Blame SOURCES/0031-v2v-Add-password-file-parameter-RHBZ-1158526.patch

0d20ef
From f9146d6ccbaed3cc6e25f5c7c8462cb8d1514c28 Mon Sep 17 00:00:00 2001
0d20ef
From: "Richard W.M. Jones" <rjones@redhat.com>
0d20ef
Date: Thu, 30 Oct 2014 13:34:12 +0000
0d20ef
Subject: [PATCH] v2v: Add --password-file parameter (RHBZ#1158526).
0d20ef
0d20ef
This allows you to send passwords to virt-v2v input modes without
0d20ef
being interactive.
0d20ef
0d20ef
(cherry picked from commit 65abc4420325c1226b002f2304709b2040160877)
0d20ef
---
0d20ef
 v2v/cmdline.ml                      | 13 +++++++++-
0d20ef
 v2v/domainxml-c.c                   | 52 ++++++++++++++++++++++++++++++++-----
0d20ef
 v2v/domainxml.ml                    |  2 +-
0d20ef
 v2v/domainxml.mli                   |  4 +--
0d20ef
 v2v/input_libvirt.ml                | 12 ++++-----
0d20ef
 v2v/input_libvirt.mli               |  4 +--
0d20ef
 v2v/input_libvirt_other.ml          |  8 +++---
0d20ef
 v2v/input_libvirt_other.mli         |  4 +--
0d20ef
 v2v/input_libvirt_vcenter_https.ml  | 29 +++++++++++++--------
0d20ef
 v2v/input_libvirt_vcenter_https.mli |  2 +-
0d20ef
 v2v/input_libvirt_xen_ssh.ml        |  6 ++---
0d20ef
 v2v/input_libvirt_xen_ssh.mli       |  2 +-
0d20ef
 v2v/virt-v2v.pod                    | 10 ++++++-
0d20ef
 13 files changed, 106 insertions(+), 42 deletions(-)
0d20ef
0d20ef
diff --git a/v2v/cmdline.ml b/v2v/cmdline.ml
0d20ef
index 6f8a964..9c3253e 100644
0d20ef
--- a/v2v/cmdline.ml
0d20ef
+++ b/v2v/cmdline.ml
0d20ef
@@ -42,6 +42,7 @@ let parse_cmdline () =
0d20ef
   let output_format = ref "" in
0d20ef
   let output_name = ref "" in
0d20ef
   let output_storage = ref "" in
0d20ef
+  let password_file = ref "" in
0d20ef
   let print_source = ref false in
0d20ef
   let qemu_boot = ref false in
0d20ef
   let quiet = ref false in
0d20ef
@@ -165,6 +166,7 @@ let parse_cmdline () =
0d20ef
     "-of",       Arg.Set_string output_format, "raw|qcow2 " ^ s_"Set output format";
0d20ef
     "-on",       Arg.Set_string output_name, "name " ^ s_"Rename guest when converting";
0d20ef
     "-os",       Arg.Set_string output_storage, "storage " ^ s_"Set output storage location";
0d20ef
+    "--password-file", Arg.Set_string password_file, "file " ^ s_"Use password from file";
0d20ef
     "--print-source", Arg.Set print_source, " " ^ s_"Print source and stop";
0d20ef
     "--qemu-boot", Arg.Set qemu_boot,       " " ^ s_"Boot in qemu (-o qemu only)";
0d20ef
     "-q",        Arg.Set quiet,             " " ^ s_"Quiet output";
0d20ef
@@ -227,6 +229,7 @@ read the man page virt-v2v(1).
0d20ef
   let output_mode = !output_mode in
0d20ef
   let output_name = match !output_name with "" -> None | s -> Some s in
0d20ef
   let output_storage = !output_storage in
0d20ef
+  let password_file = match !password_file with "" -> None | s -> Some s in
0d20ef
   let print_source = !print_source in
0d20ef
   let qemu_boot = !qemu_boot in
0d20ef
   let quiet = !quiet in
0d20ef
@@ -256,6 +259,14 @@ read the man page virt-v2v(1).
0d20ef
     exit 0
0d20ef
   );
0d20ef
 
