We only ever allow one username so there's no point passing it to each authentication registration function. Additionally the only caller (virNetClientNewLibSSH2) always passes a username so all the checks were pointless. Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> --- src/rpc/virnetsocket.c | 14 +++---- src/rpc/virnetsshsession.c | 84 ++++++++++---------------------------- src/rpc/virnetsshsession.h | 10 ++--- 3 files changed, 29 insertions(+), 79 deletions(-) diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index b9b7328f87..b248ce24dc 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -909,7 +909,7 @@ virNetSocketNewConnectLibSSH2(const char *host, } /* create ssh session context */ - if (!(sess = virNetSSHSessionNew())) + if (!(sess = virNetSSHSessionNew(username))) goto error; /* set ssh session parameters */ @@ -946,17 +946,13 @@ virNetSocketNewConnectLibSSH2(const char *host, const char *authMethod = *authMethodNext; if (STRCASEEQ(authMethod, "keyboard-interactive")) { - ret = virNetSSHSessionAuthAddKeyboardAuth(sess, username, -1); + ret = virNetSSHSessionAuthAddKeyboardAuth(sess, -1); } else if (STRCASEEQ(authMethod, "password")) { - ret = virNetSSHSessionAuthAddPasswordAuth(sess, - uri, - username); + ret = virNetSSHSessionAuthAddPasswordAuth(sess, uri); } else if (STRCASEEQ(authMethod, "privkey")) { - ret = virNetSSHSessionAuthAddPrivKeyAuth(sess, - username, - privkey); + ret = virNetSSHSessionAuthAddPrivKeyAuth(sess, privkey); } else if (STRCASEEQ(authMethod, "agent")) { - ret = virNetSSHSessionAuthAddAgentAuth(sess, username); + ret = virNetSSHSessionAuthAddAgentAuth(sess); } else { virReportError(VIR_ERR_INVALID_ARG, _("Invalid authentication method: '%s'"), diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c index 0454deec16..8f59906b4a 100644 --- a/src/rpc/virnetsshsession.c +++ b/src/rpc/virnetsshsession.c @@ -70,7 +70,6 @@ typedef struct _virNetSSHAuthMethod virNetSSHAuthMethod; struct _virNetSSHAuthMethod { virNetSSHAuthMethods method; - char *username; char *filename; int tries; @@ -93,6 +92,7 @@ struct _virNetSSHSession { int port; /* authentication stuff */ + char *username; virConnectAuthPtr cred; char *authPath; virNetSSHAuthCallbackError authCbErr; @@ -115,7 +115,6 @@ virNetSSHSessionAuthMethodsClear(virNetSSHSession *sess) size_t i; for (i = 0; i < sess->nauths; i++) { - VIR_FREE(sess->auths[i]->username); VIR_FREE(sess->auths[i]->filename); VIR_FREE(sess->auths[i]); } @@ -151,6 +150,7 @@ virNetSSHSessionDispose(void *obj) g_free(sess->hostname); g_free(sess->knownHostsFile); g_free(sess->authPath); + g_free(sess->username); } static virClass *virNetSSHSessionClass; @@ -488,8 +488,7 @@ virNetSSHCheckHostKey(virNetSSHSession *sess) * -1 on error */ static int -virNetSSHAuthenticateAgent(virNetSSHSession *sess, - virNetSSHAuthMethod *priv) +virNetSSHAuthenticateAgent(virNetSSHSession *sess) { struct libssh2_agent_publickey *agent_identity = NULL; bool no_identity = true; @@ -515,7 +514,7 @@ virNetSSHAuthenticateAgent(virNetSSHSession *sess, agent_identity))) { no_identity = false; if (!(ret = libssh2_agent_userauth(sess->agent, - priv->username, + sess->username, agent_identity))) return 0; /* key accepted */ @@ -575,7 +574,7 @@ virNetSSHAuthenticatePrivkey(virNetSSHSession *sess, /* try open the key with no password */ if ((ret = libssh2_userauth_publickey_fromfile(sess->session, - priv->username, + sess->username, NULL, priv->filename, NULL)) == 0) @@ -634,7 +633,7 @@ virNetSSHAuthenticatePrivkey(virNetSSHSession *sess, VIR_FREE(tmp); ret = libssh2_userauth_publickey_fromfile(sess->session, - priv->username, + sess->username, NULL, priv->filename, retr_passphrase.result); @@ -668,8 +667,7 @@ virNetSSHAuthenticatePrivkey(virNetSSHSession *sess, * -1 on error */ static int -virNetSSHAuthenticatePassword(virNetSSHSession *sess, - virNetSSHAuthMethod *priv) +virNetSSHAuthenticatePassword(virNetSSHSession *sess) { char *password = NULL; char *errmsg; @@ -690,13 +688,13 @@ virNetSSHAuthenticatePassword(virNetSSHSession *sess, * connection if maximum number of bad auth tries is exceeded */ while (true) { if (!(password = virAuthGetPasswordPath(sess->authPath, sess->cred, - "ssh", priv->username, + "ssh", sess->username, sess->hostname))) goto cleanup; /* tunnelled password authentication */ if ((rc = libssh2_userauth_password(sess->session, - priv->username, + sess->username, password)) == 0) { ret = 0; goto cleanup; @@ -751,7 +749,7 @@ virNetSSHAuthenticateKeyboardInteractive(virNetSSHSession *sess, * connection if maximum number of bad auth tries is exceeded */ while (priv->tries < 0 || priv->tries-- > 0) { ret = libssh2_userauth_keyboard_interactive(sess->session, - priv->username, + sess->username, virNetSSHKbIntCb); /* check for errors while calling the callback */ @@ -817,9 +815,8 @@ virNetSSHAuthenticate(virNetSSHSession *sess) } /* obtain list of supported auth methods */ - auth_list = libssh2_userauth_list(sess->session, - sess->auths[0]->username, - strlen(sess->auths[0]->username)); + auth_list = libssh2_userauth_list(sess->session, sess->username, + strlen(sess->username)); if (!auth_list) { /* unlikely event, authentication