From nobody Thu May 2 06:38:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1579882137; cv=none; d=zohomail.com; s=zohoarc; b=iPmkjomEVPyyS9zBpiyO/dFYBGe0N3gEWcfDf4Gt459IRpwo5so2ee9B3EaqEuCDn3jJOlx+9+qHRmBbKpzIO/HDoqmf+hgtuH10MrOdUav4AsVZT/vNr7JzL1rH4kLzgeArQdXQWmmDoEeAAeEk288jO/uLOzYzV5BfhNRF2Zs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1579882137; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=rUIbHOuYTn2sHb+f6FZNAXGrDsCtgLaib4JDNEqxBrg=; b=TrectUKATS5R0F7acht7/yfiwBqnFbeG6z+sCmbLagRUYPeKIbvgrUBLEbV39zuwb+Eu7508GEF5Fu0LogHdgSXsf+XV6pgC/SwOzCjFDyow266TwHTsvfTmnZrtXyGPhChoyYCrk5HXHdMDH2rQBn6UNbBNyucZbZRrbQTd5ls= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1579882137674305.78468128574957; Fri, 24 Jan 2020 08:08:57 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-254-Hnm4XkXqPrGQcRTkKztjSA-1; Fri, 24 Jan 2020 11:08:53 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 75CA48D8F12; Fri, 24 Jan 2020 16:08:48 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 479FB5C241; Fri, 24 Jan 2020 16:08:48 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id E95B285964; Fri, 24 Jan 2020 16:08:47 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 00OG8k4B011890 for ; Fri, 24 Jan 2020 11:08:46 -0500 Received: by smtp.corp.redhat.com (Postfix) id 0E47C5C241; Fri, 24 Jan 2020 16:08:46 +0000 (UTC) Received: from angien.redhat.com (unknown [10.43.2.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8BB575C1B0 for ; Fri, 24 Jan 2020 16:08:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579882136; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=rUIbHOuYTn2sHb+f6FZNAXGrDsCtgLaib4JDNEqxBrg=; b=MrUbzTNj82wJcc7OtfPVSzeNR5f564PUGkfQdsH2E2UTRMGfM9Qq/Tpk9phSZGZlcSAlrv BIyX9yf+GCs8GK++AqmBs1nTj4oBbk/eCNjVBi5X9p/SBswYmGH6Jgz2EyYP0jqs183sBz tISkaQOmBS8GpzwKw6SC7V1J8rSF5Vw= From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 1/9] virsh: Work around virSecretFree quirks Date: Fri, 24 Jan 2020 17:08:33 +0100 Message-Id: <3d998daf712dcc16fb48696b106e8b61e0e14ce0.1579881978.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-MC-Unique: Hnm4XkXqPrGQcRTkKztjSA-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Similarly to other libvirt object freeing APIs the function resets the libvirt error when called and doesn't take NULL gracefully. Install the workaround and g_autoptr handlers similarly to the 'virshDomain' type. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- build-aux/syntax-check.mk | 2 +- tools/virsh-completer-secret.c | 3 ++- tools/virsh-secret.c | 22 ++++++++++------------ tools/virsh-util.c | 11 +++++++++++ tools/virsh-util.h | 5 +++++ 5 files changed, 29 insertions(+), 14 deletions(-) diff --git a/build-aux/syntax-check.mk b/build-aux/syntax-check.mk index e5623606dd..14122476de 100644 --- a/build-aux/syntax-check.mk +++ b/build-aux/syntax-check.mk @@ -1118,7 +1118,7 @@ sc_gettext_init: $(_sc_search_regexp) sc_prohibit_obj_free_apis_in_virsh: - @prohibit=3D'\bvir(Domain|DomainSnapshot)Free\b' \ + @prohibit=3D'\bvir(Domain|DomainSnapshot|Secret)Free\b' \ in_vc_files=3D'virsh.*\.[ch]$$' \ exclude=3D'sc_prohibit_obj_free_apis_in_virsh' \ halt=3D'avoid using virDomain(Snapshot)Free in virsh, use virsh-prefixed = wrappers instead' \ diff --git a/tools/virsh-completer-secret.c b/tools/virsh-completer-secret.c index a90fdb399f..505b19db84 100644 --- a/tools/virsh-completer-secret.c +++ b/tools/virsh-completer-secret.c @@ -23,6 +23,7 @@ #include "virsh-completer-secret.h" #include "viralloc.h" #include "virsh-secret.h" +#include "virsh-util.h" #include "virsh.h" #include "virstring.h" @@ -61,7 +62,7 @@ virshSecretUUIDCompleter(vshControl *ctl, cleanup: for (i =3D 0; i < nsecrets; i++) - virSecretFree(secrets[i]); + virshSecretFree(secrets[i]); VIR_FREE(secrets); return ret; } diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c index 01c62b9ce8..7123b10860 100644 --- a/tools/virsh-secret.c +++ b/tools/virsh-secret.c @@ -20,6 +20,7 @@ #include #include "virsh-secret.h" +#include "virsh-util.h" #include "internal.h" #include "virbuffer.h" @@ -106,8 +107,7 @@ cmdSecretDefine(vshControl *ctl, const vshCmd *cmd) cleanup: VIR_FREE(buffer); - if (res) - virSecretFree(res); + virshSecretFree(res); return ret; } @@ -153,7 +153,7 @@ cmdSecretDumpXML(vshControl *ctl, const vshCmd *cmd) ret =3D true; cleanup: - virSecretFree(secret); + virshSecretFree(secret); return ret; } @@ -215,7 +215,7 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd) ret =3D true; cleanup: - virSecretFree(secret); + virshSecretFree(secret); return ret; } @@ -266,7 +266,7 @@ cmdSecretGetValue(vshControl *ctl, const vshCmd *cmd) cleanup: VIR_DISPOSE_N(value, value_size); - virSecretFree(secret); + virshSecretFree(secret); return ret; } @@ -312,7 +312,7 @@ cmdSecretUndefine(vshControl *ctl, const vshCmd *cmd) ret =3D true; cleanup: - virSecretFree(secret); + virshSecretFree(secret); return ret; } @@ -348,10 +348,9 @@ virshSecretListFree(virshSecretListPtr list) size_t i; if (list && list->secrets) { - for (i =3D 0; i < list->nsecrets; i++) { - if (list->secrets[i]) - virSecretFree(list->secrets[i]); - } + for (i =3D 0; i < list->nsecrets; i++) + virshSecretFree(list->secrets[i]); + VIR_FREE(list->secrets); } VIR_FREE(list); @@ -763,8 +762,7 @@ cmdSecretEvent(vshControl *ctl, const vshCmd *cmd) if (eventId >=3D 0 && virConnectSecretEventDeregisterAny(priv->conn, eventId) < 0) ret =3D false; - if (secret) - virSecretFree(secret); + virshSecretFree(secret); return ret; } diff --git a/tools/virsh-util.c b/tools/virsh-util.c index f436fbb486..932d6d0849 100644 --- a/tools/virsh-util.c +++ b/tools/virsh-util.c @@ -250,6 +250,17 @@ virshDomainSnapshotFree(virDomainSnapshotPtr snap) } +void +virshSecretFree(virSecretPtr secret) +{ + if (!secret) + return; + + vshSaveLibvirtHelperError(); + virSecretFree(secret); /* sc_prohibit_obj_free_apis_in_virsh */ +} + + int virshDomainGetXMLFromDom(vshControl *ctl, virDomainPtr dom, diff --git a/tools/virsh-util.h b/tools/virsh-util.h index 2b0447268e..72653d9735 100644 --- a/tools/virsh-util.h +++ b/tools/virsh-util.h @@ -45,6 +45,11 @@ void virshDomainFree(virDomainPtr dom); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virshDomain, virshDomainFree); +typedef virSecret virshSecret; +void +virshSecretFree(virSecretPtr secret); +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virshSecret, virshSecretFree); + void virshDomainCheckpointFree(virDomainCheckpointPtr chk); --=20 2.24.1 From nobody Thu May 2 06:38:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1579882138; cv=none; d=zohomail.com; s=zohoarc; b=KhooVCsIkvQaBHUwHDRdMHWVbjxn+d4sOW7oygFAPuQ2wi+YwaIYTXNnc5KrFPYjnB0BveqD/sMErZgdj2G7USuSsRFxjOPQtC/WhMfG9NzJtO9OauA7iVChZP0M9NLjXAlozvHHbwng4qx6CimDh+pT5NmQrIYWQ/c7M+84PaI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1579882138; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=cNMis66UOEzv4bRaBWGatynqhPsfcuBHvcWFyx93wIo=; b=nKKzYWzJQfntWSFrXgVZAocrnCMkYqcD9gmvzENuVB9hVJPpn3B7lXtOR+YR5XezzyxS3hAhYBgGT0vbMYObuayvoZ5IDUY+QTYGq5BfbsPNeb5Ts+wjOR8JohQp5OB4Q9EBQpThDiFZwB4dDhqlzzSM8ezxpynxBRJCrKX2YgU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1579882138033723.5994321908419; Fri, 24 Jan 2020 08:08:58 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-186-_G3Io7aaO0OF2OKEbX_CMw-1; Fri, 24 Jan 2020 11:08:54 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A673318B9F54; Fri, 24 Jan 2020 16:08:48 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 84D5D5DDAA; Fri, 24 Jan 2020 16:08:48 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3BC781803C32; Fri, 24 Jan 2020 16:08:48 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 00OG8kuK011900 for ; Fri, 24 Jan 2020 11:08:46 -0500 Received: by smtp.corp.redhat.com (Postfix) id D32395C241; Fri, 24 Jan 2020 16:08:46 +0000 (UTC) Received: from angien.redhat.com (unknown [10.43.2.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5BC425C1B0 for ; Fri, 24 Jan 2020 16:08:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579882136; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=cNMis66UOEzv4bRaBWGatynqhPsfcuBHvcWFyx93wIo=; b=c6WGsiYvDOYz1XJ8U0+5l5RxLRbvOUaAIUk6ALjVoUE6Js9cysWTibpg4d5qsyGwN0zEBu iZuhAkpKAvZkQ9RN75vR6jX1SYoH88gDFLn9WKdhTDvhZil4pcazDdbUcFGpNB+Cwfljb5 s7ShoDbweKErRjJaKcKVUmt6vQ9Q6tY= From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 2/9] virsh: secret: Refactor cleanup in cmdSecretSetValue Date: Fri, 24 Jan 2020 17:08:34 +0100 Message-Id: <52640542020c1ba013987ff20a945c14ef062633.1579881978.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: _G3Io7aaO0OF2OKEbX_CMw-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Automatically clean the secret object and get rid of the cleanup label and 'ret' valiable. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- tools/virsh-secret.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c index 7123b10860..58c9a54af6 100644 --- a/tools/virsh-secret.c +++ b/tools/virsh-secret.c @@ -188,18 +188,17 @@ static const vshCmdOptDef opts_secret_set_value[] =3D= { static bool cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd) { - virSecretPtr secret; + g_autoptr(virshSecret) secret =3D NULL; size_t value_size; const char *base64 =3D NULL; unsigned char *value; int res; - bool ret =3D false; if (!(secret =3D virshCommandOptSecret(ctl, cmd, NULL))) return false; if (vshCommandOptStringReq(ctl, cmd, "base64", &base64) < 0) - goto cleanup; + return false; value =3D g_base64_decode(base64, &value_size); @@ -209,14 +208,10 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd) if (res !=3D 0) { vshError(ctl, "%s", _("Failed to set secret value")); - goto cleanup; + return false; } vshPrintExtra(ctl, "%s", _("Secret value set\n")); - ret =3D true; - - cleanup: - virshSecretFree(secret); - return ret; + return true; } /* --=20 2.24.1 From nobody Thu May 2 06:38:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1579882146; cv=none; d=zohomail.com; s=zohoarc; b=dsd052UBlBIhHSi5rb4T6HpFJpb1Fp1wUicyInS8Did2AS6N2ux85zSAPMw3NNvrAFvyikcKfHxDsVK4LgITsVKMdBDKwGfM61AgW+YKUjEiSh864GHOH7mHfs2krFdF2dUGwdQ9cFP0p5p45bgIPvVwxgGGmbJ2rXGbeWsrR2Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1579882146; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=GBR0qdgoCB6UTmqZlkT7eBCf6uFXK37Xcwcj9wa4bzQ=; b=Qc0fP0fIoeVbokqZXEfW077yiqoiCMVtg+Ga1K3YS50WxPePquSTkXR8Sy+KgEYtZoN7a2aqtuAGCQDbKQKTIb4Ng62VPbQJ9866cxTQ0S36+xZ03ZNUuIyqshZJUlau8orIUHG0/wJ2ydRAmtRHtATTvRCQIKD3PVFgDeakLbM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 15798821467801001.2957040018852; Fri, 24 Jan 2020 08:09:06 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-249-8vDkwkauNu-C4i56Cfd5ig-1; Fri, 24 Jan 2020 11:09:00 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 66DF5107AD65; Fri, 24 Jan 2020 16:08:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 391A086816; Fri, 24 Jan 2020 16:08:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D32CC85967; Fri, 24 Jan 2020 16:08:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 00OG8l6C011906 for ; Fri, 24 Jan 2020 11:08:47 -0500 Received: by smtp.corp.redhat.com (Postfix) id A369F5C1B0; Fri, 24 Jan 2020 16:08:47 +0000 (UTC) Received: from angien.redhat.com (unknown [10.43.2.