Libguestfs - Jun 2022 - [guestfs-tools PATCH 4/4] sysprep: set networking for "--key ID:clevis"

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453

Laszlo Ersek (4):
  cat, log, ls, tail, diff, edit, insp.: set networking for "--key
    ID:clevis"
  get-kernel, sparsify: set networking for "--key ID:clevis"
  customize: add reminder about "--key ID:clevis"
  sysprep: set networking for "--key ID:clevis"

 cat/cat.c                   | 3 +++
 cat/log.c                   | 3 +++
 cat/ls.c                    | 3 +++
 cat/tail.c                  | 3 +++
 common                      | 2 +-
 customize/customize_main.ml | 7 +++++++
 diff/diff.c                 | 8 ++++++++
 edit/edit.c                 | 3 +++
 get-kernel/get_kernel.ml    | 1 +
 inspector/inspector.c       | 3 +++
 sparsify/copying.ml         | 1 +
 sparsify/in_place.ml        | 1 +
 sysprep/main.ml             | 7 +++++--
 13 files changed, 42 insertions(+), 3 deletions(-)

-- 
2.19.1.3.g30247aa5d201

Call the C-language helper key_store_requires_network() in those C
utilities that understand "OPTION_key".

(Short log for libguestfs-common commit range 9e990f3e4530..0399dea30e63:

Laszlo Ersek (12):
      options: fix buffer overflow in get_keys() [CVE-2022-2211]
      options: fix UUID comparison logic bug in get_keys()
      mltools/tools_utils: remove unused function "key_store_to_cli"
      mltools/tools_utils: allow multiple "--key" options for OCaml
tools too
      options: replace NULL-termination with number-of-elements in get_keys()
      options: wrap each passphrase from get_keys() into a struct
      options: add back-end for LUKS decryption with Clevis+Tang
      options: introduce selector tpe "key_clevis"
      options: generalize "--key" selector parsing for C-language
utilities
      mltools/tools_utils: generalize "--key" selector parsing for
OCaml utils
      options, mltools/tools_utils: parse "--key ID:clevis" options
      options, mltools/tools_utils: add helper for network dependency
).

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
---

Notes:
    The submodule commit range 9e990f3e4530..0399dea30e63 needs to be
    refreshed in both the commit message and the "common" hunk, once
the
    libguestfs-common series is upstream.

 cat/cat.c             | 3 +++
 cat/log.c             | 3 +++
 cat/ls.c              | 3 +++
 cat/tail.c            | 3 +++
 diff/diff.c           | 8 ++++++++
 edit/edit.c           | 3 +++
 inspector/inspector.c | 3 +++
 common                | 2 +-
 8 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/cat/cat.c b/cat/cat.c
index 5b51b7df8447..ea202114012d 100644
--- a/cat/cat.c
+++ b/cat/cat.c
@@ -248,10 +248,13 @@ main (int argc, char *argv[])
   }
 
   /* Add drives, inspect and mount. */
   add_drives (drvs);
 
+  if (key_store_requires_network (ks) && guestfs_set_network (g, 1) ==
-1)
+    exit (EXIT_FAILURE);
+
   if (guestfs_launch (g) == -1)
     exit (EXIT_FAILURE);
 
   if (mps != NULL)
     mount_mps (mps);
diff --git a/cat/log.c b/cat/log.c
index df7e2be92684..0fe486c05fde 100644
--- a/cat/log.c
+++ b/cat/log.c
@@ -222,10 +222,13 @@ main (int argc, char *argv[])
   /* Add drives, inspect and mount.  Note that inspector is always true,
    * and there is no -m option.
    */
   add_drives (drvs);
 
+  if (key_store_requires_network (ks) && guestfs_set_network (g, 1) ==
-1)
+    exit (EXIT_FAILURE);
+
   if (guestfs_launch (g) == -1)
     exit (EXIT_FAILURE);
 
   inspect_mount ();
 
diff --git a/cat/ls.c b/cat/ls.c
index e062823b87e8..1b8e872250aa 100644
--- a/cat/ls.c
+++ b/cat/ls.c
@@ -372,10 +372,13 @@ main (int argc, char *argv[])
   }
 
   /* Add drives, inspect and mount. */
   add_drives (drvs);
 
+  if (key_store_requires_network (ks) && guestfs_set_network (g, 1) ==
-1)
+    exit (EXIT_FAILURE);
+
   if (guestfs_launch (g) == -1)
     exit (EXIT_FAILURE);
 
   if (mps != NULL)
     mount_mps (mps);
diff --git a/cat/tail.c b/cat/tail.c
index 1cf1d6e0ea6e..2a06e0ebdb35 100644
--- a/cat/tail.c
+++ b/cat/tail.c
@@ -294,10 +294,13 @@ do_tail (int argc, char *argv[], /* list of files in the
guest */
     int processed;
 
     /* Add drives, inspect and mount. */
     add_drives (drvs);
 
