External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-12 07:42:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

libssh2_transport: Use libssh2 driver code in remote driver

Browse Source 
This patch adds URI options to support libssh2 transport in the remote
driver.

A new transport sceme is introduced eg. "qemu+libssh2://..." that
utilizes the libssh2 code added in previous patches.

The libssh2 code requires the authentication callback to be able to
perform keyboard-interactive authentication or to ask t passprhases or
add host keys to known hosts database.

Added URI components:
- known_hosts -  path to a knownHosts file in OpenSSH format to check
                 for known ssh host keys
- known_hosts_verify - how to deal with server key verification:
                            * "normal" (default) - ask to add new keys
                            * "auto" - automaticaly add new keys
                            * "ignore" - don't validate host keys
- sshauth - authentication methods to use. Default is
            "agent,privkey,keyboard-interactive". It's a comma separated
            string of methods to try while authenticating. The order is
            preserved. Some of the methods may require additional
            parameters.

Locations of the known_hosts file and private keys are set to default
values if they're present. (~/.ssh/known_hosts, ~/.ssh/id_rsa,
                            ~/.ssh/id_dsa)
This commit is contained in:
Peter Krempa 2012-07-17 15:48:04 +02:00
parent 25f2c8b4b0
commit dfbb2d3120
1 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/remote/remote_driver.c
View File

@ -385,6 +385,8 @@ static void remoteClientCloseFunc(virNetClientPtr client ATTRIBUTE_UNUSED,
* - xxx+tcp:/// -> TCP connection to localhost * - xxx+tcp:/// -> TCP connection to localhost
* - xxx+unix:/// -> UNIX domain socket * - xxx+unix:/// -> UNIX domain socket
* - xxx:/// -> UNIX domain socket * - xxx:/// -> UNIX domain socket
* - xxx+ssh:/// -> SSH connection (legacy)
* - xxx+libssh2:/// -> SSH connection (using libssh2)
*/ */
static int static int
doRemoteOpen(virConnectPtr conn, doRemoteOpen(virConnectPtr conn,
@ -397,6 +399,7 @@ doRemoteOpen(virConnectPtr conn,
trans_tls, trans_tls,
trans_unix, trans_unix,
trans_ssh, trans_ssh,
trans_libssh2,
trans_ext, trans_ext,
trans_tcp, trans_tcp,
} transport; } transport;
@ -439,6 +442,8 @@ doRemoteOpen(virConnectPtr conn,
} }
} else if (STRCASEEQ(transport_str, "ssh")) } else if (STRCASEEQ(transport_str, "ssh"))
transport = trans_ssh; transport = trans_ssh;
else if (STRCASEEQ(transport_str, "libssh2"))
transport = trans_libssh2;
else if (STRCASEEQ(transport_str, "ext")) else if (STRCASEEQ(transport_str, "ext"))
transport = trans_ext; transport = trans_ext;
else if (STRCASEEQ(transport_str, "tcp")) else if (STRCASEEQ(transport_str, "tcp"))
@ -446,7 +451,7 @@ doRemoteOpen(virConnectPtr conn,
else { else {
virReportError(VIR_ERR_INVALID_ARG, "%s", virReportError(VIR_ERR_INVALID_ARG, "%s",
_("remote_open: transport in URL not recognised " _("remote_open: transport in URL not recognised "
"(should be tls|unix|ssh|ext|tcp)")); "(should be tls|unix|ssh|ext|tcp|libssh2)"));
return VIR_DRV_OPEN_ERROR; return VIR_DRV_OPEN_ERROR;
} }
} }
@ -462,7 +467,9 @@ doRemoteOpen(virConnectPtr conn,
char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL; char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL;
char *port = NULL, *authtype = NULL, *username = NULL; char *port = NULL, *authtype = NULL, *username = NULL;
bool sanity = true, verify = true, tty ATTRIBUTE_UNUSED = true; bool sanity = true, verify = true, tty ATTRIBUTE_UNUSED = true;
char *pkipath = NULL, *keyfile = NULL; char *pkipath = NULL, *keyfile = NULL, *sshauth = NULL;
char *knownHostsVerify = NULL, *knownHosts = NULL;
/* Return code from this function, and the private data. */ /* Return code from this function, and the private data. */
int retcode = VIR_DRV_OPEN_ERROR; int retcode = VIR_DRV_OPEN_ERROR;
@ -505,9 +512,12 @@ doRemoteOpen(virConnectPtr conn,
EXTRACT_URI_ARG_STR("command", command); EXTRACT_URI_ARG_STR("command", command);
EXTRACT_URI_ARG_STR("socket", sockname); EXTRACT_URI_ARG_STR("socket", sockname);
EXTRACT_URI_ARG_STR("auth", authtype); EXTRACT_URI_ARG_STR("auth", authtype);
EXTRACT_URI_ARG_STR("sshauth", sshauth);
EXTRACT_URI_ARG_STR("netcat", netcat); EXTRACT_URI_ARG_STR("netcat", netcat);
EXTRACT_URI_ARG_STR("keyfile", keyfile); EXTRACT_URI_ARG_STR("keyfile", keyfile);
EXTRACT_URI_ARG_STR("pkipath", pkipath); EXTRACT_URI_ARG_STR("pkipath", pkipath);
EXTRACT_URI_ARG_STR("known_hosts", knownHosts);
EXTRACT_URI_ARG_STR("known_hosts_verify", knownHostsVerify);
EXTRACT_URI_ARG_BOOL("no_sanity", sanity); EXTRACT_URI_ARG_BOOL("no_sanity", sanity);
EXTRACT_URI_ARG_BOOL("no_verify", verify); EXTRACT_URI_ARG_BOOL("no_verify", verify);
@ -597,6 +607,35 @@ doRemoteOpen(virConnectPtr conn,
break; break;
case trans_libssh2:
if (!sockname) {
if (flags & VIR_DRV_OPEN_REMOTE_RO)
sockname = strdup(LIBVIRTD_PRIV_UNIX_SOCKET_RO);
else
sockname = strdup(LIBVIRTD_PRIV_UNIX_SOCKET);
if (sockname == NULL)
goto no_memory;
}
VIR_DEBUG("Starting LibSSH2 session");
priv->client = virNetClientNewLibSSH2(priv->hostname,
port,
username,
keyfile,
knownHosts,
knownHostsVerify,
sshauth,
netcat,
sockname,
auth);
if (!priv->client)
goto failed;
priv->is_secure = 1;
break;
#ifndef WIN32 #ifndef WIN32
case trans_unix: case trans_unix:
if (!sockname) { if (!sockname) {
@ -782,10 +821,13 @@ doRemoteOpen(virConnectPtr conn,
VIR_FREE(sockname); VIR_FREE(sockname);
VIR_FREE(authtype); VIR_FREE(authtype);
VIR_FREE(netcat); VIR_FREE(netcat);
VIR_FREE(sshauth);
VIR_FREE(keyfile); VIR_FREE(keyfile);
VIR_FREE(username); VIR_FREE(username);
VIR_FREE(port); VIR_FREE(port);
VIR_FREE(pkipath); VIR_FREE(pkipath);
VIR_FREE(knownHostsVerify);
VIR_FREE(knownHosts);
return retcode; return retcode;