Re: [PATCH v3 4/6] remote: expose a new libssh transport

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday, 1 November 2016 13:40:01 CET Peter Krempa wrote:
> On Wed, Oct 19, 2016 at 14:40:37 +0200, Pino Toscano wrote:
> > Implement in virtNetClient and VirNetSocket the needed functions to
> > expose a new libssh transport, providing all the options that the
> > libssh2 transport supports.
> > ---
> >  docs/remote.html.in        |  35 ++++++---
> >  src/remote/remote_driver.c |  41 +++++++++++
> >  src/rpc/virnetclient.c     | 118 ++++++++++++++++++++++++++++++
> >  src/rpc/virnetclient.h     |  13 ++++
> >  src/rpc/virnetsocket.c     | 179 +++++++++++++++++++++++++++++++++++++++++++++
> >  src/rpc/virnetsocket.h     |  13 ++++
> >  6 files changed, 387 insertions(+), 12 deletions(-)
> 
> [...]
> 
> > diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
> > index 361dc1a..6d406ff 100644
> > --- a/src/rpc/virnetclient.c
> > +++ b/src/rpc/virnetclient.c
> > @@ -505,6 +505,124 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
> >  }
> >  #undef DEFAULT_VALUE
> >  
> > +#define DEFAULT_VALUE(VAR, VAL)             \
> > +    if (!VAR)                               \
> > +        VAR = VAL;
> > +virNetClientPtr virNetClientNewLibssh(const char *host,
> > +                                      const char *port,
> > +                                      int family,
> > +                                      const char *username,
> > +                                      const char *privkeyPath,
> > +                                      const char *knownHostsPath,
> > +                                      const char *knownHostsVerify,
> > +                                      const char *authMethods,
> > +                                      const char *netcatPath,
> > +                                      const char *socketPath,
> > +                                      virConnectAuthPtr authPtr,
> > +                                      virURIPtr uri)
> > +{
> > +    virNetSocketPtr sock = NULL;
> > +    virNetClientPtr ret = NULL;
> > +
> > +    virBuffer buf = VIR_BUFFER_INITIALIZER;
> > +    char *nc = NULL;
> > +    char *command = NULL;
> > +
> > +    char *homedir = virGetUserDirectory();
> > +    char *confdir = virGetUserConfigDirectory();
> > +    char *knownhosts = NULL;
> > +    char *privkey = NULL;
> > +
> > +    /* Use default paths for known hosts an public keys if not provided */
> > +    if (confdir) {
> > +        if (!knownHostsPath) {
> > +            if (virFileExists(confdir)) {
> > +                if (virAsprintf(&knownhosts, "%s/known_hosts", confdir) < 0)
> 
> So does libssh break the known hosts file? It's not very pleasant to
> keep two separate files, since you'd have to re-authenticate all the
> hosts key for use with libvirt.

libssh should not break the known hosts file, although it can fail to
parse it when keys have comments (see upstream bug #149 [1]).
As such, keeping the known hosts separate by default for now could be
a better choice, especially that it already shares what was used with
the libssh2 transport.

[1] https://red.libssh.org/issues/149

> > +                    goto cleanup;
> > +            }
> > +        } else {
> > +            if (VIR_STRDUP(knownhosts, knownHostsPath) < 0)
> > +                goto cleanup;
> > +        }
> > +    }
> > +
> > +    if (homedir) {
> > +        if (!privkeyPath) {
> > +            /* RSA */
> > +            if (virAsprintf(&privkey, "%s/.ssh/id_rsa", homedir) < 0)
> > +                goto cleanup;
> > +
> > +            if (!(virFileExists(privkey)))
> > +                VIR_FREE(privkey);
> > +            /* DSA */
> > +            if (!privkey) {
> > +                if (virAsprintf(&privkey, "%s/.ssh/id_dsa", homedir) < 0)
> > +                    goto cleanup;
> > +
> > +                if (!(virFileExists(privkey)))
> > +                    VIR_FREE(privkey);
> 
> Documentation for ssh-keygen states that the following paths are tried
> by default:
> 
>   ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or
>   ~/.ssh/id_rsa

I can adjust that, ok. Note the libssh2 transport needs the same
change, so I'll just do the same for both at once.

One more explicit note: all the glue code between the transport itself
and the rest of the rpc code was basically copied from the code used
for libssh2 -- hence, if there are mistakes that I miss there, most
probably they affect the libssh2 transport as well.

Thanks,
-- 
Pino Toscano

Attachment: signature.asc
Description: This is a digitally signed message part.

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]