From: Josh Durgin <jdurgin@redhat.com>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
Ronnie Sahlberg <ronniesahlberg@gmail.com>,
qemu-block@nongnu.org, Markus Armbruster <armbru@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 03/17] rbd: add support for getting password from QCryptoSecret object
Date: Mon, 19 Oct 2015 15:57:29 -0700 [thread overview]
Message-ID: <56257559.1060001@redhat.com> (raw)
In-Reply-To: <1445267389-21846-4-git-send-email-berrange@redhat.com>
On 10/19/2015 08:09 AM, Daniel P. Berrange wrote:
> Currently RBD passwords must be provided on the command line
> via
>
> $QEMU -drive file=rbd:pool/image:id=myname:\
> key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
> auth_supported=cephx
>
> This is insecure because the key is visible in the OS process
> listing.
>
> This adds support for an 'authsecret' parameter in the RBD
> parameters that can be used with the QCryptoSecret object to
> provide the password via a file:
>
> echo "QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=" > poolkey.b64
> $QEMU -object secret,id=secret0,file=poolkey.b64,format=base64 \
> -drive file=rbd:pool/image:id=myname:\
> auth_supported=cephx,authsecret=secret0
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
Looks good in general, thanks for fixing this! Just one thing to fix
below.
> block/rbd.c | 42 ++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 42 insertions(+)
>
> diff --git a/block/rbd.c b/block/rbd.c
> index a60a19d..0acf777 100644
> --- a/block/rbd.c
> +++ b/block/rbd.c
> @@ -16,6 +16,7 @@
> #include "qemu-common.h"
> #include "qemu/error-report.h"
> #include "block/block_int.h"
> +#include "crypto/secret.h"
>
> #include <rbd/librbd.h>
>
> @@ -228,6 +229,23 @@ static char *qemu_rbd_parse_clientname(const char *conf, char *clientname)
> return NULL;
> }
>
> +
> +static int qemu_rbd_set_auth(rados_t cluster, const char *secretid,
> + Error **errp)
> +{
> + gchar *secret = qcrypto_secret_lookup_as_base64(secretid,
> + errp);
> + if (!secret) {
> + return -1;
> + }
It looks like this fails if no authsecret is provided. Ceph auth can be
disabled, so it seems like we should skip the qemu_rbd_set_auth() calls
in this case.
> +
> + rados_conf_set(cluster, "key", secret);
> + g_free(secret);
> +
> + return 0;
> +}
> +
> +
> static int qemu_rbd_set_conf(rados_t cluster, const char *conf,
> bool only_read_conf_file,
> Error **errp)
> @@ -299,10 +317,13 @@ static int qemu_rbd_create(const char *filename, QemuOpts *opts, Error **errp)
> char conf[RBD_MAX_CONF_SIZE];
> char clientname_buf[RBD_MAX_CONF_SIZE];
> char *clientname;
> + const char *secretid;
> rados_t cluster;
> rados_ioctx_t io_ctx;
> int ret;
>
> + secretid = qemu_opt_get(opts, "authsecret");
> +
> if (qemu_rbd_parsename(filename, pool, sizeof(pool),
> snap_buf, sizeof(snap_buf),
> name, sizeof(name),
> @@ -350,6 +371,11 @@ static int qemu_rbd_create(const char *filename, QemuOpts *opts, Error **errp)
> return -EIO;
> }
>
> + if (qemu_rbd_set_auth(cluster, secretid, errp) < 0) {
> + rados_shutdown(cluster);
> + return -EIO;
> + }
> +
> if (rados_connect(cluster) < 0) {
> error_setg(errp, "error connecting");
> rados_shutdown(cluster);
> @@ -423,6 +449,11 @@ static QemuOptsList runtime_opts = {
> .type = QEMU_OPT_STRING,
> .help = "Specification of the rbd image",
> },
> + {
> + .name = "authsecret",
> + .type = QEMU_OPT_STRING,
> + .help = "ID of secret providing the password",
> + },
> { /* end of list */ }
> },
> };
> @@ -436,6 +467,7 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
> char conf[RBD_MAX_CONF_SIZE];
> char clientname_buf[RBD_MAX_CONF_SIZE];
> char *clientname;
> + const char *secretid;
> QemuOpts *opts;
> Error *local_err = NULL;
> const char *filename;
