Re: [libvirt] [PATCH v3 4/6] remote: expose a new libssh transport
On Tuesday, 1 November 2016 13:40:01 CET Peter Krempa wrote:
On Wed, Oct 19, 2016 at 14:40:37 +0200, Pino Toscano wrote:
> Implement in virtNetClient and VirNetSocket the needed functions to
> expose a new libssh transport, providing all the options that the
> libssh2 transport supports.
> ---
> docs/remote.html.in | 35 ++++++---
> src/remote/remote_driver.c | 41 +++++++++++
> src/rpc/virnetclient.c | 118 ++++++++++++++++++++++++++++++
> src/rpc/virnetclient.h | 13 ++++
> src/rpc/virnetsocket.c | 179 +++++++++++++++++++++++++++++++++++++++++++++
> src/rpc/virnetsocket.h | 13 ++++
> 6 files changed, 387 insertions(+), 12 deletions(-)
[...]
> diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
> index 361dc1a..6d406ff 100644
> --- a/src/rpc/virnetclient.c
> +++ b/src/rpc/virnetclient.c
> @@ -505,6 +505,124 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
> }
> #undef DEFAULT_VALUE
>
> +#define DEFAULT_VALUE(VAR, VAL) \
> + if (!VAR) \
> + VAR = VAL;
> +virNetClientPtr virNetClientNewLibssh(const char *host,
> + const char *port,
> + int family,
> + const char *username,
> + const char *privkeyPath,
> + const char *knownHostsPath,
> + const char *knownHostsVerify,
> + const char *authMethods,
> + const char *netcatPath,
> + const char *socketPath,
> + virConnectAuthPtr authPtr,
> + virURIPtr uri)
> +{
> + virNetSocketPtr sock = NULL;
> + virNetClientPtr ret = NULL;
> +
> + virBuffer buf = VIR_BUFFER_INITIALIZER;
> + char *nc = NULL;
> + char *command = NULL;
> +
> + char *homedir = virGetUserDirectory();
> + char *confdir = virGetUserConfigDirectory();
> + char *knownhosts = NULL;
> + char *privkey = NULL;
> +
> + /* Use default paths for known hosts an public keys if not provided */
> + if (confdir) {
> + if (!knownHostsPath) {
> + if (virFileExists(confdir)) {
> + if (virAsprintf(&knownhosts, "%s/known_hosts",
confdir) < 0)
So does libssh break the known hosts file? It's not very pleasant to
keep two separate files, since you'd have to re-authenticate all the
hosts key for use with libvirt.
libssh should not break the known hosts file, although it can fail to
parse it when keys have comments (see upstream bug #149 [1]).
As such, keeping the known hosts separate by default for now could be
a better choice, especially that it already shares what was used with
the libssh2 transport.
[1] https://red.libssh.org/issues/149
> + goto cleanup;
> + }
> + } else {
> + if (VIR_STRDUP(knownhosts, knownHostsPath) < 0)
> + goto cleanup;
> + }
> + }
> +
> + if (homedir) {
> + if (!privkeyPath) {
> + /* RSA */
> + if (virAsprintf(&privkey, "%s/.ssh/id_rsa", homedir) <
0)
> + goto cleanup;
> +
> + if (!(virFileExists(privkey)))
> + VIR_FREE(privkey);
> + /* DSA */
> + if (!privkey) {
> + if (virAsprintf(&privkey, "%s/.ssh/id_dsa", homedir)
< 0)
> + goto cleanup;
> +
> + if (!(virFileExists(privkey)))
> + VIR_FREE(privkey);
Documentation for ssh-keygen states that the following paths are tried
by default:
~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or
~/.ssh/id_rsa
I can adjust that, ok. Note the libssh2 transport needs the same
change, so I'll just do the same for both at once.
One more explicit note: all the glue code between the transport itself
and the rest of the rpc code was basically copied from the code used
for libssh2 -- hence, if there are mistakes that I miss there, most
probably they affect the libssh2 transport as well.
Thanks,
--
Pino Toscano
Attachments:
- signature.asc (application/pgp-signature — 819 bytes)