+    if (key_store_requires_network (ks) && guestfs_set_network (g, 1)
== -1)
+      exit (EXIT_FAILURE);
+
     if (guestfs_launch (g) == -1)
       return -1;
 
     if (mps != NULL)
       mount_mps (mps);
diff --git a/diff/diff.c b/diff/diff.c
index 6aae88e6a6f7..c73129c82ed8 100644
--- a/diff/diff.c
+++ b/diff/diff.c
@@ -207,10 +207,11 @@ main (int argc, char *argv[])
   bool blocksize_consumed = true;
   int c;
   int option_index;
   struct tree *tree1, *tree2;
   struct key_store *ks = NULL;
+  bool network;
 
   g = guestfs_create ();
   if (g == NULL)
     error (EXIT_FAILURE, errno, "guestfs_create");
   guestfs_set_identifier (g, "g1");
@@ -376,10 +377,14 @@ main (int argc, char *argv[])
   unsigned errors = 0;
 
   /* Mount up first guest. */
   add_drives (drvs);
 
+  network = key_store_requires_network (ks);
+  if (guestfs_set_network (g, network) == -1)
+    exit (EXIT_FAILURE);
+
   if (guestfs_launch (g) == -1)
     exit (EXIT_FAILURE);
 
   inspect_mount ();
 
@@ -387,10 +392,13 @@ main (int argc, char *argv[])
     errors++;
 
   /* Mount up second guest. */
   add_drives_handle (g2, drvs2, 0);
 
+  if (guestfs_set_network (g2, network) == -1)
+    exit (EXIT_FAILURE);
+
   if (guestfs_launch (g2) == -1)
     exit (EXIT_FAILURE);
 
   inspect_mount_handle (g2, ks);
 
diff --git a/edit/edit.c b/edit/edit.c
index 7f06bce7f4a1..90c6b85d57b2 100644
--- a/edit/edit.c
+++ b/edit/edit.c
@@ -272,10 +272,13 @@ main (int argc, char *argv[])
   }
 
   /* Add drives. */
   add_drives (drvs);
 
+  if (key_store_requires_network (ks) && guestfs_set_network (g, 1) ==
-1)
+    exit (EXIT_FAILURE);
+
   if (guestfs_launch (g) == -1)
     exit (EXIT_FAILURE);
 
   if (mps != NULL)
     mount_mps (mps);
diff --git a/inspector/inspector.c b/inspector/inspector.c
index 25ee40f3f7b0..2702e3310c51 100644
--- a/inspector/inspector.c
+++ b/inspector/inspector.c
@@ -292,10 +292,13 @@ main (int argc, char *argv[])
   /* Add drives, inspect and mount.  Note that inspector is always true,
    * and there is no -m option.
    */
   add_drives (drvs);
 
+  if (key_store_requires_network (ks) && guestfs_set_network (g, 1) ==
-1)
+    exit (EXIT_FAILURE);
+
   if (guestfs_launch (g) == -1)
     exit (EXIT_FAILURE);
 
   /* Free up data structures, no longer needed after this point. */
   free_drives (drvs);
diff --git a/common b/common
index 9e990f3e4530..0399dea30e63 160000
--- a/common
+++ b/common
@@ -1 +1 @@
-Subproject commit 9e990f3e4530df3708d176bc50e0bc68cf07d3ff
+Subproject commit 0399dea30e6353870183a07a82d05b4ec8f20ca0
-- 
2.19.1.3.g30247aa5d201

Call the OCaml-language helper "key_store_requires_network" in those
OCaml
utilities that pass "~key_opts:true" to
"create_standard_options", and do
not have any code related to networking yet.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
---
 get-kernel/get_kernel.ml | 1 +
 sparsify/copying.ml      | 1 +
 sparsify/in_place.ml     | 1 +
 3 files changed, 3 insertions(+)

diff --git a/get-kernel/get_kernel.ml b/get-kernel/get_kernel.ml
index e485cf4952da..9c2aa17c225b 100644
--- a/get-kernel/get_kernel.ml
+++ b/get-kernel/get_kernel.ml
@@ -174,10 +174,11 @@ let main ()    let add, output, unversioned, prefix, ks =
parse_cmdline () in
 
   (* Connect to libguestfs. *)
   let g = open_guestfs () in
   add g;
+  g#set_network (key_store_requires_network ks);
   g#launch ();
 
   (* Decrypt the disks. *)
   inspect_decrypt g ks;
 
diff --git a/sparsify/copying.ml b/sparsify/copying.ml
index 39d06c94c0ac..21a603d63548 100644
--- a/sparsify/copying.ml
+++ b/sparsify/copying.ml
@@ -185,10 +185,11 @@ You can ignore this warning or change it to a hard failure
using the
 
     if not (quiet ()) then (
       let machine_readable = machine_readable () <> None in
       Progress.set_up_progress_bar ~machine_readable g
     );
+    g#set_network (key_store_requires_network ks);
     g#launch ();
 
     g in
 
   (* Decrypt the disks. *)
diff --git a/sparsify/in_place.ml b/sparsify/in_place.ml
index 00f0e056478c..0eec63e6f049 100644
--- a/sparsify/in_place.ml
+++ b/sparsify/in_place.ml
@@ -56,10 +56,11 @@ let run disk format ignores zeroes ks  
   if not (quiet ()) then (
     let machine_readable = machine_readable () <> None in
     Progress.set_up_progress_bar ~machine_readable g
   );
+  g#set_network (key_store_requires_network ks);
   g#launch ();
 
