remote: Improve libssh2 password authentication

This patch enables the password authentication in the libssh2 connection
driver. There are a few benefits to this step:

1) Hosts with challenge response authentication will now be supported
with the libssh2 connection driver.

2) Credential for hosts can now be stored in the authentication
credential config file
This commit is contained in:
Peter Krempa 2013-07-09 16:46:32 +02:00
parent 676504e3be
commit 273745b431
7 changed files with 36 additions and 28 deletions

View File

@ -659,7 +659,8 @@ doRemoteOpen(virConnectPtr conn,
sshauth, sshauth,
netcat, netcat,
sockname, sockname,
auth); auth,
conn->uri);
if (!priv->client) if (!priv->client)
goto failed; goto failed;

View File

@ -389,7 +389,8 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
const char *authMethods, const char *authMethods,
const char *netcatPath, const char *netcatPath,
const char *socketPath, const char *socketPath,
virConnectAuthPtr authPtr) virConnectAuthPtr authPtr,
virURIPtr uri)
{ {
virNetSocketPtr sock = NULL; virNetSocketPtr sock = NULL;
virNetClientPtr ret = NULL; virNetClientPtr ret = NULL;
@ -443,9 +444,9 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
if (!authMethods) { if (!authMethods) {
if (privkey) if (privkey)
authMethods = "agent,privkey,keyboard-interactive"; authMethods = "agent,privkey,password,keyboard-interactive";
else else
authMethods = "agent,keyboard-interactive"; authMethods = "agent,password,keyboard-interactive";
} }
DEFAULT_VALUE(host, "localhost"); DEFAULT_VALUE(host, "localhost");
@ -471,9 +472,9 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
if (!(command = virBufferContentAndReset(&buf))) if (!(command = virBufferContentAndReset(&buf)))
goto no_memory; goto no_memory;
if (virNetSocketNewConnectLibSSH2(host, port, username, NULL, privkey, if (virNetSocketNewConnectLibSSH2(host, port, username, privkey,
knownhosts, knownHostsVerify, authMethods, knownhosts, knownHostsVerify, authMethods,
command, authPtr, &sock) != 0) command, authPtr, uri, &sock) != 0)
goto cleanup; goto cleanup;
if (!(ret = virNetClientNew(sock, NULL))) if (!(ret = virNetClientNew(sock, NULL)))

View File

@ -33,6 +33,7 @@
# include "virnetclientprogram.h" # include "virnetclientprogram.h"
# include "virnetclientstream.h" # include "virnetclientstream.h"
# include "virobject.h" # include "virobject.h"
# include "viruri.h"
virNetClientPtr virNetClientNewUNIX(const char *path, virNetClientPtr virNetClientNewUNIX(const char *path,
@ -61,7 +62,8 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
const char *authMethods, const char *authMethods,
const char *netcatPath, const char *netcatPath,
const char *socketPath, const char *socketPath,
virConnectAuthPtr authPtr); virConnectAuthPtr authPtr,
virURIPtr uri);
virNetClientPtr virNetClientNewExternal(const char **cmdargv); virNetClientPtr virNetClientNewExternal(const char **cmdargv);

View File

@ -740,13 +740,13 @@ int
virNetSocketNewConnectLibSSH2(const char *host, virNetSocketNewConnectLibSSH2(const char *host,
const char *port, const char *port,
const char *username, const char *username,
const char *password,
const char *privkey, const char *privkey,
const char *knownHosts, const char *knownHosts,
const char *knownHostsVerify, const char *knownHostsVerify,
const char *authMethods, const char *authMethods,
const char *command, const char *command,
virConnectAuthPtr auth, virConnectAuthPtr auth,
virURIPtr uri,
virNetSocketPtr *retsock) virNetSocketPtr *retsock)
{ {
virNetSocketPtr sock = NULL; virNetSocketPtr sock = NULL;
@ -808,8 +808,8 @@ virNetSocketNewConnectLibSSH2(const char *host,
ret = virNetSSHSessionAuthAddKeyboardAuth(sess, username, -1); ret = virNetSSHSessionAuthAddKeyboardAuth(sess, username, -1);
else if (STRCASEEQ(authMethod, "password")) else if (STRCASEEQ(authMethod, "password"))
ret = virNetSSHSessionAuthAddPasswordAuth(sess, ret = virNetSSHSessionAuthAddPasswordAuth(sess,
username, uri,
password); username);
else if (STRCASEEQ(authMethod, "privkey")) else if (STRCASEEQ(authMethod, "privkey"))
ret = virNetSSHSessionAuthAddPrivKeyAuth(sess, ret = virNetSSHSessionAuthAddPrivKeyAuth(sess,
username, username,
@ -854,13 +854,13 @@ int
virNetSocketNewConnectLibSSH2(const char *host ATTRIBUTE_UNUSED, virNetSocketNewConnectLibSSH2(const char *host ATTRIBUTE_UNUSED,
const char *port ATTRIBUTE_UNUSED, const char *port ATTRIBUTE_UNUSED,
const char *username ATTRIBUTE_UNUSED, const char *username ATTRIBUTE_UNUSED,
const char *password ATTRIBUTE_UNUSED,
const char *privkey ATTRIBUTE_UNUSED, const char *privkey ATTRIBUTE_UNUSED,
const char *knownHosts ATTRIBUTE_UNUSED, const char *knownHosts ATTRIBUTE_UNUSED,
const char *knownHostsVerify ATTRIBUTE_UNUSED, const char *knownHostsVerify ATTRIBUTE_UNUSED,
const char *authMethods ATTRIBUTE_UNUSED, const char *authMethods ATTRIBUTE_UNUSED,
const char *command ATTRIBUTE_UNUSED, const char *command ATTRIBUTE_UNUSED,
virConnectAuthPtr auth ATTRIBUTE_UNUSED, virConnectAuthPtr auth ATTRIBUTE_UNUSED,
virURIPtr uri ATTRIBUTE_UNUSED,
virNetSocketPtr *retsock ATTRIBUTE_UNUSED) virNetSocketPtr *retsock ATTRIBUTE_UNUSED)
{ {
virReportSystemError(ENOSYS, "%s", virReportSystemError(ENOSYS, "%s",

