From nobody Fri Dec 12 14:06:21 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1764228912; cv=none; d=zohomail.com; s=zohoarc; b=AhSVuG0IiIFarXGioSjA7hGrD5fW4aMVxiKeviHbIV0b3h0oiOuMtDeot4Zgk7PQcL1mN4vTLBkvNVfVozVK2N5OlM42cssDLF93vw7UgB0Oqc5mIPd3se84/Wi/vu133reJZCstJ+FYpFzdvrXANica4MRtrV0NzoNWqayqu8w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1764228912; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=EWjFsTZMlsAoG37+IDhzGPY7G8XtjPQEwVkpJgv0EXM=; b=QabCafUFR4jNCr/t+7E1gWO6HIky31GKIIpT3qOuP4zq23BAKsl59qspYOxbe4jYWTSKcOak3X5pUiHGKNMaDzNmNmQZ4URFmaaDy8m3914F6W23bcEHClOgL5YDw9i07yV9NRLwXJPYylxO/LpzjdBVKdbrXjKGb6YtF58u7Zw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1764228912168195.2786273399946; Wed, 26 Nov 2025 23:35:12 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 983B244C09; Thu, 27 Nov 2025 02:35:11 -0500 (EST) Received: from [172.19.199.74] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 92E6844BDC; Thu, 27 Nov 2025 02:29:12 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 4964F43E80; Thu, 27 Nov 2025 02:22:57 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 2B864442E2 for ; Thu, 27 Nov 2025 02:22:56 -0500 (EST) Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-447-iT8LU3SSPm6RogPQyHGT9A-1; Thu, 27 Nov 2025 02:22:50 -0500 Received: by mail-pl1-f199.google.com with SMTP id d9443c01a7336-2955555f73dso7646745ad.0 for ; Wed, 26 Nov 2025 23:22:50 -0800 (PST) Received: from armenon-kvm.armenon-thinkpadp16vgen1.bengluru.csb ([49.47.195.90]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29bce478762sm7801695ad.45.2025.11.26.23.22.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:22:48 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764228175; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EWjFsTZMlsAoG37+IDhzGPY7G8XtjPQEwVkpJgv0EXM=; b=aNDKt8/eZwLcDKuyRDQHopUY1n/G9xsoYQzyCp0QBTZXLErUB2OoRGleix5YzfJwklhUrf BxyW7c1HLskn30yiYYwCOsf5nOuIMZqeZg7r+vjoYRo7t5+Djts0awULLIsMGGHUGW6NVl /V4HC6mg/F7PSwjaouSGzZDGH8jQOZc= X-MC-Unique: iT8LU3SSPm6RogPQyHGT9A-1 X-Mimecast-MFC-AGG-ID: iT8LU3SSPm6RogPQyHGT9A_1764228169 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764228169; x=1764832969; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=EWjFsTZMlsAoG37+IDhzGPY7G8XtjPQEwVkpJgv0EXM=; b=A/9IQksF8KaC92AocsCmLD31h3uUDfVAXd4Vwej8Z8Sso9F8cm21N2cJL9E9Zau6uj DOEvYTLjlD3e3+b7QwoJ6ogA7FYpThuV1WksGaezYm6p2KFQZkrjugg0yaB0DXYjIWjH FRkFQFsxkD+JAyfNNHnvpsAsLL0LM2jPVIekbyRUJRxNZayECO6igsQsXToMGdEKSyBe Gyoc+X2bacKS5s64tx6zAVY1xMUhjO9Ejp14tOnia/usUD/dhXKOBwUpvFFzHJgub8W6 nAJuFgWvPwu8eTfqv8eA3MKFbQLrRbO/DoUhQrfAV5ZlkskZexjCuNaHxQ54s759CcED 9ovw== X-Gm-Message-State: AOJu0YzmGRR+lovMnuxT1LBGgrOJhL1cHCGtE48VLPYQdOdUcH1Bohec DuVRZ13uwwapYCcApB1m7Aw1uhYV8UOL60CdsNtQcrGL3bbNQsiZatPUOHX0iOHKAvu3GTI4Gs0 JJsV2CLR/Tpy9aWyf72CBYf1dP+DDVxQisyIoKjzY72Znhim3A+rxAj5zqKGBO4Mlx0HcmsegUP wsLOyhjPj680Nivbj69+7UDUHAgq70roGvDjDDjvC4mQ== X-Gm-Gg: ASbGncuea6gdcrqZnVhrFxAp9JeY2TMKYKuY+ufjb1PqzoJ1g4zWPerqAjH04MgcqAV OP5S/mpuJucSYtqfJ7ME1YfJA9Ib7eClmEERRlJrYnmCcPXLiYWKoV76IrXVT6k7se1pF/6SWxs vyyGY8Ts5syshCeTvf345+v4imo8jumsKNWg1xPAWb884NmG6U9DKoYjF96Xrc7FQlJQW8y6/y/ QuAXPG2i0E8fAXhxnXlHidcFpMg2Uz6AZdQeDp8OuVFO9nJFseq8H8OYqT/jwQcN8vkcfQFX2GJ gP6M59XUjKxj5kp1Kc0f23d/6SnuOznixvlodP00y1D4cHOwobyxitm9AMe9ko2Inpt+XVZf4SR H8q6F/jSHuePqdcKc8tUHiRdoDzNWCDPZnQ4taZ8Sij14k+6fG2HDeQT3 X-Received: by 2002:a17:902:e788:b0:294:def6:5961 with SMTP id d9443c01a7336-29b6bf6578dmr234123105ad.45.1764228169082; Wed, 26 Nov 2025 23:22:49 -0800 (PST) X-Google-Smtp-Source: AGHT+IEA8yNmwwKd9nX6b1XIW0W4ihEDDVDHEkwrH64J4XmxgZMc+utaCPBSLVCwwRNyYs3he+ubKQ== X-Received: by 2002:a17:902:e788:b0:294:def6:5961 with SMTP id d9443c01a7336-29b6bf6578dmr234122795ad.45.1764228168482; Wed, 26 Nov 2025 23:22:48 -0800 (PST) To: devel@lists.libvirt.org Subject: [RFC v3 5/5] secret: Add functionality to load and save secrets in encrypted format Date: Thu, 27 Nov 2025 12:52:32 +0530 Message-ID: <20251127072232.38426-6-armenon@redhat.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251127072232.38426-1-armenon@redhat.com> References: <20251127072232.38426-1-armenon@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: y5B4PAIkyuVlBW-2gMllNyH-OPPetjQueeJioRkq-o0_1764228169 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 6XB5O7HNT6DBU26SQV5NTMPDTYGR5WFB X-Message-ID-Hash: 6XB5O7HNT6DBU26SQV5NTMPDTYGR5WFB X-MailFrom: armenon@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Arun Menon X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Arun Menon via Devel Reply-To: Arun Menon X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1764228920101019200 Content-Type: text/plain; charset="utf-8"; x-default="true" Since we now have the functionality to provide the secrets driver with an encryption key, and the newly introduced attribute to store the cipher, we can use the key to save and load secrets. Encrypt all secrets stored on disk by default. When loading secrets, identify the decryption method by matching the file extension against known encryptionSchemeType values, iterating from the mos= t recent. If no matching scheme is found, the secret is skipped. If the encryption key is changed across restarts, then also the secret driver will fail to lo= ad the secrets on the disk that were encrypted with the former key. Signed-off-by: Arun Menon --- src/conf/virsecretobj.c | 159 +++++++++++++++++++++++++++++-------- src/conf/virsecretobj.h | 13 ++- src/secret/secret_driver.c | 27 +++++-- 3 files changed, 156 insertions(+), 43 deletions(-) diff --git a/src/conf/virsecretobj.c b/src/conf/virsecretobj.c index a3dd7983bb..8b658a6f4c 100644 --- a/src/conf/virsecretobj.c +++ b/src/conf/virsecretobj.c @@ -31,6 +31,10 @@ #include "virhash.h" #include "virlog.h" #include "virstring.h" +#include "virsecret.h" +#include "virrandom.h" +#include "vircrypto.h" +#include "virsecureerase.h" =20 #define VIR_FROM_THIS VIR_FROM_SECRET =20 @@ -323,12 +327,16 @@ virSecretObj * virSecretObjListAdd(virSecretObjList *secrets, virSecretDef **newdef, const char *configDir, - virSecretDef **oldDef) + virSecretDef **oldDef, + virSecretDaemonConfig *driverConfig) { virSecretObj *obj; virSecretDef *objdef; virSecretObj *ret =3D NULL; + g_autofree char *encryptionScheme =3D NULL; + g_autofree char *encryptionSchemeExt =3D NULL; char uuidstr[VIR_UUID_STRING_BUFLEN]; + virSecretEncryptionSchemeType latestEncryptionScheme; =20 virObjectRWLockWrite(secrets); =20 @@ -379,10 +387,24 @@ virSecretObjListAdd(virSecretObjList *secrets, goto cleanup; =20 /* Generate the possible configFile and secretValueFile strings - * using the configDir, uuidstr, and appropriate suffix + * using the configDir, uuidstr, and appropriate suffix. + * By default, the latest encryption scheme will be used to encryp= t secrets. */ - if (!