External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-10-31 18:33:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
2f74105d2c
libvirt/src/rpc/virnetsshsession.c

1498 lines
44 KiB
C
Raw Normal View History

libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
/*
* virnetsshsession.c: ssh network transport provider based on libssh2
*
util: move virFile* functions from virutil.c to virfile.c These all existed before virfile.c was created, and for some reason weren't moved. This is mostly straightfoward, although the syntax rule prohibiting write() had to be changed to have an exception for virfile.c instead of virutil.c. This movement pointed out that there is a function called virBuildPath(), and another almost identical function called virFileBuildPath(). They really should be a single function, which I'll take care of as soon as I figure out what the arglist should look like.
2013-05-09 18:59:04 +00:00
* Copyright (C) 2012-2013 Red Hat, Inc.
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
maint: fix up copyright notice inconsistencies https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
2012-09-20 22:30:55 +00:00
* License along with this library. If not, see
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
* <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <libssh2.h>
#include <libssh2_publickey.h>
#include "virnetsshsession.h"
#include "internal.h"
Rename buf.{c,h} to virbuffer.{c,h} Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-04 12:04:07 +00:00
#include "virbuffer.h"
Rename memory.{c,h} to viralloc.{c,h}
2012-12-12 18:06:53 +00:00
#include "viralloc.h"
Rename logging.{c,h} to virlog.{c,h}
2012-12-12 17:59:27 +00:00
#include "virlog.h"
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
#include "configmake.h"
Rename threads.{c,h} to virthread.{c,h}
2012-12-13 15:49:48 +00:00
#include "virthread.h"
Rename util.{c,h} to virutil.{c,h}
2012-12-13 17:44:57 +00:00
#include "virutil.h"
Rename virterror.c virterror_internal.h to virerror.{c,h}
2012-12-13 18:21:53 +00:00
#include "virerror.h"
util: move virFile* functions from virutil.c to virfile.c These all existed before virfile.c was created, and for some reason weren't moved. This is mostly straightfoward, although the syntax rule prohibiting write() had to be changed to have an exception for virfile.c instead of virutil.c. This movement pointed out that there is a function called virBuildPath(), and another almost identical function called virFileBuildPath(). They really should be a single function, which I'll take care of as soon as I figure out what the arglist should look like.
2013-05-09 18:59:04 +00:00
#include "virfile.h"
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
#include "virobject.h"
virutil: Move string related functions to virstring.c The source code base needs to be adapted as well. Some files include virutil.h just for the string related functions (here, the include is substituted to match the new file), some include virutil.h without any need (here, the include is removed), and some require both.
2013-04-03 10:36:23 +00:00
#include "virstring.h"
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
#include "virauth.h"
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
#define VIR_FROM_THIS VIR_FROM_SSH
Add virLogSource variables to all source files Any source file which calls the logging APIs now needs to have a VIR_LOG_INIT("source.name") declaration at the start of the file. This provides a static variable of the virLogSource type. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-28 12:16:17 +00:00
VIR_LOG_INIT("rpc.netsshsession");
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
static const char
vir_libssh2_key_comment[] = "added by libvirt ssh transport";
#define VIR_NET_SSH_BUFFER_SIZE 1024
typedef enum {
VIR_NET_SSH_STATE_NEW,
VIR_NET_SSH_STATE_HANDSHAKE_COMPLETE,
VIR_NET_SSH_STATE_AUTH_CALLBACK_ERROR,
VIR_NET_SSH_STATE_CLOSED,
VIR_NET_SSH_STATE_ERROR,
VIR_NET_SSH_STATE_ERROR_REMOTE,
} virNetSSHSessionState;
typedef enum {
VIR_NET_SSH_AUTHCB_OK,
VIR_NET_SSH_AUTHCB_NO_METHOD,
VIR_NET_SSH_AUTHCB_OOM,
VIR_NET_SSH_AUTHCB_RETR_ERR,
} virNetSSHAuthCallbackError;
typedef enum {
VIR_NET_SSH_AUTH_KEYBOARD_INTERACTIVE,
VIR_NET_SSH_AUTH_PASSWORD,
VIR_NET_SSH_AUTH_PRIVKEY,
VIR_NET_SSH_AUTH_AGENT
} virNetSSHAuthMethods;
typedef struct _virNetSSHAuthMethod virNetSSHAuthMethod;
typedef virNetSSHAuthMethod *virNetSSHAuthMethodPtr;
struct _virNetSSHAuthMethod {
virNetSSHAuthMethods method;
char *username;
char *password;
char *filename;
int tries;
};
struct _virNetSSHSession {
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectLockable parent;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
virNetSSHSessionState state;
/* libssh2 internal stuff */
LIBSSH2_SESSION *session;
LIBSSH2_CHANNEL *channel;
LIBSSH2_KNOWNHOSTS *knownHosts;
LIBSSH2_AGENT *agent;
/* for host key checking */
virNetSSHHostkeyVerify hostKeyVerify;
char *knownHostsFile;
char *hostname;
int port;
/* authentication stuff */
virConnectAuthPtr cred;
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
char *authPath;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
virNetSSHAuthCallbackError authCbErr;
size_t nauths;
virNetSSHAuthMethodPtr *auths;
/* channel stuff */
char *channelCommand;
int channelCommandReturnValue;
/* read cache */
char rbuf[VIR_NET_SSH_BUFFER_SIZE];
size_t bufUsed;
size_t bufStart;
};
static void
virNetSSHSessionAuthMethodsFree(virNetSSHSessionPtr sess)
{
Convert 'int i' to 'size_t i' in src/rpc/ files Convert the type of loop iterators named 'i', 'j', k', 'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or 'unsigned int', also santizing 'ii', 'jj', 'kk' to use the normal 'i', 'j', 'k' naming Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-08 14:09:33 +00:00
size_t i;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
for (i = 0; i < sess->nauths; i++) {
VIR_FREE(sess->auths[i]->username);
VIR_FREE(sess->auths[i]->password);
VIR_FREE(sess->auths[i]->filename);
VIR_FREE(sess->auths[i]);
}
VIR_FREE(sess->auths);
sess->nauths = 0;
}
static void
virNetSSHSessionDispose(void *obj)
{
virNetSSHSessionPtr sess = obj;
VIR_DEBUG("sess=0x%p", sess);
if (sess->channel) {
libssh2_channel_send_eof(sess->channel);
libssh2_channel_close(sess->channel);
libssh2_channel_free(sess->channel);
}
libssh2_knownhost_free(sess->knownHosts);
libssh2_agent_free(sess->agent);
if (sess->session) {
libssh2_session_disconnect(sess->session,
"libvirt: virNetSSHSessionFree()");
libssh2_session_free(sess->session);
}
virNetSSHSessionAuthMethodsFree(sess);
VIR_FREE(sess->channelCommand);
VIR_FREE(sess->hostname);
VIR_FREE(sess->knownHostsFile);
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
VIR_FREE(sess->authPath);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
}
static virClassPtr virNetSSHSessionClass;
static int
virNetSSHSessionOnceInit(void)
{
virobject: Introduce VIR_CLASS_NEW() macro So far we are repeating the following lines over and over: if (!(virSomeObjectClass = virClassNew(virClassForObject(), "virSomeObject", sizeof(virSomeObject), virSomeObjectDispose))) return -1; While this works, it is impossible to do some checking. Firstly, the class name (the 2nd argument) doesn't match the name in the code in all cases (the 3rd argument). Secondly, the current style is needlessly verbose. This commit turns example into following: if (!(VIR_CLASS_NEW(virSomeObject, virClassForObject))) return -1; Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-17 15:42:33 +00:00
if (!VIR_CLASS_NEW(virNetSSHSession, virClassForObjectLockable()))
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
return 0;
}
VIR_ONCE_GLOBAL_INIT(virNetSSHSession);
static virNetSSHAuthMethodPtr
virNetSSHSessionAuthMethodNew(virNetSSHSessionPtr sess)
{
virNetSSHAuthMethodPtr auth;
