Proposed libguestfs API for implementing libvirt virConnectOpenAuth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



As in the example code below.

static void
do_auth (guestfs_h *g,
         void *opaque,
         uint64_t event,
         int event_handle,
         int flags,
         const char *buf, size_t buf_len,
         const uint64_t *array, size_t array_len)
{
  char **creds;
  size_t i;
  char *prompt;
  char *reply;
  size_t replylen;

  // buf will be the libvirt URI.  It is always \0-terminated so
  // buf_len can be ignored in this case.
  printf ("Authentication required for libvirt connection '%s'\n", buf);

  // Ask libguestfs what credentials libvirt is demanding.
  creds = guestfs_get_libvirt_requested_credentials (g);

  // Now ask the user for answers.
  for (i = 0; creds[i] != NULL; ++i) {
    if (strcmp (creds[i], "authname") == 0 ||
        strcmp (creds[i], "passphrase") == 0) {
      prompt = guestfs_get_libvirt_requested_credential_prompt (g, i);
      printf ("%s: ", prompt);
      free (prompt);

      // ...

      // Input from user is in 'reply', length 'replylen' (bytes).
      guestfs_set_libvirt_requested_credential (g, i, reply, replylen);
    }

    free (creds[i]);
  }

  free (creds);

  // On return from this function (libguestfs event), the libvirt
  // event returns too.
}

// ...
{
  guestfs_h *g;
  char *creds[] = { "authname", "passphrase", NULL };

  g = guestfs_create ();
  guestfs_set_libvirt_supported_credentials (g, creds);
  guestfs_set_event_callback (g, do_auth,
      GUESTFS_EVENT_LIBVIRT_AUTH, 0, NULL);

  // An example of a function that would open a libvirt connection:
  guestfs_add_domain (g, "dom",
      GUESTFS_ADD_DOMAIN_LIBVIRTURI, "qemu:///system",
      -1);
}

----------------------------------------------------------------------

By the way, some of the virt tools can open multiple connections to
libvirt, and it is architecturally hard to change this:
https://www.redhat.com/archives/libguestfs/2012-October/msg00065.html

Does libvirt (or policy kit?) provide any mechanism for caching these
credentials within the same process, so that we don't have to provide
the same creds back to libvirt for multiple connections?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]