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2C35F5C241 for ; Fri, 24 Jan 2020 16:08:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579882143; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=GBR0qdgoCB6UTmqZlkT7eBCf6uFXK37Xcwcj9wa4bzQ=; b=DtNNG4wbffhHFG2Wjbp1Tq6nU6GGs1Elucl3ZEFTCgVpecZW75/SVm1ZXVxOeacQtO16VS 4al2qi49xojXuQkUAOXSGjgdWTFA1KtLCB0ou6bkNbwNqzFK/yKY8TKA3sbgPHegOp9A4b l86i36c1xM0yB5FiGph/NKlqWLhIZgg= From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 3/9] virsh: secret: Refactor cleanup in cmdSecretGetValue Date: Fri, 24 Jan 2020 17:08:35 +0100 Message-Id: <2728be02b9c3663ed58927b8eaf933d14ae3e884.1579881978.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-MC-Unique: 8vDkwkauNu-C4i56Cfd5ig-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Automatically clean the secret object and get rid of the cleanup label and 'ret' valiable. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- tools/virsh-secret.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c index 58c9a54af6..7067d13353 100644 --- a/tools/virsh-secret.c +++ b/tools/virsh-secret.c @@ -240,29 +240,23 @@ static const vshCmdOptDef opts_secret_get_value[] =3D= { static bool cmdSecretGetValue(vshControl *ctl, const vshCmd *cmd) { - virSecretPtr secret; + g_autoptr(virshSecret) secret =3D NULL; VIR_AUTODISPOSE_STR base64 =3D NULL; unsigned char *value; size_t value_size; - bool ret =3D false; - secret =3D virshCommandOptSecret(ctl, cmd, NULL); - if (secret =3D=3D NULL) + if (!(secret =3D virshCommandOptSecret(ctl, cmd, NULL))) return false; - value =3D virSecretGetValue(secret, &value_size, 0); - if (value =3D=3D NULL) - goto cleanup; + if (!(value =3D virSecretGetValue(secret, &value_size, 0))) + return false; base64 =3D g_base64_encode(value, value_size); vshPrint(ctl, "%s", base64); - ret =3D true; - cleanup: VIR_DISPOSE_N(value, value_size); - virshSecretFree(secret); - return ret; + return true; } /* --=20 2.24.1 From nobody Thu May 2 06:38:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1579882146; cv=none; d=zohomail.com; s=zohoarc; b=T60LBjlIEeLxccW/Dq+NqD5c9Fs5j7rAi9ydJb15XFHXL2gXB9lY+8OYCbPx0XUm3nSSDby6HrZuhuwQkW+zK17BljZfVtWw0zC0t3Nfz5Jr3bKkAyXEYGLrA4HIUlBWBDefgO870KloZI3DqULK7xKgUbz59lQ8i0jQahBKIHc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1579882146; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=uKi3NaRG1YEfH0mNTTNNZYokcg0BkCwryqSWBHpttmA=; b=g8aouPG1ppJaeQmvfX5/5VNc7YEU58+KyaBDPvKip3BGZNYaVRY0KjsC039JzGSqLNNbF7yRs5ZsUPKvAkxWllAM6IbiGm7m/CW8k3a/vUAtYTrraUcVw4QXfUk2z7oksgxMNT4ke2HGY7jSrSyKEt+gyyjqa5IBsiSV68LNQyY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 157988214675675.89755928446539; Fri, 24 Jan 2020 08:09:06 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-390-NlEbk3fWOrCkiWbrK90azg-1; Fri, 24 Jan 2020 11:09:01 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 61F7AE677F; Fri, 24 Jan 2020 16:08:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 314018680D; Fri, 24 Jan 2020 16:08:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CFD851803C40; Fri, 24 Jan 2020 16:08:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 00OG8moV011916 for ; Fri, 24 Jan 2020 11:08:48 -0500 Received: by smtp.corp.redhat.com (Postfix) id 74E255C28D; Fri, 24 Jan 2020 16:08:48 +0000 (UTC) Received: from angien.redhat.com (unknown [10.43.2.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id F1A165C1B0 for ; Fri, 24 Jan 2020 16:08:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579882145; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=uKi3NaRG1YEfH0mNTTNNZYokcg0BkCwryqSWBHpttmA=; b=JeJqBQLYBwNPY93LBvZ3KQsaI0OvGy4wclmkSpWYkJoWFzuuT9TMec1/rwq3o6iGIVpMpd yLVF1eo3sbNmE5+wEbtDacOv203SMUYJvW7tIFjU95n0QXqLRxjUCYCk5Vvi4U4GAmStfc izGgEfNaOYKLNKOmmWkxEjxI6WvlKDU= From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 4/9] virsh: secret: Add --plain flag for secret-get-value Date: Fri, 24 Jan 2020 17:08:36 +0100 Message-Id: <09e28919983814f3e32ad3046d4d36a7b61c3d26.1579881978.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-MC-Unique: NlEbk3fWOrCkiWbrK90azg-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Users might want to get the raw value instead of dealing with base64 encoding. This might be useful for redirection to file and also for simple human-readable secrets. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- docs/manpages/virsh.rst | 6 +++++- tools/virsh-secret.c | 17 +++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index ef15c10e02..0e6eb4cf35 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -6576,11 +6576,15 @@ secret-get-value .. code-block:: - secret-get-value secret + secret-get-value [--plain] secret Output the value associated with *secret* (specified by its UUID) to stdou= t, encoded using Base64. +If the *--plain* flag is used the value is not base64 encoded, but rather +printed raw. Note that unless virsh is started in quiet mode (*virsh -q*) = it +prints a newline at the end of the command. This newline is not part of the +secret. secret-undefine --------------- diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c index 7067d13353..ead740dd8f 100644 --- a/tools/virsh-secret.c +++ b/tools/virsh-secret.c @@ -234,6 +234,10 @@ static const vshCmdOptDef opts_secret_get_value[] =3D { .help =3D N_("secret UUID"), .completer =3D virshSecretUUIDCompleter, }, + {.name =3D "plain", + .type =3D VSH_OT_BOOL, + .help =3D N_("get value without converting to base64") + }, {.name =3D NULL} }; @@ -244,6 +248,7 @@ cmdSecretGetValue(vshControl *ctl, const vshCmd *cmd) VIR_AUTODISPOSE_STR base64 =3D NULL; unsigned char *value; size_t value_size; + bool plain =3D vshCommandOptBool(cmd, "plain"); if (!