On Tuesday, 1 November 2016 13:40:01 CET Peter Krempa wrote:
> On Wed, Oct 19, 2016 at 14:40:37 +0200, Pino Toscano wrote:
> > Implement in virtNetClient and VirNetSocket the needed functions to
> > expose a new libssh transport, providing all the options that the
> > libssh2 transport supports.
> > ---
> > docs/remote.html.in | 35 ++++++---
> > src/remote/remote_driver.c | 41 +++++++++++
> > src/rpc/virnetclient.c | 118 ++++++++++++++++++++++++++++++
> > src/rpc/virnetclient.h | 13 ++++
> > src/rpc/virnetsocket.c | 179
> > +++++++++++++++++++++++++++++++++++++++++++++
> > src/rpc/virnetsocket.h | 13 ++++
> > 6 files changed, 387 insertions(+), 12 deletions(-)
>
> [...]
>
> > diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
> > index 361dc1a..6d406ff 100644
> > --- a/src/rpc/virnetclient.c
> > +++ b/src/rpc/virnetclient.c
> > @@ -505,6 +505,124 @@ virNetClientPtr virNetClientNewLibSSH2(const char
> > *host,
> > }
> > #undef DEFAULT_VALUE
> >
> > +#define DEFAULT_VALUE(VAR, VAL) \
> > + if (!VAR) \
> > + VAR = VAL;
> > +virNetClientPtr virNetClientNewLibssh(const char *host,
> > + const char *port,
> > + int family,
> > + const char *username,
> > + const char *privkeyPath,
> > + const char *knownHostsPath,
> > + const char *knownHostsVerify,
> > + const char *authMethods,
> > + const char *netcatPath,
> > + const char *socketPath,
> > + virConnectAuthPtr authPtr,
> > + virURIPtr uri)
> > +{
> > + virNetSocketPtr sock = NULL;
> > + virNetClientPtr ret = NULL;
> > +
> > + virBuffer buf = VIR_BUFFER_INITIALIZER;
> > + char *nc = NULL;
> > + char *command = NULL;
> > +
> > + char *homedir = virGetUserDirectory();
> > + char *confdir = virGetUserConfigDirectory();
> > + char *knownhosts = NULL;
> > + char *privkey = NULL;
> > +
> > + /* Use default paths for known hosts an public keys if not provided */
> > + if (confdir) {
> > + if (!knownHostsPath) {
> > + if (virFileExists(confdir)) {
> > + if (virAsprintf(&knownhosts, "%s/known_hosts", confdir) <
> > 0)
>
> So does libssh break the known hosts file? It's not very pleasant to
> keep two separate files, since you'd have to re-authenticate all the
> hosts key for use with libvirt.libssh should not break the known hosts file, although it can fail to parse it when keys have comments (see upstream bug #149 [1]). As such, keeping the known hosts separate by default for now could be a better choice, especially that it already shares what was used with the libssh2 transport. [1] https://red.libssh.org/issues/149 > > + goto cleanup; > > + } > > + } else { > > + if (VIR_STRDUP(knownhosts, knownHostsPath) < 0) > > + goto cleanup; > > + } > > + } > > + > > + if (homedir) { > > + if (!privkeyPath) { > > + /* RSA */ > > + if (virAsprintf(&privkey, "%s/.ssh/id_rsa", homedir) < 0) > > + goto cleanup; > > + > > + if (!(virFileExists(privkey))) > > + VIR_FREE(privkey); > > + /* DSA */ > > + if (!privkey) { > > + if (virAsprintf(&privkey, "%s/.ssh/id_dsa", homedir) < 0) > > + goto cleanup; > > + > > + if (!(virFileExists(privkey))) > > + VIR_FREE(privkey); > > Documentation for ssh-keygen states that the following paths are tried > by default: > > ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or > ~/.ssh/id_rsa I can adjust that, ok. Note the libssh2 transport needs the same change, so I'll just do the same for both at once. One more explicit note: all the glue code between the transport itself and the rest of the rpc code was basically copied from the code used for libssh2 -- hence, if there are mistakes that I miss there, most probably they affect the libssh2 transport as well. Thanks, -- Pino Toscano
signature.asc
Description: This is a digitally signed message part.
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
