summaryrefslogtreecommitdiff
path: root/qga/qapi-schema.json
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2015-02-11 11:26:12 +0000
committerMichael Roth <mdroth@linux.vnet.ibm.com>2015-02-16 15:52:18 -0600
commit215a2771a7b6b29037ee8deba484815d816b6fdd (patch)
tree8f8805cfb9416a368795cf8800601e6a7bfc2ed4 /qga/qapi-schema.json
parentcd2d5541271f1934345d8ca42f5fafff1744eee7 (diff)
downloadqemu-215a2771a7b6b29037ee8deba484815d816b6fdd.tar.gz
qemu-215a2771a7b6b29037ee8deba484815d816b6fdd.tar.bz2
qemu-215a2771a7b6b29037ee8deba484815d816b6fdd.zip
qga: add guest-set-user-password command
Add a new 'guest-set-user-password' command for changing the password of guest OS user accounts. This command is needed to enable OpenStack to support its API for changing the admin password of guests running on KVM/QEMU. It is not practical to provide a command at the QEMU level explicitly targetting administrator account password change only, since different guest OS have different names for the admin account. While UNIX systems use 'root', Windows systems typically use 'Administrator' and even that can be renamed. Higher level apps like OpenStack have the ability to figure out the correct admin account name since they have info that QEMU/libvirt do not. The command accepts either the clear text password string, encoded in base64 to make it 8-bit safe in JSON: $ echo -n "123456" | base64 MTIzNDU2 $ virsh -c qemu:///system qemu-agent-command f21x86_64 \ '{ "execute": "guest-set-user-password", "arguments": { "crypted": false, "username": "root", "password": "MTIzNDU2" } }' {"return":{}} Or a password that has already been run though a crypt(3) like algorithm appropriate for the guest, again then base64 encoded: $ echo -n '$6$n01A2Tau$e...snip...DfMOP7of9AJ1I8q0' | base64 JDYkb...snip...YT2Ey $ virsh -c qemu:///system qemu-agent-command f21x86_64 \ '{ "execute": "guest-set-user-password", "arguments": { "crypted": true, "username": "root", "password": "JDYkb...snip...YT2Ey" } }' NB windows support is desirable, but not implemented in this patch. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Diffstat (limited to 'qga/qapi-schema.json')
-rw-r--r--qga/qapi-schema.json27
1 files changed, 27 insertions, 0 deletions
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index 376e79f583..5117b65b26 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -738,3 +738,30 @@
##
{ 'command': 'guest-get-fsinfo',
'returns': ['GuestFilesystemInfo'] }
+
+##
+# @guest-set-user-password
+#
+# @username: the user account whose password to change
+# @password: the new password entry string, base64 encoded
+# @crypted: true if password is already crypt()d, false if raw
+#
+# If the @crypted flag is true, it is the caller's responsibility
+# to ensure the correct crypt() encryption scheme is used. This
+# command does not attempt to interpret or report on the encryption
+# scheme. Refer to the documentation of the guest operating system
+# in question to determine what is supported.
+#
+# Note all guest operating systems will support use of the
+# @crypted flag, as they may require the clear-text password
+#
+# The @password parameter must always be base64 encoded before
+# transmission, even if already crypt()d, to ensure it is 8-bit
+# safe when passed as JSON.
+#
+# Returns: Nothing on success.
+#
+# Since 2.3
+##
+{ 'command': 'guest-set-user-password',
+ 'data': { 'username': 'str', 'password': 'str', 'crypted': 'bool' } }