0d20ef
+  (* Parse out the password from the password file. *)
0d20ef
+  let password =
0d20ef
+    match password_file with
0d20ef
+    | None -> None
0d20ef
+    | Some filename ->
0d20ef
+      let password = read_whole_file filename in
0d20ef
+      Some password in
0d20ef
+
0d20ef
   (* Parsing of the argument(s) depends on the input mode. *)
0d20ef
   let input =
0d20ef
     match input_mode with
0d20ef
@@ -278,7 +289,7 @@ read the man page virt-v2v(1).
0d20ef
         | [guest] -> guest
0d20ef
         | _ ->
0d20ef
           error (f_"expecting a libvirt guest name on the command line") in
0d20ef
-      Input_libvirt.input_libvirt verbose input_conn guest
0d20ef
+      Input_libvirt.input_libvirt verbose password input_conn guest
0d20ef
 
0d20ef
     | `LibvirtXML ->
0d20ef
       (* -i libvirtxml: Expecting a filename (XML file). *)
0d20ef
diff --git a/v2v/domainxml-c.c b/v2v/domainxml-c.c
0d20ef
index 8a55030..6fa8270 100644
0d20ef
--- a/v2v/domainxml-c.c
0d20ef
+++ b/v2v/domainxml-c.c
0d20ef
@@ -74,13 +74,47 @@ get_dom_state (virDomainPtr dom)
0d20ef
   return -1;
0d20ef
 }
0d20ef
 
0d20ef
+/* See src/libvirt-auth.c for why we need this. */
0d20ef
+static int
0d20ef
+libvirt_auth_default_wrapper (virConnectCredentialPtr cred,
0d20ef
+                              unsigned int ncred,
0d20ef
+                              void *passwordvp)
0d20ef
+{
0d20ef
+  const char *password = passwordvp;
0d20ef
+  unsigned int i;
0d20ef
+
0d20ef
+  if (password) {
0d20ef
+    /* If --password-file was specified on the command line, and the
0d20ef
+     * libvirt handler is asking for a password, return that.
0d20ef
+     */
0d20ef
+    for (i = 0; i < ncred; ++i) {
0d20ef
+      if (cred[i].type == VIR_CRED_PASSPHRASE) {
0d20ef
+        cred[i].result = strdup (password);
0d20ef
+        cred[i].resultlen = strlen (password);
0d20ef
+      }
0d20ef
+      else {
0d20ef
+        cred[i].result = NULL;
0d20ef
+        cred[i].resultlen = 0;
0d20ef
+      }
0d20ef
+    }
0d20ef
+    return 0;
0d20ef
+  }
0d20ef
+  else {
0d20ef
+    /* No --password-file so call the default handler. */
0d20ef
+    return virConnectAuthPtrDefault->cb (cred, ncred,
0d20ef
+                                         virConnectAuthPtrDefault->cbdata);
0d20ef
+  }
0d20ef
+}
0d20ef
+
0d20ef
 value
0d20ef
-v2v_dumpxml (value connv, value domnamev)
0d20ef
+v2v_dumpxml (value passwordv, value connv, value domnamev)
0d20ef
 {
0d20ef
-  CAMLparam2 (connv, domnamev);
0d20ef
+  CAMLparam3 (passwordv, connv, domnamev);
0d20ef
   CAMLlocal1 (retv);
0d20ef
+  const char *password = NULL;
0d20ef
   const char *conn_uri = NULL;
0d20ef
   const char *domname;
0d20ef
+  virConnectAuth authdata;
0d20ef
   /* We have to assemble the error on the stack because a dynamic
0d20ef
    * string couldn't be freed.
0d20ef
    */
0d20ef
@@ -91,16 +125,20 @@ v2v_dumpxml (value connv, value domnamev)
0d20ef
   int is_test_uri = 0;
0d20ef
   char *xml;
0d20ef
 
