util: auth: Introduce virAuthAskCredential

The helper uses the user-provided auth callbacks to ask the user. The
helper encapsulates the steps we do to query the user in few places into
a common helper which can be then used further.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 576ec8f95f174ca61f1861b79049c80d02d813f5..5616c0d44c4a39e28888f652131c10e7f3575874 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1850,6 +1850,8 @@ virAuditSend;
 
 
 # util/virauth.h
+virAuthAskCredential;
+virAuthConnectCredentialFree;
 virAuthGetConfigFilePath;
 virAuthGetConfigFilePathURI;
 virAuthGetPassword;

diff --git a/src/util/virauth.c b/src/util/virauth.c
index b9c2ae3ed1a9321374b3612299d3661e7bca0e4f..42b77f750a8d7873c5f536257d98084151e5031c 100644 (file)
--- a/src/util/virauth.c
+++ b/src/util/virauth.c
@@ -31,6 +31,7 @@
 #include "virerror.h"
 #include "configmake.h"
 #include "virauthconfig.h"
+#include "virsecureerase.h"
 
 #define VIR_FROM_THIS VIR_FROM_AUTH
 
@@ -283,3 +284,68 @@ virAuthGetPassword(virConnectPtr conn,
 
     return virAuthGetPasswordPath(path, auth, servicename, username, hostname);
 }
+
+
+void
+virAuthConnectCredentialFree(virConnectCredential *cred)
+{
+    if (cred->result) {
+        virSecureErase(cred->result, cred->resultlen);
+        g_free(cred->result);
+    }
+    g_free(cred);
+}
+
+
+/**
+ * virAuthAskCredential:
+ * @auth: authentication callback data
+ * @prompt: question string to ask the user
+ * @echo: false if user's reply should be considered sensitive and not echoed
+ *
+ * Invoke the authentication callback for the connection @auth and ask the user
+ * the question in @prompt. If @echo is false user's reply should be collected
+ * as sensitive (user's input not printed on screen).
+ */
+virConnectCredential *
+virAuthAskCredential(virConnectAuthPtr auth,
+                     const char *prompt,
+                     bool echo)
+{
+    g_autoptr(virConnectCredential) ret = g_new0(virConnectCredential, 1);
+    size_t i;
+
+    ret->type = -1;
+
+    for (i = 0; i < auth->ncredtype; ++i) {
+        int type = auth->credtype[i];
+        if (echo) {
+            if (type == VIR_CRED_ECHOPROMPT) {
+                ret->type = type;
+                break;
+            }
+        } else {
+            if (type == VIR_CRED_PASSPHRASE ||
+                type == VIR_CRED_NOECHOPROMPT) {
+                ret->type = type;
+                break;
+            }
+        }
+    }
+
+    if (ret->type == -1) {
+        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                       _("no suitable callback authentication callback was found"));
+        return NULL;
+    }
+
+    ret->prompt = prompt;
+
+    if (auth->cb(ret, 1, auth->cbdata) < 0) {
+        virReportError(VIR_ERR_OPERATION_FAILED, "%s",
+                       _("failed to retrieve user response for authentication callback"));
+        return NULL;
+    }
+
+    return g_steal_pointer(&ret);
+}

diff --git a/src/util/virauth.h b/src/util/virauth.h
index a0fd84962bc548357e8cdbb6e49421688ee36a06..3eaf40c62639183d6930576108c6ac0002265c38 100644 (file)
--- a/src/util/virauth.h
+++ b/src/util/virauth.h
@@ -52,3 +52,10 @@ char * virAuthGetPasswordPath(const char *path,
                               const char *servicename,
                               const char *username,
                               const char *hostname);
+
+virConnectCredential *virAuthAskCredential(virConnectAuthPtr auth,
+                                           const char *prompt,
+                                           bool echo);
+
+void virAuthConnectCredentialFree(virConnectCredential *cred);
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(virConnectCredential, virAuthConnectCredentialFree);