[pve-devel] [RFC PATCH qemu-server] implement set-user-password guest agent api call

Dominik Csapak d.csapak at proxmox.com
Tue May 22 14:07:06 CEST 2018


this executes the guest agent command 'set-user-password'
with which one can change the password of an existing user in the vm

Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
sending as rfc, because i am not sure if we want this kind
of api call at all, and if we do, if the permissions are enough
(with VM.Monitor you can do a lot already, e.g. dumping guest memory)
or if we want to try to expand the register_command method to
integrate parameters (which is not that easy, especially if qemu
wants the password base64 encoded, etc.)

i tested this on current debian and windows, and i did not encounter
any problems; the passwords were succesfully set
 PVE/API2/Qemu/Agent.pm | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)

diff --git a/PVE/API2/Qemu/Agent.pm b/PVE/API2/Qemu/Agent.pm
index 9af5d5f..265652f 100644
--- a/PVE/API2/Qemu/Agent.pm
+++ b/PVE/API2/Qemu/Agent.pm
@@ -6,6 +6,8 @@ use warnings;
 use PVE::RESTHandler;
 use PVE::JSONSchema qw(get_standard_option);
 use PVE::QemuServer;
+use MIME::Base64 qw(encode_base64);
+use JSON;
 
 use base qw(PVE::RESTHandler);
 
@@ -190,4 +192,60 @@ for my $cmd (sort keys %$guest_agent_commands) {
     __PACKAGE__->register_command($cmd, $props->{method}, $props->{perms});
 }
 
+# commands with parameters are complicated and we want to register them manually
+__PACKAGE__->register_method({
+    name => 'set-user-password',
+    path => 'set-user-password',
+    method => 'POST',
+    protected => 1,
+    proxyto => 'node',
+    description => "Sets the password for the given user to the given password",
+    permissions => { check => [ 'perm', '/vms/{vmid}', [ 'VM.Monitor' ]]},
+    parameters => {
+	additionalProperties => 0,
+	properties => {
+	    node => get_standard_option('pve-node'),
+	    vmid => get_standard_option('pve-vmid', {
+		    completion => \&PVE::QemuServer::complete_vmid_running }),
+	    username => {
+		type => 'string',
+		description => 'The user to set the password for.'
+	    },
+	    password => {
+		type => 'string',
+		description => 'The password to set',
+	    },
+	    crypted => {
+		type => 'boolean',
+		description => 'set to 1 if the password has already been passed through crypt()',
+		optional => 1,
+		default => 0,
+	    },
+	},
+    },
+    returns => {
+	type => 'object',
+	description => "Returns an object with a single `result` property.",
+    },
+    code => sub {
+	my ($param) = @_;
+
+	my $vmid = $param->{vmid};
+
+	my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists
+
+	die "No Qemu Guest Agent\n" if !defined($conf->{agent});
+	die "VM $vmid is not running\n" if !PVE::QemuServer::check_running($vmid);
+
+	my $crypted = $param->{crypted} // 0;
+	my $args = {
+	    username => $param->{username},
+	    password => encode_base64($param->{password}),
+	    crypted => $crypted ? JSON::true : JSON::false,
+	};
+	my $res = PVE::QemuServer::vm_mon_cmd($vmid, "guest-set-user-password", %$args);
+
+	return { result => $res };
+    }});
+
 1;
-- 
2.11.0




More information about the pve-devel mailing list