0d20ef
+  if (passwordv != Val_int (0))
0d20ef
+    password = String_val (Field (passwordv, 0)); /* Some password */
0d20ef
+
0d20ef
   if (connv != Val_int (0)) {
0d20ef
     conn_uri = String_val (Field (connv, 0)); /* Some conn */
0d20ef
     is_test_uri = STRPREFIX (conn_uri, "test:");
0d20ef
   }
0d20ef
 
0d20ef
-  /* We have to call the default authentication handler, not least
0d20ef
-   * since it handles all the PolicyKit crap.  However it also makes
0d20ef
-   * coding this simpler.
0d20ef
-   */
0d20ef
-  conn = virConnectOpenAuth (conn_uri, virConnectAuthPtrDefault, VIR_CONNECT_RO);
0d20ef
+  /* Set up authentication wrapper. */
0d20ef
+  authdata = *virConnectAuthPtrDefault;
0d20ef
+  authdata.cb = libvirt_auth_default_wrapper;
0d20ef
+  authdata.cbdata = (void *) password;
0d20ef
+
0d20ef
+  conn = virConnectOpenAuth (conn_uri, &authdata, VIR_CONNECT_RO);
0d20ef
   if (conn == NULL) {
0d20ef
     if (conn_uri)
0d20ef
       snprintf (errmsg, sizeof errmsg,
0d20ef
diff --git a/v2v/domainxml.ml b/v2v/domainxml.ml
0d20ef
index d240918..61ed5e0 100644
0d20ef
--- a/v2v/domainxml.ml
0d20ef
+++ b/v2v/domainxml.ml
0d20ef
@@ -18,5 +18,5 @@
0d20ef
 
0d20ef
 (* [virsh dumpxml] but with non-broken authentication handling. *)
0d20ef
 
0d20ef
-external dumpxml : ?conn:string -> string -> string = "v2v_dumpxml"
0d20ef
+external dumpxml : ?password:string -> ?conn:string -> string -> string = "v2v_dumpxml"
0d20ef
 external pool_dumpxml : ?conn:string -> string -> string = "v2v_pool_dumpxml"
0d20ef
diff --git a/v2v/domainxml.mli b/v2v/domainxml.mli
0d20ef
index ced55ce..ffb1c46 100644
0d20ef
--- a/v2v/domainxml.mli
0d20ef
+++ b/v2v/domainxml.mli
0d20ef
@@ -23,8 +23,8 @@
0d20ef
     password prompt to stdout, which is the same place we would be
0d20ef
     reading the XML from.  This file works around this brokenness. *)
0d20ef
 
0d20ef
-val dumpxml : ?conn:string -> string -> string
0d20ef
-(** [dumpxml ?conn dom] returns the libvirt XML of domain [dom].
0d20ef
+val dumpxml : ?password:string -> ?conn:string -> string -> string
0d20ef
+(** [dumpxml ?password ?conn dom] returns the libvirt XML of domain [dom].
0d20ef
     The optional [?conn] parameter is the libvirt connection URI.
0d20ef
     [dom] may be a guest name or UUID. *)
0d20ef
 
0d20ef
diff --git a/v2v/input_libvirt.ml b/v2v/input_libvirt.ml
0d20ef
index 60e88ac..aff97ac 100644
0d20ef
--- a/v2v/input_libvirt.ml
0d20ef
+++ b/v2v/input_libvirt.ml
0d20ef
@@ -27,10 +27,10 @@ open Types
0d20ef
 open Utils
0d20ef
 
0d20ef
 (* Choose the right subclass based on the URI. *)
0d20ef
-let input_libvirt verbose libvirt_uri guest =
0d20ef
+let input_libvirt verbose password libvirt_uri guest =
0d20ef
   match libvirt_uri with
0d20ef
   | None ->
0d20ef
-    Input_libvirt_other.input_libvirt_other verbose libvirt_uri guest
0d20ef
+    Input_libvirt_other.input_libvirt_other verbose password libvirt_uri guest
0d20ef
 
0d20ef
   | Some orig_uri ->
0d20ef
     let { Xml.uri_server = server; uri_scheme = scheme } as parsed_uri =
0d20ef
@@ -45,15 +45,15 @@ let input_libvirt verbose libvirt_uri guest =
0d20ef
 
