[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-block] [PATCH v4 24/26] block: rip out all traces of password prom
|
From: |
Daniel P. Berrange |
|
Subject: |
[Qemu-block] [PATCH v4 24/26] block: rip out all traces of password prompting |
|
Date: |
Mon, 29 Feb 2016 12:00:59 +0000 |
Now that qcow & qcow2 are wired up to get encryption keys
via the QCryptoSecret object, nothing is relying on the
interactive prompting for passwords. All the code related
to password prompting can thus be ripped out.
Signed-off-by: Daniel P. Berrange <address@hidden>
---
hmp.c | 31 ---------------------
hw/usb/dev-storage.c | 34 ------------------------
include/monitor/monitor.h | 7 -----
include/qemu/osdep.h | 2 --
monitor.c | 68 -----------------------------------------------
qemu-img.c | 31 ---------------------
qemu-io.c | 21 ---------------
qmp.c | 10 +------
tests/qemu-iotests/087 | 2 ++
util/oslib-posix.c | 66 ---------------------------------------------
util/oslib-win32.c | 24 -----------------
11 files changed, 3 insertions(+), 293 deletions(-)
diff --git a/hmp.c b/hmp.c
index 5b6084a..b24d367 100644
--- a/hmp.c
+++ b/hmp.c
@@ -969,37 +969,12 @@ void hmp_ringbuf_read(Monitor *mon, const QDict *qdict)
g_free(data);
}
-static void hmp_cont_cb(void *opaque, int err)
-{
- if (!err) {
- qmp_cont(NULL);
- }
-}
-
-static bool key_is_missing(const BlockInfo *bdev)
-{
- return (bdev->inserted && bdev->inserted->encryption_key_missing);
-}
-
void hmp_cont(Monitor *mon, const QDict *qdict)
{
- BlockInfoList *bdev_list, *bdev;
Error *err = NULL;
- bdev_list = qmp_query_block(NULL);
- for (bdev = bdev_list; bdev; bdev = bdev->next) {
- if (key_is_missing(bdev->value)) {
- monitor_read_block_device_key(mon, bdev->value->device,
- hmp_cont_cb, NULL);
- goto out;
- }
- }
-
qmp_cont(&err);
hmp_handle_error(mon, &err);
-
-out:
- qapi_free_BlockInfoList(bdev_list);
}
void hmp_system_wakeup(Monitor *mon, const QDict *qdict)
@@ -1380,12 +1355,6 @@ void hmp_change(Monitor *mon, const QDict *qdict)
qmp_blockdev_change_medium(device, target, !!arg, arg,
!!read_only, read_only_mode, &err);
- if (err &&
- error_get_class(err) == ERROR_CLASS_DEVICE_ENCRYPTED) {
- error_free(err);
- monitor_read_block_device_key(mon, device, NULL, NULL);
- return;
- }
}
hmp_handle_error(mon, &err);
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index 5ae0424..de318cf 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -554,21 +554,6 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket
*p)
}
}
-static void usb_msd_password_cb(void *opaque, int err)
-{
- MSDState *s = opaque;
- Error *local_err = NULL;
-
- if (!err) {
- usb_device_attach(&s->dev, &local_err);
- }
-
- if (local_err) {
- error_report_err(local_err);
- qdev_unplug(&s->dev.qdev, NULL);
- }
-}
-
static void *usb_msd_load_request(QEMUFile *f, SCSIRequest *req)
{
MSDState *s = DO_UPCAST(MSDState, dev.qdev, req->bus->qbus.parent);
@@ -614,25 +599,6 @@ static void usb_msd_realize_storage(USBDevice *dev, Error
**errp)
return;
}
- if (blk_bs(blk)) {
- bdrv_add_key(blk_bs(blk), NULL, &err);
- if (err) {
- if (monitor_cur_is_qmp()) {
- error_propagate(errp, err);
- return;
- }
- error_free(err);
- err = NULL;
- if (cur_mon) {
- monitor_read_bdrv_key_start(cur_mon, blk_bs(blk),
- usb_msd_password_cb, s);
- s->dev.auto_attach = 0;
- } else {
- autostart = 0;
- }
- }
- }
-
blkconf_serial(&s->conf, &dev->serial);
blkconf_blocksizes(&s->conf);
diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h
