[libvirt] [PATCH v3 4/6] remote: expose a new libssh transport

Peter Krempa pkrempa at redhat.com
Tue Nov 1 12:40:01 UTC 2016


On Wed, Oct 19, 2016 at 14:40:37 +0200, Pino Toscano wrote:
> Implement in virtNetClient and VirNetSocket the needed functions to
> expose a new libssh transport, providing all the options that the
> libssh2 transport supports.
> ---
>  docs/remote.html.in        |  35 ++++++---
>  src/remote/remote_driver.c |  41 +++++++++++
>  src/rpc/virnetclient.c     | 118 ++++++++++++++++++++++++++++++
>  src/rpc/virnetclient.h     |  13 ++++
>  src/rpc/virnetsocket.c     | 179 +++++++++++++++++++++++++++++++++++++++++++++
>  src/rpc/virnetsocket.h     |  13 ++++
>  6 files changed, 387 insertions(+), 12 deletions(-)

[...]

> diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
> index 361dc1a..6d406ff 100644
> --- a/src/rpc/virnetclient.c
> +++ b/src/rpc/virnetclient.c
> @@ -505,6 +505,124 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
>  }
>  #undef DEFAULT_VALUE
>  
> +#define DEFAULT_VALUE(VAR, VAL)             \
> +    if (!VAR)                               \
> +        VAR = VAL;
> +virNetClientPtr virNetClientNewLibssh(const char *host,
> +                                      const char *port,
> +                                      int family,
> +                                      const char *username,
> +                                      const char *privkeyPath,
> +                                      const char *knownHostsPath,
> +                                      const char *knownHostsVerify,
> +                                      const char *authMethods,
> +                                      const char *netcatPath,
> +                                      const char *socketPath,
> +                                      virConnectAuthPtr authPtr,
> +                                      virURIPtr uri)
> +{
> +    virNetSocketPtr sock = NULL;
> +    virNetClientPtr ret = NULL;
> +
> +    virBuffer buf = VIR_BUFFER_INITIALIZER;
> +    char *nc = NULL;
> +    char *command = NULL;
> +
> +    char *homedir = virGetUserDirectory();
> +    char *confdir = virGetUserConfigDirectory();
> +    char *knownhosts = NULL;
> +    char *privkey = NULL;
> +
> +    /* Use default paths for known hosts an public keys if not provided */
> +    if (confdir) {
> +        if (!knownHostsPath) {
> +            if (virFileExists(confdir)) {
> +                if (virAsprintf(&knownhosts, "%s/known_hosts", confdir) < 0)

So does libssh break the known hosts file? It's not very pleasant to
keep two separate files, since you'd have to re-authenticate all the
hosts key for use with libvirt.

> +                    goto cleanup;
> +            }
> +        } else {
> +            if (VIR_STRDUP(knownhosts, knownHostsPath) < 0)
> +                goto cleanup;
> +        }
> +    }
> +
> +    if (homedir) {
> +        if (!privkeyPath) {
> +            /* RSA */
> +            if (virAsprintf(&privkey, "%s/.ssh/id_rsa", homedir) < 0)
> +                goto cleanup;
> +
> +            if (!(virFileExists(privkey)))
> +                VIR_FREE(privkey);
> +            /* DSA */
> +            if (!privkey) {
> +                if (virAsprintf(&privkey, "%s/.ssh/id_dsa", homedir) < 0)
> +                    goto cleanup;
> +
> +                if (!(virFileExists(privkey)))
> +                    VIR_FREE(privkey);

Documentation for ssh-keygen states that the following paths are tried
by default:

  ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or
  ~/.ssh/id_rsa


> +            }
> +        } else {
> +            if (VIR_STRDUP(privkey, privkeyPath) < 0)
> +                goto cleanup;
> +        }
> +    }
> +
> +    if (!authMethods) {
> +        if (privkey)
> +            authMethods = "agent,privkey,password,keyboard-interactive";
> +        else
> +            authMethods = "agent,password,keyboard-interactive";
> +    }
> +
> +    DEFAULT_VALUE(host, "localhost");
> +    DEFAULT_VALUE(port, "22");
> +    DEFAULT_VALUE(username, "root");
> +    DEFAULT_VALUE(netcatPath, "nc");
> +    DEFAULT_VALUE(knownHostsVerify, "normal");
> +
> +    virBufferEscapeShell(&buf, netcatPath);
> +    if (!(nc = virBufferContentAndReset(&buf)))
> +        goto no_memory;

The known_hosts issue needs clarification. Other than that this patch
looks okay.

Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161101/1e05de0b/attachment-0001.sig>


More information about the libvir-list mailing list