From nobody Fri Nov 21 10:11:04 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1763658537; cv=none; d=zohomail.com; s=zohoarc; b=bO9wIBNontMmOhH7YGco7Hpo4+ky2x0oS8h1eEupLEolcS+E+rRuhYZEZgIlRrxvKYWU11LHbsLzOKmOD39w3Pr+OSU0bjhA5L5G6wupf08qox1Un+USNaPFTd/yRWn4k+zxz8rox56jcDPqGEdzBiPgjLjoRLaZ+XTYuv48phQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1763658537; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=eTeJFcacBhZvP0iR8KUIW/73vqrEKCxKYt8FapwTv9g=; b=OkmAcpQKUUP7m2UYtq61NYdT4fylzj7Szzn6VWVGt6uZALqk69B/bwHt7lqOq+Y810ZTxnu32D6g9d5qbHVxZHVMLhQr5C13D64JVFowaRQWOXvp4ijWmadfj6x7HAWJvBETgtftaZzpz73UmIYqh07xnp8BP/Iw/DI9lO8VgpY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1763658537038941.1345491639419; Thu, 20 Nov 2025 09:08:57 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id CF28E44033; Thu, 20 Nov 2025 12:08:55 -0500 (EST) Received: from [172.19.199.53] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 6A732445F0; Thu, 20 Nov 2025 11:57:48 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 6BEB43F87C; Thu, 20 Nov 2025 11:54:07 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id B8FBF3F87C for ; Thu, 20 Nov 2025 11:54:05 -0500 (EST) Received: from mail-pj1-f69.google.com (mail-pj1-f69.google.com [209.85.216.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-426-Jo3d9Rz7MPqvZ7zRCr7OaA-1; Thu, 20 Nov 2025 11:54:04 -0500 Received: by mail-pj1-f69.google.com with SMTP id 98e67ed59e1d1-343bf6ded5cso2434032a91.0 for ; Thu, 20 Nov 2025 08:54:03 -0800 (PST) Received: from armenon-kvm.armenon-thinkpadp16vgen1.bengluru.csb ([49.36.104.36]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-34727bcaf5asm2887551a91.4.2025.11.20.08.54.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 08:54:01 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1763657645; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eTeJFcacBhZvP0iR8KUIW/73vqrEKCxKYt8FapwTv9g=; b=ddmN1WdrxdvFqB7ULsKKSZ1dyWqWfq5p1FrO4dai+Ko51cMKSuHhyZf/SFXSy5rorvbGeC i9OVckxOnLF5ZSXczpxBuJ+GSDhXx4xG86C3uj6bFdgGSTM6wn5nSvQYyKSot5vOI+A98i buKePHN1DBzUXyQMVgQcIRB5jfYiNPE= X-MC-Unique: Jo3d9Rz7MPqvZ7zRCr7OaA-1 X-Mimecast-MFC-AGG-ID: Jo3d9Rz7MPqvZ7zRCr7OaA_1763657643 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763657643; x=1764262443; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=eTeJFcacBhZvP0iR8KUIW/73vqrEKCxKYt8FapwTv9g=; b=P5fTAkq0xaw8Qvigi6lMbBfbwTdVewEHTqEIdvP0BEHzp2j7HWyXCQOj5Xb/rY/e4h g0Gt/RYoixDTTQpe39y0gqVWFayTQauKsY13TQC0+XfXeRXXts5Au1O/FWW3zWHxBhxJ JQ5Yp6Z/QhbwPaHenG6rF1vfedExbMY/1/2ymBXxr6Ml/nwp/nmZt07u9baHGXGIyz0A mv/xjxeY+wnRpHobscT/DTB+sAsQmExQYt5wj/JZ/0pe1+r67ToDEbTFBSQGEVa2nzMP B3e6EIdf8SHA2WCBrynr0S4o7K7cJZ/Qvb131sAEgzIagihMfoeUDsnaqMJI9ITu0yox rReQ== X-Gm-Message-State: AOJu0YyGDGXkA85WY7ARz/WUaD2PzvVZv4XsYkX4Id0/WQBobJ7ePV/Z CsiSPeDZsZuzERMTILF2HoSB+egi1Q8XW9ZWvQCSefezuq7eQt4ODORRrDz0n0Tqhgu8b/JmIc4 he4CY5r90O1iXfqju9OxpFhlzRy3xXD3IcGEVt39RXvZ3Adw+OolD59bvjvWaZnroyekH/1AU8b b85pDGRfhrw/Ojacq2Ubdh089QH9al3ZQ6C2RuWw/ugQ== X-Gm-Gg: ASbGncu9E7FBv8R6uR6kP7iYdaTSOwsjg3E7/28YSWN3Z0K6Sk2D5shpu9vhlK7BsnY F8cY+7cZEk+wor3ZMr+dO94k60IV4ItIbARACUBMQNm8Jsa0mB+CAfvNqBsNjqAudyRcOF7Vwmx /rlbGDzLNWb7hit5o6NWJ/LxfdKc8TL7aF9IFwwJn5sEBH6deJwxqmPi0+4EiGCLIzBRIqWm2TK ik1ulRw6QTKdRpv4ooAMgAf4OaKrPt10bQ/ovH3wvKdtHHy3ZHNoGxbVH/erG/fxJSTL3l1aiQw B2ZByI1SCg8XIoskXOYw7EanCZ8fLIo75lxjWDY8BwTrOt9aGI/nXBvSHO+y4hZQTFman7OEm4p N/jgCarDml9HFtL0X6P0ZgcpuAj1KhOw4CxKzGtJkTJHMo6HdNr6UMwAn X-Received: by 2002:a17:90b:17c5:b0:341:88c9:6eb2 with SMTP id 98e67ed59e1d1-34727bd6352mr4000992a91.1.1763657642778; Thu, 20 Nov 2025 08:54:02 -0800 (PST) X-Google-Smtp-Source: AGHT+IHVvqattU2OxhxcJh/bA6+8HWgP85yISUCTX7wCI5ZWQMHMWsi4PUnZVMbf4SNeEjLVpzMK9g== X-Received: by 2002:a17:90b:17c5:b0:341:88c9:6eb2 with SMTP id 98e67ed59e1d1-34727bd6352mr4000948a91.1.1763657641821; Thu, 20 Nov 2025 08:54:01 -0800 (PST) To: devel@lists.libvirt.org Subject: [RFC v2 5/5] secret: Add functionality to load and save secrets in encrypted format Date: Thu, 20 Nov 2025 22:23:46 +0530 Message-ID: <20251120165346.161124-6-armenon@redhat.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251120165346.161124-1-armenon@redhat.com> References: <20251120165346.161124-1-armenon@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: nQrM4GSxMaI44im6XTZFkQizYf0DPOaOF0f82XrnH_Q_1763657643 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: BJU64BDCAY2X7R2FTBRAUF4XMN3DPHTN X-Message-ID-Hash: BJU64BDCAY2X7R2FTBRAUF4XMN3DPHTN X-MailFrom: armenon@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Arun Menon X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Arun Menon via Devel Reply-To: Arun Menon X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1763658548866018900 Content-Type: text/plain; charset="utf-8"; x-default="true" Since we now have the functionality to provide the secrets driver with an encryption key, and the newly introduced attribute to store the encryption scheme across driver restarts, we can use the key to encrypt secrets. While loading the secrets, we check whether the secret is encrypted or not and accordingly get the value. While the stored encryption scheme ensures the driver can successfully load secrets after a restart, If the user changes the encryption key between driver restarts, any secrets encrypted with the previous key will become permanently inaccessible upon the next restart. Users must ensure key consistency to maintain access to existing encrypted secrets. Signed-off-by: Arun Menon --- src/conf/virsecretobj.c | 165 ++++++++++++++++++++++++++++++------- src/conf/virsecretobj.h | 10 ++- src/secret/secret_driver.c | 23 ++++-- 3 files changed, 157 insertions(+), 41 deletions(-) diff --git a/src/conf/virsecretobj.c b/src/conf/virsecretobj.c index 66270e2751..37b2db960f 100644 --- a/src/conf/virsecretobj.c +++ b/src/conf/virsecretobj.c @@ -31,6 +31,10 @@ #include "virhash.h" #include "virlog.h" #include "virstring.h" +#include "virsecret.h" +#include "virrandom.h" +#include "vircrypto.h" +#include "virsecureerase.h" =20 #define VIR_FROM_THIS VIR_FROM_SECRET =20 @@ -328,6 +332,8 @@ virSecretObjListAdd(virSecretObjList *secrets, virSecretObj *obj; virSecretDef *objdef; virSecretObj *ret =3D NULL; + const char *encryptionScheme =3D NULL; + const char *encryptionSchemeExt =3D NULL; char uuidstr[VIR_UUID_STRING_BUFLEN]; =20 virObjectRWLockWrite(secrets); @@ -379,10 +385,26 @@ virSecretObjListAdd(virSecretObjList *secrets, goto cleanup; =20 /* Generate the possible configFile and base64File strings - * using the configDir, uuidstr, and appropriate suffix + * using the configDir, uuidstr, and appropriate encryption scheme */ - if (!