From nobody Thu Apr 18 16:01:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1578557891; cv=none; d=zohomail.com; s=zohoarc; b=UGi20l7R25iQliaBa69E2GIaC8nAOvMUkDae/pbHmlE5yRI54c4oznhJNYt7zxiTerT1uby5g5IxOwq8Rab+syOAFwvreViwJ9EwEiSCc2QjyVQJGlxj8BODpT0PvN7ZrlUlz9r9WfpIop/OGnMZt1B27nycKstcxgwRSJtnEUY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1578557891; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=PrI5HJaObh4LmuejA14MDSwZL7NaPt/zgSG+9P2Yi7g=; b=ZuRMt1a9UJou8mEmAFAge41Fb1e8qUMlmzNe5kwcMjY5zuZB//FwT0AjjYsJIUykKtFzyzjapQhKScLiBKDPXC5cctIM82h/i/a6nF86RIhGklqdR1/9X4d3JiS8RRJqd/K41WPe5uCwe5Vch5UWUODUZ7puJQ9rA8SyezJDfiU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 157855789177446.93319481373385; Thu, 9 Jan 2020 00:18:11 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-76-3KLGQ5znMJeb9bq2Yay_nQ-1; Thu, 09 Jan 2020 03:16:59 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E0484184B1E1; Thu, 9 Jan 2020 08:16:53 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B6E7D7C3B3; Thu, 9 Jan 2020 08:16:53 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 155D11809567; Thu, 9 Jan 2020 08:16:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0098GpwE014415 for ; Thu, 9 Jan 2020 03:16:51 -0500 Received: by smtp.corp.redhat.com (Postfix) id 3948D1000328; Thu, 9 Jan 2020 08:16:51 +0000 (UTC) Received: from antique-work.redhat.com (unknown [10.43.2.149]) by smtp.corp.redhat.com (Postfix) with ESMTP id B604E1000322 for ; Thu, 9 Jan 2020 08:16:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1578557890; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=PrI5HJaObh4LmuejA14MDSwZL7NaPt/zgSG+9P2Yi7g=; b=CGqQCm/CRreSbroSd1RtIRpG5lLDmEUjVbd9KCRQfxOd5N7FR+XqyAkD2qUc69HAcjSOE5 GxkgZRdcF14s5sTuGWkDkiW5nCFZswovwKdDX0NhlKQIDPX/B4gn82yhD3lGVcF/RkA57a 6fOk6sInwbms94YNtgZJIHgBv6AaMZE= From: Pavel Hrdina To: libvir-list@redhat.com Date: Thu, 9 Jan 2020 09:16:31 +0100 Message-Id: <347fce53cf83a987c1f413f9ffbe87e3b3a190f5.1578556319.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 01/16] secret: move virSecretGetSecretString into virsecret X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-MC-Unique: 3KLGQ5znMJeb9bq2Yay_nQ-1 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The function virSecretGetSecretString calls into secret driver and is used from other hypervisros drivers and as such makes more sense in util. Signed-off-by: Pavel Hrdina --- po/POTFILES.in | 1 - src/libvirt_private.syms | 5 +- src/libxl/libxl_conf.c | 2 +- src/qemu/qemu_domain.c | 2 +- src/qemu/qemu_process.c | 2 +- src/qemu/qemu_tpm.c | 2 +- src/secret/Makefile.inc.am | 11 --- src/secret/secret_util.c | 102 --------------------- src/secret/secret_util.h | 33 ------- src/storage/storage_backend_iscsi.c | 2 +- src/storage/storage_backend_iscsi_direct.c | 2 +- src/storage/storage_backend_rbd.c | 2 +- src/storage/storage_util.c | 2 +- src/util/virsecret.c | 69 ++++++++++++++ src/util/virsecret.h | 8 ++ 15 files changed, 86 insertions(+), 159 deletions(-) delete mode 100644 src/secret/secret_util.c delete mode 100644 src/secret/secret_util.h diff --git a/po/POTFILES.in b/po/POTFILES.in index faf173584e..e266871907 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -190,7 +190,6 @@ @SRCDIR@/src/rpc/virnetsshsession.c @SRCDIR@/src/rpc/virnettlscontext.c @SRCDIR@/src/secret/secret_driver.c -@SRCDIR@/src/secret/secret_util.c @SRCDIR@/src/security/security_apparmor.c @SRCDIR@/src/security/security_dac.c @SRCDIR@/src/security/security_driver.c diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index b97906b852..b1a56f1261 