External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-07 18:35:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

virnetsshsession: Pass in username via virNetSSHSessionNew rather than auth functions

Browse Source 
We only ever allow one username so there's no point passing it to each
authentication registration function. Additionally the only caller
(virNetClientNewLibSSH2) always passes a username so all the checks were
pointless.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
This commit is contained in:
Peter Krempa 2022-12-08 15:18:54 +01:00
parent 513d84daf6
commit 7fb0c7418e
3 changed files with 29 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/rpc/virnetsocket.c
View File

@ -909,7 +909,7 @@ virNetSocketNewConnectLibSSH2(const char *host,
}
/* create ssh session context */
if (!(sess = virNetSSHSessionNew()))
if (!(sess = virNetSSHSessionNew(username)))
goto error;
/* set ssh session parameters */
@ -946,17 +946,13 @@ virNetSocketNewConnectLibSSH2(const char *host,
const char *authMethod = *authMethodNext;
if (STRCASEEQ(authMethod, "keyboard-interactive")) {
ret = virNetSSHSessionAuthAddKeyboardAuth(sess, username, -1);
ret = virNetSSHSessionAuthAddKeyboardAuth(sess, -1);
} else if (STRCASEEQ(authMethod, "password")) {
ret = virNetSSHSessionAuthAddPasswordAuth(sess,
uri,
username);
ret = virNetSSHSessionAuthAddPasswordAuth(sess, uri);
} else if (STRCASEEQ(authMethod, "privkey")) {
ret = virNetSSHSessionAuthAddPrivKeyAuth(sess,
username,
privkey);
ret = virNetSSHSessionAuthAddPrivKeyAuth(sess, privkey);
} else if (STRCASEEQ(authMethod, "agent")) {
ret = virNetSSHSessionAuthAddAgentAuth(sess, username);
ret = virNetSSHSessionAuthAddAgentAuth(sess);
} else {
virReportError(VIR_ERR_INVALID_ARG,
_("Invalid authentication method: '%s'"),