index aa0f373..cd38020 100644
--- a/include/monitor/monitor.h
+++ b/include/monitor/monitor.h
@@ -21,13 +21,6 @@ void monitor_init(CharDriverState *chr, int flags);
int monitor_suspend(Monitor *mon);
void monitor_resume(Monitor *mon);
-int monitor_read_bdrv_key_start(Monitor *mon, BlockDriverState *bs,
- BlockCompletionFunc *completion_cb,
- void *opaque);
-int monitor_read_block_device_key(Monitor *mon, const char *device,
- BlockCompletionFunc *completion_cb,
- void *opaque);
-
int monitor_get_fd(Monitor *mon, const char *fdname, Error **errp);
int monitor_fd_param(Monitor *mon, const char *fdname, Error **errp);
diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index 4538fdc..0f99327 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -322,8 +322,6 @@ void qemu_set_tty_echo(int fd, bool echo);
void os_mem_prealloc(int fd, char *area, size_t sz);
-int qemu_read_password(char *buf, int buf_size);
-
/**
* qemu_fork:
*
diff --git a/monitor.c b/monitor.c
index 73eac17..32a8078 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4138,74 +4138,6 @@ void monitor_init(CharDriverState *chr, int flags)
qemu_mutex_unlock(&monitor_lock);
}
-static void bdrv_password_cb(void *opaque, const char *password,
- void *readline_opaque)
-{
- Monitor *mon = opaque;
- BlockDriverState *bs = readline_opaque;
- int ret = 0;
- Error *local_err = NULL;
-
- bdrv_add_key(bs, password, &local_err);
- if (local_err) {
- error_report_err(local_err);
- ret = -EPERM;
- }
- if (mon->password_completion_cb)
- mon->password_completion_cb(mon->password_opaque, ret);
-
- monitor_read_command(mon, 1);
-}
-
-int monitor_read_bdrv_key_start(Monitor *mon, BlockDriverState *bs,
- BlockCompletionFunc *completion_cb,
- void *opaque)
-{
- int err;
-
- monitor_printf(mon, "%s (%s) is encrypted.\n", bdrv_get_device_name(bs),
- bdrv_get_encrypted_filename(bs));
-
- mon->password_completion_cb = completion_cb;
- mon->password_opaque = opaque;
-
- err = monitor_read_password(mon, bdrv_password_cb, bs);
-
- if (err && completion_cb)
- completion_cb(opaque, err);
-
- return err;
-}
-
-int monitor_read_block_device_key(Monitor *mon, const char *device,
- BlockCompletionFunc *completion_cb,
- void *opaque)
-{
- Error *err = NULL;
- BlockBackend *blk;
-
- blk = blk_by_name(device);
- if (!blk) {
- monitor_printf(mon, "Device not found %s\n", device);
- return -1;
- }
- if (!blk_bs(blk)) {
- monitor_printf(mon, "Device '%s' has no medium\n", device);
- return -1;
- }
-
- bdrv_add_key(blk_bs(blk), NULL, &err);
- if (err) {
- error_free(err);
- return monitor_read_bdrv_key_start(mon, blk_bs(blk), completion_cb,
opaque);
- }
-
- if (completion_cb) {
- completion_cb(opaque, 0);
- }
- return 0;
-}
-
QemuOptsList qemu_mon_opts = {
.name = "mon",
.implied_opt_name = "chardev",
diff --git a/qemu-img.c b/qemu-img.c
index b9a501c..e8e56da 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -223,29 +223,6 @@ static int print_block_option_help(const char *filename,
const char *fmt)
}
-static int img_open_password(BlockBackend *blk, const char *filename,
- int flags, bool quiet)
-{
- BlockDriverState *bs;
- char password[256];
-
- bs = blk_bs(blk);
- if (bdrv_is_encrypted(bs) && bdrv_key_required(bs) &&
- !(flags & BDRV_O_NO_IO)) {
- qprintf(quiet, "Disk image '%s' is encrypted.\n", filename);
- if (qemu_read_password(password, sizeof(password)) < 0) {
- error_report("No password given");
- return -1;
- }
- if (bdrv_set_key(bs, password) < 0) {
