On Wed, Apr 20, 2022 at 09:52:34 +0100, Richard W.M. Jones wrote:
On Wed, Apr 20, 2022 at 09:36:29AM +0200, Peter Krempa wrote:
> I'll post patches to address that, but the question is whether we want
> to bother with actually supporting the password authentication or not,
> because the simpler approach to fixing the bug is to simply allow it.
Did you mean: Simply _not_ allow it?
No actually code-wise everything seems to be in place. The parser parses
it, the -blockdev formatter supports it. The only thing that prevents
from use of the authentication with the curl driver backends is a check
in a helper function which limits the protocols we instantiate the
'secret' object for.
Removing that limit actually makes us pass the secret to qemu and our
validator shows that it's valid definition.
Adding the schema bits should be easy too.