[PATCH] fix id parsing with white space
by Wenchao Xia
When device id string contains white space, parse is not correct.
This patch fix it
Signed-off-by: Wenchao Xia <xiawenc(a)linux.vnet.ibm.com>
---
libxkutil/device_parsing.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libxkutil/device_parsing.c b/libxkutil/device_parsing.c
index 5393290..ceb4552 100644
--- a/libxkutil/device_parsing.c
+++ b/libxkutil/device_parsing.c
@@ -1033,7 +1033,7 @@ int parse_fq_devid(const char *devid, char **host, char **device)
{
int ret;
- ret = sscanf(devid, "%a[^/]/%as", host, device);
+ ret = sscanf(devid, "%a[^/]/%a[^\n]", host, device);
if (ret != 2) {
free(*host);
free(*device);
--
1.7.1
12 years
[PATCH] provide a hack to borrow non-root ssh keys in migration
by Wenchao Xia
This patch allow libvirt-cim to use non-root's ssh key, avoid
using root's key to avoid exposing root's ssh login. Because libvirt-cim
runs in root mode so it is hard to satisfy some server security rules
especially about root's ssh key exposing. This is a walk around to improve
it.
Signed-off-by: Wenchao Xia <xiawenc(a)linux.vnet.ibm.com>
---
src/Virt_VSMigrationService.c | 96 +++++++++++++++++++++++++++++++++++++++--
1 files changed, 92 insertions(+), 4 deletions(-)
diff --git a/src/Virt_VSMigrationService.c b/src/Virt_VSMigrationService.c
index 76e3d25..55442ee 100644
--- a/src/Virt_VSMigrationService.c
+++ b/src/Virt_VSMigrationService.c
@@ -150,6 +150,7 @@ static CMPIStatus get_migration_uri(CMPIInstance *msd,
static char *dest_uri(const char *cn,
const char *dest,
+ const char *dest_params,
uint16_t transport)
{
const char *prefix;
@@ -157,6 +158,7 @@ static char *dest_uri(const char *cn,
const char *param = "";
char *uri = NULL;
int rc;
+ int param_labeled = 0;
if (STARTS_WITH(cn, "Xen"))
prefix = "xen";
@@ -197,16 +199,75 @@ static char *dest_uri(const char *cn,
goto out;
}
- if (!STREQC(param, ""))
+ if (!STREQC(param, "")) {
rc = asprintf(&uri, "%s/%s", uri, param);
+ param_labeled = 1;
+ }
- if (rc == -1)
+ if (rc == -1) {
uri = NULL;
+ goto out;
+ }
+ if (dest_params) {
+ if (param_labeled == 0) {
+ rc = asprintf(&uri, "%s?%s", uri, dest_params);
+ } else {
+ rc = asprintf(&uri, "%s%s", uri, dest_params);
+ }
+ if (rc == -1) {
+ uri = NULL;
+ goto out;
+ }
+ }
out:
return uri;
}
+/* libvirt need private key specified must be placed in a directory owned by
+ root, because libvirt-cim now runs as root. So here the key would be copied,
+ up layer need to delete that key after migration. This method could allow
+ libvirt-cim borrow a non-root ssh private key, instead of using root's private
+ key, avoid security risk. */
+static int ssh_key_cp(const char *src, const char *dest)
+{
+ char *cmd = NULL;
+ int rc;
+ int ret = 0;
+ FILE *stream = NULL;
+ char buf[256];
+
+ rc = asprintf(&cmd, "cp -f %s %s", src, dest);
+ if (rc == -1) {
+ cmd = NULL;
+ ret = -1;
+ goto out;
+ }
+
+ CU_DEBUG("excuting system cmd [%s].", cmd);
+ stream = popen(cmd, "r");
+ if (stream == NULL) {
+ CU_DEBUG("Failed to open pipe to run command");
+ ret = -2;
+ goto out;
+ }
+ usleep(10000);
+
+ buf[255] = 0;
+ while (fgets(buf, sizeof(buf), stream) != NULL) {
+ CU_DEBUG("Exception got: %s.", buf);
+ ret = -3;
+ goto out;
+ }
+
+ out:
+ if (stream != NULL) {
+ pclose(stream);
+ }
+ free(cmd);
+ return ret;
+}
+
static CMPIStatus get_msd_values(const CMPIObjectPath *ref,
const char *destination,
const CMPIArgs *argsin,
@@ -217,6 +278,14 @@ static CMPIStatus get_msd_values(const CMPIObjectPath *ref,
CMPIInstance *msd;
uint16_t uri_type;
char *uri = NULL;
+ const char *dest_params = NULL;
+ const char *ssh_hack_src = NULL;
+ const char *ssh_hack_dest = NULL;
+ int ret;
+
+ cu_get_str_arg(argsin, "DestinationHostParams", &dest_params);
+ cu_get_str_arg(argsin, "SSH_Key_Src", &ssh_hack_src);
+ cu_get_str_arg(argsin, "SSH_Key_Dest", &ssh_hack_dest);
s = get_msd(ref, argsin, &msd);
if (s.rc != CMPI_RC_OK)
@@ -230,7 +299,7 @@ static CMPIStatus get_msd_values(const CMPIObjectPath *ref,
if (s.rc != CMPI_RC_OK)
goto out;
- uri = dest_uri(CLASSNAME(ref), destination, uri_type);