0d20ef
     | Some _, None                      (* No scheme? *)
0d20ef
     | Some _, Some "" ->
0d20ef
-      Input_libvirt_other.input_libvirt_other verbose libvirt_uri guest
0d20ef
+      Input_libvirt_other.input_libvirt_other verbose password libvirt_uri guest
0d20ef
 
0d20ef
     | Some server, Some ("esx"|"gsx"|"vpx" as scheme) -> (* vCenter over https *)
0d20ef
       Input_libvirt_vcenter_https.input_libvirt_vcenter_https
0d20ef
-        verbose libvirt_uri parsed_uri scheme server guest
0d20ef
+        verbose password libvirt_uri parsed_uri scheme server guest
0d20ef
 
0d20ef
     | Some server, Some ("xen+ssh" as scheme) -> (* Xen over SSH *)
0d20ef
       Input_libvirt_xen_ssh.input_libvirt_xen_ssh
0d20ef
-        verbose libvirt_uri parsed_uri scheme server guest
0d20ef
+        verbose password libvirt_uri parsed_uri scheme server guest
0d20ef
 
0d20ef
     (* Old virt-v2v also supported qemu+ssh://.  However I am
0d20ef
      * deliberately not supporting this in new virt-v2v.  Don't
0d20ef
@@ -63,6 +63,6 @@ let input_libvirt verbose libvirt_uri guest =
0d20ef
     | Some _, Some _ ->             (* Unknown remote scheme. *)
0d20ef
       warning ~prog (f_"no support for remote libvirt connections to '-ic %s'.  The conversion may fail when it tries to read the source disks.")
0d20ef
         orig_uri;
0d20ef
-      Input_libvirt_other.input_libvirt_other verbose libvirt_uri guest
0d20ef
+      Input_libvirt_other.input_libvirt_other verbose password libvirt_uri guest
0d20ef
 
0d20ef
 let () = Modules_list.register_input_module "libvirt"
0d20ef
diff --git a/v2v/input_libvirt.mli b/v2v/input_libvirt.mli
0d20ef
index 1ed704b..bdd40b6 100644
0d20ef
--- a/v2v/input_libvirt.mli
0d20ef
+++ b/v2v/input_libvirt.mli
0d20ef
@@ -18,7 +18,7 @@
0d20ef
 
0d20ef
 (** [-i libvirt] source. *)
0d20ef
 
0d20ef
-val input_libvirt : bool -> string option -> string -> Types.input
0d20ef
-(** [input_libvirt verbose libvirt_uri guest] creates and returns a
0d20ef
+val input_libvirt : bool -> string option -> string option -> string -> Types.input
0d20ef
+(** [input_libvirt verbose password libvirt_uri guest] creates and returns a
0d20ef
     new {!Types.input} object specialized for reading input from
0d20ef
     libvirt sources. *)
0d20ef
diff --git a/v2v/input_libvirt_other.ml b/v2v/input_libvirt_other.ml
0d20ef
index 9f3eedb..c704af6 100644
0d20ef
--- a/v2v/input_libvirt_other.ml
0d20ef
+++ b/v2v/input_libvirt_other.ml
0d20ef
@@ -43,7 +43,7 @@ let error_if_no_ssh_agent () =
0d20ef
     error (f_"ssh-agent authentication has not been set up ($SSH_AUTH_SOCK is not set).  Please read \"INPUT FROM RHEL 5 XEN\" in the virt-v2v(1) man page.")
0d20ef
 
0d20ef
 (* Superclass. *)
0d20ef
-class virtual input_libvirt verbose libvirt_uri guest =
0d20ef
+class virtual input_libvirt verbose password libvirt_uri guest =
0d20ef
 object
0d20ef
   inherit input verbose
0d20ef
 
0d20ef
@@ -58,9 +58,9 @@ end
0d20ef
 (* Subclass specialized for handling anything that's *not* VMware vCenter
0d20ef
  * or Xen.
0d20ef
  *)
0d20ef
-class input_libvirt_other verbose libvirt_uri guest =
0d20ef
+class input_libvirt_other verbose password libvirt_uri guest =
0d20ef
 object
0d20ef
-  inherit input_libvirt verbose libvirt_uri guest
0d20ef
+  inherit input_libvirt verbose password libvirt_uri guest
0d20ef
 
