From nobody Mon Feb 9 02:27:30 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1490621309406457.4011878828446; Mon, 27 Mar 2017 06:28:29 -0700 (PDT) Received: from localhost ([::1]:46812 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1csUhA-0003OL-1T for importer@patchew.org; Mon, 27 Mar 2017 09:28:28 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60335) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1csUfW-00026x-WB for qemu-devel@nongnu.org; Mon, 27 Mar 2017 09:26:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1csUfQ-0006Pk-LU for qemu-devel@nongnu.org; Mon, 27 Mar 2017 09:26:46 -0400 Received: from mx1.redhat.com ([209.132.183.28]:39030) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1csUfQ-0006OW-9y for qemu-devel@nongnu.org; Mon, 27 Mar 2017 09:26:40 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1C6D8C0641EA for ; Mon, 27 Mar 2017 13:26:39 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-26.ams2.redhat.com [10.36.116.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 903A48866A; Mon, 27 Mar 2017 13:26:38 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id 8E481113860E; Mon, 27 Mar 2017 15:26:35 +0200 (CEST) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 1C6D8C0641EA Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=armbru@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 1C6D8C0641EA From: Markus Armbruster To: qemu-devel@nongnu.org Date: Mon, 27 Mar 2017 15:26:34 +0200 Message-Id: <1490621195-2228-11-git-send-email-armbru@redhat.com> In-Reply-To: <1490621195-2228-1-git-send-email-armbru@redhat.com> References: <1490621195-2228-1-git-send-email-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Mon, 27 Mar 2017 13:26:39 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH RFC v3 for-2.9 10/11] Revert "rbd: add support for getting password from QCryptoSecret object" X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, jdurgin@redhat.com, jcody@redhat.com, mreitz@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This reverts commit 60390a2192e7b38aee18db6ce7fb740498709737. The commit's rationale Currently RBD passwords must be provided on the command line via $QEMU -drive file=3Drbd:pool/image:id=3Dmyname:\ key=3DQVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMU= E=3D:\ auth_supported=3Dcephx This is insecure because the key is visible in the OS process listing. is invalid. You can easily avoid passing keys on the command line by using "keyfile" instead of "key". In fact, the Ceph documentation calls use of key "not recommended". But the most common way to provide keys is a keyring. The default keyrings should be just fine for most users. When they aren't, you can configure your own keyrings with "keyring" or override the key with "keyfile". The commit adds parameter password-secret to -drive. Support for it was included in -blockdev, but reverted in the previous commit due to concerns about the QMP interface. Revert it from -drive, too. Cc: Daniel P. Berrange Signed-off-by: Markus Armbruster --- block/rbd.c | 47 ----------------------------------------------- 1 file changed, 47 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index 103ce44..5a58d3e 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -16,7 +16,6 @@ #include "qapi/error.h" #include "qemu/error-report.h" #include "block/block_int.h" -#include "crypto/secret.h" #include "qemu/cutils.h" #include "qapi/qmp/qstring.h" =20 @@ -225,26 +224,6 @@ done: return; } =20 - -static int qemu_rbd_set_auth(rados_t cluster, const char *secretid, - Error **errp) -{ - if (secretid =3D=3D 0) { - return 0; - } - - gchar *secret =3D qcrypto_secret_lookup_as_base64(secretid, - errp); - if (!secret) { - return -1; - } - - rados_conf_set(cluster, "key", secret); - g_free(secret); - - return 0; -} - static int qemu_rbd_set_keypairs(rados_t cluster, const char *keypairs, Error **errp) { @@ -322,11 +301,6 @@ static QemuOptsList runtime_opts =3D { /* * server.* extracted manually, see qemu_rbd_array_opts() */ - { - .name =3D "password-secret", - .type =3D QEMU_OPT_STRING, - .help =3D "ID of secret providing the password", - }, =20 /* * Keys for qemu_rbd_parse_filename(), not in the QAPI schema @@ -366,14 +340,11 @@ static int qemu_rbd_create(const char *filename, Qemu= Opts *opts, Error **errp) int64_t objsize; int obj_order =3D 0; const char *pool, *name, *conf, *clientname, *keypairs; - const char *secretid; rados_t cluster; rados_ioctx_t io_ctx; QDict *options =3D NULL; int ret =3D 0; =20 - secretid =3D qemu_opt_get(opts, "password-secret"); - /* Read out options */ bytes =3D ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0), BDRV_SECTOR_SIZE); @@ -426,11 +397,6 @@ static int qemu_rbd_create(const char *filename, QemuO= pts *opts, Error **errp) goto shutdown; } =20 - if (qemu_rbd_set_auth(cluster, secretid, errp) < 0) { - ret =3D -EIO; - goto shutdown; - } - ret =3D rados_connect(cluster); if (ret < 0) { error_setg_errno(errp, -ret, "error connecting"); @@ -596,7 +562,6 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *o= ptions, int flags, { BDRVRBDState *s =3D bs->opaque; const char *pool, *snap, *conf, *clientname, *name, *keypairs; - const char *secretid; QemuOpts *opts; Error *local_err =3D NULL; char *mon_host =3D NULL; @@ -618,8 +583,6 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *o= ptions, int flags, goto failed_opts; } =20 - secretid =3D qemu_opt_get(opts, "password-secret"); - pool =3D qemu_opt_get(opts, "pool"); conf =3D qemu_opt_get(opts, "conf"); snap =3D qemu_opt_get(opts, "snapshot"); @@ -661,11 +624,6 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *= options, int flags, } } =20 - if (qemu_rbd_set_auth(s->cluster, secretid, errp) < 0) { - r =3D -EIO; - goto failed_shutdown; - } - /* * Fallback to more conservative semantics if setting cache * options fails. Ignore errors from setting rbd_cache because the @@ -1105,11 +1063,6 @@ static QemuOptsList qemu_rbd_create_opts =3D { .type =3D QEMU_OPT_SIZE, .help =3D "RBD object size" }, - { - .name =3D "password-secret", - .type =3D QEMU_OPT_STRING, - .help =3D "ID of secret providing the password", - }, { /* end of list */ } } }; --=20 2.7.4