View File

@ -34,6 +34,7 @@
# include "virnetsaslcontext.h" # include "virnetsaslcontext.h"
# endif # endif
# include "virjson.h" # include "virjson.h"
# include "viruri.h"
typedef struct _virNetSocket virNetSocket; typedef struct _virNetSocket virNetSocket;
typedef virNetSocket *virNetSocketPtr; typedef virNetSocket *virNetSocketPtr;
@ -84,13 +85,13 @@ int virNetSocketNewConnectSSH(const char *nodename,
int virNetSocketNewConnectLibSSH2(const char *host, int virNetSocketNewConnectLibSSH2(const char *host,
const char *port, const char *port,
const char *username, const char *username,
const char *password,
const char *privkey, const char *privkey,
const char *knownHosts, const char *knownHosts,
const char *knownHostsVerify, const char *knownHostsVerify,
const char *authMethods, const char *authMethods,
const char *command, const char *command,
virConnectAuthPtr auth, virConnectAuthPtr auth,
virURIPtr uri,
virNetSocketPtr *retsock); virNetSocketPtr *retsock);
int virNetSocketNewConnectExternal(const char **cmdargv, int virNetSocketNewConnectExternal(const char **cmdargv,

View File

@ -991,31 +991,34 @@ virNetSSHSessionAuthReset(virNetSSHSessionPtr sess)
int int
virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess, virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
const char *username, virURIPtr uri,
const char *password) const char *username)
{ {
virNetSSHAuthMethodPtr auth; virNetSSHAuthMethodPtr auth;
char *user = NULL; char *user = NULL;
char *pass = NULL;
if (!username || !password) { if (uri) {
virReportError(VIR_ERR_SSH, "%s", VIR_FREE(sess->authPath);
_("Username and password must be provided "
"for password authentication")); if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0)
return -1; goto error;
}
if (!username) {
if (!(user = virAuthGetUsernamePath(sess->authPath, sess->cred,
"ssh", NULL, sess->hostname)))
goto error;
} else {
if (VIR_STRDUP(user, username) < 0)
goto error;
} }
virObjectLock(sess); virObjectLock(sess);
if (VIR_STRDUP(user, username) < 0 ||
VIR_STRDUP(pass, password) < 0)
goto error;
if (!(auth = virNetSSHSessionAuthMethodNew(sess))) if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
goto error; goto error;
auth->username = user; auth->username = user;
auth->password = pass;
auth->method = VIR_NET_SSH_AUTH_PASSWORD; auth->method = VIR_NET_SSH_AUTH_PASSWORD;
virObjectUnlock(sess); virObjectUnlock(sess);
@ -1023,7 +1026,6 @@ virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
error: error:
VIR_FREE(user); VIR_FREE(user);
VIR_FREE(pass);
virObjectUnlock(sess); virObjectUnlock(sess);
return -1; return -1;
} }

View File

@ -23,6 +23,7 @@
# define __VIR_NET_SSH_SESSION_H__ # define __VIR_NET_SSH_SESSION_H__
# include "internal.h" # include "internal.h"
# include "viruri.h"
typedef struct _virNetSSHSession virNetSSHSession; typedef struct _virNetSSHSession virNetSSHSession;
typedef virNetSSHSession *virNetSSHSessionPtr; typedef virNetSSHSession *virNetSSHSessionPtr;
@ -50,8 +51,8 @@ int virNetSSHSessionAuthSetCallback(virNetSSHSessionPtr sess,
virConnectAuthPtr auth); virConnectAuthPtr auth);
int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess, int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
const char *username, virURIPtr uri,
const char *password); const char *username);
int virNetSSHSessionAuthAddAgentAuth(virNetSSHSessionPtr sess, int virNetSSHSessionAuthAddAgentAuth(virNetSSHSessionPtr sess,
const char *username); const char *username);