From: "Daniel P. Berrange" <berrange@redhat.com>
To: ashish mittal <ashmit602@gmail.com>
Cc: Jeff Cody <jcody@redhat.com>,
Stefan Hajnoczi <stefanha@gmail.com>,
Ketan Nilangekar <Ketan.Nilangekar@veritas.com>,
qemu-devel <qemu-devel@nongnu.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Kevin Wolf <kwolf@redhat.com>,
Markus Armbruster <armbru@redhat.com>,
Fam Zheng <famz@redhat.com>,
Ashish Mittal <Ashish.Mittal@veritas.com>,
John Ferlan <jferlan@redhat.com>,
Buddhi Madhav <Buddhi.Madhav@veritas.com>,
Suraj Singh <Suraj.Singh@veritas.com>,
Nitin Jerath <Nitin.Jerath@veritas.com>,
Peter Maydell <peter.maydell@linaro.org>,
Abhijit Dey <Abhijit.Dey@veritas.com>,
"Venkatesha M.G." <Venkatesha.Mg@veritas.com>,
Rakesh Ranjan <Rakesh.Ranjan@veritas.com>
Subject: Re: [Qemu-devel] [PATCH v8 1/2] block/vxhs.c: Add support for a new block device type called "vxhs"
Date: Mon, 27 Feb 2017 09:22:07 +0000 [thread overview]
Message-ID: <20170227092207.GA18219@redhat.com> (raw)
In-Reply-To: <CAAo6VWPyQrjSp2qjvxqXRPS8=5N85i0-DJdkWhiGaXmND_8+qA@mail.gmail.com>
On Fri, Feb 24, 2017 at 03:30:21PM -0800, ashish mittal wrote:
> Thanks!
>
> I hope the following is in line with what you suggested -
Yes, that looks suitable for password auth
>
> We will error out in case either of username, secret-id, or password
> are missing.
>
> Good case, passing password via a file -
> $ ./qemu-io --trace enable=vxhs* --object
> secret,id=xvxhspasswd,file=/tmp/some/file/path -c 'read 66000 128k'
> 'json:{"server.host": "127.0.0.1", "server.port": "9999", "vdisk-id":
> "/test.raw", "driver": "vxhs", "user": "ashish", "password-secret":
> "xvxhspasswd"}'
> 1132@1487977829.151064:vxhs_open_vdiskid Opening vdisk-id /test.raw
>
> 1132@1487977829.151141:vxhs_get_creds User ashish, SecretID
> xvxhspasswd, Password Str0ngP@ssw0rd <=== **** NOTE WILL NOT PRINT
> PASSWORD IN FINAL CODE ****
>
> 1132@1487977829.151168:vxhs_open_hostinfo Adding host 127.0.0.1:9999
> to BDRVVXHSState
> 1132@1487977829.173062:vxhs_get_vdisk_stat vDisk /test.raw stat ioctl
> returned size 196616
> read 131072/131072 bytes at offset 66000
> 128 KiB, 1 ops; 0.0012 sec (99.049 MiB/sec and 792.3930 ops/sec)
> 1132@1487977829.175141:vxhs_close Closing vdisk /test.raw
>
>
> Bad case, missing user -
> $ ./qemu-io --trace enable=vxhs* --object
> secret,id=xvxhspasswd,data=/tmp/some/file/path -c 'read 66000 128k'
> 'json:{"server.host": "127.0.0.1", "server.port": "9999", "vdisk-id":
> "/test.raw", "driver": "vxhs"}'
> 1310@1487978547.771234:vxhs_open_vdiskid Opening vdisk-id /test.raw
> can't open device json:{"server.host": "127.0.0.1", "server.port":
> "9999", "vdisk-id": "/test.raw", "driver": "vxhs"}: please specify the
> user for authenticating to target
>
> diff --git a/block/vxhs.c b/block/vxhs.c
> index 4f0633e..9b60ddf 100644
> --- a/block/vxhs.c
> +++ b/block/vxhs.c
> @@ -17,12 +17,16 @@
> #include "qemu/uri.h"
> #include "qapi/error.h"
> #include "qemu/uuid.h"
> +#include "crypto/secret.h"
>
> #define VXHS_OPT_FILENAME "filename"
> #define VXHS_OPT_VDISK_ID "vdisk-id"
> #define VXHS_OPT_SERVER "server"
> #define VXHS_OPT_HOST "host"
> #define VXHS_OPT_PORT "port"
> +#define VXHS_OPT_USER "user"
> +#define VXHS_OPT_PASSWORD "password"
> +#define VXHS_OPT_SECRETID "password-secret"
> #define VXHS_UUID_DEF "12345678-1234-1234-1234-123456789012"
>
> QemuUUID qemu_uuid __attribute__ ((weak));
> @@ -136,6 +140,22 @@ static QemuOptsList runtime_opts = {
> .type = QEMU_OPT_STRING,
> .help = "UUID of the VxHS vdisk",
> },
> + {
> + .name = VXHS_OPT_USER,
> + .type = QEMU_OPT_STRING,
> + .help = "username for authentication to target",
> + },
> + {
> + .name = VXHS_OPT_PASSWORD,
> + .type = QEMU_OPT_STRING,
> + .help = "password for authentication to target",
> + },
> + {
> + .name = VXHS_OPT_SECRETID,
> + .type = QEMU_OPT_STRING,
> + .help = "ID of the secret providing password for"
> + "authentication to target",
> + },
> { /* end of list */ }
> },
> };
> @@ -257,6 +277,9 @@ static int vxhs_open(BlockDriverState *bs, QDict *options,
> const char *server_host_opt;
> char *str = NULL;
