Commit b189346e authored by Daniel P. Berrangé's avatar Daniel P. Berrangé Committed by Jeff Cody
Browse files

iscsi: add support for getting CHAP password via QCryptoSecret API 

The iSCSI driver currently accepts the CHAP password in plain text
as a block driver property. This change adds a new "password-secret"
property that accepts the ID of a QCryptoSecret instance.

  $QEMU \
     -object secret,id=sec0,filename=/home/berrange/example.pw \
     -drive driver=iscsi,url=iscsi://example.com/target-foo/lun1,\


            user=dan,password-secret=sec0

Signed-off-by: default avatarDaniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-4-git-send-email-berrange@redhat.com
Signed-off-by: default avatarJeff Cody <jcody@redhat.com>
parent 1bff9606

block/iscsi.c

+23 −1
Original line number Diff line number Diff line
@@ -39,6 +39,7 @@ 
#include "sysemu/sysemu.h"

#include "qmp-commands.h"

#include "qapi/qmp/qstring.h"

#include "crypto/secret.h"



#include <iscsi/iscsi.h>

#include <iscsi/scsi-lowlevel.h>
@@ -1080,6 +1081,8 @@ static void parse_chap(struct iscsi_context *iscsi, const char *target, 
    QemuOpts *opts;

    const char *user = NULL;

    const char *password = NULL;

    const char *secretid;

    char *secret = NULL;



    list = qemu_find_opts("iscsi");

    if (!list) {
@@ -1099,8 +1102,20 @@ static void parse_chap(struct iscsi_context *iscsi, const char *target, 
        return;

    }



    secretid = qemu_opt_get(opts, "password-secret");

    password = qemu_opt_get(opts, "password");

    if (!password) {

    if (secretid && password) {

        error_setg(errp, "'password' and 'password-secret' properties are "

                   "mutually exclusive");

        return;

    }

    if (secretid) {

        secret = qcrypto_secret_lookup_as_utf8(secretid, errp);

        if (!secret) {

            return;

        }

        password = secret;

    } else if (!password) {

        error_setg(errp, "CHAP username specified but no password was given");

        return;

    }
@@ -1108,6 +1123,8 @@ static void parse_chap(struct iscsi_context *iscsi, const char *target, 
    if (iscsi_set_initiator_username_pwd(iscsi, user, password)) {

        error_setg(errp, "Failed to set initiator username and password");

    }



    g_free(secret);

}



static void parse_header_digest(struct iscsi_context *iscsi, const char *target,
@@ -1857,6 +1874,11 @@ static QemuOptsList qemu_iscsi_opts = { 
            .name = "password",

            .type = QEMU_OPT_STRING,

            .help = "password for CHAP authentication to target",

        },{

            .name = "password-secret",

            .type = QEMU_OPT_STRING,

            .help = "ID of the secret providing password for CHAP "

                    "authentication to target",

        },{

            .name = "header-digest",

            .type = QEMU_OPT_STRING,