[PATCH] add the ability to disable transport authentication (like esxi et al)

simonmartin76 posted 1 patch 2 years, 11 months ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/34NrS1SwQw4RnBjrliTqAntM28AHxeDreDW7SpFc6JiYOZEkH6308872WbeUUW5USlkun7_WrPGZ2Sa8vG8fMQg_Qlzn5X8T-OETPX_GwVk=@protonmail.com
src/hyperv/hyperv_driver.c |  5 +++++
src/hyperv/hyperv_util.c   | 11 +++++++++++
src/hyperv/hyperv_util.h   |  1 +
3 files changed, 17 insertions(+)
[PATCH] add the ability to disable transport authentication (like esxi et al)
Posted by simonmartin76 2 years, 11 months ago
Signed-off-by: Simon Martin <simonmartin76@protonmail.com>
---
 src/hyperv/hyperv_driver.c |  5 +++++
 src/hyperv/hyperv_util.c   | 11 +++++++++++
 src/hyperv/hyperv_util.h   |  1 +
 3 files changed, 17 insertions(+)

diff --git a/src/hyperv/hyperv_driver.c b/src/hyperv/hyperv_driver.c
index 17f5be1f0d..67e6e09f2d 100644
--- a/src/hyperv/hyperv_driver.c
+++ b/src/hyperv/hyperv_driver.c
@@ -1728,6 +1728,11 @@ hypervInitConnection(virConnectPtr conn, hypervPrivate *priv,
     /* FIXME: Currently only basic authentication is supported  */
     wsman_transport_set_auth_method(priv->client, "basic");

+    if (priv->parsedUri->noVerify) {
+        wsman_transport_set_verify_peer(priv->client, 0);
+        wsman_transport_set_verify_host(priv->client, 0);
+    }
+
     return 0;
 }

diff --git a/src/hyperv/hyperv_util.c b/src/hyperv/hyperv_util.c
index d8a6e6cf5c..40e1540dfe 100644
--- a/src/hyperv/hyperv_util.c
+++ b/src/hyperv/hyperv_util.c
@@ -38,6 +38,7 @@ int
 hypervParseUri(hypervParsedUri **parsedUri, virURIPtr uri)
 {
     int result = -1;
+    int noVerify;
     size_t i;

     if (parsedUri == NULL || *parsedUri != NULL) {
@@ -63,6 +64,16 @@ hypervParseUri(hypervParsedUri **parsedUri, virURIPtr uri)
                                (*parsedUri)->transport);
                 goto cleanup;
             }
+        } else if (STRCASEEQ(queryParam->name, "no_verify")) {
+            if (virStrToLong_i(queryParam->value, NULL, 10, &noVerify) < 0 ||
+                (noVerify != 0 && noVerify != 1)) {
+                virReportError(VIR_ERR_INVALID_ARG,
+                               _("Query parameter 'no_verify' has unexpected value "
+                                 "'%s' (should be 0 or 1)"), queryParam->value);
+                goto cleanup;
+            }
+
+            (*parsedUri)->noVerify = noVerify != 0;
         } else {
             VIR_WARN("Ignoring unexpected query parameter '%s'",
                      queryParam->name);
diff --git a/src/hyperv/hyperv_util.h b/src/hyperv/hyperv_util.h
index 67d698450d..a0604d6830 100644
--- a/src/hyperv/hyperv_util.h
+++ b/src/hyperv/hyperv_util.h
@@ -28,6 +28,7 @@ typedef struct _hypervParsedUri hypervParsedUri;

 struct _hypervParsedUri {
     char *transport;
+    bool noVerify;
 };

 int hypervParseUri(hypervParsedUri **parsedUri, virURIPtr uri);
--
2.17.1


Sent with ProtonMail Secure Email.



Re: [PATCH] add the ability to disable transport authentication (like esxi et al)
Posted by Michal Privoznik 2 years, 11 months ago
On 4/7/21 3:52 PM, simonmartin76 wrote:
> Signed-off-by: Simon Martin <simonmartin76@protonmail.com>
> ---
>   src/hyperv/hyperv_driver.c |  5 +++++
>   src/hyperv/hyperv_util.c   | 11 +++++++++++
>   src/hyperv/hyperv_util.h   |  1 +
>   3 files changed, 17 insertions(+)

Hey,

sorry for delayed review. The patch looks good, but could you please 
send v2 with documentation? Looks like you've taken inspiration from the 
ESX code (which is okay), but similarly docs/drvhyperv.html.in should 
document this extra argument.

Michal