Wire up SASL interaction callbacks to libvirt callbacks. Provide default callback impl

e332ccdf · Daniel P. Berrange · 7fa9ceb7 · e332ccdf · e332ccdf · e332ccdf
8 changed file
--- a/ChangeLog
+++ b/ChangeLog
+Wed Dec  5 13:51:00 EST 2007 Daniel P. Berrange <berrange@redhat.com>
+
+	* include/libvirt/libvirt.h.in: Add virConnectAuthPtrDefault
+	as default CLI auth callback
+	* src/libvirt_sym.version: Export virConnectAuthPtrDefault
+	* src/libvirt.c: Default auth callback for command line based
+	apps
+	* src/virsh.c: Use default auth callback
+	* src/internal.h: Add STRCASEEQLEN, STRCASENEQLEN
+	* src/remote_internal.c: Wire up callback API to SASL interaction
+	types / callbacks.
+
 Wed Dec  5 13:27:00 EST 2007 Daniel P. Berrange <berrange@redhat.com>

 	* Makefile.am: Put include/ before src/ in SUBDIRS

--- a/include/libvirt/libvirt.h
+++ b/include/libvirt/libvirt.h
@@ -343,6 +343,8 @@ struct _virConnectAuth {
 typedef struct _virConnectAuth virConnectAuth;
 typedef virConnectAuth *virConnectAuthPtr;

+extern virConnectAuthPtr virConnectAuthPtrDefault;
+
 /**
 * VIR_UUID_BUFLEN:
 *

--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -343,6 +343,8 @@ struct _virConnectAuth {
 typedef struct _virConnectAuth virConnectAuth;
 typedef virConnectAuth *virConnectAuthPtr;

+extern virConnectAuthPtr virConnectAuthPtrDefault;
+
 /**
 * VIR_UUID_BUFLEN:
 *

--- a/src/internal.h
+++ b/src/internal.h
@@ -46,7 +46,9 @@ extern "C" {
 #define STRNEQ(a,b) (strcmp((a),(b)) != 0)
 #define STRCASENEQ(a,b) (strcasecmp((a),(b)) != 0)
 #define STREQLEN(a,b,n) (strncmp((a),(b),(n)) == 0)
+#define STRCASEEQLEN(a,b,n) (strncasecmp((a),(b),(n)) == 0)
 #define STRNEQLEN(a,b,n) (strncmp((a),(b),(n)) != 0)
+#define STRCASENEQLEN(a,b,n) (strncasecmp((a),(b),(n)) != 0)

 /* C99 uses __func__.  __FUNCTION__ is legacy. */
 #ifndef __GNUC__

--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -63,6 +63,87 @@ static int initialized = 0;
 #define DEBUG(fs,...)
 #endif /* !ENABLE_DEBUG */

+static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
+                                         unsigned int ncred,
+                                         void *cbdata ATTRIBUTE_UNUSED) {
+    int i;
+
+    for (i = 0 ; i < ncred ; i++) {
+        char buf[1024];
+        char *bufptr = buf;
+
+        if (printf("%s:", cred[i].prompt) < 0)
+            return -1;
+        if (fflush(stdout) != 0)
+            return -1;
+
+        switch (cred[i].type) {
+        case VIR_CRED_USERNAME:
+        case VIR_CRED_AUTHNAME:
+        case VIR_CRED_ECHOPROMPT:
+        case VIR_CRED_REALM:
+            if (!fgets(buf, sizeof(buf), stdin)) {
+                if (feof(stdin)) { /* Treat EOF as "" */
+                    buf[0] = '\0';
+                    break;
+                }
+                return -1;
+            }
+            if (buf[strlen(buf)-1] == '\n')
+                buf[strlen(buf)-1] = '\0';
+            break;
+
+        case VIR_CRED_PASSPHRASE:
+        case VIR_CRED_NOECHOPROMPT:
+            bufptr = getpass("");
+            if (!bufptr)
+                return -1;
+            break;
+        }
+
+        if (STREQ(bufptr, "") && cred[i].defresult)
+            cred[i].result = strdup(cred[i].defresult);
+        else
+            cred[i].result = strdup(bufptr);
+        if (!cred[i].result)
+            return -1;
+        cred[i].resultlen = strlen(cred[i].result);
+    }
+
+    return 0;
+}
+
+/* Don't typically want VIR_CRED_USERNAME. It enables you to authenticate
+ * as one user, and act as another. It just results in annoying
+ * prompts for the username twice & is very rarely what you want
+ */
+static int virConnectCredTypeDefault[] = {
+    VIR_CRED_AUTHNAME,
+    VIR_CRED_ECHOPROMPT,
+    VIR_CRED_REALM,
+    VIR_CRED_PASSPHRASE,
+    VIR_CRED_NOECHOPROMPT,
+};
+
+static virConnectAuth virConnectAuthDefault = {
+    virConnectCredTypeDefault,
+    sizeof(virConnectCredTypeDefault)/sizeof(int),
+    virConnectAuthCallbackDefault,
+    NULL,
+};
+
+/*
+ * virConnectAuthPtrDefault
+ *
+ * A default implementation of the authentication callbacks. This
+ * implementation is suitable for command line based tools. It will
+ * prompt for username, passwords, realm and one time keys as needed.
+ * It will print on STDOUT, and read from STDIN. If this is not
+ * suitable for the application's needs an alternative implementation
+ * should be provided.
+ */
+virConnectAuthPtr virConnectAuthPtrDefault = &virConnectAuthDefault;
+
 /**
 * virInitialize:
 *

--- a/src/libvirt_sym.version
+++ b/src/libvirt_sym.version
@@ -3,6 +3,9 @@
        virInitialize;
        virConnectOpen;
        virConnectOpenReadOnly;
+        virConnectOpenAuth;
+        virConnectAuthPtrDefault;
+
 	virConnectClose;
 	virConnectGetType;
 	virConnectGetVersion;

--- a/src/remote_internal.c
+++ b/src/remote_internal.c
--- a/src/virsh.c
+++ b/src/virsh.c
@@ -4520,10 +4520,10 @@ vshInit(vshControl * ctl)
         !strcasecmp(ctl->name, "xen")) && ctl->uid != 0)
         ctl->readonly = 1;

-    if (!ctl->readonly)
-        ctl->conn = virConnectOpen(ctl->name);
-    else
-        ctl->conn = virConnectOpenReadOnly(ctl->name);
+    ctl->conn = virConnectOpenAuth(ctl->name,
+                                   virConnectAuthPtrDefault,
+                                   ctl->readonly ? VIR_CONNECT_RO : 0);
+

    /* This is not necessarily fatal.  All the individual commands check
     * vshConnectionUsability, except ones which don't need a connection