Re: [PATCH virt-viewer V2 1/2] remote-viewer: allow username in ovirt URIs

Christophe Fergeau <cfergeau@xxxxxxxxxx> · Thu, 7 Aug 2014 18:08:10 +0200

On Thu, Aug 07, 2014 at 10:20:55AM -0500, Jonathon Jongsma wrote:
> When the user launches remote-viewer with an ovirt URI of the form
> 
>         ovirt://user@host/vmname
> 
> Pre-populate the authentication dialog with the specified username. We
> don't support specifying the password on the commandline, since that is
> a potential security risk.
> 
> rhbz#1061826
> ---
> 
> Changes since V1: coding style fixups (Fabiano) and grab focus on password
> entry if username is pre-filled (Christophe)
> 
>  src/remote-viewer.c    | 21 +++++++++++++++++----
>  src/virt-viewer-auth.c | 13 ++++++++++++-
>  2 files changed, 29 insertions(+), 5 deletions(-)
> 
> diff --git a/src/remote-viewer.c b/src/remote-viewer.c
> index 3a0a71e..b2cf748 100644
> --- a/src/remote-viewer.c
> +++ b/src/remote-viewer.c
> @@ -624,7 +624,7 @@ remote_viewer_window_added(VirtViewerApp *app,
>  
>  #ifdef HAVE_OVIRT
>  static gboolean
> -parse_ovirt_uri(const gchar *uri_str, char **rest_uri, char **name)
> +parse_ovirt_uri(const gchar *uri_str, char **rest_uri, char **name, char **username)
>  {
>      char *vm_name = NULL;
>      char *rel_path;
> @@ -662,6 +662,9 @@ parse_ovirt_uri(const gchar *uri_str, char **rest_uri, char **name)
>      vm_name = path_elements[element_count-1];
>      path_elements[element_count-1] = NULL;
>  
> +    if (username && uri->user)
> +        *username = g_strdup(uri->user);
> +
>      /* build final URI */
>      rel_path = g_strjoinv("/", path_elements);
>      /* FIXME: how to decide between http and https? */
> @@ -681,10 +684,14 @@ static gboolean
>  authenticate_cb(RestProxy *proxy, G_GNUC_UNUSED RestProxyAuth *auth,
>                  G_GNUC_UNUSED gboolean retrying, gpointer user_data)
>  {
> -    gchar *username;
> -    gchar *password;
> +    gchar *username = NULL;
> +    gchar *password = NULL;
>      VirtViewerWindow *window;
>  
> +    g_object_get(proxy,
> +                 "username", &username,
> +                 NULL);
> +
>      window = virt_viewer_app_get_main_window(VIRT_VIEWER_APP(user_data));
>      int ret = virt_viewer_auth_collect_credentials(virt_viewer_window_get_window(window),
>                                                     "oVirt",

'username' will be leaked in that function if 'ret' is FALSE.
ACK from me with that fixed.

Christophe
Attachment:
pgpEePd9BWneO.pgp

Description: PGP signature
_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list