succeeded with NONE as method */ if (libssh2_userauth_authenticated(sess->session) == 1) @@ -845,7 +842,7 @@ virNetSSHAuthenticate(virNetSSHSession *sess) break; case VIR_NET_SSH_AUTH_AGENT: if (strstr(auth_list, "publickey")) - ret = virNetSSHAuthenticateAgent(sess, auth); + ret = virNetSSHAuthenticateAgent(sess); break; case VIR_NET_SSH_AUTH_PRIVKEY: if (strstr(auth_list, "publickey")) @@ -853,7 +850,7 @@ virNetSSHAuthenticate(virNetSSHSession *sess) break; case VIR_NET_SSH_AUTH_PASSWORD: if (strstr(auth_list, "password")) - ret = virNetSSHAuthenticatePassword(sess, auth); + ret = virNetSSHAuthenticatePassword(sess); break; } @@ -969,11 +966,9 @@ virNetSSHSessionAuthReset(virNetSSHSession *sess) int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess, - virURI *uri, - const char *username) + virURI *uri) { virNetSSHAuthMethod *auth; - char *user = NULL; if (uri) { VIR_FREE(sess->authPath); @@ -982,75 +977,50 @@ virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess, goto error; } - if (!username) { - if (!(user = virAuthGetUsernamePath(sess->authPath, sess->cred, - "ssh", NULL, sess->hostname))) - goto error; - } else { - user = g_strdup(username); - } - virObjectLock(sess); if (!(auth = virNetSSHSessionAuthMethodNew(sess))) goto error; - auth->username = user; auth->method = VIR_NET_SSH_AUTH_PASSWORD; virObjectUnlock(sess); return 0; error: - VIR_FREE(user); virObjectUnlock(sess); return -1; } int -virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess, - const char *username) +virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess) { virNetSSHAuthMethod *auth; - char *user = NULL; - - if (!username) { - virReportError(VIR_ERR_SSH, "%s", - _("Username must be provided " - "for ssh agent authentication")); - return -1; - } virObjectLock(sess); - user = g_strdup(username); - if (!(auth = virNetSSHSessionAuthMethodNew(sess))) goto error; - auth->username = user; auth->method = VIR_NET_SSH_AUTH_AGENT; virObjectUnlock(sess); return 0; error: - VIR_FREE(user); virObjectUnlock(sess); return -1; } int virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess, - const char *username, const char *keyfile) { virNetSSHAuthMethod *auth; - if (!username || !keyfile) { + if (!keyfile) { virReportError(VIR_ERR_SSH, "%s", - _("Username and key file path must be provided " - "for private key authentication")); + _("Key file path must be provided for private key authentication")); return -1; } @@ -1059,7 +1029,6 @@ virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess, if (!(auth = virNetSSHSessionAuthMethodNew(sess))) return -1; - auth->username = g_strdup(username); auth->filename = g_strdup(keyfile); auth->method = VIR_NET_SSH_AUTH_PRIVKEY; @@ -1069,27 +1038,15 @@ virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess, int virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSession *sess, - const char *username, int tries) { virNetSSHAuthMethod *auth; - char *user = NULL; - - if (!username) { - virReportError(VIR_ERR_SSH, "%s", - _("Username must be provided " - "for ssh agent authentication")); - return -1; - } virObjectLock(sess); - user = g_strdup(username); - if (!(auth = virNetSSHSessionAuthMethodNew(sess))) goto error; - auth->username = user; auth->tries = tries; auth->method = VIR_NET_SSH_AUTH_KEYBOARD_INTERACTIVE; @@ -1097,7 +1054,6 @@ virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSession *sess, return 0; error: - VIR_FREE(user); virObjectUnlock(sess); return -1; @@ -1170,7 +1126,7 @@ virNetSSHSessionSetHostKeyVerification(virNetSSHSession *sess, } /* allocate and initialize a ssh session object */ -virNetSSHSession *virNetSSHSessionNew(void) +virNetSSHSession *virNetSSHSessionNew(const char *username) { virNetSSHSession *sess = NULL; @@ -1180,6 +1136,8 @@ virNetSSHSession *virNetSSHSessionNew(void) if (!(sess = virObjectLockableNew(virNetSSHSessionClass))) goto error; + sess->username = g_strdup(username); + /* initialize session data, use the internal data for callbacks * and stick to default memory management functions */ if (!(sess->session = libssh2_session_init_ex(NULL, diff --git a/src/rpc/virnetsshsession.h b/src/rpc/virnetsshsession.h index 8d6c99c547..8187346000 100644 --- a/src/rpc/virnetsshsession.h +++ b/src/rpc/virnetsshsession.h @@ -25,7 +25,7 @@ typedef struct _virNetSSHSession virNetSSHSession; -virNetSSHSession *virNetSSHSessionNew(void); +virNetSSHSession *virNetSSHSessionNew(const char *username); void virNetSSHSessionFree(virNetSSHSession *sess); typedef enum { @@ -48,18 +48,14 @@ int virNetSSHSessionAuthSetCallback(virNetSSHSession *sess, virConnectAuthPtr auth); int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess, - virURI *uri, - const char *username); + virURI *uri); -int virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess, - const char *username); +int virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess); int virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess, - const char *username, const char *keyfile); int virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSession *sess, - const char *username, int tries); int virNetSSHSessionSetHostKeyVerification(virNetSSHSession *sess, -- 2.38.1