[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Some questions about virConnectAuthCallbackPtr



On Mon, Oct 15, 2012 at 11:17:55AM +0100, Daniel P. Berrange wrote:
> On Sat, Oct 13, 2012 at 06:08:42PM +0100, Richard W.M. Jones wrote:
> > On Sat, Oct 13, 2012 at 05:47:24PM +0100, Richard W.M. Jones wrote:
> > > BTW I cannot get the libssh2 backend in libvirt to work.  For
> > > every host it says:
> > > 
> > >   libvirt_auth.c: authentication required for libvirt URI 'qemu+libssh2://localhost/system'
> > >   libvirt_auth.c: credential 'echoprompt'
> > >   Accept SSH host key with hash '<correct host key>' for host 'localhost:22' (y/n)?: y
> > >   libguestfs: error: could not connect to libvirt (code 85, domain 50): SSH transport error: SSH host key for 'localhost' (<correct host key>) was not accepted
> > > 
> > > No idea what I'm doing wrong.  Nothing in the logs on the server
> > > indicate that anything is wrong on the remote side.
> > 
> > Peter,
> > 
> > This is because of a bug in the libvirt code:
> > 
> >        if (!askKey.result ||
> >            STRCASENEQ(askKey.result, "y")) {
> >            virReportError(VIR_ERR_SSH,
> >                           _("SSH host key for '%s' (%s) was not accepted"),
> >                           sess->hostname, keyhash);
> >            VIR_FREE(keyhash);
> >            VIR_FREE(askKey.result);
> >            return -1;
> >        }
> > 
> > The problem with this code is that it ignores the resultlen field.
> > 
> > If the caller passes result[] = { 'y' } (no trailing \0), resultlen = 1,
> > (which IMHO is a correct use of the API as described by the
> > documentation), then STRCASENEQ above will not match the string.
> > 
> > You need to use something like:
> > 
> >   askKey.resultlen >= 1 && askKey.result[0] == 'y'
> > 
> > or else some sort of memcmp function.
> 
> We probably ought to clarify the docs that any strings should be NULL
> terminated, and that the resultlen does not include the NULL terminator
> in its count. Most of the auth code looks to assume that the returned
> data is NULL terminated.

Indeed I changed libguestfs to pass strings which are NUL-terminated
(not NULL!) with the \0 termination not included in the result count.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]