# error "Don't include this file directly, only use driver.h"
#endif
-enum {
- /* This getValue call is inside libvirt, override the "private" flag.
- This flag cannot be set by outside callers. */
- VIR_SECRET_GET_VALUE_INTERNAL_CALL = 1 << 0,
-};
-
typedef virSecretPtr
(*virDrvSecretLookupByUUID)(virConnectPtr conn,
const unsigned char *uuid);
typedef unsigned char *
(*virDrvSecretGetValue)(virSecretPtr secret,
size_t *value_size,
- unsigned int flags,
- unsigned int internalFlags);
+ unsigned int flags);
typedef int
(*virDrvSecretUndefine)(virSecretPtr secret);
if (conn->secretDriver != NULL && conn->secretDriver->secretGetValue != NULL) {
unsigned char *ret;
- ret = conn->secretDriver->secretGetValue(secret, value_size, flags, 0);
+ ret = conn->secretDriver->secretGetValue(secret, value_size, flags);
if (ret == NULL)
goto error;
return ret;
static unsigned char *
remoteSecretGetValue(virSecretPtr secret, size_t *value_size,
- unsigned int flags, unsigned int internalFlags)
+ unsigned int flags)
{
unsigned char *rv = NULL;
remote_secret_get_value_args args;
remoteDriverLock(priv);
- /* internalFlags intentionally do not go over the wire */
- if (internalFlags) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("no internalFlags support"));
- goto done;
- }
-
make_nonnull_secret(&args.secret, secret);
args.flags = flags;
#include "viruuid.h"
#include "virerror.h"
#include "virfile.h"
+#include "viridentity.h"
#include "virpidfile.h"
#include "configmake.h"
#include "virstring.h"
static unsigned char *
secretGetValue(virSecretPtr secret,
size_t *value_size,
- unsigned int flags,
- unsigned int internalFlags)
+ unsigned int flags)
{
unsigned char *ret = NULL;
virSecretObj *obj;
if (virSecretGetValueEnsureACL(secret->conn, def) < 0)
goto cleanup;
- if ((internalFlags & VIR_SECRET_GET_VALUE_INTERNAL_CALL) == 0 &&
- def->isprivate) {
- virReportError(VIR_ERR_INVALID_SECRET, "%s",
- _("secret is private"));
- goto cleanup;
+ /*
+ * For historical compat we want to deny access to
+ * private secrets, even if no ACL driver is
+ * present.
+ *
+ * We need to validate the identity requesting
+ * the secret value is running as the same user
+ * credentials as this driver.
+ *
+ * ie a non-root libvirt client should not be
+ * able to request the value from privileged
+ * libvirt driver.
+ *
+ * To apply restrictions to processes running under
+ * the same user account is out of scope.
+ */
+ if (def->isprivate) {
+ int rv = virIdentityIsCurrentElevated();
+ if (rv < 0)
+ goto cleanup;
+ if (rv == 0) {
+ virReportError(VIR_ERR_INVALID_SECRET, "%s",
+ _("secret is private"));
+ goto cleanup;
+ }
}
if (!(ret = virSecretObjGetValue(obj)))
goto cleanup;
}
- *secret = conn->secretDriver->secretGetValue(sec, secret_size, 0,
- VIR_SECRET_GET_VALUE_INTERNAL_CALL);
+ *secret = conn->secretDriver->secretGetValue(sec, secret_size, 0);
if (!*secret)
goto cleanup;
static unsigned char *
fakeSecretGetValue(virSecretPtr obj G_GNUC_UNUSED,
size_t *value_size,
- unsigned int fakeflags G_GNUC_UNUSED,
- unsigned int internalFlags G_GNUC_UNUSED)
+ unsigned int fakeflags G_GNUC_UNUSED)
{
char *secret;
secret = g_strdup("AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A");
projects / thirdparty / libvirt.git / commitdiff
