2010-03-14 20:50:14 +01:00
|
|
|
/*
|
2012-03-19 16:21:12 +00:00
|
|
|
* virauth.c: authentication related utility functions
|
2010-03-14 20:50:14 +01:00
|
|
|
*
|
2012-07-24 16:08:46 +02:00
|
|
|
* Copyright (C) 2012 Red Hat, Inc.
|
2010-03-14 20:50:14 +01:00
|
|
|
* Copyright (C) 2010 Matthias Bolte <matthias.bolte@googlemail.com>
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
2012-09-20 16:30:55 -06:00
|
|
|
* License along with this library. If not, see
|
2012-07-21 18:06:23 +08:00
|
|
|
* <http://www.gnu.org/licenses/>.
|
2010-03-14 20:50:14 +01:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
2012-03-20 15:40:05 +00:00
|
|
|
|
2012-03-19 16:21:12 +00:00
|
|
|
#include "virauth.h"
|
2012-12-13 17:44:57 +00:00
|
|
|
#include "virutil.h"
|
2012-12-12 17:59:27 +00:00
|
|
|
#include "virlog.h"
|
2012-03-20 15:40:05 +00:00
|
|
|
#include "datatypes.h"
|
2012-12-13 18:21:53 +00:00
|
|
|
#include "virerror.h"
|
2012-03-20 15:40:05 +00:00
|
|
|
#include "configmake.h"
|
2012-03-20 11:11:10 +00:00
|
|
|
#include "virauthconfig.h"
|
2013-04-03 12:36:23 +02:00
|
|
|
#include "virstring.h"
|
2012-03-20 15:40:05 +00:00
|
|
|
|
|
|
|
#define VIR_FROM_THIS VIR_FROM_AUTH
|
|
|
|
|
2014-02-28 12:16:17 +00:00
|
|
|
VIR_LOG_INIT("util.auth");
|
|
|
|
|
2013-07-09 16:14:45 +02:00
|
|
|
int
|
|
|
|
virAuthGetConfigFilePathURI(virURIPtr uri,
|
|
|
|
char **path)
|
2012-03-20 15:40:05 +00:00
|
|
|
{
|
|
|
|
size_t i;
|
2013-10-09 11:18:15 +01:00
|
|
|
const char *authenv = virGetEnvBlockSUID("LIBVIRT_AUTH_FILE");
|
2018-07-13 23:24:54 +05:30
|
|
|
VIR_AUTOFREE(char *) userdir = NULL;
|
2012-03-20 15:40:05 +00:00
|
|
|
|
|
|
|
*path = NULL;
|
|
|
|
|
|
|
|
VIR_DEBUG("Determining auth config file path");
|
|
|
|
|
|
|
|
if (authenv) {
|
|
|
|
VIR_DEBUG("Using path from env '%s'", authenv);
|
2013-05-24 09:19:51 +02:00
|
|
|
if (VIR_STRDUP(*path, authenv) < 0)
|
2018-07-13 23:24:54 +05:30
|
|
|
return -1;
|
2012-03-20 15:40:05 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-07-09 16:14:45 +02:00
|
|
|
if (uri) {
|
|
|
|
for (i = 0; i < uri->paramsCount; i++) {
|
|
|
|
if (STREQ_NULLABLE(uri->params[i].name, "authfile") &&
|
|
|
|
uri->params[i].value) {
|
|
|
|
VIR_DEBUG("Using path from URI '%s'", uri->params[i].value);
|
|
|
|
if (VIR_STRDUP(*path, uri->params[i].value) < 0)
|
2018-07-13 23:24:54 +05:30
|
|
|
return -1;
|
2012-07-24 16:08:46 +02:00
|
|
|
return 0;
|
|
|
|
}
|
2012-03-20 15:40:05 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-05-24 13:29:42 +01:00
|
|
|
if (!(userdir = virGetUserConfigDirectory()))
|
2018-07-13 23:24:54 +05:30
|
|
|
return -1;
|
2012-03-20 15:40:05 +00:00
|
|
|
|
2012-05-03 12:36:27 -04:00
|
|
|
if (virAsprintf(path, "%s/auth.conf", userdir) < 0)
|
2018-07-13 23:24:54 +05:30
|
|
|
return -1;
|
2012-03-20 15:40:05 +00:00
|
|
|
|
|
|
|
VIR_DEBUG("Checking for readability of '%s'", *path);
|
|
