[libvirt] [PATCH 14/14] virsh-completer: introduce virshPasswordCompleter
Daniel P. Berrangé
berrange at redhat.com
Mon Apr 1 09:14:15 UTC 2019
On Mon, Apr 01, 2019 at 09:33:31AM +0200, Ján Tomko wrote:
> Suggest some passwords to the user.
>
> Signed-off-by: Ján Tomko <jtomko at redhat.com>
> ---
> tools/virsh-completer.c | 58 +++++++++++++++++++++++++++++++++++++++++
> tools/virsh-completer.h | 4 +++
> tools/virsh-domain.c | 1 +
> 3 files changed, 63 insertions(+)
>
> diff --git a/tools/virsh-completer.c b/tools/virsh-completer.c
> index 5985f09272..0687670d37 100644
> --- a/tools/virsh-completer.c
> +++ b/tools/virsh-completer.c
> @@ -32,6 +32,7 @@
> #include "virutil.h"
> #include "viralloc.h"
> #include "virmacaddr.h"
> +#include "virrandom.h"
> #include "virstring.h"
> #include "virxml.h"
>
> @@ -936,3 +937,60 @@ virshDomainDeviceAliasCompleter(vshControl *ctl,
> VIR_STEAL_PTR(ret, tmp);
> return ret;
> }
> +
> +
> +const char *builtin_passwords[] = {
> + "hunter2", /* ******* */
> + "nbusr123", /* Keď nevieš, tak nefušuj */
> + "4ezgi4",
> +};
This is quite a limited list of paswords. I think it would be useful to
expand it with the password dump from haveibeenpwned.com The main
problem is that the overhead of a static array with 500,000,000 passwords
might make libvirt packages too large. RPM used to have problems with
packages larger than 2 GB, so not sure how well it will handle 11 GB
RPMs. There could be a negative impact on memory usage when running libvirt,
though virt hosts usually have lots of RAM, so reserving 11 GB for virsh
shouldn't be too big a problem.
> +
> +
> +char **
> +virshPasswordCompleter(vshControl *ctl ATTRIBUTE_UNUSED,
> + const vshCmd *cmd ATTRIBUTE_UNUSED,
> + unsigned int flags)
> +{
> + VIR_AUTOFREE(char *) base64 = NULL;
> + VIR_AUTOFREE(unsigned char *) rand = NULL;
> + VIR_AUTOSTRINGLIST tmp = NULL;
> + const size_t optimal_passlen = 8; /* ought to be enough */
> + const char *prefix = NULL;
> + const size_t num = 1;
> + char **ret = NULL;
> + size_t missing;
> + size_t i;
> +
> + virCheckFlags(0, NULL);
> +
> + if (VIR_ALLOC_N(tmp, num + ARRAY_CARDINALITY(builtin_passwords) + 1) < 0)
> + return NULL;
> +
> + ignore_value(vshCommandOptStringQuiet(ctl, cmd, "password", &prefix));
> + if (STREQ_NULLABLE(prefix, " "))
> + prefix = NULL;
> +
> + missing = optimal_passlen - MIN(strlen(NULLSTR_EMPTY(prefix)), optimal_passlen);
> +
> + if (VIR_ALLOC_N(rand, 7) < 0)
> + return NULL;
> +
> + if (virRandomBytes(rand, 6) < 0)
> + return NULL;
> +
> + if (!(base64 = virStringEncodeBase64(rand, 6)))
> + return NULL;
> +
> + base64[missing] = '\0';
> +
> + if (virAsprintf(&tmp[0], "%s%s", NULLSTR_EMPTY(prefix), base64) < 0)
> + return NULL;
> +
> + for (i = 0; i < ARRAY_CARDINALITY(builtin_passwords); i++) {
> + if (VIR_STRDUP(tmp[i + 1], builtin_passwords[i]) < 0)
> + return NULL;
Hmm, so an 11 GB static password list will need another 11GB of heap
allocation. This is getting quite inefficient at scale.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list