mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 01:43:23 +00:00
remote: Improve libssh2 password authentication
This patch enables the password authentication in the libssh2 connection driver. There are a few benefits to this step: 1) Hosts with challenge response authentication will now be supported with the libssh2 connection driver. 2) Credential for hosts can now be stored in the authentication credential config file
This commit is contained in:
parent
676504e3be
commit
273745b431
@ -659,7 +659,8 @@ doRemoteOpen(virConnectPtr conn,
|
|||||||
sshauth,
|
sshauth,
|
||||||
netcat,
|
netcat,
|
||||||
sockname,
|
sockname,
|
||||||
auth);
|
auth,
|
||||||
|
conn->uri);
|
||||||
if (!priv->client)
|
if (!priv->client)
|
||||||
goto failed;
|
goto failed;
|
||||||
|
|
||||||
|
@ -389,7 +389,8 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
|
|||||||
const char *authMethods,
|
const char *authMethods,
|
||||||
const char *netcatPath,
|
const char *netcatPath,
|
||||||
const char *socketPath,
|
const char *socketPath,
|
||||||
virConnectAuthPtr authPtr)
|
virConnectAuthPtr authPtr,
|
||||||
|
virURIPtr uri)
|
||||||
{
|
{
|
||||||
virNetSocketPtr sock = NULL;
|
virNetSocketPtr sock = NULL;
|
||||||
virNetClientPtr ret = NULL;
|
virNetClientPtr ret = NULL;
|
||||||
@ -443,9 +444,9 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
|
|||||||
|
|
||||||
if (!authMethods) {
|
if (!authMethods) {
|
||||||
if (privkey)
|
if (privkey)
|
||||||
authMethods = "agent,privkey,keyboard-interactive";
|
authMethods = "agent,privkey,password,keyboard-interactive";
|
||||||
else
|
else
|
||||||
authMethods = "agent,keyboard-interactive";
|
authMethods = "agent,password,keyboard-interactive";
|
||||||
}
|
}
|
||||||
|
|
||||||
DEFAULT_VALUE(host, "localhost");
|
DEFAULT_VALUE(host, "localhost");
|
||||||
@ -471,9 +472,9 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
|
|||||||
if (!(command = virBufferContentAndReset(&buf)))
|
if (!(command = virBufferContentAndReset(&buf)))
|
||||||
goto no_memory;
|
goto no_memory;
|
||||||
|
|
||||||
if (virNetSocketNewConnectLibSSH2(host, port, username, NULL, privkey,
|
if (virNetSocketNewConnectLibSSH2(host, port, username, privkey,
|
||||||
knownhosts, knownHostsVerify, authMethods,
|
knownhosts, knownHostsVerify, authMethods,
|
||||||
command, authPtr, &sock) != 0)
|
command, authPtr, uri, &sock) != 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
if (!(ret = virNetClientNew(sock, NULL)))
|
if (!(ret = virNetClientNew(sock, NULL)))
|
||||||
|
@ -33,6 +33,7 @@
|
|||||||
# include "virnetclientprogram.h"
|
# include "virnetclientprogram.h"
|
||||||
# include "virnetclientstream.h"
|
# include "virnetclientstream.h"
|
||||||
# include "virobject.h"
|
# include "virobject.h"
|
||||||
|
# include "viruri.h"
|
||||||
|
|
||||||
|
|
||||||
virNetClientPtr virNetClientNewUNIX(const char *path,
|
virNetClientPtr virNetClientNewUNIX(const char *path,
|
||||||
@ -61,7 +62,8 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
|
|||||||
const char *authMethods,
|
const char *authMethods,
|
||||||
const char *netcatPath,
|
const char *netcatPath,
|
||||||
const char *socketPath,
|
const char *socketPath,
|
||||||
virConnectAuthPtr authPtr);
|
virConnectAuthPtr authPtr,
|
||||||
|
virURIPtr uri);
|
||||||
|
|
||||||
virNetClientPtr virNetClientNewExternal(const char **cmdargv);
|
virNetClientPtr virNetClientNewExternal(const char **cmdargv);
|
||||||
|
|
||||||
|
@ -740,13 +740,13 @@ int