|
|
if (access(*path, R_OK) == 0)
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
VIR_FREE(*path);
|
|
|
|
|
2013-05-24 09:19:51 +02:00
|
|
|
if (VIR_STRDUP(*path, SYSCONFDIR "/libvirt/auth.conf") < 0)
|
2018-07-13 23:24:54 +05:30
|
|
|
return -1;
|
2012-03-20 15:40:05 +00:00
|
|
|
|
|
|
|
VIR_DEBUG("Checking for readability of '%s'", *path);
|
|
|
|
if (access(*path, R_OK) == 0)
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
VIR_FREE(*path);
|
|
|
|
|
2014-03-25 07:53:22 +01:00
|
|
|
done:
|
2012-03-20 15:40:05 +00:00
|
|
|
VIR_DEBUG("Using auth file '%s'", NULLSTR(*path));
|
|
|
|
|
2018-07-13 23:24:54 +05:30
|
|
|
return 0;
|
2012-03-20 15:40:05 +00:00
|
|
|
}
|
2010-03-14 20:50:14 +01:00
|
|
|
|
|
|
|
|
2013-07-09 16:14:45 +02:00
|
|
|
int
|
|
|
|
virAuthGetConfigFilePath(virConnectPtr conn,
|
|
|
|
char **path)
|
|
|
|
{
|
|
|
|
return virAuthGetConfigFilePathURI(conn ? conn->uri : NULL, path);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-03-20 11:11:10 +00:00
|
|
|
static int
|
2013-07-09 16:14:45 +02:00
|
|
|
virAuthGetCredential(const char *servicename,
|
|
|
|
const char *hostname,
|
2012-03-20 11:11:10 +00:00
|
|
|
const char *credname,
|
2013-07-09 16:14:45 +02:00
|
|
|
const char *path,
|
2012-03-20 11:11:10 +00:00
|
|
|
char **value)
|
|
|
|
{
|
2018-07-13 23:24:55 +05:30
|
|
|
VIR_AUTOPTR(virAuthConfig) config = NULL;
|
2012-03-20 11:11:10 +00:00
|
|
|
const char *tmp;
|
|
|
|
|
|
|
|
*value = NULL;
|
|
|
|
|
2013-07-09 16:14:45 +02:00
|
|
|
if (path == NULL)
|
|
|
|
return 0;
|
2012-03-20 11:11:10 +00:00
|
|
|
|
|
|
|
if (!(config = virAuthConfigNew(path)))
|
2018-07-13 23:24:55 +05:30
|
|
|
return -1;
|
2012-03-20 11:11:10 +00:00
|
|
|
|
|
|
|
if (virAuthConfigLookup(config,
|
|
|
|
servicename,
|
2013-07-09 16:14:45 +02:00
|
|
|
hostname,
|
2012-03-20 11:11:10 +00:00
|
|
|
credname,
|
|
|
|
&tmp) < 0)
|
2018-07-13 23:24:55 +05:30
|
|
|
return -1;
|
2012-03-20 11:11:10 +00:00
|
|
|
|
2013-05-24 09:19:51 +02:00
|
|
|
if (VIR_STRDUP(*value, tmp) < 0)
|
2018-07-13 23:24:55 +05:30
|
|
|
return -1;
|
2012-03-20 11:11:10 +00:00
|
|
|
|
2018-07-13 23:24:55 +05:30
|
|
|
return 0;
|
2012-03-20 11:11:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-03-14 20:50:14 +01:00
|
|
|
char *
|
2013-07-09 16:14:45 +02:00
|
|
|
virAuthGetUsernamePath(const char *path,
|
|
|
|
virConnectAuthPtr auth,
|
|
|
|
const char *servicename,
|
|
|
|
const char *defaultUsername,
|
|
|
|
const char *hostname)
|
2010-03-14 20:50:14 +01:00
|
|
|
{
|
|
|
|
unsigned int ncred;
|
|
|
|
virConnectCredential cred;
|
2018-07-13 23:24:54 +05:30
|
|
|
VIR_AUTOFREE(char *) prompt = NULL;
|
2012-03-20 11:11:10 +00:00
|
|
|
char *ret = NULL;
|
|
|
|
|
2013-07-09 16:14:45 +02:00
|
|
|
if (virAuthGetCredential(servicename, hostname, "username", path, &ret) < 0)
|
2012-03-20 11:11:10 +00:00
|
|
|
return NULL;
|
|
|
|
if (ret != NULL)
