On Sat, Oct 13, 2012 at 06:08:42PM +0100, Richard W.M. Jones wrote:
On Sat, Oct 13, 2012 at 05:47:24PM +0100, Richard W.M. Jones wrote:
> BTW I cannot get the libssh2 backend in libvirt to work. For
> every host it says:
>
> libvirt_auth.c: authentication required for libvirt URI
'qemu+libssh2://localhost/system'
> libvirt_auth.c: credential 'echoprompt'
> Accept SSH host key with hash '<correct host key>' for host
'localhost:22' (y/n)?: y
> libguestfs: error: could not connect to libvirt (code 85, domain 50): SSH
transport error: SSH host key for 'localhost' (<correct host key>) was not
accepted
>
> No idea what I'm doing wrong. Nothing in the logs on the server
> indicate that anything is wrong on the remote side.
Peter,
This is because of a bug in the libvirt code:
if (!askKey.result ||
STRCASENEQ(askKey.result, "y")) {
virReportError(VIR_ERR_SSH,
_("SSH host key for '%s' (%s) was not
accepted"),
sess->hostname, keyhash);
VIR_FREE(keyhash);
VIR_FREE(askKey.result);
return -1;
}
The problem with this code is that it ignores the resultlen field.
If the caller passes result[] = { 'y' } (no trailing \0), resultlen = 1,
(which IMHO is a correct use of the API as described by the
documentation), then STRCASENEQ above will not match the string.
You need to use something like:
askKey.resultlen >= 1 && askKey.result[0] == 'y'
or else some sort of memcmp function.
We probably ought to clarify the docs that any strings should be NULL
terminated, and that the resultlen does not include the NULL terminator
in its count. Most of the auth code looks to assume that the returned
data is NULL terminated.
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|