[libvirt] [PATCH 5/5] libssh2_transport: Use libssh2 driver code in remote driver

Peter Krempa pkrempa at redhat.com
Fri Aug 3 14:03:26 UTC 2012 

This patch adds URI options to support libssh2 transport in the remote
driver.

A new transport sceme is introduced eg. "qemu+libssh://..." that
utilizes the libssh2 code added in previous patches.

The libssh2 code requires the authentication callback to be able to
perform keyboard-interactive authentication or to ask t passprhases or
add host keys to known hosts database.

Added URI components:
- known_hosts -  path to a knownHosts file in OpenSSH format to check
                 for known ssh host keys
- known_hosts_verify - how to deal with server key verification:
                            * "normal" (default) - ask to add new keys
                            * "auto" - automaticaly add new keys
                            * "ignore" - don't validate host keys
- auth - authentication methods to use. Default is
            "agent,privkey,keyboard-interactive". It's a comma separated
            string of methods to try while authenticating. The order is
            preserved. Some of the methods may require additional
            parameters.
- password - Password for password authentication.

Locations of the known_hosts file and private keys are set to default
values if they're present. (~/.ssh/known_hosts, ~/.ssh/id_rsa,
                            ~/.ssh/id_dsa)
---
 src/remote/remote_driver.c |   47 ++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index f643bbe..443fca0 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -385,6 +385,8 @@ static void remoteClientCloseFunc(virNetClientPtr client ATTRIBUTE_UNUSED,
  *   - xxx+tcp:///            -> TCP connection to localhost
  *   - xxx+unix:///           -> UNIX domain socket
  *   - xxx:///                -> UNIX domain socket
+ *   - xxx+ssh:///            -> SSH connection (legacy)
+ *   - xxx+libssh:///         -> SSH connection (using libssh2)
  */
 static int
 doRemoteOpen(virConnectPtr conn,
@@ -397,6 +399,7 @@ doRemoteOpen(virConnectPtr conn,
         trans_tls,
         trans_unix,
         trans_ssh,
+        trans_libssh,
         trans_ext,
         trans_tcp,
     } transport;
@@ -439,6 +442,8 @@ doRemoteOpen(virConnectPtr conn,
                     }
                 } else if (STRCASEEQ(transport_str, "ssh"))
                     transport = trans_ssh;
+                else if (STRCASEEQ(transport_str, "libssh"))
+                    transport = trans_libssh;
                 else if (STRCASEEQ(transport_str, "ext"))
                     transport = trans_ext;
                 else if (STRCASEEQ(transport_str, "tcp"))
@@ -446,7 +451,7 @@ doRemoteOpen(virConnectPtr conn,
                 else {
                     virReportError(VIR_ERR_INVALID_ARG, "%s",
                                    _("remote_open: transport in URL not recognised "
-                                     "(should be tls|unix|ssh|ext|tcp)"));
+                                     "(should be tls|unix|ssh|ext|tcp|libssh)"));
                     return VIR_DRV_OPEN_ERROR;
                 }
             }
@@ -460,10 +465,12 @@ doRemoteOpen(virConnectPtr conn,
      * get freed in the failed: path.
      */
     char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL;
-    char *port = NULL, *authtype = NULL, *username = NULL;
+    char *port = NULL, *authtype = NULL, *username = NULL, *password = NULL;
     bool sanity = true, verify = true, tty ATTRIBUTE_UNUSED = true;
     char *pkipath = NULL, *keyfile = NULL;

+    char *knownHostsVerify = NULL,  *knownHosts = NULL;
+
     /* Return code from this function, and the private data. */
     int retcode = VIR_DRV_OPEN_ERROR;

@@ -508,6 +515,9 @@ doRemoteOpen(virConnectPtr conn,
             EXTRACT_URI_ARG_STR("netcat", netcat);
             EXTRACT_URI_ARG_STR("keyfile", keyfile);
             EXTRACT_URI_ARG_STR("pkipath", pkipath);
+            EXTRACT_URI_ARG_STR("known_hosts", knownHosts);
+            EXTRACT_URI_ARG_STR("known_hosts_verify", knownHostsVerify);
+            EXTRACT_URI_ARG_STR("password", password);

             EXTRACT_URI_ARG_BOOL("no_sanity", sanity);
             EXTRACT_URI_ARG_BOOL("no_verify", verify);
@@ -597,6 +607,36 @@ doRemoteOpen(virConnectPtr conn,

         break;

+    case trans_libssh:
+        if (!sockname) {
+            if (flags & VIR_DRV_OPEN_REMOTE_RO)
+                sockname = strdup(LIBVIRTD_PRIV_UNIX_SOCKET_RO);
+            else
+                sockname = strdup(LIBVIRTD_PRIV_UNIX_SOCKET);
+
+            if (sockname == NULL)
+                goto no_memory;
+        }
+
+        VIR_DEBUG("Starting LibSSH2 session");
+
+        priv->client = virNetClientNewLibSSH(priv->hostname,
+                                             port,
+                                             username,
+                                             password,
+                                             keyfile,
+                                             knownHosts,
+                                             knownHostsVerify,
+                                             authtype,
+                                             netcat,
+                                             sockname,
+                                             auth);
+        if (!priv->client)
+            goto failed;
+
+        priv->is_secure = 1;
+        break;
+
 #ifndef WIN32
     case trans_unix:
         if (!sockname) {
@@ -777,6 +817,9 @@ doRemoteOpen(virConnectPtr conn,
     VIR_FREE(username);
     VIR_FREE(port);
     VIR_FREE(pkipath);
+    VIR_FREE(password);
+    VIR_FREE(knownHostsVerify);
+    VIR_FREE(knownHosts);

     return retcode;

-- 
1.7.8.6

More information about the libvir-list mailing list