84
src/rpc/virnetsshsession.c
View File

@ -70,7 +70,6 @@ typedef struct _virNetSSHAuthMethod virNetSSHAuthMethod;
struct _virNetSSHAuthMethod {
virNetSSHAuthMethods method;
char *username;
char *filename;
int tries;
@ -93,6 +92,7 @@ struct _virNetSSHSession {
int port;
/* authentication stuff */
char *username;
virConnectAuthPtr cred;
char *authPath;
virNetSSHAuthCallbackError authCbErr;
@ -115,7 +115,6 @@ virNetSSHSessionAuthMethodsClear(virNetSSHSession *sess)
size_t i;
for (i = 0; i < sess->nauths; i++) {
VIR_FREE(sess->auths[i]->username);
VIR_FREE(sess->auths[i]->filename);
VIR_FREE(sess->auths[i]);
}
@ -151,6 +150,7 @@ virNetSSHSessionDispose(void *obj)
g_free(sess->hostname);
g_free(sess->knownHostsFile);
g_free(sess->authPath);
g_free(sess->username);
}
static virClass *virNetSSHSessionClass;
@ -488,8 +488,7 @@ virNetSSHCheckHostKey(virNetSSHSession *sess)
* -1 on error
*/
static int
virNetSSHAuthenticateAgent(virNetSSHSession *sess,
virNetSSHAuthMethod *priv)
virNetSSHAuthenticateAgent(virNetSSHSession *sess)
{
struct libssh2_agent_publickey *agent_identity = NULL;
bool no_identity = true;
@ -515,7 +514,7 @@ virNetSSHAuthenticateAgent(virNetSSHSession *sess,
agent_identity))) {
no_identity = false;
if (!(ret = libssh2_agent_userauth(sess->agent,
priv->username,
sess->username,
agent_identity)))
return 0; /* key accepted */
@ -575,7 +574,7 @@ virNetSSHAuthenticatePrivkey(virNetSSHSession *sess,
/* try open the key with no password */
if ((ret = libssh2_userauth_publickey_fromfile(sess->session,
priv->username,
sess->username,
NULL,
priv->filename,
NULL)) == 0)
@ -634,7 +633,7 @@ virNetSSHAuthenticatePrivkey(virNetSSHSession *sess,
VIR_FREE(tmp);
ret = libssh2_userauth_publickey_fromfile(sess->session,
priv->username,
sess->username,
NULL,
priv->filename,
retr_passphrase.result);
@ -668,8 +667,7 @@ virNetSSHAuthenticatePrivkey(virNetSSHSession *sess,
* -1 on error
*/
static int
virNetSSHAuthenticatePassword(virNetSSHSession *sess,
virNetSSHAuthMethod *priv)
virNetSSHAuthenticatePassword(virNetSSHSession *sess)
{
char *password = NULL;
char *errmsg;
@ -690,13 +688,13 @@ virNetSSHAuthenticatePassword(virNetSSHSession *sess,
* connection if maximum number of bad auth tries is exceeded */
while (true) {
if (!(password = virAuthGetPasswordPath(sess->authPath, sess->cred,
"ssh", priv->username,
"ssh", sess->username,
sess->hostname)))
goto cleanup;
/* tunnelled password authentication */
if ((rc = libssh2_userauth_password(sess->session,
priv->username,
sess->username,
password)) == 0) {
ret = 0;
goto cleanup;
@ -751,7 +749,7 @@ virNetSSHAuthenticateKeyboardInteractive(virNetSSHSession *sess,
* connection if maximum number of bad auth tries is exceeded */
while (priv->tries < 0 || priv->tries-- > 0) {
ret = libssh2_userauth_keyboard_interactive(sess->session,
priv->username,
sess->username,
virNetSSHKbIntCb);
/* check for errors while calling the callback */
@ -817,9 +815,8 @@ virNetSSHAuthenticate(virNetSSHSession *sess)
}
/* obtain list of supported auth methods */
auth_list = libssh2_userauth_list(sess->session,
sess->auths[0]->username,
strlen(sess->auths[0]->username));
auth_list = libssh2_userauth_list(sess->session, sess->username,
strlen(sess->username));
if (!auth_list) {
/* unlikely event, authentication succeeded with NONE as method */
if (libssh2_userauth_authenticated(sess->session) == 1)
@ -845,7 +842,7 @@ virNetSSHAuthenticate(virNetSSHSession *sess)
break;
case VIR_NET_SSH_AUTH_AGENT:
if (strstr(auth_list, "publickey"))
ret = virNetSSHAuthenticateAgent(sess, auth);
ret = virNetSSHAuthenticateAgent(sess);
break;
case VIR_NET_SSH_AUTH_PRIVKEY:
if (strstr(auth_list, "publickey"))
@ -853,7 +850,7 @@ virNetSSHAuthenticate(virNetSSHSession *sess)
break;
case VIR_NET_SSH_AUTH_PASSWORD:
if (strstr(auth_list, "password"))
ret = virNetSSHAuthenticatePassword(sess, auth);
ret = virNetSSHAuthenticatePassword(sess);
break;
}
@ -969,11 +966,9 @@ virNetSSHSessionAuthReset(virNetSSHSession *sess)
int
virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess,
virURI *uri,
const char *username)
virURI *uri)
{
virNetSSHAuthMethod *auth;
char *user = NULL;
if (uri) {
VIR_FREE(sess->authPath);
@ -982,75 +977,50 @@ virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess,
goto error;
}
if (!username) {
if (!(user = virAuthGetUsernamePath(sess->authPath, sess->cred,
"ssh", NULL, sess->hostname)))
goto error;
} else {
user = g_strdup(username);
}
virObjectLock(sess);
if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
goto error;
auth->username = user;
auth->method = VIR_NET_SSH_AUTH_PASSWORD;
virObjectUnlock(sess);
return 0;
error:
VIR_FREE(user);
virObjectUnlock(sess);
return -1;
}
int
virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess,
const char *username)
virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess)
{
virNetSSHAuthMethod *auth;
char *user = NULL;
if (!username) {
virReportError(VIR_ERR_SSH, "%s",
_("Username must be provided "
"for ssh agent authentication"));
return -1;
}
virObjectLock(sess);
user = g_strdup(username);
if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
goto error;
auth->username = user;
auth->method = VIR_NET_SSH_AUTH_AGENT;
virObjectUnlock(sess);
return 0;
error:
VIR_FREE(user);
virObjectUnlock(sess);
return -1;
}
int
virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess,
const char *username,
const char *keyfile)
{
virNetSSHAuthMethod *auth;
if (!username || !keyfile) {
if (!keyfile) {
virReportError(VIR_ERR_SSH, "%s",
_("Username and key file path must be provided "
"for private key authentication"));
_("Key file path must be provided for private key authentication"));
return -1;
}
@ -1061,7 +1031,6 @@ virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess,
return -1;
}
auth->username = g_strdup(username);
auth->filename = g_strdup(keyfile);
auth->method = VIR_NET_SSH_AUTH_PRIVKEY;
@ -1071,27 +1040,15 @@ virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess,
int
virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSession *sess,
const char *username,
int tries)
{
virNetSSHAuthMethod *auth;
char *user = NULL;
if (!username) {
virReportError(VIR_ERR_SSH, "%s",
_("Username must be provided "
"for ssh agent authentication"));
return -1;
}
virObjectLock(sess);
user = g_strdup(username);
if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
goto error;
auth->username = user;
auth->tries = tries;
auth->method = VIR_NET_SSH_AUTH_KEYBOARD_INTERACTIVE;
@ -1099,7 +1056,6 @@ virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSession *sess,
return 0;
error:
VIR_FREE(user);
virObjectUnlock(sess);
return -1;
@ -1172,7 +1128,7 @@ virNetSSHSessionSetHostKeyVerification(virNetSSHSession *sess,
}
/* allocate and initialize a ssh session object */
virNetSSHSession *virNetSSHSessionNew(void)
virNetSSHSession *virNetSSHSessionNew(const char *username)
{
virNetSSHSession *sess = NULL;
@ -1182,6 +1138,8 @@ virNetSSHSession *virNetSSHSessionNew(void)
if (!(sess = virObjectLockableNew(virNetSSHSessionClass)))
goto error;
sess->username = g_strdup(username);
/* initialize session data, use the internal data for callbacks
* and stick to default memory management functions */
if (!(sess->session = libssh2_session_init_ex(NULL,

10
src/rpc/virnetsshsession.h
View File

@ -25,7 +25,7 @@
typedef struct _virNetSSHSession virNetSSHSession;
virNetSSHSession *virNetSSHSessionNew(void);
virNetSSHSession *virNetSSHSessionNew(const char *username);
void virNetSSHSessionFree(virNetSSHSession *sess);
typedef enum {
@ -48,18 +48,14 @@ int virNetSSHSessionAuthSetCallback(virNetSSHSession *sess,
virConnectAuthPtr auth);
int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess,
virURI *uri,
const char *username);
virURI *uri);
int virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess,
const char *username);
int virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess);
int virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess,
const char *username,
const char *keyfile);
int virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSession *sess,
const char *username,
int tries);
int virNetSSHSessionSetHostKeyVerification(virNetSSHSession *sess,