From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49949) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YAhKg-00074M-Is for qemu-devel@nongnu.org; Mon, 12 Jan 2015 10:55:11 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YAhKd-0001yW-Ap for qemu-devel@nongnu.org; Mon, 12 Jan 2015 10:55:10 -0500 Received: from mx1.redhat.com ([209.132.183.28]:52387) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YAhKd-0001ut-2t for qemu-devel@nongnu.org; Mon, 12 Jan 2015 10:55:07 -0500 Date: Mon, 12 Jan 2015 15:54:59 +0000 From: "Daniel P. Berrange" Message-ID: <20150112155459.GI19842@redhat.com> References: <1418647666-18771-1-git-send-email-berrange@redhat.com> <20150109002119.22996.46864@loki> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20150109002119.22996.46864@loki> Subject: Re: [Qemu-devel] [PATCH] qga: add guest-set-admin-password command Reply-To: "Daniel P. Berrange" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Michael Roth Cc: qemu-devel@nongnu.org On Thu, Jan 08, 2015 at 06:21:19PM -0600, Michael Roth wrote: > Quoting Daniel P. Berrange (2014-12-15 06:47:46) > > Add a new 'guest-set-admin-password' command for changing the > > root/administrator password. This command is needed to allow > > OpenStack to support its API for changing the admin password > > on a running guest. > > > > Accepts either the raw password string: > > > > $ virsh -c qemu:///system qemu-agent-command f21x86_64 \ > > '{ "execute": "guest-set-admin-password", "arguments": > > { "crypted": false, "password": "12345678" } }' > > {"return":{}} > > > > Or a pre-encrypted string (recommended) > > > > $ virsh -c qemu:///system qemu-agent-command f21x86_64 \ > > '{ "execute": "guest-set-admin-password", "arguments": > > { "crypted": true, "password": > > "$6$T9O/j/aGPrE...snip....rQoRN4F0.GG0MPjNUNyml." } }' > > > > NB windows support is desirable, but not implemented in this > > patch. > > > > Signed-off-by: Daniel P. Berrange > > --- > > qga/commands-posix.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++ > > qga/commands-win32.c | 6 ++++ > > qga/qapi-schema.json | 13 ++++++++ > > 3 files changed, 108 insertions(+) > > > > + > > + if (write(datafd[1], acctpw, strlen(acctpw)) != strlen(acctpw)) { > > + error_setg(errp, "cannot write new account password"); > > + goto out; > > + } > > We should probably retry on EINTR, and for cases where -1 is returned I > think error_setg_errno() would be useful. I'll make it use qemu_write_full > > + if (!WIFEXITED(status)) { > > + error_setg(errp, "child process has terminated abnormally"); > > + goto out; > > + } > > + > > + if (WEXITSTATUS(status)) { > > + error_setg(errp, "child process has failed to suspend"); > > "... has failed to set admin password" or somesuch Opps yes, copy+paste mistake. > > diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json > > index 376e79f..202d3be 100644 > > --- a/qga/qapi-schema.json > > +++ b/qga/qapi-schema.json > > @@ -738,3 +738,16 @@ > > ## > > { 'command': 'guest-get-fsinfo', > > 'returns': ['GuestFilesystemInfo'] } > > + > > +## > > +# @guest-set-admin-password > > +# > > +# @crypted: true if password is already crypt()d, false if raw > > Should we have some sort of note about what sort of encryption > scheme is expected, or a way to query for it? I was explicitly not saying anything about the crypt scheme, because it is not really very easy to determine what is supported by any given guest OS. In the context in which this is used, I think the sysadmin will be able to easily figure out themselves what's needed. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|