> int ret = 0;
> + const char *user = NULL;
> + const char *secretid = NULL;
> + const char *password = NULL;
>
> ret = vxhs_init_and_ref();
> if (ret < 0) {
> @@ -320,6 +343,35 @@ static int vxhs_open(BlockDriverState *bs, QDict *options,
> goto out;
> }
>
> + /* check if we got username and secretid via the options */
> + user = qemu_opt_get(opts, VXHS_OPT_USER);
> + if (!user) {
> + error_setg(&local_err, "please specify the user for authenticating to "
> + "target");
> + qdict_del(backing_options, str);
Not sure why you're deleting this ? Likewise the 2 cases below too
> + ret = -EINVAL;
> + goto out;
> + }
> +
> + secretid = qemu_opt_get(opts, VXHS_OPT_SECRETID);
> + if (!secretid) {
> + error_setg(&local_err, "please specify the ID of the secret to be "
> + "used for authenticating to target");
> + qdict_del(backing_options, str);
> + ret = -EINVAL;
> + goto out;
> + }
> +
> + /* check if we got password via the --object argument */
> + password = qcrypto_secret_lookup_as_utf8(secretid, &local_err);
> + if (local_err != NULL) {
> + trace_vxhs_get_creds(user, secretid, password);
> + qdict_del(backing_options, str);
> + ret = -EINVAL;
> + goto out;
> + }
> + trace_vxhs_get_creds(user, secretid, password);
> +
> s->vdisk_hostinfo.host = g_strdup(server_host_opt);
>
> s->vdisk_hostinfo.port = g_ascii_strtoll(qemu_opt_get(tcp_opts,
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
next prev parent reply other threads:[~2017-02-27 9:22 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-16 22:24 [Qemu-devel] [PATCH v8 1/2] block/vxhs.c: Add support for a new block device type called "vxhs" ashish mittal
2017-02-17 21:42 ` Jeff Cody
2017-02-18 0:30 ` Ketan Nilangekar
2017-02-20 9:50 ` Daniel P. Berrange
2017-02-20 11:02 ` Stefan Hajnoczi
2017-02-20 11:34 ` ashish mittal
2017-02-21 10:59 ` Stefan Hajnoczi
2017-02-21 11:33 ` Daniel P. Berrange
2017-02-22 14:09 ` Stefan Hajnoczi
2017-02-22 14:22 ` Daniel P. Berrange
2017-02-22 14:44 ` Jeff Cody
2017-02-24 4:19 ` ashish mittal
2017-02-24 9:19 ` Daniel P. Berrange
2017-02-24 23:30 ` ashish mittal
2017-02-27 9:22 ` Daniel P. Berrange [this message]
2017-02-28 22:51 ` ashish mittal
2017-03-01 9:18 ` Daniel P. Berrange
2017-03-06 0:26 ` ashish mittal
2017-03-06 9:23 ` Daniel P. Berrange
2017-03-08 1:27 ` ashish mittal
2017-03-08 9:13 ` Daniel P. Berrange
2017-03-08 13:04 ` Ketan Nilangekar
2017-03-08 17:59 ` ashish mittal
2017-03-08 18:11 ` Daniel P. Berrange
2017-03-11 3:04 ` ashish mittal
2017-03-13 9:56 ` Daniel P. Berrange
2017-03-13 9:57 ` Daniel P. Berrange
2017-03-17 0:29 ` ashish mittal
2017-03-18 1:44 ` ashish mittal
2017-03-20 12:55 ` Daniel P. Berrange
2017-03-23 0:03 ` ashish mittal
2017-03-27 3:07 ` ashish mittal
2017-02-21 17:21 ` Ketan Nilangekar
2017-02-21 17:39 ` Daniel P. Berrange
2017-02-21 18:06 ` Jeff Cody
2017-02-21 18:56 ` Daniel P. Berrange
2017-02-21 19:25 ` Jeff Cody
2017-02-22 10:12 ` Daniel P. Berrange
2017-02-22 14:25 ` Stefan Hajnoczi
2017-02-20 9:44 ` Daniel P. Berrange
-- strict thread matches above, loose matches on Subject: below --
2017-02-09 5:23 Ashish Mittal
2017-02-09 6:29 ` Jeff Cody
2017-02-09 9:24 ` ashish mittal
2017-02-09 14:32 ` Jeff Cody
2017-02-09 16:14 ` ashish mittal
2017-02-09 16:50 ` Jeff Cody
2017-02-09 18:08 ` ashish mittal
2017-02-09 18:45 ` ashish mittal
2017-02-10 0:27 ` ashish mittal
2017-02-10 2:18 ` Jeff Cody
2017-02-14 20:51 ` Jeff Cody
2017-02-14 22:34 ` ashish mittal
2017-02-15 3:02 ` ashish mittal
2017-02-15 3:54 ` Jeff Cody
2017-02-15 20:34 ` ashish mittal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170227092207.GA18219@redhat.com \
--to=berrange@redhat.com \
--cc=Abhijit.Dey@veritas.com \
--cc=Ashish.Mittal@veritas.com \
--cc=Buddhi.Madhav@veritas.com \
--cc=Ketan.Nilangekar@veritas.com \
--cc=Nitin.Jerath@veritas.com \
--cc=Rakesh.Ranjan@veritas.com \
--cc=Suraj.Singh@veritas.com \
--cc=Venkatesha.Mg@veritas.com \
--cc=armbru@redhat.com \
--cc=ashmit602@gmail.com \
--cc=famz@redhat.com \
--cc=jcody@redhat.com \
--cc=jferlan@redhat.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.