From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54047)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1YIllX-0006Rb-CF
	for qemu-devel@nongnu.org; Tue, 03 Feb 2015 17:16:16 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1YIllU-0004bw-Ay
	for qemu-devel@nongnu.org; Tue, 03 Feb 2015 17:16:15 -0500
Received: from mx1.redhat.com ([209.132.183.28]:54325)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1YIllU-0004br-4W
	for qemu-devel@nongnu.org; Tue, 03 Feb 2015 17:16:12 -0500
Message-ID: <54D148A8.1030506@redhat.com>
Date: Tue, 03 Feb 2015 15:16:08 -0700
From: Eric Blake <eblake@redhat.com>
MIME-Version: 1.0
References: <1421078294-26234-1-git-send-email-berrange@redhat.com>
In-Reply-To: <1421078294-26234-1-git-send-email-berrange@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="LOvVmRunmx6IFx4fwJVOpROhUMT1uNGs0"
Subject: Re: [Qemu-devel] [PATCH v2] qga: add guest-set-admin-password
	command
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: Michael Roth <mdroth@linux.vnet.ibm.com>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--LOvVmRunmx6IFx4fwJVOpROhUMT1uNGs0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 01/12/2015 08:58 AM, Daniel P. Berrange wrote:
> Add a new 'guest-set-admin-password' command for changing the
> root/administrator password. This command is needed to allow
> OpenStack to support its API for changing the admin password
> on a running guest.
>=20
> Accepts either the raw password string:
>=20
> $ virsh -c qemu:///system  qemu-agent-command f21x86_64 \
>    '{ "execute": "guest-set-admin-password", "arguments":
>      { "crypted": false, "password": "12345678" } }'
>   {"return":{}}
>=20
> Or a pre-encrypted string (recommended)
>=20
> $ virsh -c qemu:///system  qemu-agent-command f21x86_64 \
>    '{ "execute": "guest-set-admin-password", "arguments":
>      { "crypted": true, "password":
>         "$6$T9O/j/aGPrE...snip....rQoRN4F0.GG0MPjNUNyml." } }'
>=20
> NB windows support is desirable, but not implemented in this
> patch.
>=20
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  qga/commands-posix.c | 90 ++++++++++++++++++++++++++++++++++++++++++++=
++++++++
>  qga/commands-win32.c |  6 ++++
>  qga/qapi-schema.json | 19 +++++++++++
>  3 files changed, 115 insertions(+)
>=20

> +++ b/qga/qapi-schema.json
> @@ -738,3 +738,22 @@
>  ##
>  { 'command': 'guest-get-fsinfo',
>    'returns': ['GuestFilesystemInfo'] }
> +
> +##
> +# @guest-set-admin-password
> +#
> +# @crypted: true if password is already crypt()d, false if raw
> +# @password: the new password entry
> +#
> +# If the @crypted flag is true, it is the callers responsibility

s/callers/caller's/

> +# to ensure the correct crypt() encryption scheme is used. This
> +# command does not attempt to interpret or report on the encryption
> +# scheme. Refer to the documentation of the guest operating system
> +# in question to determine what is supported.
> +#
> +# Returns: Nothing on success.
> +#
> +# Since 2.3
> +##
> +{ 'command': 'guest-set-admin-password',
> +  'data': { 'crypted': 'bool', 'password': 'str' } }
>=20

Normally, 'password':'str' means we are passing UTF8 JSON.  But what if
the desired password is NOT valid UTF8, but still valid to the end user
(for example, a user that intentionally wants a Latin1 encoded password
that uses 8-bit characters)?  In other interfaces, we've allowed an enum
that specifies whether a raw data string is 'utf8' or 'base64' encoded;
should we have such a parameter here?

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--LOvVmRunmx6IFx4fwJVOpROhUMT1uNGs0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJU0UioAAoJEKeha0olJ0NqJGoH/0WLre8zPbLXutenlNYOked3
fBPUXB2TxGktCx30rjn4mhRcgpdrW17L4ilJUJSG0AZVC5r69nAjm3WQjYil173M
TNtXvBaNNQ7OpzJFBFF9chROFbMxuY2Hrtq6hMz9uOKncuH1vkEdsLQyuqs/1dfB
UpV7vcEa+AqH2RLb2oSwDB9fNTNQOKLTsRoONEC3GCzVeka8YTGpQ463eATsRv48
Qf46EJaa4ww2WGiB89EnorrBkfWBzwajo3XO57NwKcAVxfbUAWZAdd3500SUxaSo
wKFRwn5mlAimyGGn0bPDh3CCNKp1FMYGPzJAJThKlK2bcELnsN2cv5S6FwZ9qeg=
=nCZ5
-----END PGP SIGNATURE-----

--LOvVmRunmx6IFx4fwJVOpROhUMT1uNGs0--