->source->sslverify =3D=3D VIR_TRISTATE_BOOL_NO) { --=20 2.39.1