[libvirt] Some questions about virConnectAuthCallbackPtr

Richard W.M. Jones rjones at redhat.com
Sat Oct 13 17:08:42 UTC 2012


On Sat, Oct 13, 2012 at 05:47:24PM +0100, Richard W.M. Jones wrote:
> BTW I cannot get the libssh2 backend in libvirt to work.  For
> every host it says:
> 
>   libvirt_auth.c: authentication required for libvirt URI 'qemu+libssh2://localhost/system'
>   libvirt_auth.c: credential 'echoprompt'
>   Accept SSH host key with hash '<correct host key>' for host 'localhost:22' (y/n)?: y
>   libguestfs: error: could not connect to libvirt (code 85, domain 50): SSH transport error: SSH host key for 'localhost' (<correct host key>) was not accepted
> 
> No idea what I'm doing wrong.  Nothing in the logs on the server
> indicate that anything is wrong on the remote side.

Peter,

This is because of a bug in the libvirt code:

       if (!askKey.result ||
           STRCASENEQ(askKey.result, "y")) {
           virReportError(VIR_ERR_SSH,
                          _("SSH host key for '%s' (%s) was not accepted"),
                          sess->hostname, keyhash);
           VIR_FREE(keyhash);
           VIR_FREE(askKey.result);
           return -1;
       }

The problem with this code is that it ignores the resultlen field.

If the caller passes result[] = { 'y' } (no trailing \0), resultlen = 1,
(which IMHO is a correct use of the API as described by the
documentation), then STRCASENEQ above will not match the string.

You need to use something like:

  askKey.resultlen >= 1 && askKey.result[0] == 'y'

or else some sort of memcmp function.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora




More information about the libvir-list mailing list