[Libvir] PATCH: vncpasswd

[Daniel P. Berrange]

On Fri, Sep 28, 2007 at 09:32:46PM +0100, Daniel P. Berrange wrote:
> On Fri, Sep 28, 2007 at 04:14:35PM -0400, Mark Johnson wrote:
> > 
> > This adds support for handling vncpasswd..
> 
> The reason I left this out is that XML ends up in log files, which then
> end up in bug reports, which then end up indexed by Google !  Also the XML
> dump is oneof the data items available to users on read-only connections
> to libvirt. These users shouldn't be able to get the password.
> 
> At the same time we clearly need to be able to get the passwd at times. We
> currently have an otherwise unused 'flags' parameter to the virDomainGetXMLDesc
> method. So I propose we make use of it, so if an app knows it really needs the
> XML with potentially sensitive data it can explicitly ask for it. It is also
> possible that there can be slight differences in XML for an inactive guest
> vs an active one. For example, the <target> element for VIFs would not be 
> present for inactive guests, the port number would be '-1' for VNC if used auto
> generated ports. Having an flag to explicitly request the XML for 'inactive'
> state, even when a VM is running would be useful to me in virt-manager. 
> 
> So how about we add
> 
>    enum  virDomainXMLFlags {
>        VIR_DOMAIN_XML_SECURE = 1,
>        VIR_DOMAIN_XML_INACTIVE = 1,
>    }
> 
> With the recomnmendation that if an app uses VIR_DOMAIN_XML_SECURE it should
> take care not to record that XML  anywhere persistent.
> 
> Mark's patch would basically be the same, but with a couple of lines being
> conditional on the VIR_DOMAIN_XML_SECURE flag.

Daniel V just committed this patch with my suggested flags addition too.

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|