[Qemu-devel] [FOR 0.12] 'block_passwd' monitor command

[Qemu-devel] [FOR 0.12] 'block_passwd' monitor command

[Luiz Capitulino]

 We don't have prompts in QMP, so we need to set passwords in advance,
details in the second patch.

 We also add a new error class for invalid passwords.

[Qemu-devel] [PATCH 1/2] QError: Add class for invalid passwords

[Luiz Capitulino]

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
---
 qerror.c |    4 ++++
 qerror.h |    3 +++
 2 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/qerror.c b/qerror.c
index 92d9622..18be7e3 100644
--- a/qerror.c
+++ b/qerror.c
@@ -61,6 +61,10 @@ const QErrorStringTable qerror_table[] = {
         .desc        = "Invalid parameter type, expected: %(expected)",
     },
     {
+        .error_fmt   = QERR_INVALID_PASSWORD,
+        .desc        = "The entered password is invalid",
+    },
+    {
         .error_fmt = QERR_KVM_MISSING_CAP,
         .desc      = "Using KVM without %(capability), %(feature) unavailable",
     },
diff --git a/qerror.h b/qerror.h
index a747ff6..c9fcf97 100644
--- a/qerror.h
+++ b/qerror.h
@@ -53,6 +53,9 @@ QError *qobject_to_qerror(const QObject *obj);
 #define QERR_INVALID_PARAMETER_TYPE \
         "{ 'class': 'InvalidParameterType', 'data': { 'name': %s,'expected': %s } }"
 
+#define QERR_INVALID_PASSWORD \
+        "{ 'class': 'InvalidPassword', 'data': {} }"
+
 #define QERR_KVM_MISSING_CAP \
         "{ 'class': 'KVMMissingCap', 'data': { 'capability': %s, 'feature': %s } }"
 
-- 
1.6.6.rc1.5.ge21a85

[Qemu-devel] [PATCH 2/2] monitor: Introduce 'block_passwd' command

[Luiz Capitulino]

When using encrypted disk images, QEMU will prompt the user
for passwords when started.

This makes sense for the user protocol, but doesn't for QMP.

The solution is to have Monitor command which allows the user
or a Client to set passwords in advance, so that we avoid
the prompt completely.

This is what block_passwd does, for example:

(QEMU) block_passwd ide0-hd0 foobar

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
---
 monitor.c       |   16 ++++++++++++++++
 qemu-monitor.hx |   14 ++++++++++++++
 2 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/monitor.c b/monitor.c
index 47b11f8..a3ae488 100644
--- a/monitor.c
+++ b/monitor.c
@@ -807,6 +807,22 @@ static void do_eject(Monitor *mon, const QDict *qdict, QObject **ret_data)
     eject_device(mon, bs, force);
 }
 
+static void do_block_set_passwd(Monitor *mon, const QDict *qdict,
+                                QObject **ret_data)
+{
+    BlockDriverState *bs;
+
+    bs = bdrv_find(qdict_get_str(qdict, "device"));
+    if (!bs) {
+        qemu_error_new(QERR_DEVICE_NOT_FOUND, qdict_get_str(qdict, "device"));
+        return;
+    }
+
+    if (bdrv_set_key(bs, qdict_get_str(qdict, "password")) < 0) {
+        qemu_error_new(QERR_INVALID_PASSWORD);
+    }
+}
+
 static void do_change_block(Monitor *mon, const char *device,
                             const char *filename, const char *fmt)
 {
diff --git a/qemu-monitor.hx b/qemu-monitor.hx
index 93cbb62..d7c6522 100644
--- a/qemu-monitor.hx
+++ b/qemu-monitor.hx
@@ -1048,6 +1048,20 @@ Close the file descriptor previously assigned to @var{fdname} using the
 used by another monitor command.
 ETEXI
 
+    {
+        .name       = "block_passwd",
+        .args_type  = "device:B,password:s",
+        .params     = "block_passwd device password",
+        .help       = "set the password of encrypted block devices",
+        .user_print = monitor_user_noop,
+        .mhandler.cmd_new = do_block_set_passwd,
+    },
+
+STEXI
+@item block_passwd @var{device} @var{password}
+Set the encrypted device @var{device} password to @var{password}
+ETEXI
+
 STEXI
 @end table
 ETEXI
-- 
1.6.6.rc1.5.ge21a85