From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org,
"Marc-André Lureau" <marcandre.lureau@gmail.com>,
"Michael Roth" <mdroth@linux.vnet.ibm.com>
Subject: [Qemu-devel] [PATCH 22/26] qemu-ga: implement win32 guest-set-user-password
Date: Tue, 1 Sep 2015 12:01:02 -0500 [thread overview]
Message-ID: <1441126866-17199-23-git-send-email-mdroth@linux.vnet.ibm.com> (raw)
In-Reply-To: <1441126866-17199-1-git-send-email-mdroth@linux.vnet.ibm.com>
From: Marc-André Lureau <marcandre.lureau@gmail.com>
Use NetUserSetInfo() to set the user password.
This function is notoriously known to be problematic for users with EFS
encrypted files. But the alternative, NetUserChangePassword() requires
the old password. Nevertheless, The EFS file should be recovered by
changing back to the old password.
Signed-off-by: Marc-André Lureau <marcandre.lureau@gmail.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
configure | 2 +-
qga/commands-win32.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 76 insertions(+), 3 deletions(-)
diff --git a/configure b/configure
index 86a38fe..1f033e9 100755
--- a/configure
+++ b/configure
@@ -732,7 +732,7 @@ if test "$mingw32" = "yes" ; then
sysconfdir="\${prefix}"
local_statedir=
confsuffix=""
- libs_qga="-lws2_32 -lwinmm -lpowrprof -liphlpapi $libs_qga"
+ libs_qga="-lws2_32 -lwinmm -lpowrprof -liphlpapi -lnetapi32 $libs_qga"
fi
werror=""
diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index 1152c46..cbee186 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -26,6 +26,8 @@
#include <setupapi.h>
#include <initguid.h>
#endif
+#include <lm.h>
+
#include "qga/guest-agent-core.h"
#include "qga/vss-win32.h"
#include "qga-qmp-commands.h"
@@ -1192,12 +1194,84 @@ int64_t qmp_guest_set_vcpus(GuestLogicalProcessorList *vcpus, Error **errp)
return -1;
}
+static gchar *
+get_net_error_message(gint error)
+{
+ HMODULE module = NULL;
+ gchar *retval = NULL;
+ wchar_t *msg = NULL;
+ int flags, nchars;
+
+ flags = FORMAT_MESSAGE_ALLOCATE_BUFFER
+ |FORMAT_MESSAGE_IGNORE_INSERTS
+ |FORMAT_MESSAGE_FROM_SYSTEM;
+
+ if (error >= NERR_BASE && error <= MAX_NERR) {
+ module = LoadLibraryExW(L"netmsg.dll", NULL, LOAD_LIBRARY_AS_DATAFILE);
+
+ if (module != NULL) {
+ flags |= FORMAT_MESSAGE_FROM_HMODULE;
+ }
+ }
+
+ FormatMessageW(flags, module, error, 0, (LPWSTR)&msg, 0, NULL);
+
+ if (msg != NULL) {
+ nchars = wcslen(msg);
+
+ if (nchars > 2 && msg[nchars-1] == '\n' && msg[nchars-2] == '\r') {
+ msg[nchars-2] = '\0';
+ }
+
+ retval = g_utf16_to_utf8(msg, -1, NULL, NULL, NULL);
+
+ LocalFree(msg);
+ }
+
+ if (module != NULL) {
+ FreeLibrary(module);
+ }
+
+ return retval;
+}
+
void qmp_guest_set_user_password(const char *username,
const char *password,
bool crypted,
Error **errp)
{
- error_setg(errp, QERR_UNSUPPORTED);
+ NET_API_STATUS nas;
+ char *rawpasswddata = NULL;
+ size_t rawpasswdlen;
+ wchar_t *user, *wpass;
+ USER_INFO_1003 pi1003 = { 0, };
+
+ if (crypted) {
+ error_setg(errp, QERR_UNSUPPORTED);
+ return;
+ }
+
+ rawpasswddata = (char *)g_base64_decode(password, &rawpasswdlen);
+ rawpasswddata = g_renew(char, rawpasswddata, rawpasswdlen + 1);
+ rawpasswddata[rawpasswdlen] = '\0';
+
+ user = g_utf8_to_utf16(username, -1, NULL, NULL, NULL);
+ wpass = g_utf8_to_utf16(rawpasswddata, -1, NULL, NULL, NULL);
+
+ pi1003.usri1003_password = wpass;
+ nas = NetUserSetInfo(NULL, user,
+ 1003, (LPBYTE)&pi1003,
+ NULL);
+
+ if (nas != NERR_Success) {
+ gchar *msg = get_net_error_message(nas);
+ error_setg(errp, "failed to set password: %s", msg);
+ g_free(msg);
+ }
+
+ g_free(user);
+ g_free(wpass);
+ g_free(rawpasswddata);
}
GuestMemoryBlockList *qmp_guest_get_memory_blocks(Error **errp)
@@ -1225,7 +1299,6 @@ GList *ga_command_blacklist_init(GList *blacklist)
