virStorageBackendRBDOpenRADOSConn: Don't log the RBD key

'virStorageBackendRBDRADOSConfSet' logs its arguments but it's also
used to set the RBD secret/key.

All the security theatre with securely erasing the string we do to fetch
the secret would be quite pointless if we log it thus introduce
virStorageBackendRBDRADOSConfSetQuiet and use it to avoid logging the
password.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c
index 52407f8e6f6e0c92bee9d21a92eada36eba1ef5c..05b2c43f79e069171cca3fb7d90d80f0b8157823 100644 (file)
--- a/src/storage/storage_backend_rbd.c
+++ b/src/storage/storage_backend_rbd.c
@@ -161,12 +161,10 @@ virStoragePoolDefRBDNamespaceFormatXML(virBuffer *buf,
 
 
 static int
-virStorageBackendRBDRADOSConfSet(rados_t cluster,
-                                 const char *option,
-                                 const char *value)
+virStorageBackendRBDRADOSConfSetQuiet(rados_t cluster,
+                                      const char *option,
+                                      const char *value)
 {
-    VIR_DEBUG("Setting RADOS option '%s' to '%s'",
-              option, value);
     if (rados_conf_set(cluster, option, value) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("failed to set RADOS option: %s"),
@@ -177,6 +175,19 @@ virStorageBackendRBDRADOSConfSet(rados_t cluster,
     return 0;
 }
 
+
+static int
+virStorageBackendRBDRADOSConfSet(rados_t cluster,
+                                 const char *option,
+                                 const char *value)
+{
+    VIR_DEBUG("Setting RADOS option '%s' to '%s'",
+              option, value);
+
+    return virStorageBackendRBDRADOSConfSetQuiet(cluster, option, value);
+}
+
+
 static int
 virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDState *ptr,
                                   virStoragePoolDef *def)
@@ -222,7 +233,8 @@ virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDState *ptr,
         rados_key = g_base64_encode(secret_value, secret_value_size);
         virSecureErase(secret_value, secret_value_size);
 
-        rc = virStorageBackendRBDRADOSConfSet(ptr->cluster, "key", rados_key);
+        VIR_DEBUG("Setting RADOS option 'key'");
+        rc = virStorageBackendRBDRADOSConfSetQuiet(ptr->cluster, "key", rados_key);
         virSecureEraseString(rados_key);
 
         if (rc < 0)