(obj->configFile =3D virFileBuildPath(configDir, uuidstr, ".x= ml")) || - !(obj->base64File =3D virFileBuildPath(configDir, uuidstr, ".b= ase64"))) + if ((*newdef)->encryption_scheme !=3D VIR_SECRET_ENCRYPTION_SCHEME= _NONE + && (*newdef)->encryption_scheme !=3D -1) { + encryptionScheme =3D virSecretEncryptionSchemeTypeToString((*n= ewdef)->encryption_scheme); + if (!encryptionScheme) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unknown secret encryption scheme %1$d"),= (*newdef)->encryption_scheme); + goto cleanup; + } + encryptionSchemeExt =3D g_strconcat(".", encryptionScheme, NUL= L); + if (!(obj->base64File =3D virFileBuildPath(configDir, uuidstr,= encryptionSchemeExt))) { + goto cleanup; + } + } else { + if (!(obj->base64File =3D virFileBuildPath(configDir, uuidstr,= ".base64"))) { + goto cleanup; + } + } + if (!(obj->configFile =3D virFileBuildPath(configDir, uuidstr, ".x= ml"))) goto cleanup; =20 if (virHashAddEntry(secrets->objs, uuidstr, obj) < 0) @@ -397,6 +419,7 @@ virSecretObjListAdd(virSecretObjList *secrets, cleanup: virSecretObjEndAPI(&obj); virObjectRWUnlock(secrets); + g_clear_pointer((gpointer *)&encryptionSchemeExt, g_free); return ret; } =20 @@ -680,17 +703,49 @@ virSecretObjSaveConfig(virSecretObj *obj) return 0; } =20 - int -virSecretObjSaveData(virSecretObj *obj) +virSecretObjSaveData(virSecretObj *obj, + virSecretDaemonConfig *driverConfig) { g_autofree char *base64 =3D NULL; + g_autofree uint8_t *encryptedValue =3D NULL; + size_t encryptedValueLen =3D 0; + size_t base64Len =3D 0; + uint8_t iv[16] =3D { 0 }; =20 if (!obj->value) return 0; =20 - base64 =3D g_base64_encode(obj->value, obj->value_size); - + if (obj->def->encryption_scheme =3D=3D VIR_SECRET_ENCRYPTION_SCHEME_NO= NE + || obj->def->encryption_scheme =3D=3D -1) { + base64 =3D g_base64_encode(obj->value, obj->value_size); + } else { + if (driverConfig =3D=3D NULL || driverConfig->secrets_encryption_k= ey =3D=3D NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("cannot encrypt secret value without encrypti= on key")); + return -1; + } + if (virRandomBytes(iv, sizeof(iv)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to gene= rate random IV")); + return -1; + } + if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC, + driverConfig->secrets_encryption_key, dri= verConfig->secretsKeyLen, + iv, sizeof(iv), + (uint8_t *)obj->value, obj->value_size, + &encryptedValue, &encryptedValueLen) < 0)= { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to encr= ypt secret value")); + return -1; + } + base64Len =3D sizeof(iv) + encryptedValueLen; + base64 =3D g_new0(char, base64Len); + memcpy(base64, iv, sizeof(iv)); + memcpy(base64 + sizeof(iv), encryptedValue, encryptedValueLen); + /* Now