From nobody Mon Feb 9 11:32:07 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1673972655; cv=none; d=zohomail.com; s=zohoarc; b=VVbNIh8vo4+NIgwD2GLsJ9zGjmo0FTe+WEOSxDW/b1/G37scksB25qm35uSOOGkCylnyv++8oi9QIM5cl3KVxjXkv9wJXZ+bHxLZuv1Cpz1egzpHv7UGZpmy8DV7CSEPVAz4zLdF48xXbOPP+60ckyxBhyUj9Ta+28E29qeFxF4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673972655; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=z516GjIeFigHteUPL+0LxorriieBngOMu4rBjyPrcZc=; b=Of+OgvbyN407jJe6jKf+OQ9VRXxnSLfPe4Z5rs+g+uXSdL1d74Q2c56O+vAdxRXSsM6edM9Wft1FzXsSpJCXeDfE0jiJACnBt/6KPCxL/xyJCFav4S5DEB22LdxHSU7dNVg3tRifohVFsuvVM8ixPBO8pPQ0751Y1vvddPfUui8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1673972655692450.8173504955738; Tue, 17 Jan 2023 08:24:15 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-661-IU7lTaZNOPaSQtYYXnf_6A-1; Tue, 17 Jan 2023 11:21:43 -0500 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C05DF8065D5; Tue, 17 Jan 2023 16:20:52 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id ABFC0492B10; Tue, 17 Jan 2023 16:20:52 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 9124B19465A4; Tue, 17 Jan 2023 16:20:52 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id CC1BB19465A3 for ; Tue, 17 Jan 2023 16:20:51 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id B1AE11121319; Tue, 17 Jan 2023 16:20:51 +0000 (UTC) Received: from speedmetal.lan (ovpn-208-29.brq.redhat.com [10.40.208.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 304CA1121315 for ; Tue, 17 Jan 2023 16:20:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1673972651; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=z516GjIeFigHteUPL+0LxorriieBngOMu4rBjyPrcZc=; b=ctqsGQ39y6dYAyJNK32HY6y4ZsT4EF1deNuKQTYXbB4lG99yjvdwD7WzlIxTJRYNSdqp4k z6a0j2mpwTz6LbB9fy0SVS5Yji9mJaKBmFmeFm9k7s28FH+8VpJO/2toUz5a92u3TRrAw2 Pn3jYWfSSGnS+8c+wKqcGIFgW1QEGr8= X-MC-Unique: IU7lTaZNOPaSQtYYXnf_6A-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 09/15] util: auth: Introduce virAuthAskCredential Date: Tue, 17 Jan 2023 17:20:34 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1673972657388100001 Content-Type: text/plain; charset="utf-8" The helper uses the user-provided auth callbacks to ask the user. The helper encapsulates the steps we do to query the user in few places into a common helper which can be then used further. Signed-off-by: Peter Krempa --- src/libvirt_private.syms | 2 ++ src/util/virauth.c | 66 ++++++++++++++++++++++++++++++++++++++++ src/util/virauth.h | 7 +++++ 3 files changed, 75 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 576ec8f95f..5616c0d44c 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1850,6 +1850,8 @@ virAuditSend; # util/virauth.h +virAuthAskCredential; +virAuthConnectCredentialFree; virAuthGetConfigFilePath; virAuthGetConfigFilePathURI; virAuthGetPassword; diff --git a/src/util/virauth.c b/src/util/virauth.c index b9c2ae3ed1..aa1da80266 100644 --- a/src/util/virauth.c +++ b/src/util/virauth.c @@ -31,6 +31,7 @@ #include "virerror.h" #include "configmake.h" #include "virauthconfig.h" +#include "virsecureerase.h" #define VIR_FROM_THIS VIR_FROM_AUTH @@ -283,3 +284,68 @@ virAuthGetPassword(virConnectPtr conn, return virAuthGetPasswordPath(path, auth, servicename, username, hostn= ame); } + + +void +virAuthConnectCredentialFree(virConnectCredential *cred) +{ + if (cred->result) { + virSecureErase(cred->result, cred->resultlen); + g_free(cred->result); + } + g_free(cred); +} + + +/** + * virAuthAskCredential: + * @auth: authentication callback data + * @prompt: question string to ask the user + * @echo: true if user's reply should be considered sensitive and not echo= ed + * + * Invoke the authentication callback for the connection @auth and ask the= user + * the question in @prompt. If @echo is true user's reply should be collec= ted + * as sensitive (user's input not printed on screen). + */ +virConnectCredential * +virAuthAskCredential(virConnectAuthPtr auth, + const char *prompt, + bool echo) +{ + g_autoptr(virConnectCredential) ret =3D g_new0(virConnectCredential, 1= ); + size_t i; + + ret->type =3D -1; + + for (i =3D 0; i < auth->ncredtype; ++i) { + int type =3D auth->credtype[i]; + if (echo) { + if (type =3D=3D VIR_CRED_ECHOPROMPT) { + ret->type =3D type; + break; + } + } else { + if (type =3D=3D VIR_CRED_PASSPHRASE || + type =3D=3D VIR_CRED_NOECHOPROMPT) { + ret->type =3D type; + break; + } + } + } + + if (ret->type =3D=3D -1) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("no suitable callback authentication callback was= found")); + return NULL; + } + + ret->prompt =3D prompt; + + if (auth->cb(ret, 1, auth->cbdata)) { + virReportError(VIR_ERR_OPERATION_FAILED, "%s", + _("failed to retrieve user response for authenticat= ion callback")); + return NULL; + } + + return g_steal_pointer(&ret); +} diff --git a/src/util/virauth.h b/src/util/virauth.h index a0fd84962b..3eaf40c626 100644 --- a/src/util/virauth.h +++ b/src/util/virauth.h @@ -52,3 +52,10 @@ char * virAuthGetPasswordPath(const char *path, const char *servicename, const char *username, const char *hostname); + +virConnectCredential *virAuthAskCredential(virConnectAuthPtr auth, + const char *prompt, + bool echo); + +void virAuthConnectCredentialFree(virConnectCredential *cred); +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virConnectCredential, virAuthConnectCredenti= alFree); --=20 2.38.1