On Mon, Apr 01, 2019 at 09:33:31AM +0200, Ján Tomko wrote:
Suggest some passwords to the user.
Signed-off-by: Ján Tomko <jtomko@redhat.com> --- tools/virsh-completer.c | 58 +++++++++++++++++++++++++++++++++++++++++ tools/virsh-completer.h | 4 +++ tools/virsh-domain.c | 1 + 3 files changed, 63 insertions(+)
diff --git a/tools/virsh-completer.c b/tools/virsh-completer.c index 5985f09272..0687670d37 100644 --- a/tools/virsh-completer.c +++ b/tools/virsh-completer.c @@ -32,6 +32,7 @@ #include "virutil.h" #include "viralloc.h" #include "virmacaddr.h" +#include "virrandom.h" #include "virstring.h" #include "virxml.h"
@@ -936,3 +937,60 @@ virshDomainDeviceAliasCompleter(vshControl *ctl, VIR_STEAL_PTR(ret, tmp); return ret; } + + +const char *builtin_passwords[] = { + "hunter2", /* ******* */ + "nbusr123", /* Keď nevieš, tak nefušuj */ + "4ezgi4", +};
This is quite a limited list of paswords. I think it would be useful to expand it with the password dump from haveibeenpwned.com The main problem is that the overhead of a static array with 500,000,000 passwords might make libvirt packages too large. RPM used to have problems with packages larger than 2 GB, so not sure how well it will handle 11 GB RPMs. There could be a negative impact on memory usage when running libvirt, though virt hosts usually have lots of RAM, so reserving 11 GB for virsh shouldn't be too big a problem.
+ + +char ** +virshPasswordCompleter(vshControl *ctl ATTRIBUTE_UNUSED, + const vshCmd *cmd ATTRIBUTE_UNUSED, + unsigned int flags) +{ + VIR_AUTOFREE(char *) base64 = NULL; + VIR_AUTOFREE(unsigned char *) rand = NULL; + VIR_AUTOSTRINGLIST tmp = NULL; + const size_t optimal_passlen = 8; /* ought to be enough */ + const char *prefix = NULL; + const size_t num = 1; + char **ret = NULL; + size_t missing; + size_t i; + + virCheckFlags(0, NULL); + + if (VIR_ALLOC_N(tmp, num + ARRAY_CARDINALITY(builtin_passwords) + 1) < 0) + return NULL; + + ignore_value(vshCommandOptStringQuiet(ctl, cmd, "password", &prefix)); + if (STREQ_NULLABLE(prefix, " ")) + prefix = NULL; + + missing = optimal_passlen - MIN(strlen(NULLSTR_EMPTY(prefix)), optimal_passlen); + + if (VIR_ALLOC_N(rand, 7) < 0) + return NULL; + + if (virRandomBytes(rand, 6) < 0) + return NULL; + + if (!(base64 = virStringEncodeBase64(rand, 6))) + return NULL; + + base64[missing] = '\0'; + + if (virAsprintf(&tmp[0], "%s%s", NULLSTR_EMPTY(prefix), base64) < 0) + return NULL; + + for (i = 0; i < ARRAY_CARDINALITY(builtin_passwords); i++) { + if (VIR_STRDUP(tmp[i + 1], builtin_passwords[i]) < 0) + return NULL;
Hmm, so an 11 GB static password list will need another 11GB of heap allocation. This is getting quite inefficient at scale. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|