|
|
|
|
return ret;
|
2010-03-14 20:50:14 +01:00
|
|
|
|
2018-08-14 10:03:10 -04:00
|
|
|
if (!auth) {
|
|
|
|
virReportError(VIR_ERR_INVALID_ARG, "%s",
|
|
|
|
_("Missing authentication credentials"));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2012-03-29 10:52:04 +01:00
|
|
|
memset(&cred, 0, sizeof(virConnectCredential));
|
2010-03-14 20:50:14 +01:00
|
|
|
|
|
|
|
if (defaultUsername != NULL) {
|
|
|
|
if (virAsprintf(&prompt, _("Enter username for %s [%s]"), hostname,
|
|
|
|
defaultUsername) < 0) {
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
} else {
|
2014-11-13 15:28:18 +01:00
|
|
|
if (virAsprintf(&prompt, _("Enter username for %s"), hostname) < 0)
|
2010-03-14 20:50:14 +01:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (ncred = 0; ncred < auth->ncredtype; ncred++) {
|
2014-11-13 15:28:18 +01:00
|
|
|
if (auth->credtype[ncred] != VIR_CRED_AUTHNAME)
|
2010-03-14 20:50:14 +01:00
|
|
|
continue;
|
|
|
|
|
2018-08-14 10:05:33 -04:00
|
|
|
if (!auth->cb) {
|
|
|
|
virReportError(VIR_ERR_INVALID_ARG, "%s",
|
|
|
|
_("Missing authentication callback"));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2010-03-14 20:50:14 +01:00
|
|
|
cred.type = VIR_CRED_AUTHNAME;
|
|
|
|
cred.prompt = prompt;
|
|
|
|
cred.challenge = hostname;
|
|
|
|
cred.defresult = defaultUsername;
|
|
|
|
cred.result = NULL;
|
|
|
|
cred.resultlen = 0;
|
|
|
|
|
2018-08-14 10:14:22 -04:00
|
|
|
if ((*(auth->cb))(&cred, 1, auth->cbdata) < 0) {
|
|
|
|
virReportError(VIR_ERR_AUTH_FAILED, "%s",
|
|
|
|
_("Username request failed"));
|
2010-03-14 20:50:14 +01:00
|
|
|
VIR_FREE(cred.result);
|
2018-08-14 10:14:22 -04:00
|
|
|
}
|
2010-03-14 20:50:14 +01:00
|
|
|
|
2018-08-14 10:11:50 -04:00
|
|
|
return cred.result;
|
2010-03-14 20:50:14 +01:00
|
|
|
}
|
|
|
|
|
2018-08-14 10:11:50 -04:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED, "%s",
|
|
|
|
_("Missing VIR_CRED_AUTHNAME credential type"));
|
|
|
|
return NULL;
|
2010-03-14 20:50:14 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
char *
|
2013-07-09 16:14:45 +02:00
|
|
|
virAuthGetUsername(virConnectPtr conn,
|
2012-03-20 11:11:10 +00:00
|
|
|
virConnectAuthPtr auth,
|
|
|
|
const char *servicename,
|
2013-07-09 16:14:45 +02:00
|
|
|
const char *defaultUsername,
|
2010-03-14 20:50:14 +01:00
|
|
|
const char *hostname)
|
2013-07-09 16:14:45 +02:00
|
|
|
{
|
2018-07-13 23:24:54 +05:30
|
|
|
VIR_AUTOFREE(char *) path = NULL;
|
2013-07-09 16:14:45 +02:00
|
|
|
|
|
|
|
if (virAuthGetConfigFilePath(conn, &path) < 0)
|
|
|
|
return NULL;
|
|
|
|
|
2018-07-13 23:24:54 +05:30
|
|
|
return virAuthGetUsernamePath(path, auth, servicename,
|
2018-08-14 12:34:43 -04:00
|
|
|
defaultUsername, hostname);
|
2013-07-09 16:14:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
char *
|
|
|
|
virAuthGetPasswordPath(const char *path,
|
|
|
|
virConnectAuthPtr auth,
|
|
|
|
