[PATCH 1/3] Introduce virDomainSetUserPassword API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



For setting passwords of users inside the domain.

With the VIR_DOMAIN_PASSWORD_CRYPTED flag set, the password
is assumed to be already encrypted by crypt(3).

https://bugzilla.redhat.com/show_bug.cgi?id=1174177
---
 include/libvirt/libvirt-domain.h |  9 ++++++++
 src/access/viraccessperm.c       |  2 +-
 src/access/viraccessperm.h       |  6 +++++
 src/driver-hypervisor.h          |  7 ++++++
 src/libvirt-domain.c             | 47 ++++++++++++++++++++++++++++++++++++++++
 src/libvirt_public.syms          |  5 +++++
 src/remote/remote_driver.c       |  1 +
 src/remote/remote_protocol.x     | 15 ++++++++++++-
 src/remote_protocol-structs      |  7 ++++++
 9 files changed, 97 insertions(+), 2 deletions(-)

diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
index 0f465b9..b8e803d 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -3818,4 +3818,13 @@ int virDomainInterfaceAddresses(virDomainPtr dom,
 
 void virDomainInterfaceFree(virDomainInterfacePtr iface);
 
+typedef enum {
+    VIR_DOMAIN_PASSWORD_CRYPTED = 1 << 0, /* the password is crypted by crypt(3) */
+} virDomainSetUserPasswordFlags;
+
+int virDomainSetUserPassword(virDomainPtr dom,
+                             const char *user,
+                             const char *password,
+                             unsigned int flags);
+
 #endif /* __VIR_LIBVIRT_DOMAIN_H__ */
diff --git a/src/access/viraccessperm.c b/src/access/viraccessperm.c
index 9007186..0f58290 100644
--- a/src/access/viraccessperm.c
+++ b/src/access/viraccessperm.c
@@ -43,7 +43,7 @@ VIR_ENUM_IMPL(virAccessPermDomain,
               "fs_trim", "fs_freeze",
               "block_read", "block_write", "mem_read",
               "open_graphics", "open_device", "screenshot",
-              "open_namespace", "set_time");
+              "open_namespace", "set_time", "set_password");
 
 VIR_ENUM_IMPL(virAccessPermInterface,
               VIR_ACCESS_PERM_INTERFACE_LAST,
diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h
index 8ccbbad..0acd156 100644
--- a/src/access/viraccessperm.h
+++ b/src/access/viraccessperm.h
@@ -300,6 +300,12 @@ typedef enum {
      */
     VIR_ACCESS_PERM_DOMAIN_SET_TIME,
 
+    /**
+     * @desc: Set password of the domain's account
+     * @message: Setting the domain accounts' password requires authorization
+     */
+    VIR_ACCESS_PERM_DOMAIN_SET_PASSWORD,
+
     VIR_ACCESS_PERM_DOMAIN_LAST,
 } virAccessPermDomain;
 
diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index 8b8d031..3275343 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -1201,6 +1201,12 @@ typedef int
                                   unsigned int source,
                                   unsigned int flags);
 
+typedef int
+(*virDrvDomainSetUserPassword)(virDomainPtr dom,
+                               const char *user,
+                               const char *password,
+                               unsigned int flags);
+
 typedef struct _virHypervisorDriver virHypervisorDriver;
 typedef virHypervisorDriver *virHypervisorDriverPtr;
 
@@ -1430,6 +1436,7 @@ struct _virHypervisorDriver {
     virDrvNodeAllocPages nodeAllocPages;
     virDrvDomainGetFSInfo domainGetFSInfo;
     virDrvDomainInterfaceAddresses domainInterfaceAddresses;
+    virDrvDomainSetUserPassword domainSetUserPassword;
 };
 
 
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index d467758..c4e2345 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -11001,6 +11001,53 @@ virDomainSetTime(virDomainPtr dom,
 }
 