(secret =3D virshCommandOptSecret(ctl, cmd, NULL))) return false; @@ -251,9 +256,17 @@ cmdSecretGetValue(vshControl *ctl, const vshCmd *cmd) if (!(value =3D virSecretGetValue(secret, &value_size, 0))) return false; - base64 =3D g_base64_encode(value, value_size); + if (plain) { + if (fwrite(value, 1, value_size, stdout) !=3D value_size) { + VIR_DISPOSE_N(value, value_size); + vshError(ctl, "failed to write secret"); + return false; + } + } else { + base64 =3D g_base64_encode(value, value_size); - vshPrint(ctl, "%s", base64); + vshPrint(ctl, "%s", base64); + } VIR_DISPOSE_N(value, value_size); return true; --=20 2.24.1 From nobody Thu May 2 06:38:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1579882154; cv=none; d=zohomail.com; s=zohoarc; b=mMm/gZaZT4ZBwFa2ovLDzFISbPGN8b7c/kiETAXXwqUzOGWrCIqWYG1D1cJaCJU6tFTlXkAeBO7m727XPkO7GMn5GD6S9HOKoX2vktqddCoO7gtDNLLE+qN3RWa7YG3IeMDuBe29r3Gak67GsdrK4TN6BP2FQOUW5Fo/vGEvYI0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1579882154; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=/Y5zhFkEHNF2X7F8PGJMD/aLBKJOEF9IxQsEBoPj3ng=; b=DqSUk+411qwFU92V47P+P2/qrbbzzaagyYecnqtF61vgjXNJGjIKeXSI8cuvimctUE2M1MSV0AoLwVOAbSOzeevmFplCy9/vQSNy+56H/RbByBYslubJAyojCQGc1Bn/w8iMz/F91Q4W81oOZyHppG/WBX9csdyaTUO5PAwzaFY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1579882154430336.74411757518396; Fri, 24 Jan 2020 08:09:14 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-293-B3gstHWJMaeOogV64_f9VA-1; Fri, 24 Jan 2020 11:09:10 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 24902150C52; Fri, 24 Jan 2020 16:08:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F0AF086457; Fri, 24 Jan 2020 16:08:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id AD7158596A; Fri, 24 Jan 2020 16:08:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 00OG8u8H011940 for ; Fri, 24 Jan 2020 11:08:56 -0500 Received: by smtp.corp.redhat.com (Postfix) id 20F415C296; Fri, 24 Jan 2020 16:08:56 +0000 (UTC) Received: from angien.redhat.com (unknown [10.43.2.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9BEAD5C28D for ; Fri, 24 Jan 2020 16:08:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579882153; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=/Y5zhFkEHNF2X7F8PGJMD/aLBKJOEF9IxQsEBoPj3ng=; b=E7jU30W9oQpikpmJY4RbWZsvQIfYEOuxD/2uvjj1yoYjPxqH+wHEquih5K5PU1tcev/csc rncdmUg3FO4+Ss4SqseTAlyXx+B+g7ra2z5B22ildRuq4LvGi/HAWZeZTwRgsneEt2AFPU JWZbEzZA33ApUHq5qxURtmMWqeqRFTM= From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 5/9] virsh: secret: Add --file 'filename' support for secret-set-value Date: Fri, 24 Jan 2020 17:08:37 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-MC-Unique: B3gstHWJMaeOogV64_f9VA-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The necessity to specify the secret value as command argument is insecure. Allow reading the secret from a file. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- docs/manpages/virsh.rst | 7 +++++-- tools/virsh-secret.c | 38 +++++++++++++++++++++++++++++++++----- 2 files changed, 38 insertions(+), 7 deletions(-) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index 0e6eb4cf35..a7551b9709 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -6563,10 +6563,13 @@ secret-set-value .. code-block:: - secret-set-value secret base64 + secret-set-value secret (--file filename | base64) Set the value associated with *secret* (specified by its UUID) to the value -Base64-encoded value *base64*. +Base64-encoded value *base64* or Base-64-encoded contents of file named +*filename*. + +Note that *--file* and *base64* options are mutually exclusive. secret-get-value diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c index ead740dd8f..66852173b5 100644 --- a/tools/virsh-secret.c +++ b/tools/virsh-secret.c @@ -177,9 +177,13 @@ static const vshCmdOptDef opts_secret_set_value[] =3D { .help =3D N_("secret UUID"), .completer =3D virshSecretUUIDCompleter, }, + {.name =3D "file", + .type =3D VSH_OT_STRING, + .flags =3D VSH_OFLAG_REQ_OPT, + .help =3D N_("read secret from file"), + }, {.name =3D "base64", - .type =3D VSH_OT_DATA, - .flags =3D VSH_OFLAG_REQ, + .type =3D VSH_OT_STRING, .help =3D N_("base64-encoded secret value") }, {.name =3D NULL} @@ -189,22 +193,46 @@ static bool cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd) { g_autoptr(virshSecret) secret =3D NULL; - size_t value_size; const char *base64 =3D NULL; + const char *filename =3D NULL; + char *file_buf =3D NULL; + size_t file_len =3D 0; unsigned char *value; + size_t value_size; int res; + VSH_EXCLUSIVE_OPTIONS("file", "base64"); + if (!