> @@ -450,6 +482,7 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
> }
>
> filename = qemu_opt_get(opts, "filename");
> + secretid = qemu_opt_get(opts, "authsecret");
>
> if (qemu_rbd_parsename(filename, pool, sizeof(pool),
> snap_buf, sizeof(snap_buf),
> @@ -488,6 +521,10 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
> }
> }
>
> + if (qemu_rbd_set_auth(s->cluster, secretid, errp) < 0) {
> + goto failed_shutdown;
> + }
> +
> /*
> * Fallback to more conservative semantics if setting cache
> * options fails. Ignore errors from setting rbd_cache because the
> @@ -919,6 +956,11 @@ static QemuOptsList qemu_rbd_create_opts = {
> .type = QEMU_OPT_SIZE,
> .help = "RBD object size"
> },
> + {
> + .name = "authsecret",
> + .type = QEMU_OPT_STRING,
> + .help = "ID of secret providing the password",
> + },
> { /* end of list */ }
> }
> };
next prev parent reply other threads:[~2015-10-19 22:57 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-19 15:09 [Qemu-devel] [PATCH 00/17] Framework for securely passing secrets to QEMU Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling Daniel P. Berrange
2015-10-19 15:18 ` Paolo Bonzini
2015-10-19 15:24 ` Daniel P. Berrange
2015-10-19 15:40 ` Paolo Bonzini
2015-10-19 15:46 ` Daniel P. Berrange
2015-10-19 16:12 ` Paolo Bonzini
2015-10-19 16:24 ` Daniel P. Berrange
2015-10-19 16:28 ` Paolo Bonzini
2015-10-19 16:30 ` Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 02/17] crypto: add support for loading encrypted x509 keys Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 03/17] rbd: add support for getting password from QCryptoSecret object Daniel P. Berrange
2015-10-19 22:57 ` Josh Durgin [this message]
2015-10-20 8:35 ` Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 04/17] curl: add support for HTTP authentication parameters Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 05/17] iscsi: add support for getting CHAP password via QCryptoSecret API Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 06/17] qcow: add a 'keyid' parameter to qcow options Daniel P. Berrange
2015-10-28 13:56 ` Eric Blake
2015-10-19 15:09 ` [Qemu-devel] [PATCH 07/17] qcow2: add a 'keyid' parameter to qcow2 options Daniel P. Berrange
2015-10-19 23:29 ` Eric Blake
2015-10-28 13:58 ` Eric Blake
2015-10-19 15:09 ` [Qemu-devel] [PATCH 08/17] qom: add user_creatable_add & user_creatable_del methods Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 09/17] qemu-img: add support for --object command line arg Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 10/17] qemu-nbd: " Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 11/17] qemu-io: " Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 12/17] qemu-io: allow specifying image as a set of options args Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 13/17] qemu-nbd: " Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 14/17] qemu-img: " Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 15/17] block: rip out all traces of password prompting Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 16/17] block: remove all encryption handling APIs Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 17/17] block: remove support for writing to qcow/qcow2 encrypted images Daniel P. Berrange
2015-10-19 16:05 ` [Qemu-devel] [PATCH 00/17] Framework for securely passing secrets to QEMU Alex Bennée
2015-10-19 16:14 ` Daniel P. Berrange
2015-10-19 17:13 ` Dr. David Alan Gilbert
2015-10-19 17:46 ` Daniel P. Berrange
2015-10-23 15:31 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56257559.1060001@redhat.com \
--to=jdurgin@redhat.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=ronniesahlberg@gmail.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.