mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 14:45:24 +00:00
libssh2_transport: Use libssh2 driver code in remote driver
This patch adds URI options to support libssh2 transport in the remote driver. A new transport sceme is introduced eg. "qemu+libssh2://..." that utilizes the libssh2 code added in previous patches. The libssh2 code requires the authentication callback to be able to perform keyboard-interactive authentication or to ask t passprhases or add host keys to known hosts database. Added URI components: - known_hosts - path to a knownHosts file in OpenSSH format to check for known ssh host keys - known_hosts_verify - how to deal with server key verification: * "normal" (default) - ask to add new keys * "auto" - automaticaly add new keys * "ignore" - don't validate host keys - sshauth - authentication methods to use. Default is "agent,privkey,keyboard-interactive". It's a comma separated string of methods to try while authenticating. The order is preserved. Some of the methods may require additional parameters. Locations of the known_hosts file and private keys are set to default values if they're present. (~/.ssh/known_hosts, ~/.ssh/id_rsa, ~/.ssh/id_dsa)
This commit is contained in:
parent
25f2c8b4b0
commit
dfbb2d3120
@ -385,6 +385,8 @@ static void remoteClientCloseFunc(virNetClientPtr client ATTRIBUTE_UNUSED,
|
||||
* - xxx+tcp:/// -> TCP connection to localhost
|
||||
* - xxx+unix:/// -> UNIX domain socket
|
||||
* - xxx:/// -> UNIX domain socket
|
||||
* - xxx+ssh:/// -> SSH connection (legacy)
|
||||
* - xxx+libssh2:/// -> SSH connection (using libssh2)
|
||||
*/
|
||||
static int
|
||||
doRemoteOpen(virConnectPtr conn,
|
||||
@ -397,6 +399,7 @@ doRemoteOpen(virConnectPtr conn,
|
||||
trans_tls,
|
||||
trans_unix,
|
||||
trans_ssh,
|
||||
trans_libssh2,
|
||||
trans_ext,
|
||||
trans_tcp,
|
||||
} transport;
|
||||
@ -439,6 +442,8 @@ doRemoteOpen(virConnectPtr conn,
|
||||
}
|
||||
} else if (STRCASEEQ(transport_str, "ssh"))
|
||||
transport = trans_ssh;
|
||||
else if (STRCASEEQ(transport_str, "libssh2"))
|
||||
transport = trans_libssh2;
|
||||
else if (STRCASEEQ(transport_str, "ext"))
|
||||
transport = trans_ext;
|
||||
else if (STRCASEEQ(transport_str, "tcp"))
|
||||
@ -446,7 +451,7 @@ doRemoteOpen(virConnectPtr conn,
|
||||
else {
|
||||
virReportError(VIR_ERR_INVALID_ARG, "%s",
|
||||
_("remote_open: transport in URL not recognised "
|
||||
"(should be tls|unix|ssh|ext|tcp)"));
|
||||
"(should be tls|unix|ssh|ext|tcp|libssh2)"));
|
||||
return VIR_DRV_OPEN_ERROR;
|
||||
}
|
||||
}
|
||||
@ -462,7 +467,9 @@ doRemoteOpen(virConnectPtr conn,
|
||||
char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL;
|
||||
char *port = NULL, *authtype = NULL, *username = NULL;
|
||||
bool sanity = true, verify = true, tty ATTRIBUTE_UNUSED = true;
|
||||
char *pkipath = NULL, *keyfile = NULL;
|
||||
char *pkipath = NULL, *keyfile = NULL, *sshauth = NULL;
|
||||
|
||||
char *knownHostsVerify = NULL, *knownHosts = NULL;
|
||||
|
||||
/* Return code from this function, and the private data. */
|
||||
int retcode = VIR_DRV_OPEN_ERROR;
|
||||
@ -505,9 +512,12 @@ doRemoteOpen(virConnectPtr conn,
|
||||
EXTRACT_URI_ARG_STR("command", command);
|
||||
EXTRACT_URI_ARG_STR("socket", sockname);
|
||||
EXTRACT_URI_ARG_STR("auth", authtype);
|
||||
EXTRACT_URI_ARG_STR("sshauth", sshauth);
|
||||
EXTRACT_URI_ARG_STR("netcat", netcat);
|
||||
EXTRACT_URI_ARG_STR("keyfile", keyfile);
|
||||
EXTRACT_URI_ARG_STR("pkipath", pkipath);
|
||||
EXTRACT_URI_ARG_STR("known_hosts", knownHosts);
|
||||
EXTRACT_URI_ARG_STR("known_hosts_verify", knownHostsVerify);
|
||||
|
||||
EXTRACT_URI_ARG_BOOL("no_sanity", sanity);
|
||||
EXTRACT_URI_ARG_BOOL("no_verify", verify);
|
||||
@ -597,6 +607,35 @@ doRemoteOpen(virConnectPtr conn,
|
||||
|
||||
break;
|
||||
|
||||
case trans_libssh2:
|
||||
if (!sockname) {
|
||||
if (flags & VIR_DRV_OPEN_REMOTE_RO)
|
||||
sockname = strdup(LIBVIRTD_PRIV_UNIX_SOCKET_RO);
|
||||
else
|
||||
sockname = strdup(LIBVIRTD_PRIV_UNIX_SOCKET);
|
||||
|
||||
if (sockname == NULL)
|
||||
goto no_memory;
|
||||
}
|
||||
|
||||
VIR_DEBUG("Starting LibSSH2 session");
|
||||
|
||||
priv->client = virNetClientNewLibSSH2(priv->hostname,
|
||||
port,
|
||||
username,
|
||||
keyfile,
|
||||
knownHosts,
|
||||
knownHostsVerify,
|
||||
sshauth,
|
||||
netcat,
|
||||
sockname,
|
||||
auth);
|
||||
if (!priv->client)
|
||||
goto failed;
|
||||
|
||||
priv->is_secure = 1;
|
||||
break;
|
||||
|
||||
#ifndef WIN32
|
||||
case trans_unix:
|
||||
if (!sockname) {
|
||||
@ -782,10 +821,13 @@ doRemoteOpen(virConnectPtr conn,
|
||||
VIR_FREE(sockname);
|
||||
VIR_FREE(authtype);
|
||||
VIR_FREE(netcat);
|
||||
VIR_FREE(sshauth);
|
||||
VIR_FREE(keyfile);
|
||||
VIR_FREE(username);
|
||||
VIR_FREE(port);
|
||||
VIR_FREE(pkipath);
|
||||
VIR_FREE(knownHostsVerify);
|
||||
VIR_FREE(knownHosts);
|
||||
|
||||
return retcode;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user