(secret =3D virshCommandOptSecret(ctl, cmd, NULL))) return false; if (vshCommandOptStringReq(ctl, cmd, "base64", &base64) < 0) return false; + if (vshCommandOptStringReq(ctl, cmd, "file", &filename) < 0) + return false; + + if (!base64 && !filename) { + vshError(ctl, _("Input secret value is missing")); + return false; + } + + if (filename) { + ssize_t read_ret; + if ((read_ret =3D virFileReadAll(filename, 1024, &file_buf)) < 0) { + vshSaveLibvirtError(); + return false; + } + + file_len =3D read_ret; + base64 =3D file_buf; + } + value =3D g_base64_decode(base64, &value_size); res =3D virSecretSetValue(secret, value, value_size, 0); - memset(value, 0, value_size); - VIR_FREE(value); + VIR_DISPOSE_N(value, value_size); + VIR_DISPOSE_N(file_buf, file_len); if (res !=3D 0) { vshError(ctl, "%s", _("Failed to set secret value")); --=20 2.24.1 From nobody Thu May 2 06:38:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1579882152; cv=none; d=zohomail.com; s=zohoarc; b=JrqMfP90HTa37kEIGcG16Pu3mGLRWmmdSci+c/mzJnDnykh66Nc04rPraVKM08hG7nauT2UmlYMKPDwa8beMmOeatgysKwKqQy9FFv0U7EAYlWFqHBXIkCQLBuQ3vma/FR1XEGjbYNXSB72GmR2dJ7PMPDEFx80Imf7Ub8Aazt4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1579882152; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=InxzFpjrzv+N5oO/UHUXERFFPRvtnjQ4qWxaU5ZLwdA=; b=VTSPgkcUcvZbGyHncCUW30yRxlLkaXtrR/X4l92syP9jDYIx57DFKYr5TmU29pNl/RUwXwI+TjE/BDE/YkEpsIWkOJyk+EE2H1zYi8V8qy5B+4CDIYpkdVBw8/1J+nriCmMdzD6LzHVcdu+0e5/wwZOYkdSS0h44Wt1m5hTIS0A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1579882152008828.3187689248882; Fri, 24 Jan 2020 08:09:12 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-345-jbUl5Rd7MSabkapvLZd-hQ-1; Fri, 24 Jan 2020 11:09:08 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 075691084E7D; Fri, 24 Jan 2020 16:09:02 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D5B965C241; Fri, 24 Jan 2020 16:09:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 893A51803C40; Fri, 24 Jan 2020 16:09:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 00OG90X0011953 for ; Fri, 24 Jan 2020 11:09:00 -0500 Received: by smtp.corp.redhat.com (Postfix) id 25F7F5C298; Fri, 24 Jan 2020 16:09:00 +0000 (UTC) Received: from angien.redhat.com (unknown [10.43.2.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id A15BD5C296 for ; Fri, 24 Jan 2020 16:08:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579882150; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=InxzFpjrzv+N5oO/UHUXERFFPRvtnjQ4qWxaU5ZLwdA=; b=RZnTMHn7314TyhBokfCwA5n27Ql3rh5rk+ks8k4dbzShMrVbocYspH8dDznsmfoPrCfpNN CSK9dJCiIJAqZRjJ7AL0uU9cVEND/tXCKnQmLijATl1RcVBZiWd766llUyYcmV9oM8onE1 u2CwaE4Z179rzXKUNDlCR+jfj/cDOYc= From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 6/9] virsh: secret: Print warning that passing secret on command-line is insecure Date: Fri, 24 Jan 2020 17:08:38 +0100 Message-Id: <671105902fec86c7b7f3c0e9f6f311ff469c8238.1579881978.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-MC-Unique: jbUl5Rd7MSabkapvLZd-hQ-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Print a warning if users pass in secrets as command line arguments and mention it in the man page. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- docs/manpages/virsh.rst | 3 +++ tools/virsh-secret.c | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index a7551b9709..823f130f1c 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -6571,6 +6571,9 @@ Base64-encoded value *base64* or Base-64-encoded cont= ents of file named Note that *--file* and *base64* options are mutually exclusive. +Passing secrets via the *base64* option on command line is INSECURE and +deprecated. Use the *--file* option instead. + secret-get-value ---------------- diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c index 66852173b5..0ca08bc133 100644 --- a/tools/virsh-secret.c +++ b/tools/virsh-secret.c @@ -217,6 +217,10 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd) return false; } + /* warn users that the --base64 option passed from command line is wro= ng */ + if (base64) + vshError(ctl, _("Passing secret value as command-line argument is = insecure!")); + if (filename) { ssize_t read_ret; if ((read_ret =3D virFileReadAll(filename, 1024, &file_buf)) < 0) { --=20 2.24.1 From nobody Thu May 2 06:38:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1579882159; cv=none; d=zohomail.com; s=zohoarc; b=CqxhXnB07Vtx6bO2H/jE8QvcVtZtQizbtAsInEXMTEYKcHTgwDLoFn1PNPDAhIbTlPZ7x7WPA14CdP3vzBu6FejfEDDO1MgE01qf/LWhOG6RFqrmgjXTGsviGHqzxmdQTHMfiAVxDACG9Ov5Yfq3HbwciSiUIbnNZgsqFHKA4aI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1579882159; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=qTzgxYlhh7b368Hi1zT6PGu93oMcM7aPZ0IEKxJ8eO0=; b=M8opI0hE2yiMLV28kSu51i9VBWFGjNQeVaDZ5wwNFhsu3Tp3AN7NgjTjoQedsN+KWSS7GmNAJWBzNkX26NnwWD7EkhhXp74YAuAR09TBXg8F+VuraDr+9VTCEIBINVZkrBxDhRBGrFCNB2rl3V0VtdDvOeO3IPi5FF8Ga1YBKjE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1579882159452103.44370351894167; Fri, 24 Jan 2020 08:09:19 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-395-f1i-Uwe_OZ2fRkICNpmoEg-1; Fri, 24 Jan 2020 11:09:15 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D04B385EE8F; Fri, 24 Jan 2020 16:09:08 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A72B910016EB; Fri, 24 Jan 2020 16:09:08 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5F79885967; Fri, 24 Jan 2020 16:09:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 00OG9640011969 for ; Fri, 24 Jan 2020 11:09:06 -0500 Received: by smtp.corp.redhat.com (Postfix) id DE1F25C241; Fri, 24 Jan 2020 16:09:06 +0000 (UTC) Received: from angien.redhat.com (unknown [10.43.2.