   (* If discard is not supported in the appliance, we must return exit
    * code 3.  See the man page.
    *)
-- 
2.19.1.3.g30247aa5d201

virt-customize already enables appliance networking by default;
conversely, if the user passes "--no-network", we shouldn't
override that
for the sake of "--key ID:clevis". Add comments about clevis to the
code.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
---
 customize/customize_main.ml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/customize/customize_main.ml b/customize/customize_main.ml
index 8a022342f107..32b7eebdde42 100644
--- a/customize/customize_main.ml
+++ b/customize/customize_main.ml
@@ -50,11 +50,15 @@ let main ()      format_consumed := false
   in
   let libvirturi = ref "" in
   let memsize = ref None in
   let set_memsize arg = memsize := Some arg in
+
+  (* Note that [--key ID:clevis] depends on this default. See more below, near
+   * [g#set_network network]. *)
   let network = ref true in
+
   let smp = ref None in
   let set_smp arg = smp := Some arg in
 
   let add_file arg      let uri @@ -157,10 +161,13 @@ read the man page
virt-customize(1).
   (* Connect to libguestfs. *)
   let g      let g = open_guestfs () in
     Option.may g#set_memsize memsize;
     Option.may g#set_smp smp;
+    (* [--no-network] from the command line takes precedence over the automatic
+     * network enablement for [--key ID:clevis], so here we intentionally
don't check
+     * [key_store_requires_network opthandle.ks]. *)
     g#set_network network;
 
     (* Add disks. *)
     add g dryrun;
 
-- 
2.19.1.3.g30247aa5d201

Similarly to virt-customize, virt-sysprep has prior "--network" and
"--no-network" options. Unlike virt-customize though, virt-sysprep
defaults to disabling the appliance network. Therefore we can't tell
whether the network is disabled "by default" or because the user
requested
it.

That's a problem: "--key ID:clevis" is supposed to override the
former,
but not the latter. Add a separate option for tracking "--no-network",
and
only if "--no-network" is absent, permit "--network" or
"--key ID:clevis"
to turn on the network.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
---
 sysprep/main.ml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/sysprep/main.ml b/sysprep/main.ml
index b760618ad58a..1f722dfb06be 100644
--- a/sysprep/main.ml
+++ b/sysprep/main.ml
@@ -42,10 +42,11 @@ let main ()      let dryrun = ref false in
     let files = ref [] in
     let libvirturi = ref "" in
     let mount_opts = ref "" in
     let network = ref false in
+    let no_network = ref false in
     let operations = ref None in
 
     let format = ref "auto" in
     let format_consumed = ref true in
     let set_format s @@ -129,11 +130,11 @@ let main ()        [
L"enable" ],  Getopt.String (s_"operations", set_enable),   
s_"Enable specific operations";
       [ L"format" ],  Getopt.String (s_"format",
set_format),      s_"Set format (default: auto)";
       [ L"list-operations" ], Getopt.Unit list_operations,
s_"List supported operations";
       [ L"mount-options" ], Getopt.Set_string (s_"opts",
mount_opts),  s_"Set mount options (eg /:noatime;/var:rw,noatime)";
       [ L"network" ], Getopt.Set network,           s_"Enable
appliance network";
-      [ L"no-network" ], Getopt.Clear network,      s_"Disable
appliance network (default)";
+      [ L"no-network" ], Getopt.Set no_network,     s_"Disable
appliance network (default)";
       [ L"operation"; L"operations" ],  Getopt.String
(s_"operations", set_operations), s_"Enable/disable specific
operations";
     ] in
     let args = basic_args @ Sysprep_operation.extra_args () in
     let usage_msg        sprintf (f_"\
@@ -186,10 +187,11 @@ read the man page virt-sysprep(1).
     in
 
     (* Dereference the rest of the args. *)
     let dryrun = !dryrun in
     let network = !network in
+    let no_network = !no_network in
     let operations = !operations in
 
     (* At this point we know which operations are enabled.  So call the
      * not_enabled_check_args method of all *disabled* operations, so
      * they have a chance to check for unused command line args.
@@ -206,11 +208,12 @@ read the man page virt-sysprep(1).
 
     message (f_"Examining the guest ...");
 
     (* Connect to libguestfs. *)
     let g = open_guestfs () in
-    g#set_network network;
+    g#set_network (not no_network &&
+                   (network || key_store_requires_network opthandle.ks));
     add g dryrun;
     g#launch ();
 
     operations, g, mount_opts, opthandle.ks in
 
-- 
2.19.1.3.g30247aa5d201