The RBD, Curl and iSCSI block device drivers all need the ability to accept a password to authenticate with the remote network storage server. Currently RBD and iSCSI both just take the password in clear text as part of the block parameters which is insecure (passwords are visible in the process listing), while Curl doesn't support auth at all.
This series updates all three drivers so that they use the recently merged QCryptoSecret API for getting passwords. Each driver gains a 'passwordid' property that can be set to provide the ID of a QCryptoSecret object instance, which in turn provides the actual password data. These patches were previously sent as part of a larger series: https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg04365.html The QCryptoSecret object support was already merged, and the additions to qemu-img/qemu-io/qemu-nbd I'll submit separately since there is no strict dependancy between those additions and these patches. Daniel P. Berrange (3): rbd: add support for getting password from QCryptoSecret object curl: add support for HTTP authentication parameters iscsi: add support for getting CHAP password via QCryptoSecret API block/curl.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ block/iscsi.c | 24 +++++++++++++++++++++- block/rbd.c | 47 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 136 insertions(+), 1 deletion(-) -- 2.5.0