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 66C485C28D for ; Fri, 24 Jan 2020 16:09:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579882158; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=qTzgxYlhh7b368Hi1zT6PGu93oMcM7aPZ0IEKxJ8eO0=; b=InOF2ZOOiIQFsCIt4mDjqeOLTOV3LzENkyWMHcuKzWCgSevRxhsi/F4q+HdNwK2yZbt/PF pHc+alhw82J2m3dK8EgUrizG4kcwbZ2kBNy3l6u2CpHV43YZwWnMkwXcFFZo36ekEyS0ot yvNdtPhu+VubGsgsVDup0YMArJRu4yk= From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 7/9] virsh: secret: Add --plain switch for secret-set-value Date: Fri, 24 Jan 2020 17:08:39 +0100 Message-Id: <5b74ea6e1fc51fd61013cf93a8569cb468cef623.1579881978.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-MC-Unique: f1i-Uwe_OZ2fRkICNpmoEg-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Allow using the contents of --file without base64 decoding. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- docs/manpages/virsh.rst | 5 +++-- tools/virsh-secret.c | 14 +++++++++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index 823f130f1c..dbeac9232f 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -6563,11 +6563,12 @@ secret-set-value .. code-block:: - secret-set-value secret (--file filename | base64) + secret-set-value secret (--file filename [--plain] | base64) Set the value associated with *secret* (specified by its UUID) to the value Base64-encoded value *base64* or Base-64-encoded contents of file named -*filename*. +*filename*. Using the *--plain* flag is together with *--file* allows to u= se +the file contents directly as the secret value. Note that *--file* and *base64* options are mutually exclusive. diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c index 0ca08bc133..87f3cfff16 100644 --- a/tools/virsh-secret.c +++ b/tools/virsh-secret.c @@ -182,6 +182,10 @@ static const vshCmdOptDef opts_secret_set_value[] =3D { .flags =3D VSH_OFLAG_REQ_OPT, .help =3D N_("read secret from file"), }, + {.name =3D "plain", + .type =3D VSH_OT_BOOL, + .help =3D N_("read the secret from file without converting from base6= 4") + }, {.name =3D "base64", .type =3D VSH_OT_STRING, .help =3D N_("base64-encoded secret value") @@ -199,9 +203,11 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd) size_t file_len =3D 0; unsigned char *value; size_t value_size; + bool plain =3D vshCommandOptBool(cmd, "plain"); int res; VSH_EXCLUSIVE_OPTIONS("file", "base64"); + VSH_EXCLUSIVE_OPTIONS("plain", "base64"); if (!(secret =3D virshCommandOptSecret(ctl, cmd, NULL))) return false; @@ -232,7 +238,13 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd) base64 =3D file_buf; } - value =3D g_base64_decode(base64, &value_size); + if (plain) { + value =3D g_steal_pointer(&file_buf); + value_size =3D file_len; + file_len =3D 0; + } else { + value =3D g_base64_decode(base64, &value_size); + } res =3D virSecretSetValue(secret, value, value_size, 0); VIR_DISPOSE_N(value, value_size); --=20 2.24.1 From nobody Thu May 2 06:38:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1579882161; cv=none; d=zohomail.com; s=zohoarc; b=eEFYtjMtbcNovrCHZns5BUeh05f5AwEohOQ6YBcLgvy2AO+iV2QpGw2s2EZ6caVwY5Se1Im7plZLaZWmPgbRy2rAsLVsnjp2n6QdAqCD+98y5/+x1nX3ItKsX6d++bSTNuUwqEsjUEkMzVQGic2tSt32t/uNQzBg2SVnx7v2CX0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1579882161; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=1cirRJjppfiAolYQvNUZ5bi8Rm1N0s3DLjsneNn8F3E=; b=f2OAoI4+lWITLi/HsbG5/DRjMPfIcJqknS5zWoz+dVhcgLdMf7T+UJAhoZ3S2ArEM1KlfQClYhWcq2J7uG+lxoMoXq11wG8EYhOquxpIf0M5HVFXbuT5LMFWbf2DSz8wFM4z7vTIAh+b8c+A0b9nsvKsVR7OxHH+W5ulAnahkYM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1579882161796417.64647966674306; Fri, 24 Jan 2020 08:09:21 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-177-HImGPv-zOzaKrZJPSbXNLA-1; Fri, 24 Jan 2020 11:09:18 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7F79718C35C3; Fri, 24 Jan 2020 16:09:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 592EE10016EB; Fri, 24 Jan 2020 16:09:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 107001803C33; Fri, 24 Jan 2020 16:09:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 00OG9AJq011986 for ; Fri, 24 Jan 2020 11:09:10 -0500 Received: by smtp.corp.redhat.com (Postfix) id 106B25C298; Fri, 24 Jan 2020 16:09:10 +0000 (UTC) Received: from angien.redhat.com (unknown [10.43.2.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8C8745C241 for ; Fri, 24 Jan 2020 16:09:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579882160; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=1cirRJjppfiAolYQvNUZ5bi8Rm1N0s3DLjsneNn8F3E=; b=UUK8u9zQDsRdT7b5Mf4pfRwPeVl3ko/YZEsWdSZHwlNP+4aPuzbsx3j3YnY+j2IEQOIwGM JMBhgiyjuSVoVCP8tQ1ejQCUvN6127XKdw9AJfBy1cSoEaw110Itu6VF/J1iSRmVRn1nyY 8b/09DjuJg09mDIseAivahnp6Zjz6Qk= From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 8/9] tools: virsh: Add --interactive flag for secret-set-value command Date: Fri, 24 Jan 2020 17:08:40 +0100 Message-Id: <1053df3df381a846de1525dfb80f144ad5ccffce.1579881978.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-MC-Unique: HImGPv-zOzaKrZJPSbXNLA-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Simplify human usage of secret-set-value by adding --interactive which will read the value of the secret from the terminal. