[PATCH] remote/ssh: optional "keyfile" parameter.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



New optional parameter "keyfile" for ssh transport allows the user to select
the private key to be used to authenticate to the remote host.
---
 docs/remote.html.in        |   16 ++++++++++++++++
 src/remote/remote_driver.c |    9 ++++++++-
 src/rpc/virnetclient.c     |    4 +++-
 src/rpc/virnetclient.h     |    1 +
 src/rpc/virnetsocket.c     |    3 +++
 src/rpc/virnetsocket.h     |    1 +
 tests/virnetsockettest.c   |   12 ++++++++++++
 7 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/docs/remote.html.in b/docs/remote.html.in
index 39d65aa..b554950 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -275,6 +275,22 @@ Note that parameter values must be
         <td colspan="2"/>
         <td> Example: <code>netcat=/opt/netcat/bin/nc</code> </td>
       </tr>
+
+      <tr>
+        <td>
+          <code>keyfile</code>
+        </td>
+        <td> ssh </td>
+        <td>
+  The name of the private key file to use to authentication to the remote
+  machine.  If this option is not used the default keys are used.
+        </td>
+      </tr>
+      <tr>
+        <td colspan="2"/>
+        <td> Example: <code>keyfile=/root/.ssh/example_key</code> </td>
+      </tr>
+
       <tr>
         <td>
           <code>no_verify</code>
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index c2f8bbd..3878fc9 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -343,7 +343,7 @@ doRemoteOpen (virConnectPtr conn,
     char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL;
     char *port = NULL, *authtype = NULL, *username = NULL;
     int no_verify = 0, no_tty = 0;
-    char *pkipath = NULL;
+    char *pkipath = NULL, *keyfile = NULL;
 
     /* Return code from this function, and the private data. */
     int retcode = VIR_DRV_OPEN_ERROR;
@@ -416,6 +416,11 @@ doRemoteOpen (virConnectPtr conn,
                 netcat = strdup (var->value);
                 if (!netcat) goto out_of_memory;
                 var->ignore = 1;
+            } else if (STRCASEEQ (var->name, "keyfile")) {
+                VIR_FREE(keyfile);
+                keyfile = strdup (var->value);
+                if (!keyfile) goto out_of_memory;
+                var->ignore = 1;
             } else if (STRCASEEQ (var->name, "no_verify")) {
                 no_verify = atoi (var->value);
                 var->ignore = 1;
@@ -573,6 +578,7 @@ doRemoteOpen (virConnectPtr conn,
                                                 no_tty,
                                                 no_verify,
                                                 netcat ? netcat : "nc",
+                                                keyfile,
                                                 sockname)))
             goto failed;
 
@@ -672,6 +678,7 @@ doRemoteOpen (virConnectPtr conn,
     VIR_FREE(sockname);
     VIR_FREE(authtype);
     VIR_FREE(netcat);
+    VIR_FREE(keyfile);
     VIR_FREE(username);
     VIR_FREE(port);
     VIR_FREE(pkipath);
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index d3965c6..1bda763 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -189,11 +189,13 @@ virNetClientPtr virNetClientNewSSH(const char *nodename,
                                    bool noTTY,
                                    bool noVerify,
                                    const char *netcat,
+                                   const char *keyfile,
                                    const char *path)
 {
     virNetSocketPtr sock;
 
-    if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY, noVerify, netcat, path, &sock) < 0)
+    if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY,
+                                  noVerify, netcat, keyfile, path, &sock) < 0)
         return NULL;
 
     return virNetClientNew(sock, NULL);
diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h
index 6acdf50..3e5659c 100644
--- a/src/rpc/virnetclient.h
+++ b/src/rpc/virnetclient.h
@@ -46,6 +46,7 @@ virNetClientPtr virNetClientNewSSH(const char *nodename,
                                    bool noTTY,
                                    bool noVerify,
                                    const char *netcat,
+                                   const char *keyfile,
                                    const char *path);
 
 virNetClientPtr virNetClientNewExternal(const char **cmdargv);
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 7ea1ab7..57373a0 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -578,6 +578,7 @@ int virNetSocketNewConnectSSH(const char *nodename,
                               bool noTTY,
                               bool noVerify,
                               const char *netcat,
+                              const char *keyfile,
                               const char *path,
                               virNetSocketPtr *retsock)
 {
@@ -594,6 +595,8 @@ int virNetSocketNewConnectSSH(const char *nodename,
         virCommandAddArgList(cmd, "-p", service, NULL);
     if (username)
         virCommandAddArgList(cmd, "-l", username, NULL);
+    if (keyfile)
+        virCommandAddArgList(cmd, "-i", keyfile, NULL);
     if (noTTY)
         virCommandAddArgList(cmd, "-T", "-o", "BatchMode=yes",
                              "-e", "none", NULL);
diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h
index 5f882ac..479be28 100644
--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -69,6 +69,7 @@ int virNetSocketNewConnectSSH(const char *nodename,
                               bool noTTY,
                               bool noVerify,
                               const char *netcat,
+                              const char *keyfile,
                               const char *path,
                               virNetSocketPtr *addr);
 
diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c
index 1697ced..fd8151b 100644
--- a/tests/virnetsockettest.c
+++ b/tests/virnetsockettest.c
@@ -379,6 +379,7 @@ struct testSSHData {
     bool noTTY;
     bool noVerify;
     const char *netcat;
+    const char *keyfile;
     const char *path;
 
     const char *expectOut;
@@ -400,6 +401,7 @@ static int testSocketSSH(const void *opaque)
                                   data->noTTY,
                                   data->noVerify,
                                   data->netcat,
+                                  data->keyfile,
                                   data->path,
                                   &csock) < 0)
         goto cleanup;
@@ -542,6 +544,16 @@ mymain(void)
     if (virtTestRun("SSH test 5", 1, testSocketSSH, &sshData5) < 0)
         ret = -1;
 
+    struct testSSHData sshData6 = {
+        .nodename = "example.com",
+        .path = "/tmp/socket",
+        .keyfile = "/root/.ssh/example_key",
+        .noVerify = true,
+        .expectOut = "-i /root/.ssh/example_key -o StrictHostKeyChecking=no example.com nc -U /tmp/socket\n",
+    };
+    if (virtTestRun("SSH test 6", 1, testSocketSSH, &sshData6) < 0)
+        ret = -1;
+
 #endif
 
     return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE);
-- 
1.7.6

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]