0d20ef
   method source () =
0d20ef
     if verbose then printf "input_libvirt_other: source()\n%!";
0d20ef
@@ -68,7 +68,7 @@ object
0d20ef
     (* Get the libvirt XML.  This also checks (as a side-effect)
0d20ef
      * that the domain is not running.  (RHBZ#1138586)
0d20ef
      *)
0d20ef
-    let xml = Domainxml.dumpxml ?conn:libvirt_uri guest in
0d20ef
+    let xml = Domainxml.dumpxml ?password ?conn:libvirt_uri guest in
0d20ef
 
0d20ef
     let source, disks = Input_libvirtxml.parse_libvirt_xml ~verbose xml in
0d20ef
     let disks =
0d20ef
diff --git a/v2v/input_libvirt_other.mli b/v2v/input_libvirt_other.mli
0d20ef
index 013d3bb..3eb82cb 100644
0d20ef
--- a/v2v/input_libvirt_other.mli
0d20ef
+++ b/v2v/input_libvirt_other.mli
0d20ef
@@ -21,10 +21,10 @@
0d20ef
 val error_if_libvirt_backend : unit -> unit
0d20ef
 val error_if_no_ssh_agent : unit -> unit
0d20ef
 
0d20ef
-class virtual input_libvirt : bool -> string option -> string -> object
0d20ef
+class virtual input_libvirt : bool -> string option -> string option -> string -> object
0d20ef
   method as_options : string
0d20ef
   method virtual source : unit -> Types.source
0d20ef
   method adjust_overlay_parameters : Types.overlay -> unit
0d20ef
 end
0d20ef
 
0d20ef
-val input_libvirt_other : bool -> string option -> string -> Types.input
0d20ef
+val input_libvirt_other : bool -> string option -> string option -> string -> Types.input
0d20ef
diff --git a/v2v/input_libvirt_vcenter_https.ml b/v2v/input_libvirt_vcenter_https.ml
0d20ef
index e514362..3d14a27 100644
0d20ef
--- a/v2v/input_libvirt_vcenter_https.ml
0d20ef
+++ b/v2v/input_libvirt_vcenter_https.ml
0d20ef
@@ -38,7 +38,7 @@ let readahead_for_copying = Some (64 * 1024 * 1024)
0d20ef
  *)
0d20ef
 let rec get_session_cookie =
0d20ef
   let session_cookie = ref "" in
0d20ef
-  fun verbose scheme uri sslverify url ->
0d20ef
+  fun verbose password scheme uri sslverify url ->
0d20ef
     if !session_cookie <> "" then
0d20ef
       Some !session_cookie
0d20ef
     else (
0d20ef
@@ -48,9 +48,15 @@ let rec get_session_cookie =
0d20ef
         "url", Some url;
0d20ef
       ] in
0d20ef
       let curl_args =
0d20ef
-        match uri.uri_user with
0d20ef
-        | Some user -> ("user", Some user) :: curl_args
0d20ef
-        | None -> curl_args in
0d20ef
+        match uri.uri_user, password with
0d20ef
+        | None, None -> curl_args
0d20ef
+        | None, Some _ ->
0d20ef
+          warning ~prog (f_"--password-file parameter ignored because 'user@' was not given in the URL");
0d20ef
+          curl_args
0d20ef
+        | Some user, None ->
0d20ef
+          ("user", Some user) :: curl_args
0d20ef
+        | Some user, Some password ->
0d20ef
+          ("user", Some (user ^ ":" ^ password)) :: curl_args in
0d20ef
       let curl_args =
0d20ef
         if not sslverify then ("insecure", None) :: curl_args else curl_args in
0d20ef
 
0d20ef
@@ -204,7 +210,7 @@ let get_datacenter uri scheme =
0d20ef
  *)
0d20ef
 let source_re = Str.regexp "^\\[\\(.*\\)\\] \\(.*\\)\\.vmdk$"
0d20ef
 
