On Tuesday, 1 November 2016 13:40:01 CET Peter Krempa wrote:
> On Wed, Oct 19, 2016 at 14:40:37 +0200, Pino Toscano wrote:
> > Implement in virtNetClient and VirNetSocket the needed functions to
> > expose a new libssh transport, providing all the options that the
> > libssh2 transport supports.
> > ---
> > docs/remote.html.in | 35 ++++++---
> > src/remote/remote_driver.c | 41 +++++++++++
> > src/rpc/virnetclient.c | 118 ++++++++++++++++++++++++++++++
> > src/rpc/virnetclient.h | 13 ++++
> > src/rpc/virnetsocket.c | 179 +++++++++++++++++++++++++++++++++++++++++++++
> > src/rpc/virnetsocket.h | 13 ++++
> > 6 files changed, 387 insertions(+), 12 deletions(-)
>
> [...]
>
> > diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
> > index 361dc1a..6d406ff 100644
> > --- a/src/rpc/virnetclient.c
> > +++ b/src/rpc/virnetclient.c
> > @@ -505,6 +505,124 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
> > }
> > #undef DEFAULT_VALUE
> >
> > +#define DEFAULT_VALUE(VAR, VAL) \
> > + if (!VAR) \
> > + VAR = VAL;
> > +virNetClientPtr virNetClientNewLibssh(const char *host,
> > + const char *port,
> > + int family,
> > + const char *username,
> > + const char *privkeyPath,
> > + const char *knownHostsPath,
> > + const char *knownHostsVerify,
> > + const char *authMethods,
> > + const char *netcatPath,
> > + const char *socketPath,
> > + virConnectAuthPtr authPtr,
> > + virURIPtr uri)
> > +{
> > + virNetSocketPtr sock = NULL;
> > + virNetClientPtr ret = NULL;
> > +
> > + virBuffer buf = VIR_BUFFER_INITIALIZER;
> > + char *nc = NULL;
> > + char *command = NULL;
> > +
> > + char *homedir = virGetUserDirectory();
> > + char *confdir = virGetUserConfigDirectory();
> > + char *knownhosts = NULL;
> > + char *privkey = NULL;
> > +
> > + /* Use default paths for known hosts an public keys if not provided */
> > + if (confdir) {
> > + if (!knownHostsPath) {
> > + if (virFileExists(confdir)) {
> > + if (virAsprintf(&knownhosts, "%s/known_hosts", confdir) < 0)
>
> So does libssh break the known hosts file? It's not very pleasant to
> keep two separate files, since you'd have to re-authenticate all the
> hosts key for use with libvirt.
libssh should not break the known hosts file, although it can fail to
parse it when keys have comments (see upstream bug #149 [1]).
As such, keeping the known hosts separate by default for now could be
a better choice, especially that it already shares what was used with
the libssh2 transport.
[1] https://red.libssh.org/issues/149
> > + goto cleanup;
> > + }
> > + } else {
> > + if (VIR_STRDUP(knownhosts, knownHostsPath) < 0)
> > + goto cleanup;
> > + }
> > + }
> > +
> > + if (homedir) {
> > + if (!privkeyPath) {
> > + /* RSA */
> > + if (virAsprintf(&privkey, "%s/.ssh/id_rsa", homedir) < 0)
> > + goto cleanup;
> > +
> > + if (!(virFileExists(privkey)))
> > + VIR_FREE(privkey);
> > + /* DSA */
> > + if (!privkey) {
> > + if (virAsprintf(&privkey, "%s/.ssh/id_dsa", homedir) < 0)
> > + goto cleanup;
> > +
> > + if (!(virFileExists(privkey)))
> > + VIR_FREE(privkey);
>
> Documentation for ssh-keygen states that the following paths are tried
> by default:
>
> ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or
> ~/.ssh/id_rsa
I can adjust that, ok. Note the libssh2 transport needs the same
change, so I'll just do the same for both at once.
One more explicit note: all the glue code between the transport itself
and the rest of the rpc code was basically copied from the code used
for libssh2 -- hence, if there are mistakes that I miss there, most
probably they affect the libssh2 transport as well.
Thanks,
--
Pino ToscanoAttachment:
signature.asc
Description: This is a digitally signed message part.
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list