On Wed, Apr 20, 2022 at 09:52:34 +0100, Richard W.M. Jones wrote: > On Wed, Apr 20, 2022 at 09:36:29AM +0200, Peter Krempa wrote: > > I'll post patches to address that, but the question is whether we want > > to bother with actually supporting the password authentication or not, > > because the simpler approach to fixing the bug is to simply allow it. > > Did you mean: Simply _not_ allow it? No actually code-wise everything seems to be in place. The parser parses it, the -blockdev formatter supports it. The only thing that prevents from use of the authentication with the curl driver backends is a check in a helper function which limits the protocols we instantiate the 'secret' object for. Removing that limit actually makes us pass the secret to qemu and our validator shows that it's valid definition. Adding the schema bits should be easy too.
