From: Josh Durgin <jdurgin@redhat.com>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
Ronnie Sahlberg <ronniesahlberg@gmail.com>,
qemu-block@nongnu.org, Markus Armbruster <armbru@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 03/17] rbd: add support for getting password from QCryptoSecret object
Date: Mon, 19 Oct 2015 15:57:29 -0700 [thread overview]
Message-ID: <56257559.1060001@redhat.com> (raw)
In-Reply-To: <1445267389-21846-4-git-send-email-berrange@redhat.com>
On 10/19/2015 08:09 AM, Daniel P. Berrange wrote:
> Currently RBD passwords must be provided on the command line
> via
>
> $QEMU -drive file=rbd:pool/image:id=myname:\
> key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
> auth_supported=cephx
>
> This is insecure because the key is visible in the OS process
> listing.
>
> This adds support for an 'authsecret' parameter in the RBD
> parameters that can be used with the QCryptoSecret object to
> provide the password via a file:
>
> echo "QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=" > poolkey.b64
> $QEMU -object secret,id=secret0,file=poolkey.b64,format=base64 \
> -drive file=rbd:pool/image:id=myname:\
> auth_supported=cephx,authsecret=secret0
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
Looks good in general, thanks for fixing this! Just one thing to fix
below.
> block/rbd.c | 42 ++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 42 insertions(+)
>
> diff --git a/block/rbd.c b/block/rbd.c
> index a60a19d..0acf777 100644
> --- a/block/rbd.c
> +++ b/block/rbd.c
> @@ -16,6 +16,7 @@
> #include "qemu-common.h"
> #include "qemu/error-report.h"
> #include "block/block_int.h"
> +#include "crypto/secret.h"
>
> #include <rbd/librbd.h>
>
> @@ -228,6 +229,23 @@ static char *qemu_rbd_parse_clientname(const char *conf, char *clientname)
> return NULL;
> }
>
> +
> +static int qemu_rbd_set_auth(rados_t cluster, const char *secretid,
> + Error **errp)
> +{
> + gchar *secret = qcrypto_secret_lookup_as_base64(secretid,
> + errp);
> + if (!secret) {
> + return -1;
> + }
It looks like this fails if no authsecret is provided. Ceph auth can be
disabled, so it seems like we should skip the qemu_rbd_set_auth() calls
in this case.
> +
> + rados_conf_set(cluster, "key", secret);
> + g_free(secret);
> +
> + return 0;
> +}
> +
> +
> static int qemu_rbd_set_conf(rados_t cluster, const char *conf,
> bool only_read_conf_file,
> Error **errp)
> @@ -299,10 +317,13 @@ static int qemu_rbd_create(const char *filename, QemuOpts *opts, Error **errp)
> char conf[RBD_MAX_CONF_SIZE];
> char clientname_buf[RBD_MAX_CONF_SIZE];
> char *clientname;
> + const char *secretid;
> rados_t cluster;
> rados_ioctx_t io_ctx;
> int ret;
>
> + secretid = qemu_opt_get(opts, "authsecret");
> +
> if (qemu_rbd_parsename(filename, pool, sizeof(pool),
> snap_buf, sizeof(snap_buf),
> name, sizeof(name),
> @@ -350,6 +371,11 @@ static int qemu_rbd_create(const char *filename, QemuOpts *opts, Error **errp)
> return -EIO;
> }
>
> + if (qemu_rbd_set_auth(cluster, secretid, errp) < 0) {
> + rados_shutdown(cluster);
> + return -EIO;
> + }
> +
> if (rados_connect(cluster) < 0) {
> error_setg(errp, "error connecting");
> rados_shutdown(cluster);
> @@ -423,6 +449,11 @@ static QemuOptsList runtime_opts = {
> .type = QEMU_OPT_STRING,
> .help = "Specification of the rbd image",
> },
> + {
> + .name = "authsecret",
> + .type = QEMU_OPT_STRING,
> + .help = "ID of secret providing the password",
> + },
> { /* end of list */ }
> },
> };
> @@ -436,6 +467,7 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
> char conf[RBD_MAX_CONF_SIZE];
> char clientname_buf[RBD_MAX_CONF_SIZE];
> char *clientname;
> + const char *secretid;
> QemuOpts *opts;
> Error *local_err = NULL;
> const char *filename;