0d20ef
-let map_source_to_uri ?readahead verbose uri scheme server path =
0d20ef
+let map_source_to_uri ?readahead verbose password uri scheme server path =
0d20ef
   if not (Str.string_match source_re path 0) then
0d20ef
     path
0d20ef
   else (
0d20ef
@@ -237,7 +243,8 @@ let map_source_to_uri ?readahead verbose uri scheme server path =
0d20ef
         string_find query "no_verify=1" = -1 in
0d20ef
 
0d20ef
     (* Now we have to query the server to get the session cookie. *)
0d20ef
-    let session_cookie = get_session_cookie verbose scheme uri sslverify url in
0d20ef
+    let session_cookie =
0d20ef
+      get_session_cookie verbose password scheme uri sslverify url in
0d20ef
 
0d20ef
     (* Construct the JSON parameters. *)
0d20ef
     let json_params = [
0d20ef
@@ -274,9 +281,9 @@ let map_source_to_uri ?readahead verbose uri scheme server path =
0d20ef
 
0d20ef
 (* Subclass specialized for handling VMware vCenter over https. *)
0d20ef
 class input_libvirt_vcenter_https
0d20ef
-  verbose libvirt_uri parsed_uri scheme server guest =
0d20ef
+  verbose password libvirt_uri parsed_uri scheme server guest =
0d20ef
 object
0d20ef
-  inherit input_libvirt verbose libvirt_uri guest
0d20ef
+  inherit input_libvirt verbose password libvirt_uri guest
0d20ef
 
0d20ef
   val saved_source_paths = Hashtbl.create 13
0d20ef
 
0d20ef
@@ -290,7 +297,7 @@ object
0d20ef
     (* Get the libvirt XML.  This also checks (as a side-effect)
0d20ef
      * that the domain is not running.  (RHBZ#1138586)
0d20ef
      *)
0d20ef
-    let xml = Domainxml.dumpxml ?conn:libvirt_uri guest in
0d20ef
+    let xml = Domainxml.dumpxml ?password ?conn:libvirt_uri guest in
0d20ef
     let source, disks = parse_libvirt_xml ~verbose xml in
0d20ef
 
0d20ef
     (* Save the original source paths, so that we can remap them again
0d20ef
@@ -314,7 +321,7 @@ object
0d20ef
       | { p_source_disk = disk; p_source = P_dont_rewrite } -> disk
0d20ef
       | { p_source_disk = disk; p_source = P_source_file path } ->
0d20ef
         let qemu_uri = map_source_to_uri ?readahead
0d20ef
-	  verbose parsed_uri scheme server path in
0d20ef
+	  verbose password parsed_uri scheme server path in
0d20ef
 
0d20ef
         (* The libvirt ESX driver doesn't normally specify a format, but
0d20ef
          * the format of the -flat file is *always* raw, so force it here.
0d20ef
@@ -335,7 +342,7 @@ object
0d20ef
       let readahead = readahead_for_copying in
0d20ef
       let backing_qemu_uri =
0d20ef
         map_source_to_uri ?readahead
0d20ef
-          verbose parsed_uri scheme server orig_path in
0d20ef
+          verbose password parsed_uri scheme server orig_path in
0d20ef
 
0d20ef
       (* Rebase the qcow2 overlay to adjust the readahead parameter. *)
0d20ef
       let cmd =
0d20ef
diff --git a/v2v/input_libvirt_vcenter_https.mli b/v2v/input_libvirt_vcenter_https.mli
0d20ef
index 82dce53..800c6ab 100644
0d20ef
--- a/v2v/input_libvirt_vcenter_https.mli
0d20ef
+++ b/v2v/input_libvirt_vcenter_https.mli
0d20ef
@@ -18,4 +18,4 @@
0d20ef
 
