6:56 a.m.
Call the C-language helper key_store_requires_network() in those C
utilities that understand "OPTION_key".
(Short log for libguestfs-common commit range 9e990f3e4530..0399dea30e63:
Laszlo Ersek (12):
options: fix buffer overflow in get_keys() [CVE-2022-2211]
options: fix UUID comparison logic bug in get_keys()
mltools/tools_utils: remove unused function "key_store_to_cli"
mltools/tools_utils: allow multiple "--key" options for OCaml tools too
options: replace NULL-termination with number-of-elements in get_keys()
options: wrap each passphrase from get_keys() into a struct
options: add back-end for LUKS decryption with Clevis+Tang
options: introduce selector tpe "key_clevis"
options: generalize "--key" selector parsing for C-language utilities
mltools/tools_utils: generalize "--key" selector parsing for OCaml utils
options, mltools/tools_utils: parse "--key ID:clevis" options
options, mltools/tools_utils: add helper for network dependency
).
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek(a)redhat.com>
---
Notes:
The submodule commit range 9e990f3e4530..0399dea30e63 needs to be
refreshed in both the commit message and the "common" hunk, once the
libguestfs-common series is upstream.
cat/cat.c | 3 +++
cat/log.c | 3 +++
cat/ls.c | 3 +++
cat/tail.c | 3 +++
diff/diff.c | 8 ++++++++
edit/edit.c | 3 +++
inspector/inspector.c | 3 +++
common | 2 +-
8 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/cat/cat.c b/cat/cat.c
index 5b51b7df8447..ea202114012d 100644
--- a/cat/cat.c
+++ b/cat/cat.c
@@ -248,10 +248,13 @@ main (int argc, char *argv[])
}
/* Add drives, inspect and mount. */
add_drives (drvs);
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
if (guestfs_launch (g) == -1)
exit (EXIT_FAILURE);
if (mps != NULL)
mount_mps (mps);
diff --git a/cat/log.c b/cat/log.c
index df7e2be92684..0fe486c05fde 100644
--- a/cat/log.c
+++ b/cat/log.c
@@ -222,10 +222,13 @@ main (int argc, char *argv[])
/* Add drives, inspect and mount. Note that inspector is always true,
* and there is no -m option.
*/
add_drives (drvs);
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
if (guestfs_launch (g) == -1)
exit (EXIT_FAILURE);
inspect_mount ();
diff --git a/cat/ls.c b/cat/ls.c
index e062823b87e8..1b8e872250aa 100644
--- a/cat/ls.c
+++ b/cat/ls.c
@@ -372,10 +372,13 @@ main (int argc, char *argv[])
}
/* Add drives, inspect and mount. */
add_drives (drvs);
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
if (guestfs_launch (g) == -1)
exit (EXIT_FAILURE);
if (mps != NULL)
mount_mps (mps);
diff --git a/cat/tail.c b/cat/tail.c
index 1cf1d6e0ea6e..2a06e0ebdb35 100644
--- a/cat/tail.c
+++ b/cat/tail.c
@@ -294,10 +294,13 @@ do_tail (int argc, char *argv[], /* list of files in the guest */
int processed;
/* Add drives, inspect and mount. */
add_drives (drvs);
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
if (guestfs_launch (g) == -1)
return -1;
if (mps != NULL)
mount_mps (mps);
diff --git a/diff/diff.c b/diff/diff.c
index 6aae88e6a6f7..c73129c82ed8 100644
--- a/diff/diff.c
+++ b/diff/diff.c
@@ -207,10 +207,11 @@ main (int argc, char *argv[])
bool blocksize_consumed = true;
int c;
int option_index;
struct tree *tree1, *tree2;
struct key_store *ks = NULL;
+ bool network;
g = guestfs_create ();
if (g == NULL)
error (EXIT_FAILURE, errno, "guestfs_create");
guestfs_set_identifier (g, "g1");
@@ -376,10 +377,14 @@ main (int argc, char *argv[])
unsigned errors = 0;
/* Mount up first guest. */
add_drives (drvs);
+ network = key_store_requires_network (ks);
+ if (guestfs_set_network (g, network) == -1)
+ exit (EXIT_FAILURE);
+
if (guestfs_launch (g) == -1)
exit (EXIT_FAILURE);
inspect_mount ();
@@ -387,10 +392,13 @@ main (int argc, char *argv[])
errors++;
/* Mount up second guest. */
add_drives_handle (g2, drvs2, 0);
+ if (guestfs_set_network (g2, network) == -1)
+ exit (EXIT_FAILURE);
+
if (guestfs_launch (g2) == -1)
exit (EXIT_FAILURE);
inspect_mount_handle (g2, ks);
diff --git a/edit/edit.c b/edit/edit.c
index 7f06bce7f4a1..90c6b85d57b2 100644
--- a/edit/edit.c
+++ b/edit/edit.c
@@ -272,10 +272,13 @@ main (int argc, char *argv[])
}
/* Add drives. */
add_drives (drvs);
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
if (guestfs_launch (g) == -1)
exit (EXIT_FAILURE);
if (mps != NULL)
mount_mps (mps);
diff --git a/inspector/inspector.c b/inspector/inspector.c
index 25ee40f3f7b0..2702e3310c51 100644
--- a/inspector/inspector.c
+++ b/inspector/inspector.c
@@ -292,10 +292,13 @@ main (int argc, char *argv[])
/* Add drives, inspect and mount. Note that inspector is always true,
* and there is no -m option.
*/
add_drives (drvs);
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
if (guestfs_launch (g) == -1)
exit (EXIT_FAILURE);
/* Free up data structures, no longer needed after this point. */
free_drives (drvs);
diff --git a/common b/common
index 9e990f3e4530..0399dea30e63 160000
--- a/common
+++ b/common
@@ -1 +1 @@
-Subproject commit 9e990f3e4530df3708d176bc50e0bc68cf07d3ff
+Subproject commit 0399dea30e6353870183a07a82d05b4ec8f20ca0
--
2.19.1.3.g30247aa5d201