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- docs/manpages/virsh.rst | 7 +++++-- tools/virsh-secret.c | 22 +++++++++++++++++++++- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index dbeac9232f..8841ae1b31 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -6563,14 +6563,17 @@ secret-set-value .. code-block:: - secret-set-value secret (--file filename [--plain] | base64) + secret-set-value secret (--file filename [--plain] | --interactive | ba= se64) Set the value associated with *secret* (specified by its UUID) to the value Base64-encoded value *base64* or Base-64-encoded contents of file named *filename*. Using the *--plain* flag is together with *--file* allows to u= se the file contents directly as the secret value. -Note that *--file* and *base64* options are mutually exclusive. +If *--interactive* flag is used the secret value is read as a password fro= m the +terminal. + +Note that *--file*, *--interactive* and *base64* options are mutually excl= usive. Passing secrets via the *base64* option on command line is INSECURE and deprecated. Use the *--file* option instead. diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c index 87f3cfff16..00a434e997 100644 --- a/tools/virsh-secret.c +++ b/tools/virsh-secret.c @@ -186,6 +186,10 @@ static const vshCmdOptDef opts_secret_set_value[] =3D { .type =3D VSH_OT_BOOL, .help =3D N_("read the secret from file without converting from base6= 4") }, + {.name =3D "interactive", + .type =3D VSH_OT_BOOL, + .help =3D N_("read the secret from the terminal") + }, {.name =3D "base64", .type =3D VSH_OT_STRING, .help =3D N_("base64-encoded secret value") @@ -204,10 +208,14 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd) unsigned char *value; size_t value_size; bool plain =3D vshCommandOptBool(cmd, "plain"); + bool interactive =3D vshCommandOptBool(cmd, "interactive"); int res; VSH_EXCLUSIVE_OPTIONS("file", "base64"); VSH_EXCLUSIVE_OPTIONS("plain", "base64"); + VSH_EXCLUSIVE_OPTIONS("interactive", "base64"); + VSH_EXCLUSIVE_OPTIONS("interactive", "plain"); + VSH_EXCLUSIVE_OPTIONS("interactive", "file"); if (!(secret =3D virshCommandOptSecret(ctl, cmd, NULL))) return false; @@ -218,7 +226,7 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd) if (vshCommandOptStringReq(ctl, cmd, "file", &filename) < 0) return false; - if (!base64 && !filename) { + if (!base64 && !filename && !interactive) { vshError(ctl, _("Input secret value is missing")); return false; } @@ -238,6 +246,18 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd) base64 =3D file_buf; } + if (interactive) { + vshPrint(ctl, "%s", _("Enter new value for secret:")); + fflush(stdout); + + if (!(file_buf =3D getpass(""))) { + vshError(ctl, "%s", _("Failed to read secret")); + return false; + } + file_len =3D strlen(file_buf); + plain =3D true; + } + if (plain) { value =3D g_steal_pointer(&file_buf); value_size =3D file_len; --=20 2.24.1 From nobody Thu May 2 06:38:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1579882165; cv=none; d=zohomail.com; s=zohoarc; b=Kt2x6N0MHu5Qet0GYO5zKcxl6RELJmzEaGG5nq/DBDKizN6ThPvDkT8bnW4rdGAQAWYhPdijl2Gs+8oJ128lGGxEssmZZLUd6k2560w1xyi9QkELp2b9UeFqJ+Yh+5DmtsUt90K615Vds1u5Nk0EeVZwKo3xog8wYo1YBkEDTV8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1579882165; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ucrHsZP3FK+HTyVBoFFQIggiDHY07spl4emIiBkYsDw=; b=hiPGtsLIdGuN1O1vWxyF9bpltfZHEG0oA5s6a/cR5b6KiTgGTn73ACdA7feT3ONQWyvgUDoFU1Oypxn39CAJR7c6rEmBT2fKY7w9oHxRVesqDCr7DnuveGTNFc/JTh9MeRyTPyroI5nAdHmzWV13YT97SHywSJIOzhnvq0e9ESw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1579882165925496.3866524883124; Fri, 24 Jan 2020 08:09:25 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-119-2fi70q39OlSJtLzg9B6tlw-1; Fri, 24 Jan 2020 11:09:22 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 656D0A0CDC; Fri, 24 Jan 2020 16:09:16 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 37D0C5DE52; Fri, 24 Jan 2020 16:09:16 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D92F785965; Fri, 24 Jan 2020 16:09:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 00OG9AvC011992 for ; Fri, 24 Jan 2020 11:09:10 -0500 Received: by smtp.corp.redhat.com (Postfix) id D613D5C241; Fri, 24 Jan 2020 16:09:10 +0000 (UTC) Received: from angien.redhat.com (unknown [10.43.2.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5E4F05C296 for ; Fri, 24 Jan 2020 16:09:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579882164; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ucrHsZP3FK+HTyVBoFFQIggiDHY07spl4emIiBkYsDw=; b=XRSJSSF2DdPIfbQYf943FtLwht+DP0LKEGBZ6UR/yD8iFtWfj6SEds9WZHlnFK7xUgzTAd Qi/JYifu590XZwWNpX9AcoHeHcqbZjaMxAAhFy+n/EXV3EBjHWsmf47Yfy4jREzeVCznty dK2zfRuX5r3PnlQFsOD+Nj/qpbVNd5g= From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 9/9] docs: secret: Unify and sanitize examples on how to set secret value Date: Fri, 24 Jan 2020 17:08:41 +0100 Message-Id: <4f355f80d1a056abfe170734e8910ae1ec207005.1579881978.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: 2fi70q39OlSJtLzg9B6tlw-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Discourage passing secrets as commandline arguments. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- docs/formatsecret.html.in | 88 +++++++++++++++++++++++++-------------- 1 file changed, 57 insertions(+), 31 deletions(-) diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in index 8f5383cf64..6c2d5e02a6 100644 --- a/docs/formatsecret.html.in +++ b/docs/formatsecret.html.in @@ -76,13 +76,13 @@ 
 # virsh secret-define volume-secret.xml
 Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
-#
-# MYSECRET=3D`printf %s "open sesame" | base64`
-# virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET
-Secret value set
-#
+