> @@ -450,6 +482,7 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
> }
>
> filename = qemu_opt_get(opts, "filename");
> + secretid = qemu_opt_get(opts, "authsecret");
>
> if (qemu_rbd_parsename(filename, pool, sizeof(pool),
> snap_buf, sizeof(snap_buf),
> @@ -488,6 +521,10 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
> }
> }
>
> + if (qemu_rbd_set_auth(s->cluster, secretid, errp) < 0) {
> + goto failed_shutdown;
> + }
> +
> /*
> * Fallback to more conservative semantics if setting cache
> * options fails. Ignore errors from setting rbd_cache because the
> @@ -919,6 +956,11 @@ static QemuOptsList qemu_rbd_create_opts = {
> .type = QEMU_OPT_SIZE,
> .help = "RBD object size"
> },
> + {
> + .name = "authsecret",
> + .type = QEMU_OPT_STRING,
> + .help = "ID of secret providing the password",
> + },
> { /* end of list */ }
> }
> };
next prev parent reply other threads:[~2015-10-19 22:57 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-19 15:09 [Qemu-devel] [PATCH 00/17] Framework for securely passing secrets to QEMU Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling Daniel P. Berrange
2015-10-19 15:18 ` Paolo Bonzini
2015-10-19 15:24 ` Daniel P. Berrange
2015-10-19 15:40 ` Paolo Bonzini
2015-10-19 15:46 ` Daniel P. Berrange
2015-10-19 16:12 ` Paolo Bonzini
2015-10-19 16:24 ` Daniel P. Berrange
2015-10-19 16:28 ` Paolo Bonzini
2015-10-19 16:30 ` Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 02/17] crypto: add support for loading encrypted x509 keys Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 03/17] rbd: add support for getting password from QCryptoSecret object Daniel P. Berrange
2015-10-19 22:57 ` Josh Durgin [this message]
2015-10-20 8:35 ` Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 04/17] curl: add support for HTTP authentication parameters Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 05/17] iscsi: add support for getting CHAP password via QCryptoSecret API Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 06/17] qcow: add a 'keyid' parameter to qcow options Daniel P. Berrange
2015-10-28 13:56 ` Eric Blake
2015-10-19 15:09 ` [Qemu-devel] [PATCH 07/17] qcow2: add a 'keyid' parameter to qcow2 options Daniel P. Berrange
2015-10-19 23:29 ` Eric Blake
2015-10-28 13:58 ` Eric Blake
2015-10-19 15:09 ` [Qemu-devel] [PATCH 08/17] qom: add user_creatable_add & user_creatable_del methods Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 09/17] qemu-img: add support for --object command line arg Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 10/17] qemu-nbd: " Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 11/17] qemu-io: " Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 12/17] qemu-io: allow specifying image as a set of options args Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 13/17] qemu-nbd: " Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 14/17] qemu-img: " Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 15/17] block: rip out all traces of password prompting Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 16/17] block: remove all encryption handling APIs Daniel P. Berrange
2015-10-19 15:09 ` [Qemu-devel] [PATCH 17/17] block: remove support for writing to qcow/qcow2 encrypted images Daniel P. Berrange
2015-10-19 16:05 ` [Qemu-devel] [PATCH 00/17] Framework for securely passing secrets to QEMU Alex Bennée
2015-10-19 16:14 ` Daniel P. Berrange
2015-10-19 17:13 ` Dr. David Alan Gilbert
2015-10-19 17:46 ` Daniel P. Berrange
2015-10-23 15:31 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56257559.1060001@redhat.com \
--to=jdurgin@redhat.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=ronniesahlberg@gmail.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).