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1449,10 +1449,6 @@ virLogManagerFree; virLogManagerNew; =20 =20 -# secret/secret_util.h -virSecretGetSecretString; - - # security/security_driver.h virSecurityDriverLookup; =20 @@ -3001,6 +2997,7 @@ virSecurityLabelDefNew; =20 =20 # util/virsecret.h +virSecretGetSecretString; virSecretLookupDefClear; virSecretLookupDefCopy; virSecretLookupFormatSecret; diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c index 2488bb9d32..e41e84e3e2 100644 --- a/src/libxl/libxl_conf.c +++ b/src/libxl/libxl_conf.c @@ -41,7 +41,7 @@ #include "libxl_conf.h" #include "libxl_utils.h" #include "virstoragefile.h" -#include "secret_util.h" +#include "virsecret.h" #include "cpu/cpu.h" #include "xen_common.h" #include "xen_xl.h" diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 24e84a5966..ec8207b36f 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -56,7 +56,7 @@ #include "vircrypto.h" #include "virrandom.h" #include "virsystemd.h" -#include "secret_util.h" +#include "virsecret.h" #include "logging/log_manager.h" #include "locking/domain_lock.h" #include "virdomainsnapshotobjlist.h" diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 4195042194..3c2f2458b5 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -83,7 +83,7 @@ #include "virnuma.h" #include "virstring.h" #include "virhostdev.h" -#include "secret_util.h" +#include "virsecret.h" #include "configmake.h" #include "nwfilter_conf.h" #include "netdev_bandwidth_conf.h" diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 28800a100c..262e6c4f07 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -42,7 +42,7 @@ #include "configmake.h" #include "qemu_tpm.h" #include "virtpm.h" -#include "secret_util.h" +#include "virsecret.h" =20 #define VIR_FROM_THIS VIR_FROM_NONE =20 diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am index d332060e38..4f0956a7a4 100644 --- a/src/secret/Makefile.inc.am +++ b/src/secret/Makefile.inc.am @@ -5,11 +5,6 @@ SECRET_DRIVER_SOURCES =3D \ secret/secret_driver.c \ $(NULL) =20 -SECRET_UTIL_SOURCES =3D \ - secret/secret_util.h \ - secret/secret_util.c \ - $(NULL) - =20 DRIVER_SOURCE_FILES +=3D $(addprefix $(srcdir)/,$(SECRET_DRIVER_SOURCES)) STATEFUL_DRIVER_SOURCE_FILES +=3D \ @@ -17,14 +12,8 @@ STATEFUL_DRIVER_SOURCE_FILES +=3D \ =20 EXTRA_DIST +=3D \ $(SECRET_DRIVER_SOURCES) \ - $(SECRET_UTIL_SOURCES) \ $(NULL) =20 -noinst_LTLIBRARIES +=3D libvirt_secret.la -libvirt_la_BUILT_LIBADD +=3D libvirt_secret.la -libvirt_secret_la_CFLAGS =3D $(AM_CFLAGS) -libvirt_secret_la_LDFLAGS =3D $(AM_LDFLAGS) -libvirt_secret_la_SOURCES =3D $(SECRET_UTIL_SOURCES) =20 if WITH_SECRETS mod_LTLIBRARIES +=3D libvirt_driver_secret.la diff --git a/src/secret/secret_util.c b/src/secret/secret_util.c deleted file mode 100644 index 27e164a425..0000000000 --- a/src/secret/secret_util.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * secret_util.c: secret related utility functions - * - * Copyright (C) 2016 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library. If not, see - * . - * - */ - -#include - -#include "secret_util.h" -#include "viralloc.h" -#include "virerror.h" -#include "virlog.h" -#include "virobject.h" -#include "viruuid.h" -#include "datatypes.h" - -#define VIR_FROM_THIS VIR_FROM_SECRET - -VIR_LOG_INIT("secret.secret_util"); - - -/* virSecretGetSecretString: - * @conn: Pointer to the connection driver to make secret driver call - * @seclookupdef: Secret lookup def - * @secretUsageType: Type of secret usage for usage lookup - * @secret: returned secret as a sized stream of unsigned chars - * @secret_size: Return size of the