|
|||||||
virNetSocketNewConnectLibSSH2(const char *host,
|
virNetSocketNewConnectLibSSH2(const char *host,
|
||||||
const char *port,
|
const char *port,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
|
||||||
const char *privkey,
|
const char *privkey,
|
||||||
const char *knownHosts,
|
const char *knownHosts,
|
||||||
const char *knownHostsVerify,
|
const char *knownHostsVerify,
|
||||||
const char *authMethods,
|
const char *authMethods,
|
||||||
const char *command,
|
const char *command,
|
||||||
virConnectAuthPtr auth,
|
virConnectAuthPtr auth,
|
||||||
|
virURIPtr uri,
|
||||||
virNetSocketPtr *retsock)
|
virNetSocketPtr *retsock)
|
||||||
{
|
{
|
||||||
virNetSocketPtr sock = NULL;
|
virNetSocketPtr sock = NULL;
|
||||||
@ -808,8 +808,8 @@ virNetSocketNewConnectLibSSH2(const char *host,
|
|||||||
ret = virNetSSHSessionAuthAddKeyboardAuth(sess, username, -1);
|
ret = virNetSSHSessionAuthAddKeyboardAuth(sess, username, -1);
|
||||||
else if (STRCASEEQ(authMethod, "password"))
|
else if (STRCASEEQ(authMethod, "password"))
|
||||||
ret = virNetSSHSessionAuthAddPasswordAuth(sess,
|
ret = virNetSSHSessionAuthAddPasswordAuth(sess,
|
||||||
username,
|
uri,
|
||||||
password);
|
username);
|
||||||
else if (STRCASEEQ(authMethod, "privkey"))
|
else if (STRCASEEQ(authMethod, "privkey"))
|
||||||
ret = virNetSSHSessionAuthAddPrivKeyAuth(sess,
|
ret = virNetSSHSessionAuthAddPrivKeyAuth(sess,
|
||||||
username,
|
username,
|
||||||
@ -854,13 +854,13 @@ int
|
|||||||
virNetSocketNewConnectLibSSH2(const char *host ATTRIBUTE_UNUSED,
|
virNetSocketNewConnectLibSSH2(const char *host ATTRIBUTE_UNUSED,
|
||||||
const char *port ATTRIBUTE_UNUSED,
|
const char *port ATTRIBUTE_UNUSED,
|
||||||
const char *username ATTRIBUTE_UNUSED,
|
const char *username ATTRIBUTE_UNUSED,
|
||||||
const char *password ATTRIBUTE_UNUSED,
|
|
||||||
const char *privkey ATTRIBUTE_UNUSED,
|
const char *privkey ATTRIBUTE_UNUSED,
|
||||||
const char *knownHosts ATTRIBUTE_UNUSED,
|
const char *knownHosts ATTRIBUTE_UNUSED,
|
||||||
const char *knownHostsVerify ATTRIBUTE_UNUSED,
|
const char *knownHostsVerify ATTRIBUTE_UNUSED,
|
||||||
const char *authMethods ATTRIBUTE_UNUSED,
|
const char *authMethods ATTRIBUTE_UNUSED,
|
||||||
const char *command ATTRIBUTE_UNUSED,
|
const char *command ATTRIBUTE_UNUSED,
|
||||||
virConnectAuthPtr auth ATTRIBUTE_UNUSED,
|
virConnectAuthPtr auth ATTRIBUTE_UNUSED,
|
||||||
|
virURIPtr uri ATTRIBUTE_UNUSED,
|
||||||
virNetSocketPtr *retsock ATTRIBUTE_UNUSED)
|
virNetSocketPtr *retsock ATTRIBUTE_UNUSED)
|
||||||
{
|
{
|
||||||
virReportSystemError(ENOSYS, "%s",
|
virReportSystemError(ENOSYS, "%s",
|
||||||
|
@ -34,6 +34,7 @@
|
|||||||
# include "virnetsaslcontext.h"
|
# include "virnetsaslcontext.h"
|
||||||
# endif
|
# endif
|
||||||
# include "virjson.h"
|
# include "virjson.h"
|
||||||
|
# include "viruri.h"
|
||||||
|
|
||||||
typedef struct _virNetSocket virNetSocket;
|
typedef struct _virNetSocket virNetSocket;
|
||||||
typedef virNetSocket *virNetSocketPtr;
|
typedef virNetSocket *virNetSocketPtr;
|
||||||
@ -84,13 +85,13 @@ int virNetSocketNewConnectSSH(const char *nodename,
|
|||||||
int virNetSocketNewConnectLibSSH2(const char *host,
|
int virNetSocketNewConnectLibSSH2(const char *host,
|
||||||
const char *port,
|
const char *port,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
|
||||||
const char *privkey,
|
const char *privkey,
|
||||||
const char *knownHosts,
|
const char *knownHosts,
|
||||||