const char *servicename,
|
|
|
|
const char *username,
|
|
|
|
const char *hostname)
|
2010-03-14 20:50:14 +01:00
|
|
|
{
|
|
|
|
unsigned int ncred;
|
|
|
|
virConnectCredential cred;
|
2018-07-13 23:24:54 +05:30
|
|
|
VIR_AUTOFREE(char *) prompt = NULL;
|
2012-03-20 11:11:10 +00:00
|
|
|
char *ret = NULL;
|
|
|
|
|
2013-07-09 16:14:45 +02:00
|
|
|
if (virAuthGetCredential(servicename, hostname, "password", path, &ret) < 0)
|
2012-03-20 11:11:10 +00:00
|
|
|
return NULL;
|
|
|
|
if (ret != NULL)
|
|
|
|
return ret;
|
2010-03-14 20:50:14 +01:00
|
|
|
|
2018-08-14 10:03:10 -04:00
|
|
|
if (!auth) {
|
|
|
|
virReportError(VIR_ERR_INVALID_ARG, "%s",
|
|
|
|
_("Missing authentication credentials"));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2012-03-29 10:52:04 +01:00
|
|
|
memset(&cred, 0, sizeof(virConnectCredential));
|
2010-03-14 20:50:14 +01:00
|
|
|
|
|
|
|
if (virAsprintf(&prompt, _("Enter %s's password for %s"), username,
|
|
|
|
hostname) < 0) {
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (ncred = 0; ncred < auth->ncredtype; ncred++) {
|
|
|
|
if (auth->credtype[ncred] != VIR_CRED_PASSPHRASE &&
|
|
|
|
auth->credtype[ncred] != VIR_CRED_NOECHOPROMPT) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2018-08-14 10:05:33 -04:00
|
|
|
if (!auth->cb) {
|
|
|
|
virReportError(VIR_ERR_INVALID_ARG, "%s",
|
|
|
|
_("Missing authentication callback"));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2010-03-14 20:50:14 +01:00
|
|
|
cred.type = auth->credtype[ncred];
|
|
|
|
cred.prompt = prompt;
|
|
|
|
cred.challenge = hostname;
|
|
|
|
cred.defresult = NULL;
|
|
|
|
cred.result = NULL;
|
|
|
|
cred.resultlen = 0;
|
|
|
|
|
2018-08-14 10:14:22 -04:00
|
|
|
if ((*(auth->cb))(&cred, 1, auth->cbdata) < 0) {
|
|
|
|
virReportError(VIR_ERR_AUTH_FAILED, "%s",
|
|
|
|
_("Password request failed"));
|
2010-03-14 20:50:14 +01:00
|
|
|
VIR_FREE(cred.result);
|
2018-08-14 10:14:22 -04:00
|
|
|
}
|
2010-03-14 20:50:14 +01:00
|
|
|
|
2018-08-14 10:11:50 -04:00
|
|
|
return cred.result;
|
2010-03-14 20:50:14 +01:00
|
|
|
}
|
|
|
|
|
2018-08-14 10:11:50 -04:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED, "%s",
|
|
|
|
_("Missing VIR_CRED_PASSPHRASE or VIR_CRED_NOECHOPROMPT "
|
|
|
|
"credential type"));
|
|
|
|
return NULL;
|
2010-03-14 20:50:14 +01:00
|
|
|
}
|
2013-07-09 16:14:45 +02:00
|
|
|
|
|
|
|
|
|
|
|
char *
|
|
|
|
virAuthGetPassword(virConnectPtr conn,
|
|
|
|
virConnectAuthPtr auth,
|
|
|
|
const char *servicename,
|
|
|
|
const char *username,
|
|
|
|
const char *hostname)
|
|
|
|
{
|
2018-07-13 23:24:54 +05:30
|
|
|
VIR_AUTOFREE(char *) path = NULL;
|
2013-07-09 16:14:45 +02:00
|
|
|
|
|
|
|
if (virAuthGetConfigFilePath(conn, &path) < 0)
|
|
|
|
return NULL;
|
|
|
|
|
2018-07-13 23:24:54 +05:30
|
|
|
return virAuthGetPasswordPath(path, auth, servicename, username, hostname);
|
2013-07-09 16:14:45 +02:00
|
|
|
}
|