Re: [libvirt PATCH v4 19/31] qemu: pass sensitive data to nbdkit via pipe

On Fri, Jan 20, 2023 at 16:03:13 -0600, Jonathon Jongsma wrote:

> @@ -759,6 +765,29 @@ qemuNbdkitInitStorageSource(qemuNbdkitCaps *caps, > } > > > +static int > +qemuNbdkitCommandPassDataByPipe(virCommand *cmd, > + const char *argName, > + unsigned char **buf, > + size_t buflen) > +{ > + g_autofree char *fdfmt = NULL; > + int fd = virCommandSetSendBuffer(cmd, buf, buflen); > + > + if (fd < 0) > + return -1; > + > + /* some nbdkit arguments accept a variation where nbdkit will read the data > + * from a file descriptor, e.g. password=-FD */ > + fdfmt = g_strdup_printf("-%i", fd); > + virCommandAddArgPair(cmd, argName, fdfmt); > + > + virCommandDoAsyncIO(cmd); > + > + return 0; > +} > + > + > static int > qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *proc, > virCommand *cmd) > @@ -808,22 +836,19 @@ qemuNbdkitProcessBuildCommandCurl(qemuNbdkitProcess *proc, > return -1; > } > > - /* ensure that the secret is a NULL-terminated string */ > - password = g_strndup((char*)secret, secretlen); > - > - /* for now, just report an error rather than passing the password in > - * cleartext on the commandline */ > - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", > - _("Password not yet supported for nbdkit sources")); > - return -1; > + if (qemuNbdkitCommandPassDataByPipe(cmd, "password", > + &secret, secretlen) < 0) > + return -1a Don't forget to destroy 'secret' using virSecureErase.