(obj->configFile =3D virFileBuildPath(configDir, uuidstr, ".x= ml")) || - !(obj->secretValueFile =3D virFileBuildPath(configDir, uuidstr= , ".base64"))) + + latestEncryptionScheme =3D VIR_SECRET_ENCRYPTION_SCHEME_LAST - 1; + encryptionScheme =3D g_strdup(virSecretEncryptionSchemeTypeToStrin= g(latestEncryptionScheme)); + encryptionSchemeExt =3D g_strconcat(".", encryptionScheme, NULL); + + if (driverConfig->encrypt_data) { + if (!(obj->secretValueFile =3D virFileBuildPath(configDir, uui= dstr, encryptionSchemeExt))) { + goto cleanup; + } + } else { + if (!(obj->secretValueFile =3D virFileBuildPath(configDir, uui= dstr, ".base64"))) { + goto cleanup; + } + } + if (!(obj->configFile =3D virFileBuildPath(configDir, uuidstr, ".x= ml"))) goto cleanup; =20 if (virHashAddEntry(secrets->objs, uuidstr, obj) < 0) @@ -407,6 +429,7 @@ struct virSecretCountData { int count; }; =20 + static int virSecretObjListNumOfSecretsCallback(void *payload, const char *name G_GNUC_UNUSED, @@ -530,6 +553,7 @@ struct _virSecretObjListExportData { bool error; }; =20 + static int virSecretObjListExportCallback(void *payload, const char *name G_GNUC_UNUSED, @@ -682,15 +706,38 @@ virSecretObjSaveConfig(virSecretObj *obj) =20 =20 int -virSecretObjSaveData(virSecretObj *obj) +virSecretObjSaveData(virSecretObj *obj, + virSecretDaemonConfig *driverConfig) { g_autofree char *base64 =3D NULL; + g_autofree uint8_t *secret =3D NULL; + g_autofree uint8_t *encryptedValue =3D NULL; + size_t encryptedValueLen =3D 0; + size_t secretLen =3D 0; + uint8_t iv[16] =3D { 0 }; =20 if (!obj->value) return 0; =20 - base64 =3D g_base64_encode(obj->value, obj->value_size); - + if (driverConfig->encrypt_data && driverConfig->secrets_encryption_key= ) { + if (virRandomBytes(iv, sizeof(iv)) < 0) { + return -1; + } + if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC, + driverConfig->secrets_encryption_key, dri= verConfig->secretsKeyLen, + iv, sizeof(iv), + (uint8_t *)obj->value, obj->value_size, + &encryptedValue, &encryptedValueLen) < 0)= { + return -1; + } + secretLen =3D sizeof(iv) + encryptedValueLen; + secret =3D g_new0(uint8_t, secretLen); + memcpy(secret, iv, sizeof(iv)); + memcpy(secret + sizeof(iv), encryptedValue, encryptedValueLen); + base64 =3D g_base64_encode(secret, secretLen); + } else { + base64 =3D g_base64_encode(obj->value, obj->value_size); + } if (virFileRewriteStr(obj->secretValueFile, S_IRUSR | S_IWUSR, base64)= < 0) return -1; =20 @@ -737,23 +784,22 @@ virSecretObjGetValue(virSecretObj *obj) int virSecretObjSetValue(virSecretObj *obj, const unsigned char *value, - size_t value_size) + size_t value_size, + virSecretDaemonConfig *driverConfig) { virSecretDef *def =3D obj->def; g_autofree unsigned char *old_value =3D NULL; g_autofree unsigned char *new_value =3D NULL; size_t old_value_size; - new_value =3D g_new0(unsigned char, value_size); =20 old_value =3D obj->value; old_value_size =3D obj->value_size; - memcpy(new_value, value, value_size); obj->value =3D g_steal_pointer(&new_value); obj->value_size =3D value_size; =20 - if (!def->isephemeral && virSecretObjSaveData(obj) < 0) + if (!def->isephemeral && virSecretObjSaveData(obj, driverConfig) < 0) goto error; =20 /* Saved successfully - drop old value */ @@ -807,11 +853,23 @@ virSecretLoadValidateUUID(virSecretDef *def, =20 =20 static int -virSecretLoadValue(virSecretObj *obj) +virSecretLoadValue(virSecretObj *obj, + virSecretDaemonConfig *driverConfig) { - int ret =3D -1, fd =3D -1; + int ret =3D -1; + VIR_AUTOCLOSE fd =3D -1; struct stat st; + g_autofree char *contents =3D NULL; + g_autofree uint8_t *contents_encrypted =3D NULL; + g_autofree uint8_t *decryptedValue =3D NULL; + g_autofree char *encryptionScheme =3D NULL; + + size_t decryptedValueLen =3D 0; + uint8_t iv[16] =3D { 0 }; + uint8_t *ciphertext =3D NULL; + size_t ciphertextLen =3D 0; + virSecretEncryptionSchemeType latestEncryptionScheme; =20 if ((fd =3D open(obj->secretValueFile, O_RDONLY)) =3D=3D -1) { if (errno =3D=3D ENOENT) { @@ -841,25 +899,60 @@ virSecretLoadValue(virSecretObj *obj) goto cleanup; } =20 - contents =3D g_new0(char, st.st_size + 1); + /* Iterate over the encryption schemes starting with the latest one and + * decrypt the contents of the file on the disk, by matching the file + * extention with the encryption scheme. If there is no scheme matching + * the file extention, then that secret is not loaded. */ =20 - if (saferead(fd, contents, st.st_size) !=3D st.st_size) { - virReportSystemError(errno, _("cannot read '%1$s'"), - obj->secretValueFile); - goto cleanup; + if (virStringHasSuffix(obj->secretValueFile, ".base64")) { + contents =3D g_new0(char, st.st_size + 1); + if (saferead(fd, contents, st.st_size) !=3D st.st_size) { + virReportSystemError(errno, _("cannot read '%1$s'"), + obj->secretValueFile); + goto cleanup; + } + contents[st.st_size] =3D '\0'; + obj->value =3D g_base64_decode(contents, &obj->value_size); + } else { + for (latestEncryptionScheme =3D VIR_SECRET_ENCRYPTION_SCHEME_LAST-= 1; latestEncryptionScheme > 0; latestEncryptionScheme--) { + encryptionScheme =3D g_strdup(virSecretEncryptionSchemeTypeToS= tring(latestEncryptionScheme)); + if (virStringHasSuffix(obj->secretValueFile, encryptionScheme)= ) { + contents =3D g_new0(char, st.st_size + 1); + if (saferead(fd, contents, st.st_size) !=3D st.st_size) { + virReportSystemError(errno, _("cannot read '%1$s'"), + obj->secretValueFile); + goto cleanup; + } + if ((st.st_size) < sizeof(iv)) { + virReportError(VIR_ERR_INVALID_SECRET, "%s", + _("Encrypted secret size is invalid")); + goto cleanup; + } + contents[st.st_size] =3D '\0'; + contents_encrypted =3D g_base64_decode(contents, &obj->val= ue_size); + + memcpy(iv, contents_encrypted, sizeof(iv)); + ciphertext =3D contents_encrypted + sizeof(iv); + ciphertextLen =3D st.st_size - sizeof(iv); + if (virCryptoDecryptData(VIR_CRYPTO_CIPHER_AES256CBC, + driverConfig->secrets_encryption_= key, driverConfig->secretsKeyLen, + iv, sizeof(iv), + ciphertext, ciphertextLen, + &decryptedValue, &decryptedValueL= en) < 0) { + virReportError(VIR_ERR_INVALID_SECRET, "%s", + _("Decryption of secret value failed")); + goto cleanup; + } + g_free(obj->value); + obj->value =3D g_steal_pointer(&decryptedValue); + obj->value_size =3D decryptedValueLen; + } + } } - contents[st.st_size] =3D '\0'; - - VIR_FORCE_CLOSE(fd); - - obj->value =3D g_base64_decode(contents, &obj->value_size); - ret =3D 0; =20 cleanup: - if (contents !=3D NULL) - memset(contents, 0, st.st_size); - VIR_FORCE_CLOSE(fd); + virSecureErase(iv, sizeof(iv)); return ret; } =20 @@ -868,7 +961,8 @@ static virSecretObj * virSecretLoad(virSecretObjList *secrets, const char *file, const char *path, - const char *configDir) + const char *configDir, + virSecretDaemonConfig *driverConfig) { g_autoptr(virSecretDef) def =3D NULL; virSecretObj *obj =3D NULL; @@ -879,10 +973,10 @@ virSecretLoad(virSecretObjList *secrets, if (virSecretLoadValidateUUID(def, file) < 0) return NULL; =20 - if (!(obj =3D virSecretObjListAdd(secrets, &def, configDir, NULL))) + if (!(obj =3D virSecretObjListAdd(secrets, &def, configDir, NULL, driv= erConfig))) return NULL; =20 - if (virSecretLoadValue(obj) < 0) { + if (virSecretLoadValue(obj, driverConfig) < 0) { virSecretObjListRemove(secrets, obj); g_clear_pointer(&obj, virObjectUnref); return NULL; @@ -894,7 +988,8 @@ virSecretLoad(virSecretObjList *secrets, =20 int virSecretLoadAllConfigs(virSecretObjList *secrets, - const char *configDir) + const char *configDir, + virSecretDaemonConfig *driverConfig) { g_autoptr(DIR) dir =3D NULL; struct dirent *de; @@ -915,7 +1010,7 @@ virSecretLoadAllConfigs(virSecretObjList *secrets, if (!(path =3D virFileBuildPath(configDir, de->d_name, NULL))) continue; =20 - if (!(obj =3D virSecretLoad(secrets, de->d_name, path, configDir))= ) { + if (!(obj =3D virSecretLoad(secrets, de->d_name, path, configDir, = driverConfig))) { VIR_ERROR(_("Error reading secret: %1$s"), virGetLastErrorMessage()); continue; diff --git a/src/conf/virsecretobj.h b/src/conf/virsecretobj.h index 17897c5513..78a1fb1a39 100644 --- a/src/conf/virsecretobj.h +++ b/src/conf/virsecretobj.h @@ -23,6 +23,7 @@ #include "internal.h" =20 #include "secret_conf.h" +#include "secret_config.h" =20 typedef struct _virSecretObj virSecretObj; =20 @@ -51,7 +52,8 @@ virSecretObj * virSecretObjListAdd(virSecretObjList *secrets, virSecretDef **newdef, const char *configDir, - virSecretDef **oldDef); + virSecretDef **oldDef, + virSecretDaemonConfig *driverConfig); =20 typedef bool (*virSecretObjListACLFilter)(virConnectPtr conn, @@ -86,7 +88,8 @@ int virSecretObjSaveConfig(virSecretObj *obj); =20 int -virSecretObjSaveData(virSecretObj *obj); +virSecretObjSaveData(virSecretObj *obj, + virSecretDaemonConfig *driverConfig); =20 virSecretDef * virSecretObjGetDef(virSecretObj *obj); @@ -101,7 +104,8 @@ virSecretObjGetValue(virSecretObj *obj); int virSecretObjSetValue(virSecretObj *obj, const unsigned char *value, - size_t value_size); + size_t value_size, + virSecretDaemonConfig *driverConfig); =20 size_t