Re: [libvirt] [PATCH RFCv2 4/5] libssh2_transport: Use libssh2 driver code in remote driver
On Wed, Jan 18, 2012 at 05:28:47PM +0100, Michal Privoznik wrote:
On 04.01.2012 00:47, Peter Krempa wrote:
-if (verr verr-code == VIR_ERR_NO_SUPPORT) {
-/* Missing RPC - old server - ignore */
-virResetLastError();
-return 0;
+if ((verr = virGetLastError())) {
+if (verr-code == VIR_ERR_NO_SUPPORT) {
+/* Missing RPC - old server - ignore */
+virResetLastError();
+return 0;
+}
+
+if (verr-code == VIR_ERR_LIBSSH_REMOTE_COMMAND) {
+virResetLastError();
+remoteError(VIR_ERR_LIBSSH_REMOTE_COMMAND, %s,
+_(Remote daemon is not running or remote
command has failed));
+}
}
return -1;
}
Related to 1st patch in the set:
Some users might be using ssh-agent, however, want to select different
auth mechanisms. I'd suggest to allow users to select which auth
mechanism they want to use. If we don't parse ssh configs, we should let
user to choose if he wants keyboard-interactive or ssh-agent or ...;
Otherwise we end up trying to sign in with keys provided by ssh-agent
which doesn't really must have the right ones.
For example, /me uses ssh-agent for git+ssh://libvirt.org but use public
keys for other machines and even keyboard-interactive :)
For the libssh2 driver, I think *not* using .ssh/config is actually
a good feature. The main benefit of libssh2, over forking ssh, is
that libvirt can provide applications direct control over all settings
and interactions. So any bits that we think need to be configurable
should all be done as query parameters in the URI
At least i see us wanting
- use agent - yes|no
- auth list (ie keyboard-interactive | gssapi-with-mic | public-key ... etc)
- public key paths
Daniel
--
|: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH RFCv2 4/5] libssh2_transport: Use libssh2 driver code in remote driver
On 04.01.2012 00:47, Peter Krempa wrote:
This patch adds URI options to support libssh2 transport in the remote
driver.
A new transport sceme is introduced eg. qemu+libssh://... that
utilizes the libssh2 code added in previous patches.
The libssh2 code requires the authentication callback to be able to
perform keyboard-interactive authentication or to ask t passprhases or
add host keys to known hosts database.
Added URI components:
- known_hosts - path to a knownHosts file in OpenSSH format to check
for known ssh host keys
- no_verify - this old option is abused to indicate desired behavior,
what to do while checking host keys:
options: - normal: behave as ssh, ask to add a new key,
reject unknown
- auto_add: add new keys automaticaly, reject
unknown
- ignore: don't check host key.
*src/remote/remote_driver.c: -Clean up whitespace between function name
and parentheses.
- Add libssh2 transport scheme
- Add URI components to configure libssh2
transport
TODO:
- Add documentation to web-page documents and man pages regarding new
URI options
- Add support for tunelled cleartext passwords?
---
src/remote/remote_driver.c | 116
1 files changed, 84 insertions(+), 32 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 7580477..0787775 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -304,12 +304,14 @@ enum virDrvOpenRemoteFlags {
* - xxx+tcp:///- TCP connection to localhost
* - xxx+unix:/// - UNIX domain socket
* - xxx:///- UNIX domain socket
+ * - xxx+ssh:///- SSH connection (legacy)
+ * - xxx+libssh:/// - SSH connection (using libssh2)
*/
static int
-doRemoteOpen (virConnectPtr conn,
- struct private_data *priv,
- virConnectAuthPtr auth ATTRIBUTE_UNUSED,
- unsigned int flags)
+doRemoteOpen(virConnectPtr conn,
+ struct private_data *priv,
+ virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+ unsigned int flags)
I'd do these refactorings in a separate patch to make future git bisects
easier.
{
struct qparam_set *vars = NULL;
char *transport_str = NULL;
@@ -317,6 +319,7 @@ doRemoteOpen (virConnectPtr conn,
trans_tls,
trans_unix,
trans_ssh,
+trans_libssh,
trans_ext,
trans_tcp,
} transport;
@@ -345,9 +348,9 @@ doRemoteOpen (virConnectPtr conn,
else
transport = trans_unix;
} else {
-if (STRCASEEQ (transport_str, tls))
+if (STRCASEEQ(transport_str, tls))
transport = trans_tls;
-else if (STRCASEEQ (transport_str, unix)) {
+else if (STRCASEEQ(transport_str, unix)) {
if (conn-uri-server) {
remoteError(VIR_ERR_INVALID_ARG,
_(using unix socket and remote
@@ -357,16 +360,18 @@ doRemoteOpen (virConnectPtr conn,
} else {
transport = trans_unix;
}
-} else if (STRCASEEQ (transport_str, ssh))
+} else if (STRCASEEQ(transport_str, ssh))
transport = trans_ssh;
-else if (STRCASEEQ (transport_str, ext))
+else if (STRCASEEQ(transport_str, libssh))
+transport = trans_libssh;
+else if (STRCASEEQ(transport_str, ext))
transport = trans_ext;
-else if (STRCASEEQ (transport_str, tcp))
+else if (STRCASEEQ(transport_str, tcp))
transport = trans_tcp;
else {
remoteError(VIR_ERR_INVALID_ARG, %s,
_(remote_open: transport in URL not
recognised
- (should be tls|unix|ssh|ext|tcp)));
+ (should be
tls|unix|ssh|ext|tcp|libssh)));
return VIR_DRV_OPEN_ERROR;
}
}
@@ -384,6 +389,8 @@ doRemoteOpen (virConnectPtr conn,
bool sanity = true, verify = true, tty ATTRIBUTE_UNUSED = true;
char *pkipath = NULL, *keyfile = NULL;
+char *knownHostsVerify = NULL, *knownHosts = NULL;
+
/* Return code from this function, and the private data. */
int retcode = VIR_DRV_OPEN_ERROR;
@@ -430,49 +437,57 @@ doRemoteOpen (virConnectPtr conn,
for (i = 0; i vars-n; i++) {
[libvirt] [PATCH RFCv2 4/5] libssh2_transport: Use libssh2 driver code in remote driver
This patch adds URI options to support libssh2 transport in the remote
driver.
