[PATCH 2/3] secret: Alter virSecretGetSecretString

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Rather than returning a "char *" indicating perhaps some sized set of
characters that is NUL terminated, return the value as "uint8_t *"
indicating a stream of raw bytes. In doing so, we also need to return
the size of the secret returned.

Alter the callers to handle the adjusted model.

Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
 src/libxl/libxl_conf.c   | 18 +++++++++++-------
 src/qemu/qemu_command.c  |  7 ++++---
 src/qemu/qemu_domain.c   |  5 +++--
 src/qemu/qemu_domain.h   |  3 ++-
 src/secret/secret_util.c | 19 +++++++++++++++----
 src/secret/secret_util.h | 13 +++++++------
 6 files changed, 42 insertions(+), 23 deletions(-)

diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index d927b37..e7ea320 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -939,7 +939,8 @@ libxlDomainGetEmulatorType(const virDomainDef *def)
 static char *
 libxlMakeNetworkDiskSrcStr(virStorageSourcePtr src,
                            const char *username,
-                           const char *secret)
+                           const uint8_t *secret,
+                           size_t secretlen)
 {
     char *ret = NULL;
     virBuffer buf = VIR_BUFFER_INITIALIZER;
@@ -974,9 +975,9 @@ libxlMakeNetworkDiskSrcStr(virStorageSourcePtr src,
 
         if (username) {
             virBufferEscape(&buf, '\\', ":", ":id=%s", username);
-            virBufferEscape(&buf, '\\', ":",
-                            ":key=%s:auth_supported=cephx\\;none",
-                            secret);
+            virBufferEscapeSizedString(&buf, '\\', ":",
+                                       ":key=%s:auth_supported=cephx\\;none",
+                                       secret, secretlen);
         } else {
             virBufferAddLit(&buf, ":auth_supported=none");
         }
@@ -1018,7 +1019,8 @@ static int
 libxlMakeNetworkDiskSrc(virStorageSourcePtr src, char **srcstr)
 {
     virConnectPtr conn = NULL;
-    char *secret = NULL;
+    uint8_t *secret = NULL;
+    size_t secretlen;
     char *username = NULL;
     int ret = -1;
 
@@ -1034,11 +1036,13 @@ libxlMakeNetworkDiskSrc(virStorageSourcePtr src, char **srcstr)
                                                 protocol,
                                                 true,
                                                 src->auth,
-                                                VIR_SECRET_USAGE_TYPE_CEPH)))
+                                                VIR_SECRET_USAGE_TYPE_CEPH,
+                                                &secretlen)))
             goto cleanup;
     }
 
-    if (!(*srcstr = libxlMakeNetworkDiskSrcStr(src, username, secret)))
+    if (!(*srcstr = libxlMakeNetworkDiskSrcStr(src, username,
+                                               secret, secretlen)))
         goto cleanup;
 
     ret = 0;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 7e39b8a..fd7ce72 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -671,9 +671,10 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
     case VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN:
         virBufferEscape(buf, '\\', ":", ":id=%s",
                         secinfo->s.plain.username);
-        virBufferEscape(buf, '\\', ":",
-                        ":key=%s:auth_supported=cephx\\;none",
-                        secinfo->s.plain.secret);
+        virBufferEscapeSizedString(buf, '\\', ":",
+                                   ":key=%s:auth_supported=cephx\\;none",
+                                   secinfo->s.plain.secret,
+                                   secinfo->s.plain.secretlen);
         break;
 
     case VIR_DOMAIN_SECRET_INFO_TYPE_IV:
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 3da0079..98ab55fc 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -731,7 +731,7 @@ static void
 qemuDomainSecretPlainFree(qemuDomainSecretPlain secret)
 {
     VIR_FREE(secret.username);
-    memset(secret.secret, 0, strlen(secret.secret));
+    memset(secret.secret, 0, secret.secretlen);
     VIR_FREE(secret.secret);
 }
 