virSecretObjGetValueSize(virSecretObj *obj); @@ -112,4 +116,5 @@ virSecretObjSetValueSize(virSecretObj *obj, =20 int virSecretLoadAllConfigs(virSecretObjList *secrets, - const char *configDir); + const char *configDir, + virSecretDaemonConfig *cfg); diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 04c3ca49f1..ba781e241e 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -30,6 +30,7 @@ #include "virlog.h" #include "viralloc.h" #include "secret_conf.h" +#include "secret_config.h" #include "virsecretobj.h" #include "secret_driver.h" #include "virthread.h" @@ -42,6 +43,10 @@ #include "secret_event.h" #include "virutil.h" #include "virinhibitor.h" +#include "virfile.h" +#include "virrandom.h" +#include "vircrypto.h" +#include "virsecureerase.h" =20 #define VIR_FROM_THIS VIR_FROM_SECRET =20 @@ -70,6 +75,9 @@ struct _virSecretDriverState { =20 /* Immutable pointer, self-locking APIs */ virInhibitor *inhibitor; + + /* Settings from secrets.conf file */ + virSecretDaemonConfig *config; }; =20 static virSecretDriverState *driver; @@ -218,13 +226,14 @@ secretDefineXML(virConnectPtr conn, goto cleanup; =20 if (!(obj =3D virSecretObjListAdd(driver->secrets, &def, - driver->configDir, &backup))) + driver->configDir, &backup, + driver->config))) goto cleanup; objDef =3D virSecretObjGetDef(obj); =20 if (!objDef->isephemeral) { if (backup && backup->isephemeral) { - if (virSecretObjSaveData(obj) < 0) + if (virSecretObjSaveData(obj, driver->config) < 0) goto restore_backup; } =20 @@ -307,7 +316,6 @@ secretGetXMLDesc(virSecretPtr secret, return ret; } =20 - static int secretSetValue(virSecretPtr secret, const unsigned char *value, @@ -327,8 +335,7 @@ secretSetValue(virSecretPtr secret, def =3D virSecretObjGetDef(obj); if (virSecretSetValueEnsureACL(secret->conn, def) < 0) goto cleanup; - - if (virSecretObjSetValue(obj, value, value_size) < 0) + if (virSecretObjSetValue(obj, value, value_size, driver->config) < 0) goto cleanup; =20 event =3D virSecretEventValueChangedNew(def->uuid, @@ -454,6 +461,7 @@ secretStateCleanupLocked(void) VIR_FREE(driver->configDir); =20 virObjectUnref(driver->secretEventState); + virObjectUnref(driver->config); virInhibitorFree(driver->inhibitor); =20 if (driver->lockFD !=3D -1) @@ -518,6 +526,8 @@ secretStateInitialize(bool privileged, driver->stateDir); goto error; } + if (!(driver->config =3D virSecretDaemonConfigNew(driver->privileged))) + goto error; =20 driver->inhibitor =3D virInhibitorNew( VIR_INHIBITOR_WHAT_NONE, @@ -534,7 +544,7 @@ secretStateInitialize(bool privileged, if (!(driver->secrets =3D virSecretObjListNew())) goto error; =20 - if (virSecretLoadAllConfigs(driver->secrets, driver->configDir) < 0) + if (virSecretLoadAllConfigs(driver->secrets, driver->configDir, driver= ->config) < 0) goto error; =20 return VIR_DRV_STATE_INIT_COMPLETE; @@ -553,7 +563,10 @@ secretStateReload(void) if (!driver) return -1; =20 - ignore_value(virSecretLoadAllConfigs(driver->secrets, driver->configDi= r)); + if (!(driver->config =3D virSecretDaemonConfigNew(driver->privileged))) + return -1; + + ignore_value(virSecretLoadAllConfigs(driver->secrets, driver->configDi= r, driver->config)); =20 return 0; } --=20 2.51.1