the secret is encrypted and stored on disk. However, + * we did not change anything in the obj->value. This is done on + * purpose, as SecretObjGetValue should be able to read it as is. + * This will indeed be a base64 encoded secret*/ + } if (virFileRewriteStr(obj->base64File, S_IRUSR | S_IWUSR, base64) < 0) return -1; =20 @@ -733,27 +788,25 @@ virSecretObjGetValue(virSecretObj *obj) return ret; } =20 - int virSecretObjSetValue(virSecretObj *obj, const unsigned char *value, - size_t value_size) + size_t value_size, + virSecretDaemonConfig *driverConfig) { virSecretDef *def =3D obj->def; g_autofree unsigned char *old_value =3D NULL; g_autofree unsigned char *new_value =3D NULL; size_t old_value_size; - new_value =3D g_new0(unsigned char, value_size); =20 old_value =3D obj->value; old_value_size =3D obj->value_size; - memcpy(new_value, value, value_size); obj->value =3D g_steal_pointer(&new_value); obj->value_size =3D value_size; =20 - if (!def->isephemeral && virSecretObjSaveData(obj) < 0) + if (!def->isephemeral && virSecretObjSaveData(obj, driverConfig) < 0) goto error; =20 /* Saved successfully - drop old value */ @@ -786,7 +839,6 @@ virSecretObjSetValueSize(virSecretObj *obj, obj->value_size =3D value_size; } =20 - static int virSecretLoadValidateUUID(virSecretDef *def, const char *file) @@ -807,11 +859,18 @@ virSecretLoadValidateUUID(virSecretDef *def, =20 =20 static int -virSecretLoadValue(virSecretObj *obj) +virSecretLoadValue(virSecretObj *obj, + virSecretDaemonConfig *driverConfig) { int ret =3D -1, fd =3D -1; struct stat st; g_autofree char *contents =3D NULL; + g_autofree uint8_t *contents_encrypted =3D NULL; + g_autofree uint8_t *decryptedValue =3D NULL; + size_t decryptedValueLen =3D 0; + uint8_t iv[16] =3D { 0 }; + uint8_t *ciphertext =3D NULL; + size_t ciphertextLen =3D 0; =20 if ((fd =3D open(obj->base64File, O_RDONLY)) =3D=3D -1) { if (errno =3D=3D ENOENT) { @@ -841,25 +900,65 @@ virSecretLoadValue(virSecretObj *obj) goto cleanup; } =20 - contents =3D g_new0(char, st.st_size + 1); - - if (saferead(fd, contents, st.st_size) !=3D st.st_size) { - virReportSystemError(errno, _("cannot read '%1$s'"), - obj->base64File); - goto cleanup; + if (obj->def->encryption_scheme =3D=3D VIR_SECRET_ENCRYPTION_SCHEME_NO= NE || + obj->def->encryption_scheme =3D=3D -1) { + contents =3D g_new0(char, st.st_size + 1); + if (saferead(fd, contents, st.st_size) !=3D st.st_size) { + virReportSystemError(errno, _("cannot read '%1$s'"), + obj->base64File); + goto cleanup; + } + contents[st.st_size] =3D '\0'; + obj->value =3D g_base64_decode(contents, &obj->value_size); + if (obj->value =3D=3D NULL) { + virReportError(VIR_ERR_INVALID_SECRET, "%s", + _("cannot decode base64 secret value")); + goto cleanup; + } + } else { + if (driverConfig->secrets_encryption_key =3D=3D NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("cannot decrypt secret value without encrypti= on key")); + goto cleanup; + } + contents_encrypted =3D g_new0(uint8_t, st.st_size); + if (saferead(fd, contents_encrypted, st.st_size) !