- error_report("invalid password");
- return -1;
- }
- }
- return 0;
-}
-
-
static BlockBackend *img_open_opts(const char *id,
const char *optstr,
QemuOpts *opts, int flags,
@@ -261,10 +238,6 @@ static BlockBackend *img_open_opts(const char *id,
return NULL;
}
- if (img_open_password(blk, optstr, flags, quiet) < 0) {
- blk_unref(blk);
- return NULL;
- }
return blk;
}
@@ -287,10 +260,6 @@ static BlockBackend *img_open_file(const char *id, const
char *filename,
return NULL;
}
- if (img_open_password(blk, filename, flags, quiet) < 0) {
- blk_unref(blk);
- return NULL;
- }
return blk;
}
diff --git a/qemu-io.c b/qemu-io.c
index d825723..0b059dc 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -53,7 +53,6 @@ static const cmdinfo_t close_cmd = {
static int openfile(char *name, int flags, QDict *opts)
{
Error *local_err = NULL;
- BlockDriverState *bs;
if (qemuio_blk) {
error_report("file open already, try 'help close'");
@@ -68,27 +67,7 @@ static int openfile(char *name, int flags, QDict *opts)
return 1;
}
- bs = blk_bs(qemuio_blk);
- if (bdrv_is_encrypted(bs) && bdrv_key_required(bs)) {
- char password[256];
- printf("Disk image '%s' is encrypted.\n", name);
- if (qemu_read_password(password, sizeof(password)) < 0) {
- error_report("No password given");
- goto error;
- }
- if (bdrv_set_key(bs, password) < 0) {
- error_report("invalid password");
- goto error;
- }
- }
-
-
return 0;
-
- error:
- blk_unref(qemuio_blk);
- qemuio_blk = NULL;
- return 1;
}
static void open_help(void)
diff --git a/qmp.c b/qmp.c
index 3f16a77..abbe85e 100644
--- a/qmp.c
+++ b/qmp.c
@@ -178,9 +178,8 @@ SpiceInfo *qmp_query_spice(Error **errp)
void qmp_cont(Error **errp)
{
- Error *local_err = NULL;
BlockBackend *blk;
- BlockDriverState *bs;
+ Error *local_err = NULL;
/* if there is a dump in background, we should wait until the dump
* finished */
@@ -199,13 +198,6 @@ void qmp_cont(Error **errp)
for (blk = blk_next(NULL); blk; blk = blk_next(blk)) {
blk_iostatus_reset(blk);
}
- for (bs = bdrv_next(NULL); bs; bs = bdrv_next(bs)) {
- bdrv_add_key(bs, NULL, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- }
/* Continuing after completed migration. Images have been inactivated to
* allow the destination to take control. Need to get control back now. */
diff --git a/tests/qemu-iotests/087 b/tests/qemu-iotests/087
index 3386668..065d9af 100755
--- a/tests/qemu-iotests/087
+++ b/tests/qemu-iotests/087
@@ -201,6 +201,7 @@ run_qemu -S <<EOF
"options": {
"driver": "$IMGFMT",
"id": "disk",
+ "key-secret": "sec0",
"file": {
"driver": "file",
"filename": "$TEST_IMG"
@@ -228,6 +229,7 @@ run_qemu <<EOF
"options": {
"driver": "$IMGFMT",
"id": "disk",
+ "key-secret": "sec0",
"file": {
"driver": "file",
"filename": "$TEST_IMG"
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index 7615be4..c4b6549 100644
--- a/util/oslib-posix.c
+++ b/util/oslib-posix.c
@@ -374,72 +374,6 @@ void os_mem_prealloc(int fd, char *area, size_t memory)
}
-static struct termios oldtty;
-
-static void term_exit(void)
-{
- tcsetattr(0, TCSANOW, &oldtty);
-}
-
-static void term_init(void)
-{
- struct termios tty;
-
- tcgetattr(0, &tty);
- oldtty = tty;
-
- tty.c_iflag &= ~(IGNBRK|BRKINT|PARMRK|ISTRIP
- |INLCR|IGNCR|ICRNL|IXON);
- tty.c_oflag |= OPOST;
- tty.c_lflag &= ~(ECHO|ECHONL|ICANON|IEXTEN);
- tty.c_cflag &= ~(CSIZE|PARENB);
- tty.c_cflag |= CS8;
- tty.c_cc[VMIN] = 1;
- tty.c_cc[VTIME] = 0;
-
- tcsetattr(0, TCSANOW, &tty);
-
