From: "Daniel P. Berrange" <berrange@redhat.com>
To: Olga Krishtal <okrishtal@parallels.com>
Cc: qemu-devel@nongnu.org, Michael Roth <mdroth@linux.vnet.ibm.com>
Subject: Re: [Qemu-devel] [PATCH v2] qga: add guest-set-admin-password command
Date: Wed, 4 Feb 2015 14:10:05 +0000 [thread overview]
Message-ID: <20150204141005.GT3032@redhat.com> (raw)
In-Reply-To: <54D21DDB.6090009@parallels.com>
On Wed, Feb 04, 2015 at 04:25:47PM +0300, Olga Krishtal wrote:
> On 12/01/15 18:58, Daniel P. Berrange wrote:
> >Add a new 'guest-set-admin-password' command for changing the
> >root/administrator password. This command is needed to allow
> >OpenStack to support its API for changing the admin password
> >on a running guest.
> >
> >Accepts either the raw password string:
> >
> >$ virsh -c qemu:///system qemu-agent-command f21x86_64 \
> > '{ "execute": "guest-set-admin-password", "arguments":
> > { "crypted": false, "password": "12345678" } }'
> > {"return":{}}
> >
> >Or a pre-encrypted string (recommended)
> >
> >$ virsh -c qemu:///system qemu-agent-command f21x86_64 \
> > '{ "execute": "guest-set-admin-password", "arguments":
> > { "crypted": true, "password":
> > "$6$T9O/j/aGPrE...snip....rQoRN4F0.GG0MPjNUNyml." } }'
> >
> >NB windows support is desirable, but not implemented in this
> >patch.
> >
> >Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> >---
> > qga/commands-posix.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > qga/commands-win32.c | 6 ++++
> > qga/qapi-schema.json | 19 +++++++++++
> > 3 files changed, 115 insertions(+)
> >
> >diff --git a/qga/commands-posix.c b/qga/commands-posix.c
> >index f6f3e3c..4887889 100644
> >--- a/qga/commands-posix.c
> >+++ b/qga/commands-posix.c
> >@@ -1875,6 +1875,90 @@ int64_t qmp_guest_set_vcpus(GuestLogicalProcessorList *vcpus, Error **errp)
> > return processed;
> > }
> >+void qmp_guest_set_admin_password(bool crypted, const char *password,
> >+ Error **errp)
> >+{
> >+ Error *local_err = NULL;
> >+ char *passwd_path = NULL;
> >+ pid_t pid;
> >+ int status;
> >+ int datafd[2] = { -1, -1 };
> >+ char *acctpw = g_strdup_printf("root:%s\n", password);
> >+ size_t acctpwlen = strlen(acctpw);
> >+
> >+ if (strchr(password, '\n')) {
> >+ error_setg(errp, "forbidden characters in new password");
> >+ goto out;
> >+ }
> >+
> >+ passwd_path = g_find_program_in_path("chpasswd");
> >+
> >+ if (!passwd_path) {
> >+ error_setg(errp, "cannot find 'passwd' program in PATH");
> >+ goto out;
> >+ }
> >+
> >+ if (pipe(datafd) < 0) {
> >+ error_setg(errp, "cannot create pipe FDs");
> >+ goto out;
> >+ }
> >+
> >+ pid = fork();
> >+ if (pid == 0) {
> >+ close(datafd[1]);
> >+ /* child */
> >+ setsid();
> >+ dup2(datafd[0], 0);
> >+ reopen_fd_to_null(1);
> >+ reopen_fd_to_null(2);
> >+
> >+ if (crypted) {
> >+ execle(passwd_path, "chpasswd", "-e", NULL, environ);
> >+ } else {
> >+ execle(passwd_path, "chpasswd", NULL, environ);
> >+ }
> >+ _exit(EXIT_FAILURE);
> >+ } else if (pid < 0) {
> >+ error_setg_errno(errp, errno, "failed to create child process");
> >+ goto out;
> >+ }
> >+ close(datafd[0]);
> >+ datafd[0] = -1;
> >+
> >+ if (qemu_write_full(datafd[1], acctpw, acctpwlen) != acctpwlen) {
> >+ error_setg_errno(errp, errno, "cannot write new account password");
> >+ goto out;
> >+ }
> >+ close(datafd[1]);
> >+ datafd[1] = -1;
> >+
> >+ ga_wait_child(pid, &status, &local_err);
> >+ if (local_err) {
> >+ error_propagate(errp, local_err);
> >+ goto out;
> >+ }
> >+
> >+ if (!WIFEXITED(status)) {