if (VIR_ALLOC(auth) < 0)
goto error;
if (VIR_EXPAND_N(sess->auths, sess->nauths, 1) < 0)
goto error;
sess->auths[sess->nauths - 1] = auth;
return auth;
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
error:
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
VIR_FREE(auth);
return NULL;
}
/* keyboard interactive authentication callback */
static void
rpc: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:33 +00:00
virNetSSHKbIntCb(const char *name G_GNUC_UNUSED,
int name_len G_GNUC_UNUSED,
const char *instruction G_GNUC_UNUSED,
int instruction_len G_GNUC_UNUSED,
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
int num_prompts,
const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
void **opaque)
{
virNetSSHSessionPtr priv = *opaque;
virConnectCredentialPtr askcred = NULL;
Convert 'int i' to 'size_t i' in src/rpc/ files Convert the type of loop iterators named 'i', 'j', k', 'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or 'unsigned int', also santizing 'ii', 'jj', 'kk' to use the normal 'i', 'j', 'k' naming Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-08 14:09:33 +00:00
size_t i;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
int credtype_echo = -1;
int credtype_noecho = -1;
char *tmp;
priv->authCbErr = VIR_NET_SSH_AUTHCB_OK;
/* find credential type for asking passwords */
for (i = 0; i < priv->cred->ncredtype; i++) {
if (priv->cred->credtype[i] == VIR_CRED_PASSPHRASE ||
priv->cred->credtype[i] == VIR_CRED_NOECHOPROMPT)
credtype_noecho = priv->cred->credtype[i];
if (priv->cred->credtype[i] == VIR_CRED_ECHOPROMPT)
credtype_echo = priv->cred->credtype[i];
}
if (credtype_echo < 0 || credtype_noecho < 0) {
priv->authCbErr = VIR_NET_SSH_AUTHCB_NO_METHOD;
return;
}
if (VIR_ALLOC_N(askcred, num_prompts) < 0) {
priv->authCbErr = VIR_NET_SSH_AUTHCB_OOM;
return;
}
/* fill data structures for auth callback */
for (i = 0; i < num_prompts; i++) {
Adapt to VIR_STRDUP and VIR_STRNDUP in src/rpc/*
2013-05-03 12:47:53 +00:00
char *prompt;
rpc: use g_strdup instead of VIR_STRDUP Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 11:49:46 +00:00
prompt = g_strdup(prompts[i].text);
Adapt to VIR_STRDUP and VIR_STRNDUP in src/rpc/*
2013-05-03 12:47:53 +00:00
askcred[i].prompt = prompt;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
/* remove colon and trailing spaces from prompts, as default behavior
* of libvirt's auth callback is to add them */
if ((tmp = strrchr(askcred[i].prompt, ':')))
*tmp = '\0';
askcred[i].type = prompts[i].echo ? credtype_echo : credtype_noecho;
}
/* retrieve responses using the auth callback */
if (priv->cred->cb(askcred, num_prompts, priv->cred->cbdata)) {
priv->authCbErr = VIR_NET_SSH_AUTHCB_RETR_ERR;
goto cleanup;
}
/* copy retrieved data back */
for (i = 0; i < num_prompts; i++) {
responses[i].text = askcred[i].result;
askcred[i].result = NULL; /* steal the pointer */
responses[i].length = askcred[i].resultlen;
}
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
cleanup:
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
if (askcred) {
for (i = 0; i < num_prompts; i++) {
Stop free'ing 'const char *' strings The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-03 11:36:22 +00:00
char *prompt = (char *)askcred[i].prompt;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
VIR_FREE(askcred[i].result);
Stop free'ing 'const char *' strings The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-03 11:36:22 +00:00
VIR_FREE(prompt);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
}
}
VIR_FREE(askcred);
return;
}
/* check session host keys
*
* this function checks the known host database and verifies the key
* errors are raised in this func
*
* return value: 0 on success, -1 on error
*/
static int
virNetSSHCheckHostKey(virNetSSHSessionPtr sess)
{
int ret;
const char *key;
const char *keyhash;
Stop free'ing 'const char *' strings The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-03 11:36:22 +00:00
char *keyhashstr;
char *tmp;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
int keyType;
size_t keyLength;
char *errmsg;
virBuffer buff = VIR_BUFFER_INITIALIZER;
virConnectCredential askKey;
struct libssh2_knownhost *knownHostEntry = NULL;
Convert 'int i' to 'size_t i' in src/rpc/ files Convert the type of loop iterators named 'i', 'j', k', 'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or 'unsigned int', also santizing 'ii', 'jj', 'kk' to use the normal 'i', 'j', 'k' naming Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-08 14:09:33 +00:00
size_t i;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
char *hostnameStr = NULL;
if (sess->hostKeyVerify == VIR_NET_SSH_HOSTKEY_VERIFY_IGNORE)
return 0;
/* get the key */
key = libssh2_session_hostkey(sess->session, &keyLength, &keyType);
if (!key) {
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_SSH,
_("Failed to retrieve ssh host key: %s"),
errmsg);
return -1;
}
/* verify it */
ret = libssh2_knownhost_checkp(sess->knownHosts,
sess->hostname,
sess->port,
key,
keyLength,
LIBSSH2_KNOWNHOST_TYPE_PLAIN |
LIBSSH2_KNOWNHOST_KEYENC_RAW,
&knownHostEntry);
switch (ret) {
case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND:
/* key was not found, query to add it to database */
if (sess->hostKeyVerify == VIR_NET_SSH_HOSTKEY_VERIFY_NORMAL) {
/* ask to add the key */
if (!sess->cred || !sess->cred->cb) {
virReportError(VIR_ERR_SSH, "%s",
_("No user interaction callback provided: "
"Can't verify the session host key"));
return -1;
}
/* prepare data for the callback */
memset(&askKey, 0, sizeof(virConnectCredential));
for (i = 0; i < sess->cred->ncredtype; i++) {
rpc: libssh2: Fix regression in ssh host key verification Commit 792f81a40e caused a regression in the libssh2 host key verification code by changing the variable type of 'i' to unsigned. Since one of the loops used -1 as a special value if the asking callback was found the conversion made a subsequent test always fail. The bug was stealth enough to pass review, compilers and coverity. Refactor the condition to avoid problems. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047861
2015-10-02 13:49:01 +00:00
if (sess->cred->credtype[i] == VIR_CRED_ECHOPROMPT)
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
break;
}
rpc: libssh2: Fix regression in ssh host key verification Commit 792f81a40e caused a regression in the libssh2 host key verification code by changing the variable type of 'i' to unsigned. Since one of the loops used -1 as a special value if the asking callback was found the conversion made a subsequent test always fail. The bug was stealth enough to pass review, compilers and coverity. Refactor the condition to avoid problems. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047861
2015-10-02 13:49:01 +00:00
if (i == sess->cred->ncredtype) {
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
virReportError(VIR_ERR_SSH, "%s",
rpc: libssh2: Fix regression in ssh host key verification Commit 792f81a40e caused a regression in the libssh2 host key verification code by changing the variable type of 'i' to unsigned. Since one of the loops used -1 as a special value if the asking callback was found the conversion made a subsequent test always fail. The bug was stealth enough to pass review, compilers and coverity. Refactor the condition to avoid problems. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047861
2015-10-02 13:49:01 +00:00
_("no suitable callback for host key "
"verification"));
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
}
/* calculate remote key hash, using MD5 algorithm that is
* usual in OpenSSH. The returned value should *NOT* be freed*/
if (!(keyhash = libssh2_hostkey_hash(sess->session,
LIBSSH2_HOSTKEY_HASH_MD5))) {
virReportError(VIR_ERR_SSH, "%s",
_("failed to calculate ssh host key hash"));
return -1;
}
/* format the host key into a nice userfriendly string.