A new transport sceme is introduced eg. qemu+libssh://... that
utilizes the libssh2 code added in previous patches.
The libssh2 code requires the authentication callback to be able to
perform keyboard-interactive authentication or to ask t passprhases or
add host keys to known hosts database.
Added URI components:
- known_hosts - path to a knownHosts file in OpenSSH format to check
for known ssh host keys
- no_verify - this old option is abused to indicate desired behavior,
what to do while checking host keys:
options: - normal: behave as ssh, ask to add a new key,
reject unknown
- auto_add: add new keys automaticaly, reject
unknown
- ignore: don't check host key.
*src/remote/remote_driver.c: -Clean up whitespace between function name
and parentheses.
- Add libssh2 transport scheme
- Add URI components to configure libssh2
transport
TODO:
- Add documentation to web-page documents and man pages regarding new
URI options
- Add support for tunelled cleartext passwords?
---
src/remote/remote_driver.c | 116
1 files changed, 84 insertions(+), 32 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 7580477..0787775 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -304,12 +304,14 @@ enum virDrvOpenRemoteFlags {
* - xxx+tcp:///- TCP connection to localhost
* - xxx+unix:/// - UNIX domain socket
* - xxx:///- UNIX domain socket
+ * - xxx+ssh:///- SSH connection (legacy)
+ * - xxx+libssh:/// - SSH connection (using libssh2)
*/
static int
-doRemoteOpen (virConnectPtr conn,
- struct private_data *priv,
- virConnectAuthPtr auth ATTRIBUTE_UNUSED,
- unsigned int flags)
+doRemoteOpen(virConnectPtr conn,
+ struct private_data *priv,
+ virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+ unsigned int flags)
{
struct qparam_set *vars = NULL;
char *transport_str = NULL;
@@ -317,6 +319,7 @@ doRemoteOpen (virConnectPtr conn,
trans_tls,
trans_unix,
trans_ssh,
+trans_libssh,
trans_ext,
trans_tcp,
} transport;
@@ -345,9 +348,9 @@ doRemoteOpen (virConnectPtr conn,
else
transport = trans_unix;
} else {
-if (STRCASEEQ (transport_str, tls))
+if (STRCASEEQ(transport_str, tls))
transport = trans_tls;
-else if (STRCASEEQ (transport_str, unix)) {
+else if (STRCASEEQ(transport_str, unix)) {
if (conn-uri-server) {
remoteError(VIR_ERR_INVALID_ARG,
_(using unix socket and remote
@@ -357,16 +360,18 @@ doRemoteOpen (virConnectPtr conn,
} else {
transport = trans_unix;
}
-} else if (STRCASEEQ (transport_str, ssh))
+} else if (STRCASEEQ(transport_str, ssh))
transport = trans_ssh;
-else if (STRCASEEQ (transport_str, ext))
+else if (STRCASEEQ(transport_str, libssh))
+transport = trans_libssh;
+else if (STRCASEEQ(transport_str, ext))
transport = trans_ext;
-else if (STRCASEEQ (transport_str, tcp))
+else if (STRCASEEQ(transport_str, tcp))
transport = trans_tcp;
else {
remoteError(VIR_ERR_INVALID_ARG, %s,
_(remote_open: transport in URL not
recognised
- (should be tls|unix|ssh|ext|tcp)));
+ (should be tls|unix|ssh|ext|tcp|libssh)));
return VIR_DRV_OPEN_ERROR;
}
}
@@ -384,6 +389,8 @@ doRemoteOpen (virConnectPtr conn,
bool sanity = true, verify = true, tty ATTRIBUTE_UNUSED = true;
char *pkipath = NULL, *keyfile = NULL;
+char *knownHostsVerify = NULL, *knownHosts = NULL;
+
/* Return code from this function, and the private data. */
int retcode = VIR_DRV_OPEN_ERROR;
@@ -430,49 +437,57 @@ doRemoteOpen (virConnectPtr conn,
for (i = 0; i vars-n; i++) {
var = vars-p[i];
-if (STRCASEEQ (var-name, name)) {
+if (STRCASEEQ(var-name, name)) {
VIR_FREE(name);
-name = strdup (var-value);
+name = strdup(var-value);