> >+ error_setg(errp, "child process has terminated abnormally");
> >+ goto out;
> >+ }
> >+
> >+ if (WEXITSTATUS(status)) {
> >+ error_setg(errp, "child process has failed to set admin password");
> >+ goto out;
> >+ }
> >+
> >+out:
> >+ g_free(acctpw);
> >+ g_free(passwd_path);
> >+ if (datafd[0] != -1) {
> >+ close(datafd[0]);
> >+ }
> >+ if (datafd[1] != -1) {
> >+ close(datafd[1]);
> >+ }
> >+}
> >+
> > #else /* defined(__linux__) */
> > void qmp_guest_suspend_disk(Error **errp)
> >@@ -1910,6 +1994,12 @@ int64_t qmp_guest_set_vcpus(GuestLogicalProcessorList *vcpus, Error **errp)
> > return -1;
> > }
> >+void qmp_guest_set_admin_password(bool crypted, const char *password,
> >+ Error **errp)
> >+{
> >+ error_set(errp, QERR_UNSUPPORTED);
> >+}
> >+
> > #endif
> > #if !defined(CONFIG_FSFREEZE)
> >diff --git a/qga/commands-win32.c b/qga/commands-win32.c
> >index 3bcbeae..56854d5 100644
> >--- a/qga/commands-win32.c
> >+++ b/qga/commands-win32.c
> >@@ -446,6 +446,12 @@ int64_t qmp_guest_set_vcpus(GuestLogicalProcessorList *vcpus, Error **errp)
> > return -1;
> > }
> >+void qmp_guest_set_admin_password(bool crypted, const char *password,
> >+ Error **errp)
> >+{
> >+ error_set(errp, QERR_UNSUPPORTED);
> >+}
> >+
> > /* add unsupported commands to the blacklist */
> > GList *ga_command_blacklist_init(GList *blacklist)
> > {
> >diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
> >index 376e79f..25118e2 100644
> >--- a/qga/qapi-schema.json
> >+++ b/qga/qapi-schema.json
> >@@ -738,3 +738,22 @@
> > ##
> > { 'command': 'guest-get-fsinfo',
> > 'returns': ['GuestFilesystemInfo'] }
> >+
> >+##
> >+# @guest-set-admin-password
> >+#
> >+# @crypted: true if password is already crypt()d, false if raw
> >+# @password: the new password entry
> >+#
> >+# If the @crypted flag is true, it is the callers responsibility
> >+# to ensure the correct crypt() encryption scheme is used. This
> >+# command does not attempt to interpret or report on the encryption
> >+# scheme. Refer to the documentation of the guest operating system
> >+# in question to determine what is supported.
> >+#
> >+# Returns: Nothing on success.
> >+#
> >+# Since 2.3
> >+##
> >+{ 'command': 'guest-set-admin-password',
> >+ 'data': { 'crypted': 'bool', 'password': 'str' } }
> While implementing such functionality for Windows NT we can suffer from
> particular problem:
> -The password must be passed to WinApi function as a plain text, so we would
> need entire the encryption mechanism if we used ctypted: true
In that scenario, I'd suggest the windows impl of the command simply report
an error if the flag was crypted==true. QEMU shouldn't try to interpret the
data in any way IMHO, so that'd rule out decryption of any kind. In any
case, 'crypt' as a concept is all about doing a one-way hash so you can't
decrypt regardless.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
prev parent reply other threads:[~2015-02-04 14:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-12 15:58 [Qemu-devel] [PATCH v2] qga: add guest-set-admin-password command Daniel P. Berrange
2015-02-02 15:45 ` Daniel P. Berrange
2015-02-03 22:16 ` Eric Blake
2015-02-04 9:19 ` Daniel P. Berrange
2015-02-04 10:48 ` Roman Kagan
2015-02-04 10:52 ` Daniel P. Berrange
2015-02-04 13:25 ` Olga Krishtal
2015-02-04 14:10 ` Daniel P. Berrange [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150204141005.GT3032@redhat.com \
--to=berrange@redhat.com \
--cc=mdroth@linux.vnet.ibm.com \
--cc=okrishtal@parallels.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.