1. Patchew
  2. Libvirt
  3. [libvirt] [dbus RFC 00/11] improve libvirt connections handling
  4. View patch

[libvirt] [dbus RFC 05/11] connect: don't use default libvirt authentication callback

Pavel Hrdina posted 11 patches 7 years, 10 months ago
[libvirt] [dbus RFC 05/11] connect: don't use default libvirt authentication callback
Posted by Pavel Hrdina 7 years, 10 months ago 
We need to implement our own authentication callback because the
default one ask for credentials using STDIO.  This is not suitable
behavior for daemon.

For now we will require usage of client configuration file for libvirt
to provide credentials for drivers that require authentication [1].

[1] <https://libvirt.org/auth.html#Auth_client_config>

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/connect.c | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/connect.c b/src/connect.c
index 8d958c2..9de764c 100644
--- a/src/connect.c
+++ b/src/connect.c
@@ -6,6 +6,34 @@
 #include <errno.h>
 #include <stdlib.h>
 
+static int virtDBusConnectCredType[] = {
+    VIR_CRED_AUTHNAME,
+    VIR_CRED_ECHOPROMPT,
+    VIR_CRED_REALM,
+    VIR_CRED_PASSPHRASE,
+    VIR_CRED_NOECHOPROMPT,
+    VIR_CRED_EXTERNAL,
+};
+
+static int
+virtDBusConnectAuthCallback(virConnectCredentialPtr cred VIR_ATTR_UNUSED,
+                            unsigned int ncred VIR_ATTR_UNUSED,
+                            void *cbdata)
+{
+    sd_bus_error *error = cbdata;
+
+    return virtDBusUtilSetError(error,
+                                "Interactive authentication is not supported. "
+                                "Use client configuration file for libvirt.");
+}
+
+static virConnectAuth virtDBusConnectAuth = {
+    virtDBusConnectCredType,
+    VIRT_ARRAY_CARDINALITY(virtDBusConnectCredType),
+    virtDBusConnectAuthCallback,
+    NULL,
+};
+
 static int
 virtDBusConnectOpen(virtDBusConnect *connect,
                     sd_bus_error *error)
@@ -13,8 +41,10 @@ virtDBusConnectOpen(virtDBusConnect *connect,
     if (connect->connection)
         return 0;
 
+    virtDBusConnectAuth.cbdata = error;
+
     connect->connection = virConnectOpenAuth(connect->uri,
-                                             virConnectAuthPtrDefault, 0);
+                                             &virtDBusConnectAuth, 0);
     if (!connect->connection)
         return virtDBusUtilSetLastVirtError(error);
 
-- 
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [dbus RFC 05/11] connect: don't use default libvirt authentication callback
Posted by Daniel P. Berrange 7 years, 10 months ago 
On Mon, Jan 22, 2018 at 06:16:03PM +0100, Pavel Hrdina wrote:
> We need to implement our own authentication callback because the
> default one ask for credentials using STDIO.  This is not suitable
> behavior for daemon.
> 
> For now we will require usage of client configuration file for libvirt
> to provide credentials for drivers that require authentication [1].
> 
> [1] <https://libvirt.org/auth.html#Auth_client_config>

This is a long standing bug we should look at fixing one day. We should
make it possible to rely on the auth config file from a simple call to
virConnectOpen(), so people only need to use OpenAuth() when they have
a genuine callback to provide....

> Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
> ---
>  src/connect.c | 32 +++++++++++++++++++++++++++++++-
>  1 file changed, 31 insertions(+), 1 deletion(-)

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-8c64711

© 2016 - 2025 Red Hat, Inc.