+ uri = dest_uri(CLASSNAME(ref), destination, dest_params, uri_type);
if (uri == NULL) {
cu_statusf(_BROKER, &s,
CMPI_RC_ERR_FAILED,
@@ -238,6 +307,19 @@ static CMPIStatus get_msd_values(const CMPIObjectPath *ref,
goto out;
}
+ if ((ssh_hack_src) && (ssh_hack_dest)) {
+ CU_DEBUG("hacking ssh keys src %s, dest %s.",
+ ssh_hack_src, ssh_hack_dest);
+ ret = ssh_key_cp(ssh_hack_src, ssh_hack_dest);
+ if (ret < 0) {
+ cu_statusf(_BROKER, &s,
+ CMPI_RC_ERR_FAILED,
+ "Failed to copy ssh key files");
+ goto out;
+ }
+ }
+
+ CU_DEBUG("Migrate tring to connect remote host with uri %s.", uri);
*conn = virConnectOpen(uri);
if (*conn == NULL) {
CU_DEBUG("Failed to connect to remote host (%s)", uri);
@@ -1537,7 +1619,7 @@ static CMPIStatus migrate_vs_host(CMPIMethodMI *self,
const char *dhost = NULL;
CMPIObjectPath *system;
const char *name = NULL;
-
+
cu_get_str_arg(argsin, "DestinationHost", &dhost);
cu_get_ref_arg(argsin, "ComputerSystem", &system);
@@ -1608,6 +1690,9 @@ static struct method_handler vsimth = {
.handler = vs_migratable_host,
.args = {{"ComputerSystem", CMPI_ref, false},
{"DestinationHost", CMPI_string, false},
+ {"DestinationHostParams", CMPI_string, true},
+ {"SSH_Key_Src", CMPI_string, true},
+ {"SSH_Key_Dest", CMPI_string, true},
{"MigrationSettingData", CMPI_instance, true},
{"NewSystemSettingData", CMPI_instance, true},
{"NewResourceSettingData", CMPI_instanceA, true},
@@ -1632,6 +1717,9 @@ static struct method_handler mvsth = {
.handler = migrate_vs_host,
.args = {{"ComputerSystem", CMPI_ref, false},
{"DestinationHost", CMPI_string, false},
+ {"DestinationHostParams", CMPI_string, true},
+ {"SSH_Key_Src", CMPI_string, true},
+ {"SSH_Key_Dest", CMPI_string, true},
{"MigrationSettingData", CMPI_instance, true},
{"NewSystemSettingData", CMPI_instance, true},
{"NewResourceSettingData", CMPI_instanceA, true},
--
1.7.1
12 years
Tyrel Datwyler is out of the office.
by Tyrel Datwyler
I will be out of the office starting 08/24/2012 and will not return until
08/28/2012.
During this time I will not have access to email. In the case of any urgent
issues please contact my back up David Heller.
12 years, 1 month
libvirt-cim dependency question and test result
by Yanbing Du
Hi,
Recently i'm doing libvirt-cim testing, and there's a question about cim-server dependency.
When i yum install libvirt-cim, the dependency of cim-server will install sblim-sfcb, but what we want use is tog-pegasus, so i install tog-pegasus manually after installed libvirt-cim. then test it by wbemcli:
#wbemcli ein http://root:redhat@localhost/root/virt:KVM_VirtualSystemManagementService
*
* wbemcli: Cim: (3) CIM_ERR_INVALID_NAMESPACE: root/virt
*
and there's no provider module about libvirt-cim
#cimprovider -l
OperatingSystemModule
ComputerSystemModule
ProcessModule
SLPProviderModule
So i reinstall libvirt-cim and it works well.
There are 2 bugs about the dependency problem, and all fixed.
https://bugzilla.redhat.com/show_bug.cgi?id=694749
https://bugzilla.redhat.com/show_bug.cgi?id=799037
I wonder if this behavior is excepted?
BTW, i run the cimtest suit and 30 tests failed. Please check the attachment for detail info.
Related packages version:
# rpm -q libvirt
libvirt-0.10.0-0rc0.el6.x86_64
# rpm -q libvirt-cim
libvirt-cim-0.6.1-3.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.303.el6.x86_64
=================================================
Test Run Summary (Aug 14 2012): KVM on Red Hat Enterprise Linux Server release 6.3 (Santiago) with Pegasus
=================================================
Distro: Red Hat Enterprise Linux Server release 6.3 (Santiago)
Kernel: 2.6.32-289.el6.x86_64
libvirt: 0.10.0
Hypervisor: QEMU 0.12.1
CIMOM: Pegasus 2.11.0
Libvirt-cim revision: 1192
Libvirt-cim changeset: 0c468a8
Cimtest revision:
Cimtest changeset: 93f0e6e
Total test execution: Unknown
=================================================
FAIL : 30
XFAIL : 2
SKIP : 14
PASS : 146
-----------------
Total : 192
=================================================
Thanks!
Best Regards!
Yanbing Du
12 years, 1 month