 
+/**
+ * virDomainSetUserPassword:
+ * @dom: a domain object
+ * @user: the username that will get a new password
+ * @password: the password to set
+ * @flags: bitwise-OR of virDomainSetUserPasswordFlags
+ *
+ * Sets the @user password to the value specified by @password.
+ * If @flags contain VIR_DOMAIN_PASSWORD_CRYPTED, the password
+ * is assumed to be crypted by crypt(3).
+ *
+ * Please note that some hypervisors may require guest agent to
+ * be configured and running in order to be able to run this API.
+ *
+ * Returns 0 on success, -1 otherwise.
+ */
+int
+virDomainSetUserPassword(virDomainPtr dom,
+                         const char *user,
+                         const char *password,
+                         unsigned int flags)
+{
+    VIR_DOMAIN_DEBUG(dom, "user=%s, password=%s, flags=%x",
+                     NULLSTR(user), NULLSTR(password), flags);
+
+    virResetLastError();
+
+    virCheckDomainReturn(dom, -1);
+    virCheckReadOnlyGoto(dom->conn->flags, error);
+    virCheckNonNullArgGoto(user, error);
+    virCheckNonNullArgGoto(password, error);
+
+    if (dom->conn->driver->domainSetUserPassword) {
+        int ret = dom->conn->driver->domainSetUserPassword(dom, user, password,
+                                                           flags);
+        if (ret < 0)
+            goto error;
+        return ret;
+    }
+
+    virReportUnsupportedError();
+
+ error:
+    virDispatchError(dom->conn);
+    return -1;
+}
+
 
 /**
  * virConnectGetDomainCapabilities:
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index ef3d2f0..716dd2f 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -710,4 +710,9 @@ LIBVIRT_1.2.15 {
         virDomainDelIOThread;
 } LIBVIRT_1.2.14;
 
+LIBVIRT_1.2.16 {
+    global:
+        virDomainSetUserPassword;
+} LIBVIRT_1.2.15;
+
 # .... define new API here using predicted next version number ....
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 31417e8..dd8dab6 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -8389,6 +8389,7 @@ static virHypervisorDriver hypervisor_driver = {
     .nodeAllocPages = remoteNodeAllocPages, /* 1.2.9 */
     .domainGetFSInfo = remoteDomainGetFSInfo, /* 1.2.11 */
     .domainInterfaceAddresses = remoteDomainInterfaceAddresses, /* 1.2.14 */
+    .domainSetUserPassword = remoteDomainSetUserPassword, /* 1.2.16 */
 };
 
 static virNetworkDriver network_driver = {
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index 49b7ddd..9f1be6b 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -3223,6 +3223,13 @@ struct remote_domain_interface_addresses_ret {
     remote_domain_interface ifaces<REMOTE_DOMAIN_INTERFACE_MAX>;
 };
 
+struct remote_domain_set_user_password_args {
+    remote_nonnull_domain dom;
+    remote_string user;
+    remote_string password;
+    unsigned int flags;
+};
+
 
 /*----- Protocol. -----*/
 
@@ -5683,5 +5690,11 @@ enum remote_procedure {
      * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE
      * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG
      */
-    REMOTE_PROC_DOMAIN_DEL_IOTHREAD = 356
+    REMOTE_PROC_DOMAIN_DEL_IOTHREAD = 356,
+
+    /**
+     * @generate:both
+     * @acl: domain:set_password
+     */
+    REMOTE_PROC_DOMAIN_SET_USER_PASSWORD = 357
 };
diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs
index 116b572..48c3bd8 100644
--- a/src/remote_protocol-structs
+++ b/src/remote_protocol-structs
@@ -2678,6 +2678,12 @@ struct remote_domain_interface_addresses_ret {
                 remote_domain_interface * ifaces_val;
         } ifaces;
 };
+struct remote_domain_set_user_password_args {
+        remote_nonnull_domain      dom;
+        remote_string              user;
+        remote_string              password;
+        u_int                      flags;
+};
 enum remote_procedure {
         REMOTE_PROC_CONNECT_OPEN = 1,
         REMOTE_PROC_CONNECT_CLOSE = 2,
@@ -3035,4 +3041,5 @@ enum remote_procedure {
         REMOTE_PROC_DOMAIN_EVENT_CALLBACK_DEVICE_ADDED = 354,
         REMOTE_PROC_DOMAIN_ADD_IOTHREAD = 355,
         REMOTE_PROC_DOMAIN_DEL_IOTHREAD = 356,
+        REMOTE_PROC_DOMAIN_SET_USER_PASSWORD = 357,
 };
-- 
2.0.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]