[pve-devel] [RFC PATCH qemu-server] implement set-user-password guest agent api call
Dominik Csapak
d.csapak at proxmox.com
Tue May 22 14:07:06 CEST 2018
this executes the guest agent command 'set-user-password'
with which one can change the password of an existing user in the vm
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
sending as rfc, because i am not sure if we want this kind
of api call at all, and if we do, if the permissions are enough
(with VM.Monitor you can do a lot already, e.g. dumping guest memory)
or if we want to try to expand the register_command method to
integrate parameters (which is not that easy, especially if qemu
wants the password base64 encoded, etc.)
i tested this on current debian and windows, and i did not encounter
any problems; the passwords were succesfully set
PVE/API2/Qemu/Agent.pm | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 58 insertions(+)
diff --git a/PVE/API2/Qemu/Agent.pm b/PVE/API2/Qemu/Agent.pm
index 9af5d5f..265652f 100644
--- a/PVE/API2/Qemu/Agent.pm
+++ b/PVE/API2/Qemu/Agent.pm
@@ -6,6 +6,8 @@ use warnings;
use PVE::RESTHandler;
use PVE::JSONSchema qw(get_standard_option);
use PVE::QemuServer;
+use MIME::Base64 qw(encode_base64);
+use JSON;
use base qw(PVE::RESTHandler);
@@ -190,4 +192,60 @@ for my $cmd (sort keys %$guest_agent_commands) {
__PACKAGE__->register_command($cmd, $props->{method}, $props->{perms});
}
+# commands with parameters are complicated and we want to register them manually
+__PACKAGE__->register_method({
+ name => 'set-user-password',
+ path => 'set-user-password',
+ method => 'POST',
+ protected => 1,
+ proxyto => 'node',
+ description => "Sets the password for the given user to the given password",
+ permissions => { check => [ 'perm', '/vms/{vmid}', [ 'VM.Monitor' ]]},
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid', {
+ completion => \&PVE::QemuServer::complete_vmid_running }),
+ username => {
+ type => 'string',
+ description => 'The user to set the password for.'
+ },
+ password => {
+ type => 'string',
+ description => 'The password to set',
+ },
+ crypted => {
+ type => 'boolean',
+ description => 'set to 1 if the password has already been passed through crypt()',
+ optional => 1,
+ default => 0,
+ },
+ },
+ },
+ returns => {
+ type => 'object',
+ description => "Returns an object with a single `result` property.",
+ },
+ code => sub {
+ my ($param) = @_;
+
+ my $vmid = $param->{vmid};
+
+ my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists
+
+ die "No Qemu Guest Agent\n" if !defined($conf->{agent});
+ die "VM $vmid is not running\n" if !PVE::QemuServer::check_running($vmid);
+
+ my $crypted = $param->{crypted} // 0;
+ my $args = {
+ username => $param->{username},
+ password => encode_base64($param->{password}),
+ crypted => $crypted ? JSON::true : JSON::false,
+ };
+ my $res = PVE::QemuServer::vm_mon_cmd($vmid, "guest-set-user-password", %$args);
+
+ return { result => $res };
+ }});
+
1;
--
2.11.0
More information about the pve-devel
mailing list