const char *knownHostsVerify,
|
const char *knownHostsVerify,
|
||||||
const char *authMethods,
|
const char *authMethods,
|
||||||
const char *command,
|
const char *command,
|
||||||
virConnectAuthPtr auth,
|
virConnectAuthPtr auth,
|
||||||
|
virURIPtr uri,
|
||||||
virNetSocketPtr *retsock);
|
virNetSocketPtr *retsock);
|
||||||
|
|
||||||
int virNetSocketNewConnectExternal(const char **cmdargv,
|
int virNetSocketNewConnectExternal(const char **cmdargv,
|
||||||
|
@ -991,31 +991,34 @@ virNetSSHSessionAuthReset(virNetSSHSessionPtr sess)
|
|||||||
|
|
||||||
int
|
int
|
||||||
virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
|
virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
|
||||||
const char *username,
|
virURIPtr uri,
|
||||||
const char *password)
|
const char *username)
|
||||||
{
|
{
|
||||||
virNetSSHAuthMethodPtr auth;
|
virNetSSHAuthMethodPtr auth;
|
||||||
char *user = NULL;
|
char *user = NULL;
|
||||||
char *pass = NULL;
|
|
||||||
|
|
||||||
if (!username || !password) {
|
if (uri) {
|
||||||
virReportError(VIR_ERR_SSH, "%s",
|
VIR_FREE(sess->authPath);
|
||||||
_("Username and password must be provided "
|
|
||||||
"for password authentication"));
|
if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0)
|
||||||
return -1;
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!username) {
|
||||||
|
if (!(user = virAuthGetUsernamePath(sess->authPath, sess->cred,
|
||||||
|
"ssh", NULL, sess->hostname)))
|
||||||
|
goto error;
|
||||||
|
} else {
|
||||||
|
if (VIR_STRDUP(user, username) < 0)
|
||||||
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
virObjectLock(sess);
|
virObjectLock(sess);
|
||||||
|
|
||||||
if (VIR_STRDUP(user, username) < 0 ||
|
|
||||||
VIR_STRDUP(pass, password) < 0)
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
|
if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
auth->username = user;
|
auth->username = user;
|
||||||
auth->password = pass;
|
|
||||||
auth->method = VIR_NET_SSH_AUTH_PASSWORD;
|
auth->method = VIR_NET_SSH_AUTH_PASSWORD;
|
||||||
|
|
||||||
virObjectUnlock(sess);
|
virObjectUnlock(sess);
|
||||||
@ -1023,7 +1026,6 @@ virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
|
|||||||
|
|
||||||
error:
|
error:
|
||||||
VIR_FREE(user);
|
VIR_FREE(user);
|
||||||
VIR_FREE(pass);
|
|
||||||
virObjectUnlock(sess);
|
virObjectUnlock(sess);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -23,6 +23,7 @@
|
|||||||
# define __VIR_NET_SSH_SESSION_H__
|
# define __VIR_NET_SSH_SESSION_H__
|
||||||
|
|
||||||
# include "internal.h"
|
# include "internal.h"
|
||||||
|
# include "viruri.h"
|
||||||
|
|
||||||
typedef struct _virNetSSHSession virNetSSHSession;
|
typedef struct _virNetSSHSession virNetSSHSession;
|
||||||
typedef virNetSSHSession *virNetSSHSessionPtr;
|
typedef virNetSSHSession *virNetSSHSessionPtr;
|
||||||
@ -50,8 +51,8 @@ int virNetSSHSessionAuthSetCallback(virNetSSHSessionPtr sess,
|
|||||||
virConnectAuthPtr auth);
|
virConnectAuthPtr auth);
|
||||||
|
|
||||||
int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
|
int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
|
||||||
const char *username,
|
virURIPtr uri,
|
||||||
const char *password);
|
const char *username);
|
||||||
|
|
||||||
int virNetSSHSessionAuthAddAgentAuth(virNetSSHSessionPtr sess,
|
int virNetSSHSessionAuthAddAgentAuth(virNetSSHSessionPtr sess,
|
||||||
const char *username);
|
const char *username);
|
||||||
|
Loading…
Reference in New Issue
Block a user