+ See virsh secret-set-value on how + to set the value of the secret. +

+

The volume type secret can be supplied either in volume XML during creation of a storage volu= me @@ -103,12 +103,11 @@ Secret value set # virsh secret-define luks-secret.xml Secret f52a81b2-424e-490c-823d-6bd4235bc57 created -# -# MYSECRET=3D`printf %s "letmein" | base64` -# virsh secret-set-value f52a81b2-424e-490c-823d-6bd4235bc57 $MYSECRET -Secret value set -# +

+ See virsh secret-set-value on how + to set the value of the secret. +

The volume type secret can be supplied in domain XML for a luks stor= age @@ -156,13 +155,11 @@ Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created UUID Usage ----------------------------------------------------------- 1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example -# -# CEPHPHRASE=3D`printf %s "pass phrase" | base64` -# virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE -Secret value set - -# +

+ See virsh secret-set-value on how + to set the value of the secret. +

The ceph secret can then be used by UUID or by the @@ -229,7 +226,9 @@ incominguser myname mysecret

Next, use virsh secret-define iscsi-secret.xml to define - the secret and virsh secret-set-value using the generat= ed + the secret and + virsh secret-set-value + using the generated UUID value and a base64 generated secret value in order to define the chosen secret pass phrase. The pass phrase must match the password used in the iSCSI authentication configuration file. @@ -243,12 +242,13 @@ Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created ----------------------------------------------------------- c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi -# MYSECRET=3D`printf %s "mysecret" | base64` -# virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET -Secret value set -# +

+ See virsh secret-set-value on how + to set the value of the secret. +

+

The iSCSI secret can then be used by UUID or by the usage name via the <auth> element in a domain's @@ -313,19 +313,13 @@ Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created Once the secret is defined, a secret value will need to be set. The secret would be the passphrase used to access the TLS credentials. The following is a simple example of using - virsh secret-set-value to set the secret value. The + virsh secret-set-value = to set + the secret value. The virSecretSetValue API may also be used to set a more secure secret without using printable/readable characters.

- 
-# MYSECRET=3D`printf %s "letmein" | base64`
-# virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
-Secret value set
-
-
-

Usage type "vtpm"

@@ -370,17 +364,49 @@ Secret 6dd3e4a5-1d76-44ce-961f-f119f5aad935 created Once the secret is defined, a secret value will need to be set. The secret would be the passphrase used to decrypt the vTPM state. The following is a simple example of using - virsh secret-set-value to set the secret value. The + virsh secret-set-value + to set the secret value. The virSecretSetValue API may also be used to set a more secure secret without using printable/readable characters.

+

Setting secret values in virsh

+ +

+ To set the value of the secret you can use the following virsh comma= nds. + If the secret is a password-like string (printable characters, no ne= wline) + you can use: +

+ 
+# virsh secret-set-value --interactive 6dd3e4a5-1d76-44ce-961f-f119f5aad935
+Enter new value for secret:
+Secret value set
+
+ +

+ Another secure option is to read the secret from a file. This way the + secret can contain any bytes (even NUL and non-printable characters)= . The + length of the secret is the length of the input file. Alternatively = the + --plain option can be omitted if the file contents are + base64-encoded. +

+ + 
+# virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 --file --pla=
in secretinfile
+Secret value set
+
+ +

+ The secret can also be set via an argument, but note that other users + may see it in the process listing output. The secret must be base64 + encoded. +

+ 
 # MYSECRET=3D`printf %s "open sesame" | base64`
 # virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 $MYSECRET
 Secret value set
-
--=20 2.24.1