* Sadly, there's no constant to describe the hash length, so
* we have to use a *MAGIC* constant. */
for (i = 0; i < 16; i++)
Stop free'ing 'const char *' strings The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-03 11:36:22 +00:00
virBufferAsprintf(&buff, "%02hhX:", keyhash[i]);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
virBufferTrim(&buff, ":", 1);
Stop free'ing 'const char *' strings The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-03 11:36:22 +00:00
keyhashstr = virBufferContentAndReset(&buff);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
askKey.type = VIR_CRED_ECHOPROMPT;
rpc: Use g_strdup_printf() instead of virAsprintf() Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-10-22 13:26:14 +00:00
askKey.prompt = g_strdup_printf(_("Accept SSH host key with hash '%s' for " "host '%s:%d' (%s/%s)?"),
keyhashstr, sess->hostname, sess->port, "y", "n");
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
if (sess->cred->cb(&askKey, 1, sess->cred->cbdata)) {
virReportError(VIR_ERR_SSH, "%s",
_("failed to retrieve decision to accept "
"host key"));
Stop free'ing 'const char *' strings The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-03 11:36:22 +00:00
tmp = (char*)askKey.prompt;
VIR_FREE(tmp);
VIR_FREE(keyhashstr);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
}
Stop free'ing 'const char *' strings The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-03 11:36:22 +00:00
tmp = (char*)askKey.prompt;
VIR_FREE(tmp);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
if (!askKey.result ||
STRCASENEQ(askKey.result, "y")) {
virReportError(VIR_ERR_SSH,
_("SSH host key for '%s' (%s) was not accepted"),
Stop free'ing 'const char *' strings The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-03 11:36:22 +00:00
sess->hostname, keyhashstr);
VIR_FREE(keyhashstr);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
VIR_FREE(askKey.result);
return -1;
}
Stop free'ing 'const char *' strings The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-03 11:36:22 +00:00
VIR_FREE(keyhashstr);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
VIR_FREE(askKey.result);
}
/* VIR_NET_SSH_HOSTKEY_VERIFY_AUTO_ADD */
/* convert key type, as libssh is using different enums type for
* getting the key and different for adding ... */
switch (keyType) {
case LIBSSH2_HOSTKEY_TYPE_RSA:
keyType = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
break;
case LIBSSH2_HOSTKEY_TYPE_DSS:
keyType = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
libssh2_session: support DSS keys as well Missing break in the switch.
2012-11-28 13:34:48 +00:00
break;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
case LIBSSH2_HOSTKEY_TYPE_UNKNOWN:
default:
virReportError(VIR_ERR_SSH, "%s",
_("unsupported SSH key type"));
return -1;
}
/* add the key to the DB and save it, if applicable */
/* construct a "[hostname]:port" string to have the hostkey bound
* to port number */
virBufferAsprintf(&buff, "[%s]:%d", sess->hostname, sess->port);
hostnameStr = virBufferContentAndReset(&buff);
if (libssh2_knownhost_addc(sess->knownHosts,
hostnameStr,
NULL,
key,
keyLength,
vir_libssh2_key_comment,
strlen(vir_libssh2_key_comment),
LIBSSH2_KNOWNHOST_TYPE_PLAIN |
LIBSSH2_KNOWNHOST_KEYENC_RAW |
keyType,
NULL) < 0) {
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_SSH,
_("unable to add SSH host key for host '%s': %s"),
hostnameStr, errmsg);
VIR_FREE(hostnameStr);
return -1;
}
VIR_FREE(hostnameStr);
/* write the host key file - if applicable */
if (sess->knownHostsFile) {
if (libssh2_knownhost_writefile(sess->knownHosts,
sess->knownHostsFile,
LIBSSH2_KNOWNHOST_FILE_OPENSSH) < 0) {
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_SSH,
_("failed to write known_host file '%s': %s"),
sess->knownHostsFile,
errmsg);
return -1;
}
}
/* key was accepted and added */
return 0;
case LIBSSH2_KNOWNHOST_CHECK_MATCH:
/* host key matches */
return 0;
case LIBSSH2_KNOWNHOST_CHECK_MISMATCH:
/* host key verification failed */
virReportError(VIR_ERR_AUTH_FAILED,
_("!!! SSH HOST KEY VERIFICATION FAILED !!!: "
"Identity of host '%s:%d' differs from stored identity. "
"Please verify the new host key '%s' to avoid possible "
"man in the middle attack. The key is stored in '%s'."),
sess->hostname, sess->port,
knownHostEntry->key, sess->knownHostsFile);
return -1;
case LIBSSH2_KNOWNHOST_CHECK_FAILURE:
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_SSH,
_("failed to validate SSH host key: %s"),
errmsg);
return -1;
default: /* should never happen (tm) */
virReportError(VIR_ERR_SSH, "%s", _("Unknown error value"));
return -1;
}
return -1;
}
/* perform ssh agent authentication
*
* Returns: 0 on success
* 1 on authentication failure
* -1 on error
*/
static int
virNetSSHAuthenticateAgent(virNetSSHSessionPtr sess,
virNetSSHAuthMethodPtr priv)
{
struct libssh2_agent_publickey *agent_identity = NULL;
bool no_identity = true;
int ret;
char *errmsg;
rpc: libssh2: Add more debugging info
2015-10-02 13:48:33 +00:00
VIR_DEBUG("sess=%p", sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
if (libssh2_agent_connect(sess->agent) < 0) {
virReportError(VIR_ERR_SSH, "%s",
_("Failed to connect to ssh agent"));
return 1;
}
if (libssh2_agent_list_identities(sess->agent) < 0) {
virReportError(VIR_ERR_SSH, "%s",
_("Failed to list ssh agent identities"));
return 1;
}
while (!(ret = libssh2_agent_get_identity(sess->agent,
&agent_identity,
agent_identity))) {
no_identity = false;
if (!(ret = libssh2_agent_userauth(sess->agent,
priv->username,
agent_identity)))
return 0; /* key accepted */
build: add GCC 6.0 -Wlogical-op workaround fdstream.c: In function 'virFDStreamWrite': fdstream.c:390:29: error: logical 'or' of equal expressions [-Werror=logical-op] if (errno == EAGAIN || errno == EWOULDBLOCK) { ^~ Fedora rawhide now uses gcc 6.0 and there is a bug with -Wlogical-op producing false warnings. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602 Use GCC pragma push/pop and ignore -Wlogical-op for GCC that supports push/pop pragma and also has this bug. Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-04-10 16:22:20 +00:00
VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
if (ret != LIBSSH2_ERROR_AUTHENTICATION_FAILED &&
ret != LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED &&
ret != LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED) {
build: add GCC 6.0 -Wlogical-op workaround fdstream.c: In function 'virFDStreamWrite': fdstream.c:390:29: error: logical 'or' of equal expressions [-Werror=logical-op] if (errno == EAGAIN || errno == EWOULDBLOCK) { ^~ Fedora rawhide now uses gcc 6.0 and there is a bug with -Wlogical-op producing false warnings. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602 Use GCC pragma push/pop and ignore -Wlogical-op for GCC that supports push/pop pragma and also has this bug. Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-04-10 16:22:20 +00:00
VIR_WARNINGS_RESET
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_AUTH_FAILED,
_("failed to authenticate using SSH agent: %s"),
errmsg);
return -1;
}
/* authentication has failed, try next key */
}
/* if there are no more keys in the agent, the identity retrieval
* function returns 1 */
if (ret == 1) {
if (no_identity) {
virReportError(VIR_ERR_AUTH_FAILED, "%s",
_("SSH Agent did not provide any "
"authentication identity"));
} else {
virReportError(VIR_ERR_AUTH_FAILED, "%s",
_("All identities provided by the SSH Agent "
"were rejected"));
}
return 1;
}
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_AUTH_FAILED,
_("failed to authenticate using SSH agent: %s"),
errmsg);
return -1;
}
/* perform private key authentication
*
* Returns: 0 on success
* 1 on authentication failure
* -1 on error
*/
static int
virNetSSHAuthenticatePrivkey(virNetSSHSessionPtr sess,
virNetSSHAuthMethodPtr priv)
{
virConnectCredential retr_passphrase;
Convert 'int i' to 'size_t i' in src/rpc/ files Convert the type of loop iterators named 'i', 'j', k', 'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or 'unsigned int', also santizing 'ii', 'jj', 'kk' to use the normal 'i', 'j', 'k' naming Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-08 14:09:33 +00:00
size_t i;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
char *errmsg;
int ret;
Stop free'ing 'const char *' strings The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-03 11:36:22 +00:00
char *tmp;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
rpc: libssh2: Add more debugging info
2015-10-02 13:48:33 +00:00
VIR_DEBUG("sess=%p", sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
/* try open the key with no password */
if ((ret = libssh2_userauth_publickey_fromfile(sess->session,
priv->username,
NULL,
priv->filename,
priv->password)) == 0)
return 0; /* success */
build: add GCC 6.0 -Wlogical-op workaround fdstream.c: In function 'virFDStreamWrite': fdstream.c:390:29: error: logical 'or' of equal expressions [-Werror=logical-op] if (errno == EAGAIN || errno == EWOULDBLOCK) { ^~ Fedora rawhide now uses gcc 6.0 and there is a bug with -Wlogical-op producing false warnings. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602 Use GCC pragma push/pop and ignore -Wlogical-op for GCC that supports push/pop pragma and also has this bug. Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-04-10 16:22:20 +00:00
VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
if (priv->password ||
ret == LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED ||
ret == LIBSSH2_ERROR_AUTHENTICATION_FAILED) {
build: add GCC 6.0 -Wlogical-op workaround fdstream.c: In function 'virFDStreamWrite': fdstream.c:390:29: error: logical 'or' of equal expressions [-Werror=logical-op] if (errno == EAGAIN || errno == EWOULDBLOCK) { ^~ Fedora rawhide now uses gcc 6.0 and there is a bug with -Wlogical-op producing false warnings. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602 Use GCC pragma push/pop and ignore -Wlogical-op for GCC that supports push/pop pragma and also has this bug. Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-04-10 16:22:20 +00:00
VIR_WARNINGS_RESET
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_AUTH_FAILED,
_("authentication with private key '%s' "
"has failed: %s"),
priv->filename, errmsg);
return 1; /* auth failed */
}
/* request user's key password */
if (!sess->cred || !sess->cred->cb) {
virReportError(VIR_ERR_SSH, "%s",
_("No user interaction callback provided: "
"Can't retrieve private key passphrase"));
return -1;
}
memset(&retr_passphrase, 0, sizeof(virConnectCredential));
retr_passphrase.type = -1;
for (i = 0; i < sess->cred->ncredtype; i++) {
if (sess->cred->credtype[i] == VIR_CRED_PASSPHRASE ||
sess->cred->credtype[i] == VIR_CRED_NOECHOPROMPT) {
retr_passphrase.type = sess->cred->credtype[i];
break;
}
}
if (retr_passphrase.type < 0) {
virReportError(VIR_ERR_SSH, "%s",
_("no suitable method to retrieve key passphrase"));
return -1;
}
rpc: Use g_strdup_printf() instead of virAsprintf() Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-10-22 13:26:14 +00:00
retr_passphrase.prompt = g_strdup_printf(_("Passphrase for key '%s'"),
priv->filename);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
if (sess->cred->cb(&retr_passphrase, 1, sess->cred->cbdata)) {
virReportError(VIR_ERR_SSH, "%s",
_("failed to retrieve private key passphrase: "
"callback has failed"));
Stop free'ing 'const char *' strings The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-03 11:36:22 +00:00
tmp = (char *)retr_passphrase.prompt;
VIR_FREE(tmp);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
}
Stop free'ing 'const char *' strings The VIR_FREE() macro will cast away any const-ness. This masked a number of places where we passed a 'const char *' string to VIR_FREE. Fortunately in all of these cases, the variable was not in fact const data, but a heap allocated string. Fix all the variable declarations to reflect this. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-03 11:36:22 +00:00
tmp = (char *)retr_passphrase.prompt;
VIR_FREE(tmp);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
ret = libssh2_userauth_publickey_fromfile(sess->session,
priv->username,
NULL,
priv->filename,
retr_passphrase.result);
VIR_FREE(retr_passphrase.result);
if (ret < 0) {
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_AUTH_FAILED,
_("authentication with private key '%s' "
"has failed: %s"),
priv->filename, errmsg);
build: add GCC 6.0 -Wlogical-op workaround fdstream.c: In function 'virFDStreamWrite': fdstream.c:390:29: error: logical 'or' of equal expressions [-Werror=logical-op] if (errno == EAGAIN || errno == EWOULDBLOCK) { ^~ Fedora rawhide now uses gcc 6.0 and there is a bug with -Wlogical-op producing false warnings. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602 Use GCC pragma push/pop and ignore -Wlogical-op for GCC that supports push/pop pragma and also has this bug. Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-04-10 16:22:20 +00:00
VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
if (ret == LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED ||
ret == LIBSSH2_ERROR_AUTHENTICATION_FAILED)
return 1;
else
return -1;
build: add GCC 6.0 -Wlogical-op workaround fdstream.c: In function 'virFDStreamWrite': fdstream.c:390:29: error: logical 'or' of equal expressions [-Werror=logical-op] if (errno == EAGAIN || errno == EWOULDBLOCK) { ^~ Fedora rawhide now uses gcc 6.0 and there is a bug with -Wlogical-op producing false warnings. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602 Use GCC pragma push/pop and ignore -Wlogical-op for GCC that supports push/pop pragma and also has this bug. Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-04-10 16:22:20 +00:00
VIR_WARNINGS_RESET
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
}
return 0;
}
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
/* perform password authentication, either directly or request the password
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
*
* Returns: 0 on success
* 1 on authentication failure
* -1 on error
*/
static int
virNetSSHAuthenticatePassword(virNetSSHSessionPtr sess,
virNetSSHAuthMethodPtr priv)
{
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
char *password = NULL;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
char *errmsg;
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
int ret = -1;
int rc;
rpc: libssh2: Add more debugging info
2015-10-02 13:48:33 +00:00
VIR_DEBUG("sess=%p", sess);
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
if (priv->password) {
/* tunelled password authentication */
rpc: fix handling of SSH auth failure code The result of libssh2_userauth_password is being assigned to 'ret' in one branch and 'rc' in the other branch. Checks are all done against the 'ret' variable, so one branch never does the correct check. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-31 10:13:39 +00:00
if ((rc = libssh2_userauth_password(sess->session,
priv->username,
priv->password)) == 0) {
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
ret = 0;
goto cleanup;
}
} else {
/* password authentication with interactive password request */
if (!sess->cred || !sess->cred->cb) {
virReportError(VIR_ERR_SSH, "%s",
_("Can't perform authentication: "
"Authentication callback not provided"));
goto cleanup;
}
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
/* Try the authenticating the set amount of times. The server breaks the
* connection if maximum number of bad auth tries is exceeded */
while (true) {
if (!(password = virAuthGetPasswordPath(sess->authPath, sess->cred,
"ssh", priv->username,
rpc: Don't overwrite virAuthGet{Username|Password}Path errors Now that the virAuthGet*Path API's generate all the error messages we can remove them from the callers. Signed-off-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
2018-08-14 14:33:26 +00:00
sess->hostname)))
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
goto cleanup;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
/* tunelled password authentication */
if ((rc = libssh2_userauth_password(sess->session,
priv->username,
password)) == 0) {
ret = 0;
goto cleanup;
}
rpc: fix handling of SSH auth failure code The result of libssh2_userauth_password is being assigned to 'ret' in one branch and 'rc' in the other branch. Checks are all done against the 'ret' variable, so one branch never does the correct check. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-31 10:13:39 +00:00
if (rc != LIBSSH2_ERROR_AUTHENTICATION_FAILED)
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
break;
VIR_FREE(password);
}
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
}
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
/* error path */
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_AUTH_FAILED,
_("authentication failed: %s"), errmsg);
/* determine exist status */
rpc: fix handling of SSH auth failure code The result of libssh2_userauth_password is being assigned to 'ret' in one branch and 'rc' in the other branch. Checks are all done against the 'ret' variable, so one branch never does the correct check. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-31 10:13:39 +00:00
if (rc == LIBSSH2_ERROR_AUTHENTICATION_FAILED)
ret = 1;
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
else
rpc: fix handling of SSH auth failure code The result of libssh2_userauth_password is being assigned to 'ret' in one branch and 'rc' in the other branch. Checks are all done against the 'ret' variable, so one branch never does the correct check. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-31 10:13:39 +00:00
ret = -1;
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
cleanup:
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
VIR_FREE(password);
return ret;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
}
libssh2: Improve password based authentication The password authentication method wasn't used as there wasn't a pleasant way to pass the password. This patch adds the option to use virAuth util functions to request the password either from a config file or uses the conf callback to request it from the user.
2013-07-09 14:34:38 +00:00
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
/* perform keyboard interactive authentication
*
* Returns: 0 on success
* 1 on authentication failure
* -1 on error
*/
static int
virNetSSHAuthenticateKeyboardInteractive(virNetSSHSessionPtr sess,
virNetSSHAuthMethodPtr priv)
{
char *errmsg;
int ret;
rpc: libssh2: Add more debugging info
2015-10-02 13:48:33 +00:00
VIR_DEBUG("sess=%p", sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
if (!sess->cred || !sess->cred->cb) {
virReportError(VIR_ERR_SSH, "%s",
_("Can't perform keyboard-interactive authentication: "
"Authentication callback not provided "));
return -1;
}
/* Try the authenticating the set amount of times. The server breaks the
* connection if maximum number of bad auth tries is exceeded */
while (priv->tries < 0 || priv->tries-- > 0) {
ret = libssh2_userauth_keyboard_interactive(sess->session,
priv->username,
virNetSSHKbIntCb);
/* check for errors while calling the callback */
switch (sess->authCbErr) {
case VIR_NET_SSH_AUTHCB_NO_METHOD:
virReportError(VIR_ERR_SSH, "%s",
_("no suitable method to retrieve "
Fix some typos in messages, docs and comments.
2012-08-22 18:29:18 +00:00
"authentication credentials"));
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
case VIR_NET_SSH_AUTHCB_OOM:
Adapt to VIR_STRDUP and VIR_STRNDUP in src/rpc/*
2013-05-03 12:47:53 +00:00
/* OOM error already reported */
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
case VIR_NET_SSH_AUTHCB_RETR_ERR:
virReportError(VIR_ERR_SSH, "%s",
_("failed to retrieve credentials"));
return -1;
case VIR_NET_SSH_AUTHCB_OK:
/* everything went fine, let's continue */
break;
}
if (ret == 0)
/* authentication succeeded */
return 0;
if (ret == LIBSSH2_ERROR_AUTHENTICATION_FAILED)
continue; /* try again */
if (ret < 0) {
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_AUTH_FAILED,
_("keyboard interactive authentication failed: %s"),
errmsg);
return -1;
}
}
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_AUTH_FAILED,
_("keyboard interactive authentication failed: %s"),
errmsg);
return 1;
}
/* select auth method and authenticate */
static int
virNetSSHAuthenticate(virNetSSHSessionPtr sess)
{
virNetSSHAuthMethodPtr auth;
bool no_method = false;
bool auth_failed = false;
char *auth_list;
char *errmsg;
Convert 'int i' to 'size_t i' in src/rpc/ files Convert the type of loop iterators named 'i', 'j', k', 'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or 'unsigned int', also santizing 'ii', 'jj', 'kk' to use the normal 'i', 'j', 'k' naming Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-08 14:09:33 +00:00
size_t i;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
int ret;
rpc: libssh2: Add more debugging info
2015-10-02 13:48:33 +00:00
VIR_DEBUG("sess=%p", sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
if (!sess->nauths) {
virReportError(VIR_ERR_SSH, "%s",
_("No authentication methods and credentials "
"provided"));
return -1;
}
/* obtain list of supported auth methods */
auth_list = libssh2_userauth_list(sess->session,
sess->auths[0]->username,
strlen(sess->auths[0]->username));
if (!auth_list) {
/* unlikely event, authentication succeeded with NONE as method */
if (libssh2_userauth_authenticated(sess->session) == 1)
return 0;
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_SSH,
_("couldn't retrieve authentication methods list: %s"),
errmsg);
return -1;
}
for (i = 0; i < sess->nauths; i++) {
auth = sess->auths[i];
ret = 2;
virResetLastError();
switch (auth->method) {
case VIR_NET_SSH_AUTH_KEYBOARD_INTERACTIVE:
if (strstr(auth_list, "keyboard-interactive"))
ret = virNetSSHAuthenticateKeyboardInteractive(sess, auth);
break;
case VIR_NET_SSH_AUTH_AGENT:
if (strstr(auth_list, "publickey"))
ret = virNetSSHAuthenticateAgent(sess, auth);
break;
case VIR_NET_SSH_AUTH_PRIVKEY:
if (strstr(auth_list, "publickey"))
ret = virNetSSHAuthenticatePrivkey(sess, auth);
break;
case VIR_NET_SSH_AUTH_PASSWORD:
if (strstr(auth_list, "password"))
ret = virNetSSHAuthenticatePassword(sess, auth);
break;
}
/* return on success or error */
if (ret <= 0)
return ret;
/* the authentication method is not supported */
if (ret == 2)
no_method = true;
/* authentication with this method has failed */
if (ret == 1)
auth_failed = true;
}
if (sess->nauths == 0) {
virReportError(VIR_ERR_AUTH_FAILED, "%s",
_("No authentication methods supplied"));
} else if (sess->nauths == 1) {
/* pass through the error */
} else if (no_method && !auth_failed) {
virReportError(VIR_ERR_AUTH_FAILED, "%s",
_("None of the requested authentication methods "
"are supported by the server"));
} else {
virReportError(VIR_ERR_AUTH_FAILED, "%s",
_("All provided authentication methods with credentials "
"were rejected by the server"));
}
return -1;
}
/* open channel */
static int
virNetSSHOpenChannel(virNetSSHSessionPtr sess)
{
char *errmsg;
sess->channel = libssh2_channel_open_session(sess->session);
if (!sess->channel) {
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_SSH,
_("failed to open ssh channel: %s"),
errmsg);
return -1;
}
if (libssh2_channel_exec(sess->channel, sess->channelCommand) != 0) {
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_SSH,
_("failed to execute command '%s': %s"),
sess->channelCommand,
errmsg);
return -1;
}
/* nonblocking mode - currently does nothing*/
libssh2_channel_set_blocking(sess->channel, 0);
/* channel open */
return 0;
}
/* validate if all required parameters are configured */
static int
virNetSSHValidateConfig(virNetSSHSessionPtr sess)
{
if (sess->nauths == 0) {
virReportError(VIR_ERR_SSH, "%s",
_("No authentication methods and credentials "
"provided"));
return -1;
}
if (!sess->channelCommand) {
virReportError(VIR_ERR_SSH, "%s",
_("No channel command provided"));
return -1;
}
if (sess->hostKeyVerify != VIR_NET_SSH_HOSTKEY_VERIFY_IGNORE) {
if (!sess->hostname) {
virReportError(VIR_ERR_SSH, "%s",
_("Hostname is needed for host key verification"));
return -1;
}
}
/* everything ok */
return 0;
}
/* ### PUBLIC API ### */
int
virNetSSHSessionAuthSetCallback(virNetSSHSessionPtr sess,
virConnectAuthPtr auth)
{
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectLock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
sess->cred = auth;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return 0;
}
void
virNetSSHSessionAuthReset(virNetSSHSessionPtr sess)
{
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectLock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
virNetSSHSessionAuthMethodsFree(sess);
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
}
int
virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
remote: Improve libssh2 password authentication This patch enables the password authentication in the libssh2 connection driver. There are a few benefits to this step: 1) Hosts with challenge response authentication will now be supported with the libssh2 connection driver. 2) Credential for hosts can now be stored in the authentication credential config file
2013-07-09 14:46:32 +00:00
virURIPtr uri,
const char *username)
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
{
virNetSSHAuthMethodPtr auth;
char *user = NULL;
remote: Improve libssh2 password authentication This patch enables the password authentication in the libssh2 connection driver. There are a few benefits to this step: 1) Hosts with challenge response authentication will now be supported with the libssh2 connection driver. 2) Credential for hosts can now be stored in the authentication credential config file
2013-07-09 14:46:32 +00:00
if (uri) {
VIR_FREE(sess->authPath);
if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0)
goto error;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
}
remote: Improve libssh2 password authentication This patch enables the password authentication in the libssh2 connection driver. There are a few benefits to this step: 1) Hosts with challenge response authentication will now be supported with the libssh2 connection driver. 2) Credential for hosts can now be stored in the authentication credential config file
2013-07-09 14:46:32 +00:00
if (!username) {
if (!(user = virAuthGetUsernamePath(sess->authPath, sess->cred,
"ssh", NULL, sess->hostname)))
goto error;
} else {
rpc: use g_strdup instead of VIR_STRDUP Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 11:49:46 +00:00
user = g_strdup(username);
remote: Improve libssh2 password authentication This patch enables the password authentication in the libssh2 connection driver. There are a few benefits to this step: 1) Hosts with challenge response authentication will now be supported with the libssh2 connection driver. 2) Credential for hosts can now be stored in the authentication credential config file
2013-07-09 14:46:32 +00:00
}
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
remote: Improve libssh2 password authentication This patch enables the password authentication in the libssh2 connection driver. There are a few benefits to this step: 1) Hosts with challenge response authentication will now be supported with the libssh2 connection driver. 2) Credential for hosts can now be stored in the authentication credential config file
2013-07-09 14:46:32 +00:00
virObjectLock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
Adapt to VIR_ALLOC and virAsprintf in src/rpc/*
2013-07-04 10:15:05 +00:00
if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
Adapt to VIR_STRDUP and VIR_STRNDUP in src/rpc/*
2013-05-03 12:47:53 +00:00
goto error;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
auth->username = user;
auth->method = VIR_NET_SSH_AUTH_PASSWORD;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return 0;
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
error:
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
VIR_FREE(user);
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
}
int
virNetSSHSessionAuthAddAgentAuth(virNetSSHSessionPtr sess,
const char *username)
{
virNetSSHAuthMethodPtr auth;
char *user = NULL;
if (!username) {
virReportError(VIR_ERR_SSH, "%s",
_("Username must be provided "
"for ssh agent authentication"));
return -1;
}
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectLock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
rpc: use g_strdup instead of VIR_STRDUP Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 11:49:46 +00:00
user = g_strdup(username);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
Adapt to VIR_ALLOC and virAsprintf in src/rpc/*
2013-07-04 10:15:05 +00:00
if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
Adapt to VIR_STRDUP and VIR_STRNDUP in src/rpc/*
2013-05-03 12:47:53 +00:00
goto error;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
auth->username = user;
auth->method = VIR_NET_SSH_AUTH_AGENT;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return 0;
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
error:
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
VIR_FREE(user);
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
}
int
virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSessionPtr sess,
const char *username,
const char *keyfile,
const char *password)
{
virNetSSHAuthMethodPtr auth;
char *user = NULL;
char *pass = NULL;
char *file = NULL;
if (!username || !keyfile) {
virReportError(VIR_ERR_SSH, "%s",
_("Username and key file path must be provided "
"for private key authentication"));
return -1;
}
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectLock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
rpc: use g_strdup instead of VIR_STRDUP Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 11:49:46 +00:00
user = g_strdup(username);
file = g_strdup(keyfile);
pass = g_strdup(password);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
Adapt to VIR_ALLOC and virAsprintf in src/rpc/*
2013-07-04 10:15:05 +00:00
if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
Adapt to VIR_STRDUP and VIR_STRNDUP in src/rpc/*
2013-05-03 12:47:53 +00:00
goto error;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
auth->username = user;
auth->password = pass;
auth->filename = file;
auth->method = VIR_NET_SSH_AUTH_PRIVKEY;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return 0;
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
error:
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
VIR_FREE(user);
VIR_FREE(pass);
VIR_FREE(file);
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
}
int
virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSessionPtr sess,
const char *username,
int tries)
{
virNetSSHAuthMethodPtr auth;
char *user = NULL;
if (!username) {
virReportError(VIR_ERR_SSH, "%s",
_("Username must be provided "
"for ssh agent authentication"));
return -1;
}
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectLock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
rpc: use g_strdup instead of VIR_STRDUP Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 11:49:46 +00:00
user = g_strdup(username);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
Adapt to VIR_ALLOC and virAsprintf in src/rpc/*
2013-07-04 10:15:05 +00:00
if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
Adapt to VIR_STRDUP and VIR_STRNDUP in src/rpc/*
2013-05-03 12:47:53 +00:00
goto error;
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
auth->username = user;
auth->tries = tries;
auth->method = VIR_NET_SSH_AUTH_KEYBOARD_INTERACTIVE;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return 0;
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
error:
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
VIR_FREE(user);
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
}
int
virNetSSHSessionSetChannelCommand(virNetSSHSessionPtr sess,
const char *command)
{
int ret = 0;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectLock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
VIR_FREE(sess->channelCommand);
rpc: use g_strdup instead of VIR_STRDUP Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 11:49:46 +00:00
sess->channelCommand = g_strdup(command);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return ret;
}
int
virNetSSHSessionSetHostKeyVerification(virNetSSHSessionPtr sess,
const char *hostname,
int port,
const char *hostsfile,
libssh2_session: Add support for creating known_hosts file The libssh2 code wasn't supposed to create the known_hosts file, but recent findings show, that we can't use the default created by OpenSSH as libssh2 might damage it. We need to create a private known_hosts file in the config path. This patch adds support for skipping error if the known_hosts file is not present and let libssh2 create a new one.
2012-08-21 16:28:11 +00:00
virNetSSHHostkeyVerify opt,
unsigned int flags)
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
{
char *errmsg;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectLock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
sess->port = port;
sess->hostKeyVerify = opt;
VIR_FREE(sess->hostname);
rpc: use g_strdup instead of VIR_STRDUP Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 11:49:46 +00:00
sess->hostname = g_strdup(hostname);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
/* load the known hosts file */
if (hostsfile) {
libssh2_session: Add support for creating known_hosts file The libssh2 code wasn't supposed to create the known_hosts file, but recent findings show, that we can't use the default created by OpenSSH as libssh2 might damage it. We need to create a private known_hosts file in the config path. This patch adds support for skipping error if the known_hosts file is not present and let libssh2 create a new one.
2012-08-21 16:28:11 +00:00
if (virFileExists(hostsfile)) {
if (libssh2_knownhost_readfile(sess->knownHosts,
hostsfile,
LIBSSH2_KNOWNHOST_FILE_OPENSSH) < 0) {
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_SSH,
_("unable to load knownhosts file '%s': %s"),
hostsfile, errmsg);
goto error;
}
} else if (!(flags & VIR_NET_SSH_HOSTKEY_FILE_CREATE)) {
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
virReportError(VIR_ERR_SSH,
libssh2_session: Add support for creating known_hosts file The libssh2 code wasn't supposed to create the known_hosts file, but recent findings show, that we can't use the default created by OpenSSH as libssh2 might damage it. We need to create a private known_hosts file in the config path. This patch adds support for skipping error if the known_hosts file is not present and let libssh2 create a new one.
2012-08-21 16:28:11 +00:00
_("known hosts file '%s' does not exist"),
hostsfile);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
goto error;
}
/* set filename only if writing to the known hosts file is requested */
libssh2_session: Add support for creating known_hosts file The libssh2 code wasn't supposed to create the known_hosts file, but recent findings show, that we can't use the default created by OpenSSH as libssh2 might damage it. We need to create a private known_hosts file in the config path. This patch adds support for skipping error if the known_hosts file is not present and let libssh2 create a new one.
