[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] qga: add guest-set-admin-password command
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH v2] qga: add guest-set-admin-password command |
Date: |
Tue, 03 Feb 2015 15:16:08 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 |
On 01/12/2015 08:58 AM, Daniel P. Berrange wrote:
> Add a new 'guest-set-admin-password' command for changing the
> root/administrator password. This command is needed to allow
> OpenStack to support its API for changing the admin password
> on a running guest.
>
> Accepts either the raw password string:
>
> $ virsh -c qemu:///system qemu-agent-command f21x86_64 \
> '{ "execute": "guest-set-admin-password", "arguments":
> { "crypted": false, "password": "12345678" } }'
> {"return":{}}
>
> Or a pre-encrypted string (recommended)
>
> $ virsh -c qemu:///system qemu-agent-command f21x86_64 \
> '{ "execute": "guest-set-admin-password", "arguments":
> { "crypted": true, "password":
> "$6$T9O/j/aGPrE...snip....rQoRN4F0.GG0MPjNUNyml." } }'
>
> NB windows support is desirable, but not implemented in this
> patch.
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> qga/commands-posix.c | 90
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
> qga/commands-win32.c | 6 ++++
> qga/qapi-schema.json | 19 +++++++++++
> 3 files changed, 115 insertions(+)
>
> +++ b/qga/qapi-schema.json
> @@ -738,3 +738,22 @@
> ##
> { 'command': 'guest-get-fsinfo',
> 'returns': ['GuestFilesystemInfo'] }
> +
> +##
> +# @guest-set-admin-password
> +#
> +# @crypted: true if password is already crypt()d, false if raw
> +# @password: the new password entry
> +#
> +# If the @crypted flag is true, it is the callers responsibility
s/callers/caller's/
> +# to ensure the correct crypt() encryption scheme is used. This
> +# command does not attempt to interpret or report on the encryption
> +# scheme. Refer to the documentation of the guest operating system
> +# in question to determine what is supported.
> +#
> +# Returns: Nothing on success.
> +#
> +# Since 2.3
> +##
> +{ 'command': 'guest-set-admin-password',
> + 'data': { 'crypted': 'bool', 'password': 'str' } }
>
Normally, 'password':'str' means we are passing UTF8 JSON. But what if
the desired password is NOT valid UTF8, but still valid to the end user
(for example, a user that intentionally wants a Latin1 encoded password
that uses 8-bit characters)? In other interfaces, we've allowed an enum
that specifies whether a raw data string is 'utf8' or 'base64' encoded;
should we have such a parameter here?
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature