[libvirt] Proposed libguestfs API for implementing libvirt virConnectOpenAuth

Richard W.M. Jones rjones at redhat.com
Sat Oct 13 09:31:37 UTC 2012


As in the example code below.

static void
do_auth (guestfs_h *g,
         void *opaque,
         uint64_t event,
         int event_handle,
         int flags,
         const char *buf, size_t buf_len,
         const uint64_t *array, size_t array_len)
{
  char **creds;
  size_t i;
  char *prompt;
  char *reply;
  size_t replylen;

  // buf will be the libvirt URI.  It is always \0-terminated so
  // buf_len can be ignored in this case.
  printf ("Authentication required for libvirt connection '%s'\n", buf);

  // Ask libguestfs what credentials libvirt is demanding.
  creds = guestfs_get_libvirt_requested_credentials (g);

  // Now ask the user for answers.
  for (i = 0; creds[i] != NULL; ++i) {
    if (strcmp (creds[i], "authname") == 0 ||
        strcmp (creds[i], "passphrase") == 0) {
      prompt = guestfs_get_libvirt_requested_credential_prompt (g, i);
      printf ("%s: ", prompt);
      free (prompt);

      // ...

      // Input from user is in 'reply', length 'replylen' (bytes).
      guestfs_set_libvirt_requested_credential (g, i, reply, replylen);
    }

    free (creds[i]);
  }

  free (creds);

  // On return from this function (libguestfs event), the libvirt
  // event returns too.
}

// ...
{
  guestfs_h *g;
  char *creds[] = { "authname", "passphrase", NULL };

  g = guestfs_create ();
  guestfs_set_libvirt_supported_credentials (g, creds);
  guestfs_set_event_callback (g, do_auth,
      GUESTFS_EVENT_LIBVIRT_AUTH, 0, NULL);

  // An example of a function that would open a libvirt connection:
  guestfs_add_domain (g, "dom",
      GUESTFS_ADD_DOMAIN_LIBVIRTURI, "qemu:///system",
      -1);
}

----------------------------------------------------------------------

By the way, some of the virt tools can open multiple connections to
libvirt, and it is architecturally hard to change this:
https://www.redhat.com/archives/libguestfs/2012-October/msg00065.html

Does libvirt (or policy kit?) provide any mechanism for caching these
credentials within the same process, so that we don't have to provide
the same creds back to libvirt for multiple connections?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/




More information about the libvir-list mailing list