=3D st.st_size) { + virReportSystemError(errno, _("cannot read '%1$s'"), + obj->base64File); + goto cleanup; + } + if ((st.st_size) < sizeof(iv)) { + virReportError(VIR_ERR_INVALID_SECRET, "%s", + _("Encrypted secret size is invalid")); + goto cleanup; + } + memcpy(iv, contents_encrypted, sizeof(iv)); + ciphertext =3D contents_encrypted + sizeof(iv); + ciphertextLen =3D st.st_size - sizeof(iv); + if (virCryptoDecryptData(VIR_CRYPTO_CIPHER_AES256CBC, + driverConfig->secrets_encryption_key, dri= verConfig->secretsKeyLen, + iv, sizeof(iv), + ciphertext, ciphertextLen, + &decryptedValue, &decryptedValueLen) < 0)= { + virReportError(VIR_ERR_INVALID_SECRET, "%s", + _("Decryption of secret value failed")); + goto cleanup; + } + g_free(obj->value); + obj->value =3D g_steal_pointer(&decryptedValue); + obj->value_size =3D decryptedValueLen; } - contents[st.st_size] =3D '\0'; - - VIR_FORCE_CLOSE(fd); - - obj->value =3D g_base64_decode(contents, &obj->value_size); - ret =3D 0; =20 cleanup: - if (contents !=3D NULL) - memset(contents, 0, st.st_size); + if (contents !=3D NULL) { + memset(contents, 0, st.st_size+1); + } + if (contents_encrypted !=3D NULL) { + memset(contents_encrypted, 0, st.st_size); + } VIR_FORCE_CLOSE(fd); + virSecureErase(iv, sizeof(iv)); return ret; } =20 @@ -868,7 +967,8 @@ static virSecretObj * virSecretLoad(virSecretObjList *secrets, const char *file, const char *path, - const char *configDir) + const char *configDir, + virSecretDaemonConfig *driverConfig) { g_autoptr(virSecretDef) def =3D NULL; virSecretObj *obj =3D NULL; @@ -882,7 +982,7 @@ virSecretLoad(virSecretObjList *secrets, if (!(obj =3D virSecretObjListAdd(secrets, &def, configDir, NULL))) return NULL; =20 - if (virSecretLoadValue(obj) < 0) { + if (virSecretLoadValue(obj, driverConfig) < 0) { virSecretObjListRemove(secrets, obj); g_clear_pointer(&obj, virObjectUnref); return NULL; @@ -894,7 +994,8 @@ virSecretLoad(virSecretObjList *secrets, =20 int virSecretLoadAllConfigs(virSecretObjList *secrets, - const char *configDir) + const char *configDir, + virSecretDaemonConfig *driverConfig) { g_autoptr(DIR) dir =3D NULL; struct dirent *de; @@ -915,7 +1016,7 @@ virSecretLoadAllConfigs(virSecretObjList *secrets, if (!(path =3D virFileBuildPath(configDir, de->d_name, NULL))) continue; =20 - if (!(obj =3D virSecretLoad(secrets, de->d_name, path, configDir))= ) { + if (!(obj =3D virSecretLoad(secrets, de->d_name, path, configDir, = driverConfig))) { VIR_ERROR(_("Error reading secret: %1$s"), virGetLastErrorMessage()); continue; diff --git a/src/conf/virsecretobj.h b/src/conf/virsecretobj.h index 17897c5513..f49600a75c 100644 --- a/src/conf/virsecretobj.h +++ b/src/conf/virsecretobj.h @@ -23,6 +23,7 @@ #include "internal.h" =20 #include "secret_conf.h" +#include "secret_config.h" =20 typedef struct _virSecretObj virSecretObj; =20 @@ -86,7 +87,8 @@ int virSecretObjSaveConfig(virSecretObj *obj); =20 int -virSecretObjSaveData(virSecretObj *obj); +virSecretObjSaveData(virSecretObj *obj, + virSecretDaemonConfig *driverConfig); =20 virSecretDef * virSecretObjGetDef(virSecretObj *obj); @@ -101,7 +103,8 @@ virSecretObjGetValue(virSecretObj *obj); int virSecretObjSetValue(virSecretObj *obj, const unsigned char *value, - size_t value_size); + size_t value_size, + virSecretDaemonConfig *driverConfig); =20 size_t virSecretObjGetValueSize(virSecretObj *obj); @@ -112,4 +115,5 @@ virSecretObjSetValueSize(virSecretObj *obj, =20 int virSecretLoadAllConfigs(virSecretObjList *secrets, - const char *configDir); + const char *configDir, + virSecretDaemonConfig *cfg); diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 04c3ca49f1..c0cac39a28 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -30,6 +30,7 @@ #include "virlog.h" #include "viralloc.h" #include "secret_conf.h" +#include "secret_config.h" #include "virsecretobj.h" #include "secret_driver.h" #include "virthread.h" @@ -42,6 +43,10 @@ #include "secret_event.h" #include "virutil.h" #include "virinhibitor.h" +#include "virfile.h" +#include "virrandom.h" +#include "vircrypto.h" +#include "virsecureerase.h" =20 #define VIR_FROM_THIS VIR_FROM_SECRET =20 @@ -70,6 +75,8 @@ struct _virSecretDriverState { =20 /* Immutable pointer, self-locking APIs */ virInhibitor *inhibitor; + + virSecretDaemonConfig *config; }; =20 static virSecretDriverState *driver; @@ -224,7 +231,7 @@ secretDefineXML(virConnectPtr conn, =20 if (!objDef->isephemeral) { if (backup && backup->isephemeral) { - if (virSecretObjSaveData(obj) < 0) + if (virSecretObjSaveData(obj, driver->config) < 0) goto restore_backup; } =20 @@ -307,7 +314,6 @@ secretGetXMLDesc(virSecretPtr secret, return ret; } =20 - static int secretSetValue(virSecretPtr secret, const unsigned char *value, @@ -327,8 +333,7 @@ secretSetValue(virSecretPtr secret, def =3D virSecretObjGetDef(obj); if (virSecretSetValueEnsureACL(secret->conn, def) < 0) goto cleanup; - - if (virSecretObjSetValue(obj, value, value_size) < 0) + if (virSecretObjSetValue(obj, value, value_size, driver->config) < 0) goto cleanup; =20 event =3D virSecretEventValueChangedNew(def->uuid, @@ -454,6 +459,7 @@ secretStateCleanupLocked(void) VIR_FREE(driver->configDir); =20 virObjectUnref(driver->secretEventState); + virObjectUnref(driver->config); virInhibitorFree(driver->inhibitor); =20 if (driver->lockFD !=3D -1) @@ -518,6 +524,8 @@ secretStateInitialize(bool privileged, driver->stateDir); goto error; } + if (!(driver->config =3D virSecretDaemonConfigNew(driver->privileged))) + goto error; =20 driver->inhibitor =3D virInhibitorNew( VIR_INHIBITOR_WHAT_NONE, @@ -534,7 +542,7 @@ secretStateInitialize(bool privileged, if (!(driver->secrets =3D virSecretObjListNew())) goto error; =20 - if (virSecretLoadAllConfigs(driver->secrets, driver->configDir) < 0) + if (virSecretLoadAllConfigs(driver->secrets, driver->configDir, driver= ->config) < 0) goto error; =20 return VIR_DRV_STATE_INIT_COMPLETE; @@ -553,7 +561,10 @@ secretStateReload(void) if (!driver) return -1; =20 - ignore_value(virSecretLoadAllConfigs(driver->secrets, driver->configDi= r)); + if (!(driver->config =3D virSecretDaemonConfigNew(driver->privileged))) + return -1; + + ignore_value(virSecretLoadAllConfigs(driver->secrets, driver->configDi= r, driver->config)); =20 return 0; } --=20 2.51.1