- atexit(term_exit);
-}
-
-int qemu_read_password(char *buf, int buf_size)
-{
- uint8_t ch;
- int i, ret;
-
- printf("password: ");
- fflush(stdout);
- term_init();
- i = 0;
- for (;;) {
- ret = read(0, &ch, 1);
- if (ret == -1) {
- if (errno == EAGAIN || errno == EINTR) {
- continue;
- } else {
- break;
- }
- } else if (ret == 0) {
- ret = -1;
- break;
- } else {
- if (ch == '\r' ||
- ch == '\n') {
- ret = 0;
- break;
- }
- if (i < (buf_size - 1)) {
- buf[i++] = ch;
- }
- }
- }
- term_exit();
- buf[i] = '\0';
- printf("\n");
- return ret;
-}
-
-
pid_t qemu_fork(Error **errp)
{
sigset_t oldmask, newmask;
diff --git a/util/oslib-win32.c b/util/oslib-win32.c
index 438cfa4..e1f6aa5 100644
--- a/util/oslib-win32.c
+++ b/util/oslib-win32.c
@@ -473,30 +473,6 @@ void os_mem_prealloc(int fd, char *area, size_t memory)
}
-/* XXX: put correct support for win32 */
-int qemu_read_password(char *buf, int buf_size)
-{
- int c, i;
-
- printf("Password: ");
- fflush(stdout);
- i = 0;
- for (;;) {
- c = getchar();
- if (c < 0) {
- buf[i] = '\0';
- return -1;
- } else if (c == '\n') {
- break;
- } else if (i < (buf_size - 1)) {
- buf[i++] = c;
- }
- }
- buf[i] = '\0';
- return 0;
-}
-
-
pid_t qemu_fork(Error **errp)
{
errno = ENOSYS;
--
2.5.0
- [Qemu-block] [PATCH v4 08/26] crypto: add support for the twofish cipher algorithm, (continued)
- [Qemu-block] [PATCH v4 08/26] crypto: add support for the twofish cipher algorithm, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 12/26] crypto: add block encryption framework, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 11/26] crypto: wire up XTS mode for cipher APIs, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 10/26] crypto: refactor code for dealing with AES cipher, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 15/26] qemu-img/qemu-io: don't prompt for passwords if not required, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 14/26] block: add flag to indicate that no I/O will be performed, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 17/26] tests: refactor python I/O tests helper main method, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 09/26] crypto: import an implementation of the XTS cipher mode, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 16/26] tests: redirect stderr to stdout for iotests, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 18/26] tests: add output filter to python I/O tests helper, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 24/26] block: rip out all traces of password prompting,
Daniel P. Berrange <=
- [Qemu-block] [PATCH v4 21/26] qcow2: convert QCow2 to use QCryptoBlock for encryption, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 26/26] block: remove support for legecy AES qcow/qcow2 encryption, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 25/26] block: remove all encryption handling APIs, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 13/26] crypto: implement the LUKS block encryption format, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 22/26] qcow: make encrypt_sectors encrypt in place, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 23/26] qcow: convert QCow to use QCryptoBlock for encryption, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 20/26] qcow2: make qcow2_encrypt_sectors encrypt in place, Daniel P. Berrange, 2016/02/29
- [Qemu-block] [PATCH v4 19/26] block: add generic full disk encryption driver, Daniel P. Berrange, 2016/02/29