[Libguestfs] [PATCH nbdkit] vddk: Disallow password=-

Richard W.M. Jones rjones at redhat.com
Mon Jun 1 16:07:11 UTC 2020 

This has been broken since we added the reexec code
(commit 155af3107292c351d54ed42c732f4a67bb9aa910) because it
tried to read the password twice (before and after the reexec) failing
the second time because stdin had already been reopened on /dev/null.

Virt-v2v used this feature, but I will change virt-v2v instead.
---
 plugins/vddk/nbdkit-vddk-plugin.pod | 7 +------
 plugins/vddk/vddk.c                 | 4 ++++
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/plugins/vddk/nbdkit-vddk-plugin.pod b/plugins/vddk/nbdkit-vddk-plugin.pod
index 73316dd1..96a665b6 100644
--- a/plugins/vddk/nbdkit-vddk-plugin.pod
+++ b/plugins/vddk/nbdkit-vddk-plugin.pod
@@ -7,8 +7,7 @@ nbdkit-vddk-plugin - nbdkit VMware VDDK plugin
  nbdkit vddk [file=]FILENAME
              [config=FILENAME] [cookie=COOKIE] [libdir=LIBRARY]
              [nfchostport=PORT] [single-link=true]
-             [password=PASSWORD | password=- | password=+FILENAME
-             | password=-FD]
+             [password=PASSWORD | password=+FILENAME | password=-FD]
              [port=PORT] [server=HOSTNAME] [snapshot=MOREF]
              [thumbprint=THUMBPRINT] [transports=MODE:MODE:...]
              [unbuffered=true] [user=USERNAME] [vm=moref=ID]
@@ -159,10 +158,6 @@ Set the password to use when connecting to the remote server.
 Note that passing this on the command line is not secure on shared
 machines.
 
-=item B<password=->
-
-Ask for the password (interactively) when nbdkit starts up.
-
 =item B<password=+>FILENAME
 
 Read the password from the named file.  This is a secure method
diff --git a/plugins/vddk/vddk.c b/plugins/vddk/vddk.c
index 4815a43e..54a6e019 100644
--- a/plugins/vddk/vddk.c
+++ b/plugins/vddk/vddk.c
@@ -240,6 +240,10 @@ vddk_config (const char *key, const char *value)
       return -1;
   }
   else if (strcmp (key, "password") == 0) {
+    if (strcmp (value, "-") == 0) {
+      nbdkit_error ("password=- is not supported with the VDDK plugin");
+      return -1;
+    }
     free (password);
     if (nbdkit_read_password (value, &password) == -1)
       return -1;
-- 
2.25.0

More information about the Libguestfs mailing list