2012-08-21 16:28:11 +00:00
if (!(flags & VIR_NET_SSH_HOSTKEY_FILE_READONLY)) {
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
VIR_FREE(sess->knownHostsFile);
rpc: use g_strdup instead of VIR_STRDUP Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 11:49:46 +00:00
sess->knownHostsFile = g_strdup(hostsfile);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
}
}
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return 0;
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
error:
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
}
/* allocate and initialize a ssh session object */
virNetSSHSessionPtr virNetSSHSessionNew(void)
{
virNetSSHSessionPtr sess = NULL;
if (virNetSSHSessionInitialize() < 0)
goto error;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
if (!(sess = virObjectLockableNew(virNetSSHSessionClass)))
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
goto error;
/* initialize session data, use the internal data for callbacks
* and stick to default memory management functions */
if (!(sess->session = libssh2_session_init_ex(NULL,
NULL,
NULL,
(void *)sess))) {
virReportError(VIR_ERR_SSH, "%s",
_("Failed to initialize libssh2 session"));
goto error;
}
if (!(sess->knownHosts = libssh2_knownhost_init(sess->session))) {
virReportError(VIR_ERR_SSH, "%s",
_("Failed to initialize libssh2 known hosts table"));
goto error;
}
if (!(sess->agent = libssh2_agent_init(sess->session))) {
virReportError(VIR_ERR_SSH, "%s",
_("Failed to initialize libssh2 agent handle"));
goto error;
}
VIR_DEBUG("virNetSSHSessionPtr: %p, LIBSSH2_SESSION: %p",
sess, sess->session);
/* set blocking mode for libssh2 until handshake is complete */
libssh2_session_set_blocking(sess->session, 1);
/* default states for config variables */
sess->state = VIR_NET_SSH_STATE_NEW;
sess->hostKeyVerify = VIR_NET_SSH_HOSTKEY_VERIFY_IGNORE;
return sess;
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
error:
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
virObjectUnref(sess);
return NULL;
}
int
virNetSSHSessionConnect(virNetSSHSessionPtr sess,
int sock)
{
int ret;
char *errmsg;
VIR_DEBUG("sess=%p, sock=%d", sess, sock);
if (!sess || sess->state != VIR_NET_SSH_STATE_NEW) {
virReportError(VIR_ERR_SSH, "%s",
_("Invalid virNetSSHSessionPtr"));
return -1;
}
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectLock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
/* check if configuration is valid */
if ((ret = virNetSSHValidateConfig(sess)) < 0)
goto error;
/* open session */
ret = libssh2_session_handshake(sess->session, sock);
/* libssh2 is in blocking mode, so EAGAIN will never happen */
if (ret < 0) {
libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
virReportError(VIR_ERR_NO_CONNECT,
_("SSH session handshake failed: %s"),
errmsg);
goto error;
}
/* verify the SSH host key */
if ((ret = virNetSSHCheckHostKey(sess)) != 0)
goto error;
/* authenticate */
if ((ret = virNetSSHAuthenticate(sess)) != 0)
goto error;
/* open channel */
if ((ret = virNetSSHOpenChannel(sess)) != 0)
goto error;
/* all set */
/* switch to nonblocking mode and return */
libssh2_session_set_blocking(sess->session, 0);
sess->state = VIR_NET_SSH_STATE_HANDSHAKE_COMPLETE;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return ret;
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
error:
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
sess->state = VIR_NET_SSH_STATE_ERROR;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return ret;
}
/* do a read from a ssh channel, used instead of normal read on socket */
ssize_t
virNetSSHChannelRead(virNetSSHSessionPtr sess,
char *buf,
size_t len)
{
ssize_t ret = -1;
ssize_t read_n = 0;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectLock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
if (sess->state != VIR_NET_SSH_STATE_HANDSHAKE_COMPLETE) {
if (sess->state == VIR_NET_SSH_STATE_ERROR_REMOTE)
virReportError(VIR_ERR_SSH,
_("Remote program terminated "
"with non-zero code: %d"),
sess->channelCommandReturnValue);
else
virReportError(VIR_ERR_SSH, "%s",
_("Tried to write socket in error state"));
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
}
if (sess->bufUsed > 0) {
/* copy the rest (or complete) internal buffer to the output buffer */
memcpy(buf,
sess->rbuf + sess->bufStart,
len > sess->bufUsed ? sess->bufUsed : len);
if (len >= sess->bufUsed) {
read_n = sess->bufUsed;
sess->bufStart = 0;
sess->bufUsed = 0;
} else {
read_n = len;
sess->bufUsed -= len;
sess->bufStart += len;
goto success;
}
}
/* continue reading into the buffer supplied */
if (read_n < len) {
ret = libssh2_channel_read(sess->channel,
buf + read_n,
len - read_n);
if (ret == LIBSSH2_ERROR_EAGAIN)
goto success;
if (ret < 0)
goto error;
read_n += ret;
}
/* try to read something into the internal buffer */
if (sess->bufUsed == 0) {
ret = libssh2_channel_read(sess->channel,
sess->rbuf,
VIR_NET_SSH_BUFFER_SIZE);
if (ret == LIBSSH2_ERROR_EAGAIN)
goto success;
if (ret < 0)
goto error;
sess->bufUsed = ret;
sess->bufStart = 0;
}
if (read_n == 0) {
/* get rid of data in stderr stream */
ret = libssh2_channel_read_stderr(sess->channel,
sess->rbuf,
VIR_NET_SSH_BUFFER_SIZE - 1);
if (ret > 0) {
sess->rbuf[ret] = '\0';
VIR_DEBUG("flushing stderr, data='%s'", sess->rbuf);
}
}
if (libssh2_channel_eof(sess->channel)) {
if (libssh2_channel_get_exit_status(sess->channel)) {
virReportError(VIR_ERR_SSH,
_("Remote command terminated with non-zero code: %d"),
libssh2_channel_get_exit_status(sess->channel));
sess->channelCommandReturnValue = libssh2_channel_get_exit_status(sess->channel);
sess->state = VIR_NET_SSH_STATE_ERROR_REMOTE;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
}
sess->state = VIR_NET_SSH_STATE_CLOSED;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return -1;
}
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
success:
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return read_n;
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
error:
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
sess->state = VIR_NET_SSH_STATE_ERROR;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return ret;
}
ssize_t
virNetSSHChannelWrite(virNetSSHSessionPtr sess,
const char *buf,
size_t len)
{
ssize_t ret;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectLock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
if (sess->state != VIR_NET_SSH_STATE_HANDSHAKE_COMPLETE) {
if (sess->state == VIR_NET_SSH_STATE_ERROR_REMOTE)
virReportError(VIR_ERR_SSH,
_("Remote program terminated with non-zero code: %d"),
sess->channelCommandReturnValue);
else
virReportError(VIR_ERR_SSH, "%s",
_("Tried to write socket in error state"));
ret = -1;
goto cleanup;
}
if (libssh2_channel_eof(sess->channel)) {
if (libssh2_channel_get_exit_status(sess->channel)) {
virReportError(VIR_ERR_SSH,
_("Remote program terminated with non-zero code: %d"),
libssh2_channel_get_exit_status(sess->channel));
sess->state = VIR_NET_SSH_STATE_ERROR_REMOTE;
sess->channelCommandReturnValue = libssh2_channel_get_exit_status(sess->channel);
ret = -1;
goto cleanup;
}
sess->state = VIR_NET_SSH_STATE_CLOSED;
ret = -1;
goto cleanup;
}
ret = libssh2_channel_write(sess->channel, buf, len);
if (ret == LIBSSH2_ERROR_EAGAIN) {
ret = 0;
goto cleanup;
}
if (ret < 0) {
char *msg;
sess->state = VIR_NET_SSH_STATE_ERROR;
libssh2_session_last_error(sess->session, &msg, NULL, 0);
virReportError(VIR_ERR_SSH,
_("write failed: %s"), msg);
}
Indent top-level labels by one space in src/rpc/
2014-03-25 06:52:31 +00:00
cleanup:
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return ret;
}
bool
virNetSSHSessionHasCachedData(virNetSSHSessionPtr sess)
{
bool ret;
if (!sess)
return false;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectLock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
ret = sess->bufUsed > 0;
Convert all rpc classes over to virObjectLockable
2013-01-09 21:27:28 +00:00
virObjectUnlock(sess);
libssh2_transport: add main libssh2 transport implementation This patch adds helper functions that enable us to use libssh2 in conjunction with libvirt's virNetSockets for ssh transport instead of spawning "ssh" client process. This implemetation supports tunneled plaintext, keyboard-interactive, private key, ssh agent based and null authentication. Libvirt's Auth callback is used for interaction with the user. (Keyboard interactive authentication, adding of host keys, private key passphrases). This enables seamless integration into the application using libvirt. No helpers as "ssh-askpass" are needed. Reading and writing of OpenSSH style "known_hosts" files is supported. Communication is done using SSH exec channel, where the user may specify arbitrary command to be executed on the remote side and reads and writes to/from stdin/out are sent through the ssh channel. Usage of stderr is not (yet) supported.
2011-11-14 14:30:23 +00:00
return ret;
}
Reference in New Issue Copy Permalink