Re: [libvirt] [PATCH v3 4/6] remote: expose a new libssh transport
On Wed, Oct 19, 2016 at 14:40:37 +0200, Pino Toscano wrote:
Implement in virtNetClient and VirNetSocket the needed functions to
expose a new libssh transport, providing all the options that the
libssh2 transport supports.
---
docs/remote.html.in | 35 ++++++---
src/remote/remote_driver.c | 41 +++++++++++
src/rpc/virnetclient.c | 118 ++++++++++++++++++++++++++++++
src/rpc/virnetclient.h | 13 ++++
src/rpc/virnetsocket.c | 179 +++++++++++++++++++++++++++++++++++++++++++++
src/rpc/virnetsocket.h | 13 ++++
6 files changed, 387 insertions(+), 12 deletions(-)
[...]
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index 361dc1a..6d406ff 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -505,6 +505,124 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
}
#undef DEFAULT_VALUE
+#define DEFAULT_VALUE(VAR, VAL) \
+ if (!VAR) \
+ VAR = VAL;
+virNetClientPtr virNetClientNewLibssh(const char *host,
+ const char *port,
+ int family,
+ const char *username,
+ const char *privkeyPath,
+ const char *knownHostsPath,
+ const char *knownHostsVerify,
+ const char *authMethods,
+ const char *netcatPath,
+ const char *socketPath,
+ virConnectAuthPtr authPtr,
+ virURIPtr uri)
+{
+ virNetSocketPtr sock = NULL;
+ virNetClientPtr ret = NULL;
+
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
+ char *nc = NULL;
+ char *command = NULL;
+
+ char *homedir = virGetUserDirectory();
+ char *confdir = virGetUserConfigDirectory();
+ char *knownhosts = NULL;
+ char *privkey = NULL;
+
+ /* Use default paths for known hosts an public keys if not provided */
+ if (confdir) {
+ if (!knownHostsPath) {
+ if (virFileExists(confdir)) {
+ if (virAsprintf(&knownhosts, "%s/known_hosts", confdir)
< 0)
So does libssh break the known hosts file? It's not very pleasant to
keep two separate files, since you'd have to re-authenticate all the
hosts key for use with libvirt.
+ goto cleanup;
+ }
+ } else {
+ if (VIR_STRDUP(knownhosts, knownHostsPath) < 0)
+ goto cleanup;
+ }
+ }
+
+ if (homedir) {
+ if (!privkeyPath) {
+ /* RSA */
+ if (virAsprintf(&privkey, "%s/.ssh/id_rsa", homedir) < 0)
+ goto cleanup;
+
+ if (!(virFileExists(privkey)))
+ VIR_FREE(privkey);
+ /* DSA */
+ if (!privkey) {
+ if (virAsprintf(&privkey, "%s/.ssh/id_dsa", homedir) <
0)
+ goto cleanup;
+
+ if (!(virFileExists(privkey)))
+ VIR_FREE(privkey);
Documentation for ssh-keygen states that the following paths are tried
by default:
~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or
~/.ssh/id_rsa
+ }
+ } else {
+ if (VIR_STRDUP(privkey, privkeyPath) < 0)
+ goto cleanup;
+ }
+ }
+
+ if (!authMethods) {
+ if (privkey)
+ authMethods = "agent,privkey,password,keyboard-interactive";
+ else
+ authMethods = "agent,password,keyboard-interactive";
+ }
+
+ DEFAULT_VALUE(host, "localhost");
+ DEFAULT_VALUE(port, "22");
+ DEFAULT_VALUE(username, "root");
+ DEFAULT_VALUE(netcatPath, "nc");
+ DEFAULT_VALUE(knownHostsVerify, "normal");
+
+ virBufferEscapeShell(&buf, netcatPath);
+ if (!(nc = virBufferContentAndReset(&buf)))
+ goto no_memory;
The known_hosts issue needs clarification. Other than that this patch
looks okay.
Peter
Attachments:
- signature.asc (application/pgp-signature — 801 bytes)