@@ -886,7 +886,8 @@ qemuDomainSecretPlainSetup(virConnectPtr conn,
 
     if (!(secinfo->s.plain.secret =
           virSecretGetSecretString(conn, protocolstr, encode,
-                                   authdef, secretType)))
+                                   authdef, secretType,
+                                   &secinfo->s.plain.secretlen)))
         return -1;
 
     return 0;
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index c711188..a03bdc5 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -251,7 +251,8 @@ typedef struct _qemuDomainSecretPlain qemuDomainSecretPlain;
 typedef struct _qemuDomainSecretPlain *qemuDomainSecretPlainPtr;
 struct _qemuDomainSecretPlain {
     char *username;
-    char *secret;
+    uint8_t *secret;
+    size_t secretlen;
 };
 
 # define QEMU_DOMAIN_IV_KEY_LEN 16      /* 16 bytes for 128 bit random */
diff --git a/src/secret/secret_util.c b/src/secret/secret_util.c
index 217584f..edc1104 100644
--- a/src/secret/secret_util.c
+++ b/src/secret/secret_util.c
@@ -41,6 +41,7 @@ VIR_LOG_INIT("secret.secret_util");
  * @encoded: Whether the returned secret needs to be base64 encoded
  * @authdef: Pointer to the disk storage authentication
  * @secretUsageType: Type of secret usage for authdef lookup
+ * @ret_secret_size: Return size of the secret - either raw text or base64
  *
  * Lookup the secret for the authdef usage type and return it either as
  * raw text or encoded based on the caller's need.
@@ -48,17 +49,19 @@ VIR_LOG_INIT("secret.secret_util");
  * Returns a pointer to memory that needs to be cleared and free'd after
  * usage or NULL on error.
  */
-char *
+uint8_t *
 virSecretGetSecretString(virConnectPtr conn,
                          const char *scheme,
                          bool encoded,
                          virStorageAuthDefPtr authdef,
-                         virSecretUsageType secretUsageType)
+                         virSecretUsageType secretUsageType,
+                         size_t *ret_secret_size)
 {
     size_t secret_size;
     virSecretPtr sec = NULL;
     char *secret = NULL;
     char uuidStr[VIR_UUID_STRING_BUFLEN];
+    uint8_t *ret = NULL;
 
     /* look up secret */
     switch (authdef->secretType) {
@@ -105,7 +108,7 @@ virSecretGetSecretString(virConnectPtr conn,
     if (encoded) {
         char *base64 = NULL;
 
-        base64_encode_alloc(secret, secret_size, &base64);
+        secret_size = base64_encode_alloc(secret, secret_size, &base64);
         VIR_FREE(secret);
         if (!base64) {
             virReportOOMError();
@@ -114,7 +117,15 @@ virSecretGetSecretString(virConnectPtr conn,
         secret = base64;
     }
 
+    if (VIR_ALLOC_N(ret, secret_size) < 0)
+        goto cleanup;
+
+    memcpy(ret, secret, secret_size);
+    *ret_secret_size = secret_size;
+
  cleanup:
     virObjectUnref(sec);
-    return secret;
+    memset(secret, 0, secret_size);
+    VIR_FREE(secret);
+    return ret;
 }
diff --git a/src/secret/secret_util.h b/src/secret/secret_util.h
index c707599..4ac6031 100644
--- a/src/secret/secret_util.h
+++ b/src/secret/secret_util.h
@@ -25,11 +25,12 @@
 # include "internal.h"
 # include "virstoragefile.h"
 
-char *virSecretGetSecretString(virConnectPtr conn,
-                               const char *scheme,
-                               bool encoded,
-                               virStorageAuthDefPtr authdef,
-                               virSecretUsageType secretUsageType)
+uint8_t *virSecretGetSecretString(virConnectPtr conn,
+                                  const char *scheme,
+                                  bool encoded,
+                                  virStorageAuthDefPtr authdef,
+                                  virSecretUsageType secretUsageType,
+                                  size_t *ret_secret_size)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(4)
-    ATTRIBUTE_RETURN_CHECK;
+    ATTRIBUTE_NONNULL(6) ATTRIBUTE_RETURN_CHECK;
 #endif /* __VIR_SECRET_H__ */
-- 
2.5.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]