6:49 a.m.
Rather than returning a "char *" indicating perhaps some sized set of
characters that is NUL terminated, return the value as "uint8_t *"
indicating a stream of raw bytes. In doing so, we also need to return
the size of the secret returned.
Alter the callers to handle the adjusted model.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/libxl/libxl_conf.c | 18 +++++++++++-------
src/qemu/qemu_command.c | 7 ++++---
src/qemu/qemu_domain.c | 5 +++--
src/qemu/qemu_domain.h | 3 ++-
src/secret/secret_util.c | 19 +++++++++++++++----
src/secret/secret_util.h | 13 +++++++------
6 files changed, 42 insertions(+), 23 deletions(-)
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index d927b37..e7ea320 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -939,7 +939,8 @@ libxlDomainGetEmulatorType(const virDomainDef *def)
static char *
libxlMakeNetworkDiskSrcStr(virStorageSourcePtr src,
const char *username,
- const char *secret)
+ const uint8_t *secret,
+ size_t secretlen)
{
char *ret = NULL;
virBuffer buf = VIR_BUFFER_INITIALIZER;
@@ -974,9 +975,9 @@ libxlMakeNetworkDiskSrcStr(virStorageSourcePtr src,
if (username) {
virBufferEscape(&buf, '\\', ":", ":id=%s",
username);
- virBufferEscape(&buf, '\\', ":",
- ":key=%s:auth_supported=cephx\\;none",
- secret);
+ virBufferEscapeSizedString(&buf, '\\', ":",
+ ":key=%s:auth_supported=cephx\\;none",
+ secret, secretlen);
} else {
virBufferAddLit(&buf, ":auth_supported=none");
}
@@ -1018,7 +1019,8 @@ static int
libxlMakeNetworkDiskSrc(virStorageSourcePtr src, char **srcstr)
{
virConnectPtr conn = NULL;
- char *secret = NULL;
+ uint8_t *secret = NULL;
+ size_t secretlen;
char *username = NULL;
int ret = -1;
@@ -1034,11 +1036,13 @@ libxlMakeNetworkDiskSrc(virStorageSourcePtr src, char **srcstr)
protocol,
true,
src->auth,
- VIR_SECRET_USAGE_TYPE_CEPH)))
+ VIR_SECRET_USAGE_TYPE_CEPH,
+ &secretlen)))
goto cleanup;
}
- if (!(*srcstr = libxlMakeNetworkDiskSrcStr(src, username, secret)))
+ if (!(*srcstr = libxlMakeNetworkDiskSrcStr(src, username,
+ secret, secretlen)))
goto cleanup;
ret = 0;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 7e39b8a..fd7ce72 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -671,9 +671,10 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
case VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN:
virBufferEscape(buf, '\\', ":", ":id=%s",
secinfo->s.plain.username);
- virBufferEscape(buf, '\\', ":",
- ":key=%s:auth_supported=cephx\\;none",
- secinfo->s.plain.secret);
+ virBufferEscapeSizedString(buf, '\\', ":",
+ ":key=%s:auth_supported=cephx\\;none",
+ secinfo->s.plain.secret,
+ secinfo->s.plain.secretlen);
break;
case VIR_DOMAIN_SECRET_INFO_TYPE_IV:
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 3da0079..98ab55fc 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -731,7 +731,7 @@ static void
qemuDomainSecretPlainFree(qemuDomainSecretPlain secret)
{
VIR_FREE(secret.username);
- memset(secret.secret, 0, strlen(secret.secret));
+ memset(secret.secret, 0, secret.secretlen);
VIR_FREE(secret.secret);
}
@@ -886,7 +886,8 @@ qemuDomainSecretPlainSetup(virConnectPtr conn,
if (!(secinfo->s.plain.secret =
virSecretGetSecretString(conn, protocolstr, encode,
- authdef, secretType)))
+ authdef, secretType,
+ &secinfo->s.plain.secretlen)))
return -1;
return 0;
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index c711188..a03bdc5 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -251,7 +251,8 @@ typedef struct _qemuDomainSecretPlain qemuDomainSecretPlain;
typedef struct _qemuDomainSecretPlain *qemuDomainSecretPlainPtr;
struct _qemuDomainSecretPlain {
char *username;
- char *secret;
+ uint8_t *secret;
+ size_t secretlen;
};
# define QEMU_DOMAIN_IV_KEY_LEN 16 /* 16 bytes for 128 bit random */
diff --git a/src/secret/secret_util.c b/src/secret/secret_util.c
index 217584f..edc1104 100644
--- a/src/secret/secret_util.c
+++ b/src/secret/secret_util.c
@@ -41,6 +41,7 @@ VIR_LOG_INIT("secret.secret_util");
* @encoded: Whether the returned secret needs to be base64 encoded
* @authdef: Pointer to the disk storage authentication
* @secretUsageType: Type of secret usage for authdef lookup
+ * @ret_secret_size: Return size of the secret - either raw text or base64
*
* Lookup the secret for the authdef usage type and return it either as
* raw text or encoded based on the caller's need.
@@ -48,17 +49,19 @@ VIR_LOG_INIT("secret.secret_util");
* Returns a pointer to memory that needs to be cleared and free'd after
* usage or NULL on error.
*/
-char *
+uint8_t *
virSecretGetSecretString(virConnectPtr conn,
const char *scheme,
bool encoded,
virStorageAuthDefPtr authdef,
- virSecretUsageType secretUsageType)
+ virSecretUsageType secretUsageType,
+ size_t *ret_secret_size)
{
size_t secret_size;
virSecretPtr sec = NULL;
char *secret = NULL;
char uuidStr[VIR_UUID_STRING_BUFLEN];
+ uint8_t *ret = NULL;
/* look up secret */
switch (authdef->secretType) {
@@ -105,7 +108,7 @@ virSecretGetSecretString(virConnectPtr conn,
if (encoded) {
char *base64 = NULL;
- base64_encode_alloc(secret, secret_size, &base64);
+ secret_size = base64_encode_alloc(secret, secret_size, &base64);
VIR_FREE(secret);
if (!base64) {
virReportOOMError();
@@ -114,7 +117,15 @@ virSecretGetSecretString(virConnectPtr conn,
secret = base64;
}
+ if (VIR_ALLOC_N(ret, secret_size) < 0)
+ goto cleanup;
+
+ memcpy(ret, secret, secret_size);
+ *ret_secret_size = secret_size;
+
cleanup:
virObjectUnref(sec);
- return secret;
+ memset(secret, 0, secret_size);
+ VIR_FREE(secret);
+ return ret;
}
diff --git a/src/secret/secret_util.h b/src/secret/secret_util.h
index c707599..4ac6031 100644
--- a/src/secret/secret_util.h
+++ b/src/secret/secret_util.h
@@ -25,11 +25,12 @@
# include "internal.h"
# include "virstoragefile.h"
-char *virSecretGetSecretString(virConnectPtr conn,
- const char *scheme,
- bool encoded,
- virStorageAuthDefPtr authdef,
- virSecretUsageType secretUsageType)
+uint8_t *virSecretGetSecretString(virConnectPtr conn,
+ const char *scheme,
+ bool encoded,
+ virStorageAuthDefPtr authdef,
+ virSecretUsageType secretUsageType,
+ size_t *ret_secret_size)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(4)
- ATTRIBUTE_RETURN_CHECK;
+ ATTRIBUTE_NONNULL(6) ATTRIBUTE_RETURN_CHECK;
#endif /* __VIR_SECRET_H__ */
--
2.5.5