[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 04/10] Secret manipulation step 7: Local driver



On Mon, Sep 07, 2009 at 04:12:39PM +0200, Miloslav Trmač wrote:
> This implementation stores the secrets in an unencrypted text file,
> for simplicity in implementation and debugging.
> 
> (Symmetric encryption, e.g. using gpgme, will not be difficult to add.
> Because the TLS private key used by libvirtd is stored unencrypted,
> encrypting the secrets file does not currently provide much additional
> security.)
> 
> Changes since the fourth submission:
> - Rewrite storage mechanism to use one or two files per secret
> - Use the separate virSecretDef API for XML manipulation
> - Update for <usage type='volume'><volume/></usage>
> - Replace the "libvirt_internal_call" parameter of setValue() by
>   VIR_SECRET_GET_VALUE_INTERNAL_CALL.
> - Fix comment in src/libvirt_private.syms
> 
> * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New
>   error number.
> * po/POTFILES.in, src/Makefile.am: Add secret_driver.
> * bootstrap: Use gnulib's base64 module.
> * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms:
>   Add local secret driver.
> * qemud/qemud.c (qemudInitialize): Use the local secret driver.
> ---
>  bootstrap                   |    1 +
>  include/libvirt/virterror.h |    1 +
>  po/POTFILES.in              |    1 +
>  qemud/qemud.c               |    3 +
>  src/Makefile.am             |   14 +
>  src/libvirt_private.syms    |    3 +
>  src/secret_driver.c         | 1060 +++++++++++++++++++++++++++++++++++++++++++
>  src/secret_driver.h         |   28 ++
>  src/virterror.c             |    5 +
>  9 files changed, 1116 insertions(+), 0 deletions(-)
>  create mode 100644 src/secret_driver.c
>  create mode 100644 src/secret_driver.h
> 
> diff --git a/bootstrap b/bootstrap
> index 8b81e0e..885b299 100755
> --- a/bootstrap
> +++ b/bootstrap
> @@ -65,6 +65,7 @@ gnulib_tool=$GNULIB_SRCDIR/gnulib-tool
>  <$gnulib_tool || exit
>  
>  modules='
> +base64

  Argh !
  .gnulib/lib/base64.c
  "This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2, or (at your option)
   any later version."

Looks like GPL code not LGPL, I'm not sure we can actually use it,
Jim any opinion ?

  We have some base64 code in libxml2 but it's not part of the
exported APIs

[...]
> +    if (rename(tmp_path, filename) < 0) {
> +        virReportSystemError(conn, errno, _("rename(%s, %s) failed"), tmp_path,
> +                             filename);
> +        goto cleanup;
> +    }
> +    VIR_FREE(tmp_path);
> +    ret = 0;

  Okay, I had to convince myself this was correct but with the
  initialization of tmp_path fine :-)

[...]
> +static int
> +secretLoadValue(virConnectPtr conn, virSecretDriverStatePtr driver,
> +                virSecretEntryPtr secret)
> +{
> +    int ret = -1, fd = -1;
> +    struct stat st;
> +    char *filename = NULL, *contents = NULL, *value = NULL;
> +    size_t value_size;
> +
> +    filename = secretBase64Path(conn, driver, secret);
> +    if (filename == NULL)
> +        goto cleanup;
> +
> +    fd = open(filename, O_RDONLY);
> +    if (fd == -1) {
> +        if (errno == ENOENT) {
> +            ret = 0;
> +            goto cleanup;
> +        }
> +        virReportSystemError (conn, errno, _("cannot open '%s'"), filename);
> +        goto cleanup;
> +    }
> +    if (fstat(fd, &st) < 0) {
> +        virReportSystemError (conn, errno, _("cannot stat '%s'"), filename);
> +        goto cleanup;
> +    }
> +    if ((size_t)st.st_size != st.st_size) {

  shouldn't we chaeck against SECRET_MAX_XML_FILE instead ?

> +        virSecretReportError(conn, VIR_ERR_INTERNAL_ERROR,
> +                             _("'%s' file does not fit in memory"), filename);
> +        goto cleanup;
> +    }


    ACK once we have cleared the status of the base64 gnulib dependancy

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel veillard com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]