forked from rpms/libvirt
147 lines
5.1 KiB
Diff
147 lines
5.1 KiB
Diff
|
From fe42b8bb2e4a456a5b2297313f3859221013fdfc Mon Sep 17 00:00:00 2001
|
||
|
Message-Id: <fe42b8bb2e4a456a5b2297313f3859221013fdfc@dist-git>
|
||
|
From: Peter Krempa <pkrempa@redhat.com>
|
||
|
Date: Mon, 16 Mar 2020 22:11:46 +0100
|
||
|
Subject: [PATCH] qemuDomainSecretAESSetup: Allocate and return 'secinfo' here
|
||
|
MIME-Version: 1.0
|
||
|
Content-Type: text/plain; charset=UTF-8
|
||
|
Content-Transfer-Encoding: 8bit
|
||
|
|
||
|
Rather than passing in an empty qemuDomainSecretInfoPtr allocate it
|
||
|
in this function and return it. This is done by absorbing the check from
|
||
|
qemuDomainSecretInfoNew and removing the internals of
|
||
|
qemuDomainSecretInfoNew.
|
||
|
|
||
|
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
|
||
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||
|
(cherry picked from commit bad8637892ae8fc310b252651876738ca4fdee0d)
|
||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1804750
|
||
|
Message-Id: <94071336dbc97ed64a1a5dcbb82da32e5199f117.1584391726.git.pkrempa@redhat.com>
|
||
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||
|
---
|
||
|
src/qemu/qemu_domain.c | 53 ++++++++++++++++++------------------------
|
||
|
1 file changed, 22 insertions(+), 31 deletions(-)
|
||
|
|
||
|
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
|
||
|
index b26187659e..37e361b1f4 100644
|
||
|
--- a/src/qemu/qemu_domain.c
|
||
|
+++ b/src/qemu/qemu_domain.c
|
||
|
@@ -1529,21 +1529,20 @@ qemuDomainSecretPlainSetup(qemuDomainSecretInfoPtr secinfo,
|
||
|
* @seclookupdef: Pointer to seclookupdef data
|
||
|
* @isLuks: True/False for is for luks (alias generation)
|
||
|
*
|
||
|
- * Taking a secinfo, fill in the AES specific information using the
|
||
|
+ * Encrypts a secret looked up via @seclookupdef for use with qemu.
|
||
|
*
|
||
|
- * Returns 0 on success, -1 on failure with error message
|
||
|
+ * Returns qemuDomainSecretInfoPtr filled with the necessary information.
|
||
|
*/
|
||
|
-static int
|
||
|
+static qemuDomainSecretInfoPtr
|
||
|
qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
|
||
|
- qemuDomainSecretInfoPtr secinfo,
|
||
|
const char *srcalias,
|
||
|
virSecretUsageType usageType,
|
||
|
const char *username,
|
||
|
virSecretLookupTypeDefPtr seclookupdef,
|
||
|
bool isLuks)
|
||
|
{
|
||
|
+ g_autoptr(qemuDomainSecretInfo) secinfo = NULL;
|
||
|
g_autoptr(virConnect) conn = virGetConnectSecret();
|
||
|
- int ret = -1;
|
||
|
g_autofree uint8_t *raw_iv = NULL;
|
||
|
size_t ivlen = QEMU_DOMAIN_AES_IV_LEN;
|
||
|
uint8_t *secret = NULL;
|
||
|
@@ -1552,19 +1551,27 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
|
||
|
size_t ciphertextlen = 0;
|
||
|
|
||
|
if (!conn)
|
||
|
- return -1;
|
||
|
+ return NULL;
|
||
|
+
|
||
|
+ if (!qemuDomainSupportsEncryptedSecret(priv)) {
|
||
|
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||
|
+ _("encrypted secrets are not supported"));
|
||
|
+ return NULL;
|
||
|
+ }
|
||
|
+
|
||
|
+ secinfo = g_new0(qemuDomainSecretInfo, 1);
|
||
|
|
||
|
secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
|
||
|
secinfo->s.aes.username = g_strdup(username);
|
||
|
|
||
|
if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
|
||
|
- return -1;
|
||
|
+ return NULL;
|
||
|
|
||
|
raw_iv = g_new0(uint8_t, ivlen);
|
||
|
|
||
|
/* Create a random initialization vector */
|
||
|
if (virRandomBytes(raw_iv, ivlen) < 0)
|
||
|
- return -1;
|
||
|
+ return NULL;
|
||
|
|
||
|
/* Encode the IV and save that since qemu will need it */
|
||
|
secinfo->s.aes.iv = g_base64_encode(raw_iv, ivlen);
|
||
|
@@ -1572,13 +1579,13 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
|
||
|
/* Grab the unencoded secret */
|
||
|
if (virSecretGetSecretString(conn, seclookupdef, usageType,
|
||
|
&secret, &secretlen) < 0)
|
||
|
- goto cleanup;
|
||
|
+ goto error;
|
||
|
|
||
|
if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC,
|
||
|
priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN,
|
||
|
raw_iv, ivlen, secret, secretlen,
|
||
|
&ciphertext, &ciphertextlen) < 0)
|
||
|
- goto cleanup;
|
||
|
+ goto error;
|
||
|
|
||
|
/* Clear out the secret */
|
||
|
memset(secret, 0, secretlen);
|
||
|
@@ -1587,11 +1594,11 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
|
||
|
secinfo->s.aes.ciphertext = g_base64_encode(ciphertext,
|
||
|
ciphertextlen);
|
||
|
|
||
|
- ret = 0;
|
||
|
+ return g_steal_pointer(&secinfo);
|
||
|
|
||
|
- cleanup:
|
||
|
+ error:
|
||
|
VIR_DISPOSE_N(secret, secretlen);
|
||
|
- return ret;
|
||
|
+ return NULL;
|
||
|
}
|
||
|
|
||
|
|
||
|
@@ -1663,24 +1670,8 @@ qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv,
|
||
|
virSecretLookupTypeDefPtr lookupDef,
|
||
|
bool isLuks)
|
||
|
{
|
||
|
- qemuDomainSecretInfoPtr secinfo = NULL;
|
||
|
-
|
||
|
- if (!qemuDomainSupportsEncryptedSecret(priv)) {
|
||
|
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||
|
- _("encrypted secrets are not supported"));
|
||
|
- return NULL;
|
||
|
- }
|
||
|
-
|
||
|
- if (VIR_ALLOC(secinfo) < 0)
|
||
|
- return NULL;
|
||
|
-
|
||
|
- if (qemuDomainSecretAESSetup(priv, secinfo, srcAlias, usageType, username,
|
||
|
- lookupDef, isLuks) < 0) {
|
||
|
- g_clear_pointer(&secinfo, qemuDomainSecretInfoFree);
|
||
|
- return NULL;
|
||
|
- }
|
||
|
-
|
||
|
- return secinfo;
|
||
|
+ return qemuDomainSecretAESSetup(priv, srcAlias, usageType, username,
|
||
|
+ lookupDef, isLuks);
|
||
|
}
|
||
|
|
||
|
|
||
|
--
|
||
|
2.25.1
|
||
|
|