External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

phyp: ssh authentication with public key fixed

Browse Source 
Use ssh keyfiles from the current user's home directory instead of trying
to use keyfiles from a hardcoded /home/user directory. Fallback to
username/password authentication if keyfiles are not available or keyfile
authentication failed.
This commit is contained in:
Eduardo Otubo 2009-11-10 13:15:34 +01:00 committed by Matthias Bolte
parent a340f9131a
commit 6c70802374
1 changed files with 52 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
src/phyp/phyp_driver.c
View File

@ -101,6 +101,12 @@ phypOpen(virConnectPtr conn,
return VIR_DRV_OPEN_ERROR; return VIR_DRV_OPEN_ERROR;
} }
if (conn->uri->user == NULL) {
PHYP_ERROR(conn, VIR_ERR_INTERNAL_ERROR,
_("Missing username in phyp:// URI"));
return VIR_DRV_OPEN_ERROR;
}
if (VIR_ALLOC(phyp_driver) < 0) { if (VIR_ALLOC(phyp_driver) < 0) {
virReportOOMError(conn); virReportOOMError(conn);
goto failure; goto failure;
@ -225,10 +231,31 @@ openSSHSession(virConnectPtr conn, virConnectAuthPtr auth,
const char *password = NULL; const char *password = NULL;
int sock; int sock;
int rc; int rc;
struct addrinfo *ai = NULL, *cur; struct addrinfo *ai = NULL, *cur;
struct addrinfo hints; struct addrinfo hints;
int ret; int ret;
char *pubkey = NULL;
char *pvtkey = NULL;
char *userhome = virGetUserDirectory(NULL, geteuid());
struct stat pvt_stat, pub_stat;
int i;
int hasPassphrase = 0;
virConnectCredential creds[] = {
{VIR_CRED_PASSPHRASE, "password", "Password", NULL, NULL, 0},
};
if (userhome == NULL)
goto err;
if (virAsprintf(&pubkey, "%s/.ssh/id_rsa.pub", userhome) < 0) {
virReportOOMError(conn);
goto err;
}
if (virAsprintf(&pvtkey, "%s/.ssh/id_rsa", userhome) < 0) {
virReportOOMError(conn);
goto err;
}
memset(&hints, 0, sizeof(hints)); memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV; hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV;
@ -280,21 +307,20 @@ openSSHSession(virConnectPtr conn, virConnectAuthPtr auth,
} }
/* Trying authentication by pubkey */ /* Trying authentication by pubkey */
if (stat(pvtkey, &pvt_stat) || stat(pubkey, &pub_stat))
goto keyboard_interactive;
while ((rc = while ((rc =
libssh2_userauth_publickey_fromfile(session, username, libssh2_userauth_publickey_fromfile(session, username,
"/home/user/" pubkey,
".ssh/id_rsa.pub", pvtkey,
"/home/user/" NULL)) ==
".ssh/id_rsa",
password)) ==
LIBSSH2_ERROR_EAGAIN) ; LIBSSH2_ERROR_EAGAIN) ;
if (rc) {
int i;
int hasPassphrase = 0;
virConnectCredential creds[] = { if (rc == LIBSSH2_ERROR_SOCKET_NONE
{VIR_CRED_PASSPHRASE, "password", "Password", NULL, NULL, 0}, || rc == LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED
}; || rc == LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED) {
keyboard_interactive:
if (!auth || !auth->cb) { if (!auth || !auth->cb) {
PHYP_ERROR(conn, VIR_ERR_AUTH_FAILED, PHYP_ERROR(conn, VIR_ERR_AUTH_FAILED,
@ -341,15 +367,29 @@ openSSHSession(virConnectPtr conn, virConnectAuthPtr auth,
goto disconnect; goto disconnect;
} else } else
goto exit; goto exit;
} else if (rc == LIBSSH2_ERROR_NONE) {
goto exit;
} else if (rc == LIBSSH2_ERROR_ALLOC || rc == LIBSSH2_ERROR_SOCKET_SEND
|| rc == LIBSSH2_ERROR_SOCKET_TIMEOUT) {
goto err;
} }
disconnect: disconnect:
libssh2_session_disconnect(session, "Disconnecting..."); libssh2_session_disconnect(session, "Disconnecting...");
libssh2_session_free(session); libssh2_session_free(session);
err: err:
VIR_FREE(userhome);
VIR_FREE(pubkey);
VIR_FREE(pvtkey);
VIR_FREE(password); VIR_FREE(password);
return NULL; return NULL;
exit: exit:
VIR_FREE(userhome);
VIR_FREE(pubkey);
VIR_FREE(pvtkey);
VIR_FREE(password); VIR_FREE(password);
return session; return session;
} }