secret - either raw text or base64 - * - * Lookup the secret for the usage type and return it as raw text. - * It is up to the caller to encode the secret further. - * - * Returns 0 on success, -1 on failure. On success the memory in secret - * needs to be cleared and free'd after usage. - */ -int -virSecretGetSecretString(virConnectPtr conn, - virSecretLookupTypeDefPtr seclookupdef, - virSecretUsageType secretUsageType, - uint8_t **secret, - size_t *secret_size) -{ - virSecretPtr sec =3D NULL; - int ret =3D -1; - - switch (seclookupdef->type) { - case VIR_SECRET_LOOKUP_TYPE_UUID: - sec =3D conn->secretDriver->secretLookupByUUID(conn, seclookupdef-= >u.uuid); - break; - - case VIR_SECRET_LOOKUP_TYPE_USAGE: - sec =3D conn->secretDriver->secretLookupByUsage(conn, secretUsageT= ype, - seclookupdef->u.usag= e); - break; - } - - if (!sec) - goto cleanup; - - /* NB: NONE is a byproduct of the qemuxml2argvtest test mocking - * for UUID lookups. Normal secret XML processing would fail if - * the usage type was NONE and since we have no way to set the - * expected usage in that environment, let's just accept NONE */ - if (sec->usageType !=3D VIR_SECRET_USAGE_TYPE_NONE && - sec->usageType !=3D secretUsageType) { - char uuidstr[VIR_UUID_STRING_BUFLEN]; - - virUUIDFormat(seclookupdef->u.uuid, uuidstr); - virReportError(VIR_ERR_INVALID_ARG, - _("secret with uuid %s is of type '%s' not " - "expected '%s' type"), - uuidstr, virSecretUsageTypeToString(sec->usageType), - virSecretUsageTypeToString(secretUsageType)); - goto cleanup; - } - - *secret =3D conn->secretDriver->secretGetValue(sec, secret_size, 0, - VIR_SECRET_GET_VALUE_INTE= RNAL_CALL); - - if (!*secret) - goto cleanup; - - ret =3D 0; - - cleanup: - virObjectUnref(sec); - return ret; -} diff --git a/src/secret/secret_util.h b/src/secret/secret_util.h deleted file mode 100644 index ff23df63b7..0000000000 --- a/src/secret/secret_util.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * secret_util.h: secret related utility functions - * - * Copyright (C) 2016 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library. If not, see - * . - * - */ - -#pragma once - -#include "internal.h" -#include "virsecret.h" - -int virSecretGetSecretString(virConnectPtr conn, - virSecretLookupTypeDefPtr seclookupdef, - virSecretUsageType secretUsageType, - uint8_t **ret_secret, - size_t *ret_secret_size) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(4) - ATTRIBUTE_NONNULL(5) G_GNUC_WARN_UNUSED_RESULT; diff --git a/src/storage/storage_backend_iscsi.c b/src/storage/storage_back= end_iscsi.c index ee39cbf88d..c02fbb5eaa 100644 --- a/src/storage/storage_backend_iscsi.c +++ b/src/storage/storage_backend_iscsi.c @@ -39,7 +39,7 @@ #include "virobject.h" #include "virstring.h" #include "viruuid.h" -#include "secret_util.h" +#include "virsecret.h" #include "storage_util.h" =20 #define VIR_FROM_THIS VIR_FROM_STORAGE diff --git a/src/storage/storage_backend_iscsi_direct.c b/src/storage/stora= ge_backend_iscsi_direct.c index 3a5e2bb9f0..c37c671db6 100644 --- a/src/storage/storage_backend_iscsi_direct.c +++ b/src/storage/storage_backend_iscsi_direct.c @@ -24,7 +24,7 @@ #include =20 #include "datatypes.h" -#include "secret_util.h" +#include "virsecret.h" #include "storage_backend_iscsi_direct.h" #include "storage_util.h" #include "viralloc.h" diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backen= d_rbd.c index 88e7a4b236..f0b7653736 100644 --- a/src/storage/storage_backend_rbd.c +++ b/src/storage/storage_backend_rbd.c @@ -33,7 +33,7 @@ #include "virrandom.h" #include "rados/librados.h" #include "rbd/librbd.h" -#include "secret_util.h" +#include "virsecret.h" #include "storage_util.h" =20 #define VIR_FROM_THIS VIR_FROM_STORAGE diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index ebc262278d..987d937b04 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -62,7 +62,7 @@ #include "viralloc.h" #include "internal.h" #include "secret_conf.h" -#include "secret_util.h" +#include "virsecret.h" #include "vircrypto.h" #include "viruuid.h" #include "virstoragefile.h" diff --git a/src/util/virsecret.c b/src/util/virsecret.c index 174ce544c0..f44d964198 100644 --- a/src/util/virsecret.c +++ b/src/util/virsecret.c @@ -21,6 +21,7 @@ =20 #include =20 +#include "datatypes.h" #include "viralloc.h" #include "virerror.h" #include "virlog.h" @@ -125,3 +126,71 @@ virSecretLookupFormatSecret(virBufferPtr buf, virBufferAddLit(buf, "/>\n"); } } + + +/* virSecretGetSecretString: + * @conn: Pointer to the connection driver to make secret driver call + * @seclookupdef: Secret lookup def + * @secretUsageType: Type of secret usage for usage lookup + * @secret: returned secret as a sized stream of unsigned chars + * @secret_size: Return size of the secret - either raw text or base64 + * + * Lookup the secret for the usage type and return it as raw text. + * It is up to the caller to encode the secret further. + * + * Returns 0 on success, -1 on failure. On success the memory in secret + * needs to be cleared and free'd after usage. + */ +int +virSecretGetSecretString(virConnectPtr conn, + virSecretLookupTypeDefPtr seclookupdef, + virSecretUsageType secretUsageType, + uint8_t **secret, + size_t *secret_size) +{ + virSecretPtr sec =3D NULL; + int ret =3D -1; + + switch (seclookupdef->type) { + case VIR_SECRET_LOOKUP_TYPE_UUID: + sec =3D conn->secretDriver->secretLookupByUUID(conn, seclookupdef-= >u.uuid); + break; + + case VIR_SECRET_LOOKUP_TYPE_USAGE: + sec =3D conn->secretDriver->secretLookupByUsage(conn, secretUsageT= ype, + seclookupdef->u.usag= e); + break; + } + + if (!sec) + goto cleanup; + + /* NB: NONE is a byproduct of the qemuxml2argvtest test mocking + * for UUID lookups. Normal secret XML processing would fail if + * the usage type was NONE and since we have no way to set the + * expected usage in that environment, let's just accept NONE */ + if (sec->usageType !=3D VIR_SECRET_USAGE_TYPE_NONE && + sec->usageType !=3D secretUsageType) { + char uuidstr[VIR_UUID_STRING_BUFLEN]; + + virUUIDFormat(seclookupdef->u.uuid, uuidstr); + virReportError(VIR_ERR_INVALID_ARG, + _("secret with uuid %s is of type '%s' not " + "expected '%s' type"), + uuidstr, virSecretUsageTypeToString(sec->usageType), + virSecretUsageTypeToString(secretUsageType)); + goto cleanup; + } + + *secret =3D conn->secretDriver->secretGetValue(sec, secret_size, 0, + VIR_SECRET_GET_VALUE_INTE= RNAL_CALL); + + if (!*secret) + goto cleanup; + + ret =3D 0; + + cleanup: + virObjectUnref(sec); + return ret; +} diff --git a/src/util/virsecret.h b/src/util/virsecret.h index 8bc8a24e0f..bf056cb3b2 100644 --- a/src/util/virsecret.h +++ b/src/util/virsecret.h @@ -56,3 +56,11 @@ int virSecretLookupParseSecret(xmlNodePtr secretnode, void virSecretLookupFormatSecret(virBufferPtr buf, const char *secrettype, virSecretLookupTypeDefPtr def); + +int virSecretGetSecretString(virConnectPtr conn, + virSecretLookupTypeDefPtr seclookupdef, + virSecretUsageType secretUsageType, + uint8_t **ret_secret, + size_t *ret_secret_size) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(4) + ATTRIBUTE_NONNULL(5) G_GNUC_WARN_UNUSED_RESULT; --=20 2.24.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list