0d20ef
 (** [-i libvirt] when the source is VMware vCenter *)
0d20ef
 
0d20ef
-val input_libvirt_vcenter_https : bool -> string option -> Xml.uri -> string -> string -> string -> Types.input
0d20ef
+val input_libvirt_vcenter_https : bool -> string option -> string option -> Xml.uri -> string -> string -> string -> Types.input
0d20ef
diff --git a/v2v/input_libvirt_xen_ssh.ml b/v2v/input_libvirt_xen_ssh.ml
0d20ef
index e1600a0..cf5f1ae 100644
0d20ef
--- a/v2v/input_libvirt_xen_ssh.ml
0d20ef
+++ b/v2v/input_libvirt_xen_ssh.ml
0d20ef
@@ -30,9 +30,9 @@ open Input_libvirt_other
0d20ef
 open Printf
0d20ef
 
0d20ef
 (* Subclass specialized for handling Xen over SSH. *)
0d20ef
-class input_libvirt_xen_ssh verbose libvirt_uri parsed_uri scheme server guest =
0d20ef
+class input_libvirt_xen_ssh verbose password libvirt_uri parsed_uri scheme server guest =
0d20ef
 object
0d20ef
-  inherit input_libvirt verbose libvirt_uri guest
0d20ef
+  inherit input_libvirt verbose password libvirt_uri guest
0d20ef
 
0d20ef
   method source () =
0d20ef
     if verbose then
0d20ef
@@ -45,7 +45,7 @@ object
0d20ef
     (* Get the libvirt XML.  This also checks (as a side-effect)
0d20ef
      * that the domain is not running.  (RHBZ#1138586)
0d20ef
      *)
0d20ef
-    let xml = Domainxml.dumpxml ?conn:libvirt_uri guest in
0d20ef
+    let xml = Domainxml.dumpxml ?password ?conn:libvirt_uri guest in
0d20ef
     let source, disks = parse_libvirt_xml ~verbose xml in
0d20ef
 
0d20ef
     (* Map the <source/> filename (which is relative to the remote
0d20ef
diff --git a/v2v/input_libvirt_xen_ssh.mli b/v2v/input_libvirt_xen_ssh.mli
0d20ef
index 85473ed..47eb62c 100644
0d20ef
--- a/v2v/input_libvirt_xen_ssh.mli
0d20ef
+++ b/v2v/input_libvirt_xen_ssh.mli
0d20ef
@@ -18,4 +18,4 @@
0d20ef
 
0d20ef
 (** [-i libvirt] when the source is Xen *)
0d20ef
 
0d20ef
-val input_libvirt_xen_ssh : bool -> string option -> Xml.uri -> string -> string -> string -> Types.input
0d20ef
+val input_libvirt_xen_ssh : bool -> string option -> string option -> Xml.uri -> string -> string -> string -> Types.input
0d20ef
diff --git a/v2v/virt-v2v.pod b/v2v/virt-v2v.pod
0d20ef
index 6e449cf..bebe105 100644
0d20ef
--- a/v2v/virt-v2v.pod
0d20ef
+++ b/v2v/virt-v2v.pod
0d20ef
@@ -423,6 +423,13 @@ C<root>.
0d20ef
 You will get an error if virt-v2v is unable to mount/write to the
0d20ef
 Export Storage Domain.
0d20ef
 
0d20ef
+=item B<--password-file> file
0d20ef
+
0d20ef
+Instead of asking for password(s) interactively, pass the password
0d20ef
+through a file.  Note the file should contain the whole password,
0d20ef
+B<without any trailing newline>, and for security the file should have
0d20ef
+mode C<0600> so that others cannot read it.
0d20ef
+
0d20ef
 =item B<--print-source>
0d20ef
 
0d20ef
 Print information about the source guest and stop.  This option is
0d20ef
@@ -789,7 +796,8 @@ down).
0d20ef
 
0d20ef
 Note that you may be asked for the vCenter password I<twice>.  This
0d20ef
 happens once because libvirt needs it, and a second time because
0d20ef
-virt-v2v itself connects directly to the server.
0d20ef
+virt-v2v itself connects directly to the server.  Use
0d20ef
+I<--password-file> to supply a password via a file.
0d20ef
 
0d20ef
 In this case the output flags are set to write the converted guest to
0d20ef
 a temporary directory as this is just an example, but you can also
0d20ef
-- 
0d20ef
1.8.3.1
0d20ef