From: Jeff Cody <jcody@redhat.com>
To: qemu-block@nongnu.org
Cc: peter.maydell@linaro.org, jcody@redhat.com, famz@redhat.com,
qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 05/12] iscsi: add support for getting CHAP password via QCryptoSecret API
Date: Mon, 29 Feb 2016 15:08:45 -0500 [thread overview]
Message-ID: <1456776532-1008-6-git-send-email-jcody@redhat.com> (raw)
In-Reply-To: <1456776532-1008-1-git-send-email-jcody@redhat.com>
From: "Daniel P. Berrange" <berrange@redhat.com>
The iSCSI driver currently accepts the CHAP password in plain text
as a block driver property. This change adds a new "password-secret"
property that accepts the ID of a QCryptoSecret instance.
$QEMU \
-object secret,id=sec0,filename=/home/berrange/example.pw \
-drive driver=iscsi,url=iscsi://example.com/target-foo/lun1,\
user=dan,password-secret=sec0
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-4-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
block/iscsi.c | 24 +++++++++++++++++++++++-
1 file changed, 23 insertions(+), 1 deletion(-)
diff --git a/block/iscsi.c b/block/iscsi.c
index 9fe76f4..128ea79 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -39,6 +39,7 @@
#include "sysemu/sysemu.h"
#include "qmp-commands.h"
#include "qapi/qmp/qstring.h"
+#include "crypto/secret.h"
#include <iscsi/iscsi.h>
#include <iscsi/scsi-lowlevel.h>
@@ -1080,6 +1081,8 @@ static void parse_chap(struct iscsi_context *iscsi, const char *target,
QemuOpts *opts;
const char *user = NULL;
const char *password = NULL;
+ const char *secretid;
+ char *secret = NULL;
list = qemu_find_opts("iscsi");
if (!list) {
@@ -1099,8 +1102,20 @@ static void parse_chap(struct iscsi_context *iscsi, const char *target,
return;
}
+ secretid = qemu_opt_get(opts, "password-secret");
password = qemu_opt_get(opts, "password");
- if (!password) {
+ if (secretid && password) {
+ error_setg(errp, "'password' and 'password-secret' properties are "
+ "mutually exclusive");
+ return;
+ }
+ if (secretid) {
+ secret = qcrypto_secret_lookup_as_utf8(secretid, errp);
+ if (!secret) {
+ return;
+ }
+ password = secret;
+ } else if (!password) {
error_setg(errp, "CHAP username specified but no password was given");
return;
}
@@ -1108,6 +1123,8 @@ static void parse_chap(struct iscsi_context *iscsi, const char *target,
if (iscsi_set_initiator_username_pwd(iscsi, user, password)) {
error_setg(errp, "Failed to set initiator username and password");
}
+
+ g_free(secret);
}
static void parse_header_digest(struct iscsi_context *iscsi, const char *target,
@@ -1858,6 +1875,11 @@ static QemuOptsList qemu_iscsi_opts = {
.type = QEMU_OPT_STRING,
.help = "password for CHAP authentication to target",
},{
+ .name = "password-secret",
+ .type = QEMU_OPT_STRING,
+ .help = "ID of the secret providing password for CHAP "
+ "authentication to target",
+ },{
.name = "header-digest",
.type = QEMU_OPT_STRING,
.help = "HeaderDigest setting. "
--
1.9.3
next prev parent reply other threads:[~2016-02-29 20:09 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-29 20:08 [Qemu-devel] [PULL 00/12] Block patches Jeff Cody
2016-02-29 20:08 ` [Qemu-devel] [PULL 01/12] block/nfs: add support for setting debug level Jeff Cody
2016-02-29 20:08 ` [Qemu-devel] [PULL 02/12] sheepdog: allow to delete snapshot Jeff Cody
2016-03-02 14:11 ` Paolo Bonzini
2016-03-02 15:18 ` Jeff Cody
2016-02-29 20:08 ` [Qemu-devel] [PULL 03/12] rbd: add support for getting password from QCryptoSecret object Jeff Cody
2016-02-29 20:08 ` [Qemu-devel] [PULL 04/12] curl: add support for HTTP authentication parameters Jeff Cody
2016-02-29 20:08 ` Jeff Cody [this message]
2016-02-29 20:08 ` [Qemu-devel] [PULL 06/12] vhdx: DIV_ROUND_UP() in vhdx_calc_bat_entries() Jeff Cody
2016-02-29 20:08 ` [Qemu-devel] [PULL 07/12] vhdx: Simplify vhdx_set_shift_bits() Jeff Cody
2016-02-29 20:08 ` [Qemu-devel] [PULL 08/12] mirror: Rewrite mirror_iteration Jeff Cody
2016-04-13 13:40 ` [Qemu-devel] [Qemu-block] " Kevin Wolf
2016-02-29 20:08 ` [Qemu-devel] [PULL 09/12] mirror: Add mirror_wait_for_io Jeff Cody
2016-02-29 20:08 ` [Qemu-devel] [PULL 10/12] block/backup: make backup cluster size configurable Jeff Cody
2016-02-29 20:08 ` [Qemu-devel] [PULL 11/12] block/backup: avoid copying less than full target clusters Jeff Cody
2016-02-29 20:08 ` [Qemu-devel] [PULL 12/12] iotests/124: Add cluster_size mismatch test Jeff Cody
2016-03-01 10:34 ` [Qemu-devel] [PULL 00/12] Block patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1456776532-1008-6-git-send-email-jcody@redhat.com \
--to=jcody@redhat.com \
--cc=famz@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.