On Sat, Aug 11, 2012 at 11:21:02PM +0200, Peter Krempa wrote:
This patch adds URI options to support libssh2 transport in the remote driver.
A new transport sceme is introduced eg. "qemu+libssh://..." that utilizes the libssh2 code added in previous patches.
The libssh2 code requires the authentication callback to be able to perform keyboard-interactive authentication or to ask t passprhases or add host keys to known hosts database.
Added URI components: - known_hosts - path to a knownHosts file in OpenSSH format to check for known ssh host keys - known_hosts_verify - how to deal with server key verification: * "normal" (default) - ask to add new keys * "auto" - automaticaly add new keys * "ignore" - don't validate host keys - auth - authentication methods to use. Default is "agent,privkey,keyboard-interactive". It's a comma separated string of methods to try while authenticating. The order is preserved. Some of the methods may require additional parameters. - password - Password for password authentication.
NACK to adding 'password' as a parameter. It is not safe to provide passwords in URIs, and we already have explicit support for providing passwords via a libvirt config file.
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 8153d70..9b5677d 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -385,6 +385,8 @@ static void remoteClientCloseFunc(virNetClientPtr client ATTRIBUTE_UNUSED, * - xxx+tcp:/// -> TCP connection to localhost * - xxx+unix:/// -> UNIX domain socket * - xxx:/// -> UNIX domain socket + * - xxx+ssh:/// -> SSH connection (legacy) + * - xxx+libssh2:/// -> SSH connection (using libssh2) */ static int doRemoteOpen(virConnectPtr conn, @@ -397,6 +399,7 @@ doRemoteOpen(virConnectPtr conn, trans_tls, trans_unix, trans_ssh, + trans_libssh2, trans_ext, trans_tcp, } transport; @@ -439,6 +442,8 @@ doRemoteOpen(virConnectPtr conn, } } else if (STRCASEEQ(transport_str, "ssh")) transport = trans_ssh; + else if (STRCASEEQ(transport_str, "libssh2")) + transport = trans_libssh2; else if (STRCASEEQ(transport_str, "ext")) transport = trans_ext; else if (STRCASEEQ(transport_str, "tcp")) @@ -446,7 +451,7 @@ doRemoteOpen(virConnectPtr conn, else { virReportError(VIR_ERR_INVALID_ARG, "%s", _("remote_open: transport in URL not recognised " - "(should be tls|unix|ssh|ext|tcp)")); + "(should be tls|unix|ssh|ext|tcp|libssh2)")); return VIR_DRV_OPEN_ERROR; } } @@ -460,10 +465,12 @@ doRemoteOpen(virConnectPtr conn, * get freed in the failed: path. */ char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL; - char *port = NULL, *authtype = NULL, *username = NULL; + char *port = NULL, *authtype = NULL, *username = NULL, *password = NULL; bool sanity = true, verify = true, tty ATTRIBUTE_UNUSED = true; char *pkipath = NULL, *keyfile = NULL;
+ char *knownHostsVerify = NULL, *knownHosts = NULL; + /* Return code from this function, and the private data. */ int retcode = VIR_DRV_OPEN_ERROR;
@@ -508,6 +515,9 @@ doRemoteOpen(virConnectPtr conn, EXTRACT_URI_ARG_STR("netcat", netcat); EXTRACT_URI_ARG_STR("keyfile", keyfile); EXTRACT_URI_ARG_STR("pkipath", pkipath); + EXTRACT_URI_ARG_STR("known_hosts", knownHosts); + EXTRACT_URI_ARG_STR("known_hosts_verify", knownHostsVerify); + EXTRACT_URI_ARG_STR("password", password);
So remove this password param ACK, if the password URI param is removed Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|