On Wed, Oct 19, 2016 at 14:40:37 +0200, Pino Toscano wrote:
Implement in virtNetClient and VirNetSocket the needed functions to expose a new libssh transport, providing all the options that the libssh2 transport supports. --- docs/remote.html.in | 35 ++++++--- src/remote/remote_driver.c | 41 +++++++++++ src/rpc/virnetclient.c | 118 ++++++++++++++++++++++++++++++ src/rpc/virnetclient.h | 13 ++++ src/rpc/virnetsocket.c | 179 +++++++++++++++++++++++++++++++++++++++++++++ src/rpc/virnetsocket.h | 13 ++++ 6 files changed, 387 insertions(+), 12 deletions(-)
[...]
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index 361dc1a..6d406ff 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -505,6 +505,124 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host, } #undef DEFAULT_VALUE
+#define DEFAULT_VALUE(VAR, VAL) \ + if (!VAR) \ + VAR = VAL; +virNetClientPtr virNetClientNewLibssh(const char *host, + const char *port, + int family, + const char *username, + const char *privkeyPath, + const char *knownHostsPath, + const char *knownHostsVerify, + const char *authMethods, + const char *netcatPath, + const char *socketPath, + virConnectAuthPtr authPtr, + virURIPtr uri) +{ + virNetSocketPtr sock = NULL; + virNetClientPtr ret = NULL; + + virBuffer buf = VIR_BUFFER_INITIALIZER; + char *nc = NULL; + char *command = NULL; + + char *homedir = virGetUserDirectory(); + char *confdir = virGetUserConfigDirectory(); + char *knownhosts = NULL; + char *privkey = NULL; + + /* Use default paths for known hosts an public keys if not provided */ + if (confdir) { + if (!knownHostsPath) { + if (virFileExists(confdir)) { + if (virAsprintf(&knownhosts, "%s/known_hosts", confdir) < 0)
So does libssh break the known hosts file? It's not very pleasant to keep two separate files, since you'd have to re-authenticate all the hosts key for use with libvirt.
+ goto cleanup; + } + } else { + if (VIR_STRDUP(knownhosts, knownHostsPath) < 0) + goto cleanup; + } + } + + if (homedir) { + if (!privkeyPath) { + /* RSA */ + if (virAsprintf(&privkey, "%s/.ssh/id_rsa", homedir) < 0) + goto cleanup; + + if (!(virFileExists(privkey))) + VIR_FREE(privkey); + /* DSA */ + if (!privkey) { + if (virAsprintf(&privkey, "%s/.ssh/id_dsa", homedir) < 0) + goto cleanup; + + if (!(virFileExists(privkey))) + VIR_FREE(privkey);
Documentation for ssh-keygen states that the following paths are tried by default: ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa
+ } + } else { + if (VIR_STRDUP(privkey, privkeyPath) < 0) + goto cleanup; + } + } + + if (!authMethods) { + if (privkey) + authMethods = "agent,privkey,password,keyboard-interactive"; + else + authMethods = "agent,password,keyboard-interactive"; + } + + DEFAULT_VALUE(host, "localhost"); + DEFAULT_VALUE(port, "22"); + DEFAULT_VALUE(username, "root"); + DEFAULT_VALUE(netcatPath, "nc"); + DEFAULT_VALUE(knownHostsVerify, "normal"); + + virBufferEscapeShell(&buf, netcatPath); + if (!(nc = virBufferContentAndReset(&buf))) + goto no_memory;
The known_hosts issue needs clarification. Other than that this patch looks okay. Peter