libssh2_session: Add support for creating known_hosts file
The libssh2 code wasn't supposed to create the known_hosts file, but recent findings show, that we can't use the default created by OpenSSH as libssh2 might damage it. We need to create a private known_hosts file in the config path. This patch adds support for skipping error if the known_hosts file is not present and let libssh2 create a new one.
This commit is contained in:
Peter Krempa
parent
5065942019
commit
f1d0b92a01
@ -788,8 +788,8 @@ virNetSocketNewConnectLibSSH2(const char *host,
|
|||||||
host,
|
host,
|
||||||
portN,
|
portN,
|
||||||
knownHosts,
|
knownHosts,
|
||||||
false,
|
verify,
|
||||||
verify) != 0)
|
VIR_NET_SSH_HOSTKEY_FILE_CREATE) != 0)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
if (virNetSSHSessionSetChannelCommand(sess, command) != 0)
|
if (virNetSSHSessionSetChannelCommand(sess, command) != 0)
|
||||||
|
|||||||
@ -1123,8 +1123,8 @@ virNetSSHSessionSetHostKeyVerification(virNetSSHSessionPtr sess,
|
|||||||
const char *hostname,
|
const char *hostname,
|
||||||
int port,
|
int port,
|
||||||
const char *hostsfile,
|
const char *hostsfile,
|
||||||
bool readonly,
|
virNetSSHHostkeyVerify opt,
|
||||||
virNetSSHHostkeyVerify opt)
|
unsigned int flags)
|
||||||
{
|
{
|
||||||
char *errmsg;
|
char *errmsg;
|
||||||
|
|
||||||
@ -1140,6 +1140,7 @@ virNetSSHSessionSetHostKeyVerification(virNetSSHSessionPtr sess,
|
|||||||
|
|
||||||
/* load the known hosts file */
|
/* load the known hosts file */
|
||||||
if (hostsfile) {
|
if (hostsfile) {
|
||||||
|
if (virFileExists(hostsfile)) {
|
||||||
if (libssh2_knownhost_readfile(sess->knownHosts,
|
if (libssh2_knownhost_readfile(sess->knownHosts,
|
||||||
hostsfile,
|
hostsfile,
|
||||||
LIBSSH2_KNOWNHOST_FILE_OPENSSH) < 0) {
|
LIBSSH2_KNOWNHOST_FILE_OPENSSH) < 0) {
|
||||||
@ -1149,10 +1150,15 @@ virNetSSHSessionSetHostKeyVerification(virNetSSHSessionPtr sess,
|
|||||||
hostsfile, errmsg);
|
hostsfile, errmsg);
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
} else if (!(flags & VIR_NET_SSH_HOSTKEY_FILE_CREATE)) {
|
||||||
|
virReportError(VIR_ERR_SSH,
|
||||||
|
_("known hosts file '%s' does not exist"),
|
||||||
|
hostsfile);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
/* set filename only if writing to the known hosts file is requested */
|
/* set filename only if writing to the known hosts file is requested */
|
||||||
|
if (!(flags & VIR_NET_SSH_HOSTKEY_FILE_READONLY)) {
|
||||||
if (!readonly) {
|
|
||||||
VIR_FREE(sess->knownHostsFile);
|
VIR_FREE(sess->knownHostsFile);
|
||||||
if (!(sess->knownHostsFile = strdup(hostsfile)))
|
if (!(sess->knownHostsFile = strdup(hostsfile)))
|
||||||
goto no_memory;
|
goto no_memory;
|
||||||
|
|||||||
@ -36,6 +36,11 @@ typedef enum {
|
|||||||
VIR_NET_SSH_HOSTKEY_VERIFY_IGNORE
|
VIR_NET_SSH_HOSTKEY_VERIFY_IGNORE
|
||||||
} virNetSSHHostkeyVerify;
|
} virNetSSHHostkeyVerify;
|
||||||
|
|
||||||
|
typedef enum {
|
||||||
|
VIR_NET_SSH_HOSTKEY_FILE_READONLY = 1 << 0,
|
||||||
|
VIR_NET_SSH_HOSTKEY_FILE_CREATE = 1 << 1,
|
||||||
|
} virNetSSHHostKeyFileFlags;
|
||||||
|
|
||||||
int virNetSSHSessionSetChannelCommand(virNetSSHSessionPtr sess,
|
int virNetSSHSessionSetChannelCommand(virNetSSHSessionPtr sess,
|
||||||
const char *command);
|
const char *command);
|
||||||
|
|
||||||
@ -64,8 +69,8 @@ int virNetSSHSessionSetHostKeyVerification(virNetSSHSessionPtr sess,
|
|||||||
const char *hostname,
|
const char *hostname,
|
||||||
int port,
|
int port,
|
||||||
const char *hostsfile,
|
const char *hostsfile,
|
||||||
bool readonly,
|
virNetSSHHostkeyVerify opt,
|
||||||
virNetSSHHostkeyVerify opt);
|
unsigned int flags);
|
||||||
|
|
||||||
int virNetSSHSessionConnect(virNetSSHSessionPtr sess,
|
int virNetSSHSessionConnect(virNetSSHSessionPtr sess,
|
||||||
int sock);
|
int sock);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user