const char *list_unsupported[] = {
"guest-suspend-hybrid",
"guest-get-vcpus", "guest-set-vcpus",
- "guest-set-user-password",
"guest-get-memory-blocks", "guest-set-memory-blocks",
"guest-get-memory-block-size",
"guest-fsfreeze-freeze-list",
--
1.9.1
next prev parent reply other threads:[~2015-09-01 17:05 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-01 17:00 [Qemu-devel] [PULL 00/26] qemu-ga patch queue for 2015-09-01 Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 01/26] qemu-ga: Add .msi files to .gitignore Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 02/26] qemu-ga: Two MSI related cosmetic changes Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 03/26] qemu-ga: Fixed GUID capitalization Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 04/26] qemu-ga: Minor cosmetic changes to the WXS file Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 05/26] qemu-ga: Created a separate component for each installed file in the MSI Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 06/26] qemu-ga: Prevent QEMU-GA VSS provider from being unregistered on MSI reinstall Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 07/26] qemu-ga: Fixed paths issue with MSI build Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 08/26] configure: qemu-ga: report MSI install support in summary Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 09/26] qga: misc spelling Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 10/26] qga: use exit() when parsing options Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 11/26] qga: move string split in separate function Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 12/26] qga: make split_list() return allocated strings Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 13/26] qga: rename 'path' to 'channel_path' Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 14/26] qga: copy argument strings Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 15/26] qga: move option parsing to separate function Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 16/26] qga: fill default options in main() Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 17/26] qga: move agent run in a separate function Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 18/26] qga: free a bit more Michael Roth
2015-09-01 17:00 ` [Qemu-devel] [PATCH 19/26] qga: add an optional qemu-ga.conf system configuration Michael Roth
2015-09-01 17:01 ` [Qemu-devel] [PATCH 20/26] qga: add --dump-conf option Michael Roth
2015-09-01 17:01 ` [Qemu-devel] [PATCH 21/26] qga: start a man page Michael Roth
2015-09-01 17:01 ` Michael Roth [this message]
2015-09-01 17:01 ` [Qemu-devel] [PATCH 23/26] configure: qemu-ga: move MSI installer probe after qga probe Michael Roth
2015-09-01 17:01 ` [Qemu-devel] [PATCH 24/26] configure: qemu-ga: explicitly enable qemu-ga MSI support when probed Michael Roth
2015-09-01 17:01 ` [Qemu-devel] [PATCH 25/26] build: qemu-ga: fix VSS dependencies Michael Roth
2015-09-01 17:01 ` [Qemu-devel] [PATCH 26/26] Makefile: qemu-ga: fix msi target error message Michael Roth
2015-09-01 17:12 ` [Qemu-devel] [PULL 00/26] qemu-ga patch queue for 2015-09-01 Peter Maydell
2015-09-01 18:33 ` Michael Roth
2015-09-01 18:37 ` Peter Maydell
2015-09-01 19:40 ` John Snow
-- strict thread matches above, loose matches on Subject: below --
2015-09-01 18:38 [Qemu-devel] [PULL v2 " Michael Roth
2015-09-01 18:38 ` [Qemu-devel] [PATCH 22/26] qemu-ga: implement win32 guest-set-user-password Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1441126866-17199-23-git-send-email-mdroth@linux.vnet.ibm.com \
--to=mdroth@linux.vnet.ibm.com \
--cc=marcandre.lureau@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).