From nobody Mon Feb 9 19:47:53 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1693518038; cv=none; d=zohomail.com; s=zohoarc; b=Nwnejau74rsH7CmfeiIGs4t9mzazuPmJ7wJcygwwGnH9aB6XWAH6oEonICIIGICz/8JPsEUDzdGZQ3IGCqqS2XaubMOp2f5r+vNte3GpMnRIr6SF2HyoV5JoPY9k/MJFyMDYJLd6JNXpizhScOJLwJN73zrvCbdFz1/Xl3mTEto= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1693518038; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Ob7AvZ+ZWSTbid1+fMcqOMUPiyidD8vCKT6RXHwj/fc=; b=QZtORegvxzc2nDEHMwHsdrGnel5DtZPRMsift2Zpu5sJUMXz5w2DIpSTuqXiqzesBgzNx2Wnd/8V2ZARdv93+ph5JcEKULrVx5ab3tMsFeJeRW1AvRXDlIewmlZm6rErl249TelGsgnXWVZG4s1epKIWeyLcELenVWkd0jRjJIo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1693518038340191.0186439004308; Thu, 31 Aug 2023 14:40:38 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-582-DtFJCXpdOKaMA8Onxf3EWw-1; Thu, 31 Aug 2023 17:40:29 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5B03285D067; Thu, 31 Aug 2023 21:40:25 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4581F6466B; Thu, 31 Aug 2023 21:40:25 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 7D7A31946A78; Thu, 31 Aug 2023 21:40:24 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id C4C7F1946587 for ; Thu, 31 Aug 2023 21:40:23 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id AA619492C18; Thu, 31 Aug 2023 21:40:23 +0000 (UTC) Received: from himantopus.redhat.com (unknown [10.22.17.68]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 800B1492C14; Thu, 31 Aug 2023 21:40:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1693518037; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=Ob7AvZ+ZWSTbid1+fMcqOMUPiyidD8vCKT6RXHwj/fc=; b=bHqZKcHNLB/diaVd5wIRvaluCAFVGUDpkT50zSLMnwIoQBVqeWKO0MDKUDV0QPAr3xZNQk 8G7BFGDfQ0latWFl5WvAjBDvLZf+uVz+dMfxtloJRuphhvz3Wsy1Z/T+LLfz17+XVMGqlU oNn4VIEa32QJTO5kzKvqqvjekKDn4Is= X-MC-Unique: DtFJCXpdOKaMA8Onxf3EWw-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Jonathon Jongsma To: libvir-list@redhat.com Subject: [libvirt PATCH v8 19/37] qemu: pass sensitive data to nbdkit via pipe Date: Thu, 31 Aug 2023 16:39:59 -0500 Message-ID: <20230831214017.1536388-20-jjongsma@redhat.com> In-Reply-To: <20230831214017.1536388-1-jjongsma@redhat.com> References: <20230831214017.1536388-1-jjongsma@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Krempa Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1693518039953100001 Content-Type: text/plain; charset="utf-8"; x-default="true" Rather than passing passwords and cookies (which could contain passwords) to nbdkit via commandline arguments, use the alternate format that nbdkit supports where we can specify a file descriptor which nbdkit will read to get the password or cookies. Signed-off-by: Jonathon Jongsma Reviewed-by: Peter Krempa --- src/qemu/qemu_nbdkit.c | 54 ++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 20 deletions(-) diff --git a/src/qemu/qemu_nbdkit.c b/src/qemu/qemu_nbdkit.c index e3923ab4f2..22a67b0748 100644 --- a/src/qemu/qemu_nbdkit.c +++ b/src/qemu/qemu_nbdkit.c @@ -24,7 +24,6 @@ #include "virerror.h" #include "virlog.h" #include "virpidfile.h" -#include "virsecureerase.h" #include "virtime.h" #include "virutil.h" #include "qemu_block.h" @@ -753,6 +752,29 @@ qemuNbdkitInitStorageSource(qemuNbdkitCaps *caps, } =20 =20 +static int +qemuNbdkitCommandPassDataByPipe(virCommand *cmd, + const char *argName, + unsigned char **buf, + size_t buflen) +{ + g_autofree char *fdfmt =3D NULL; + int fd =3D virCommandSetSendBuffer(cmd, buf, buflen); + + if (fd < 0) + return -1; + + /* some nbdkit arguments accept a variation where nbdkit will read the= data + * from a file descriptor, e.g. password=3D-FD */ + fdfmt =3D g_strdup_printf("-%i", fd); + virCommandAddArgPair(cmd, argName, fdfmt); + + virCommandDoAsyncIO(cmd); + + return 0; +} + + static int qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *proc, virCommand *cmd) @@ -775,7 +797,6 @@ qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *pr= oc, g_autoptr(virConnect) conn =3D virGetConnectSecret(); g_autofree uint8_t *secret =3D NULL; size_t secretlen =3D 0; - g_autofree char *password =3D NULL; int secrettype; virStorageAuthDef *authdef =3D proc->source->auth; =20 @@ -799,26 +820,19 @@ qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *= proc, return -1; } =20 - /* ensure that the secret is a NULL-terminated string */ - password =3D g_strndup((char*)secret, secretlen); - virSecureErase(secret, secretlen); - - /* for now, just report an error rather than passing the password = in - * cleartext on the commandline */ - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Password not yet supported for nbdkit sources")); - - virSecureEraseString(password); - - return -1; + if (qemuNbdkitCommandPassDataByPipe(cmd, "password", + &secret, secretlen) < 0) + return -1; } =20 - if (proc->source->ncookies > 0) { - /* for now, just report an error rather than passing cookies in - * cleartext on the commandline */ - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Cookies not yet supported for nbdkit sources")); - return -1; + /* Create a pipe to send the cookies to the nbdkit process. */ + if (proc->source->ncookies) { + g_autofree char *cookies =3D qemuBlockStorageSourceGetCookieString= (proc->source); + + if (qemuNbdkitCommandPassDataByPipe(cmd, "cookie", + (unsigned char**)&cookies, + strlen(cookies)) < 0) + return -1; } =20 if (proc->source->sslverify =3D=3D VIR_TRISTATE_BOOL_NO) { --=20 2.41.0