[libvirt] [PATCH] remote/ssh: optional "keyfile" parameter.
Oskari Saarenmaa
os at ohmu.fi
Tue Jul 19 17:52:21 UTC 2011
New optional parameter "keyfile" for ssh transport allows the user to select
the private key to be used to authenticate to the remote host.
---
docs/remote.html.in | 16 ++++++++++++++++
src/remote/remote_driver.c | 9 ++++++++-
src/rpc/virnetclient.c | 4 +++-
src/rpc/virnetclient.h | 1 +
src/rpc/virnetsocket.c | 3 +++
src/rpc/virnetsocket.h | 1 +
tests/virnetsockettest.c | 12 ++++++++++++
7 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/docs/remote.html.in b/docs/remote.html.in
index 39d65aa..b554950 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -275,6 +275,22 @@ Note that parameter values must be
<td colspan="2"/>
<td> Example: <code>netcat=/opt/netcat/bin/nc</code> </td>
</tr>
+
+ <tr>
+ <td>
+ <code>keyfile</code>
+ </td>
+ <td> ssh </td>
+ <td>
+ The name of the private key file to use to authentication to the remote
+ machine. If this option is not used the default keys are used.
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2"/>
+ <td> Example: <code>keyfile=/root/.ssh/example_key</code> </td>
+ </tr>
+
<tr>
<td>
<code>no_verify</code>
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index c2f8bbd..3878fc9 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -343,7 +343,7 @@ doRemoteOpen (virConnectPtr conn,
char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL;
char *port = NULL, *authtype = NULL, *username = NULL;
int no_verify = 0, no_tty = 0;
- char *pkipath = NULL;
+ char *pkipath = NULL, *keyfile = NULL;
/* Return code from this function, and the private data. */
int retcode = VIR_DRV_OPEN_ERROR;
@@ -416,6 +416,11 @@ doRemoteOpen (virConnectPtr conn,
netcat = strdup (var->value);
if (!netcat) goto out_of_memory;
var->ignore = 1;
+ } else if (STRCASEEQ (var->name, "keyfile")) {
+ VIR_FREE(keyfile);
+ keyfile = strdup (var->value);
+ if (!keyfile) goto out_of_memory;
+ var->ignore = 1;
} else if (STRCASEEQ (var->name, "no_verify")) {
no_verify = atoi (var->value);
var->ignore = 1;
@@ -573,6 +578,7 @@ doRemoteOpen (virConnectPtr conn,
no_tty,
no_verify,
netcat ? netcat : "nc",
+ keyfile,
sockname)))
goto failed;
@@ -672,6 +678,7 @@ doRemoteOpen (virConnectPtr conn,
VIR_FREE(sockname);
VIR_FREE(authtype);
VIR_FREE(netcat);
+ VIR_FREE(keyfile);
VIR_FREE(username);
VIR_FREE(port);
VIR_FREE(pkipath);
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index d3965c6..1bda763 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -189,11 +189,13 @@ virNetClientPtr virNetClientNewSSH(const char *nodename,
bool noTTY,
bool noVerify,
const char *netcat,
+ const char *keyfile,
const char *path)
{
virNetSocketPtr sock;
- if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY, noVerify, netcat, path, &sock) < 0)
+ if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY,
+ noVerify, netcat, keyfile, path, &sock) < 0)
return NULL;
return virNetClientNew(sock, NULL);
diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h
index 6acdf50..3e5659c 100644
--- a/src/rpc/virnetclient.h
+++ b/src/rpc/virnetclient.h
@@ -46,6 +46,7 @@ virNetClientPtr virNetClientNewSSH(const char *nodename,
bool noTTY,
bool noVerify,
const char *netcat,
+ const char *keyfile,
const char *path);
virNetClientPtr virNetClientNewExternal(const char **cmdargv);
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 7ea1ab7..57373a0 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -578,6 +578,7 @@ int virNetSocketNewConnectSSH(const char *nodename,
bool noTTY,
bool noVerify,
const char *netcat,
+ const char *keyfile,
const char *path,
virNetSocketPtr *retsock)
{
@@ -594,6 +595,8 @@ int virNetSocketNewConnectSSH(const char *nodename,
virCommandAddArgList(cmd, "-p", service, NULL);
if (username)
virCommandAddArgList(cmd, "-l", username, NULL);
+ if (keyfile)
+ virCommandAddArgList(cmd, "-i", keyfile, NULL);
if (noTTY)
virCommandAddArgList(cmd, "-T", "-o", "BatchMode=yes",
"-e", "none", NULL);
diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h
index 5f882ac..479be28 100644
--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -69,6 +69,7 @@ int virNetSocketNewConnectSSH(const char *nodename,
bool noTTY,
bool noVerify,
const char *netcat,
+ const char *keyfile,
const char *path,
virNetSocketPtr *addr);
diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c
index 1697ced..fd8151b 100644
--- a/tests/virnetsockettest.c
+++ b/tests/virnetsockettest.c
@@ -379,6 +379,7 @@ struct testSSHData {
bool noTTY;
bool noVerify;
const char *netcat;
+ const char *keyfile;
const char *path;
const char *expectOut;
@@ -400,6 +401,7 @@ static int testSocketSSH(const void *opaque)
data->noTTY,
data->noVerify,
data->netcat,
+ data->keyfile,
data->path,
&csock) < 0)
goto cleanup;
@@ -542,6 +544,16 @@ mymain(void)
if (virtTestRun("SSH test 5", 1, testSocketSSH, &sshData5) < 0)
ret = -1;
+ struct testSSHData sshData6 = {
+ .nodename = "example.com",
+ .path = "/tmp/socket",
+ .keyfile = "/root/.ssh/example_key",
+ .noVerify = true,
+ .expectOut = "-i /root/.ssh/example_key -o StrictHostKeyChecking=no example.com nc -U /tmp/socket\n",
+ };
+ if (virtTestRun("SSH test 6", 1, testSocketSSH, &sshData6) < 0)
+ ret = -1;
+
#endif
return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE);
--
1.7.6
More information about the libvir-list
mailing list