[libvirt] [PATCH 3/3] remote: Improve libssh2 password authentication
Peter Krempa
pkrempa at redhat.com
Wed Jul 10 06:42:05 UTC 2013
This patch enables the password authentication in the libssh2 connection
driver. There are a few benefits to this step:
1) Hosts with challenge response authentication will now be supported
with the libssh2 connection driver.
2) Credential for hosts can now be stored in the authentication
credential config file
---
src/remote/remote_driver.c | 3 ++-
src/rpc/virnetclient.c | 11 ++++++-----
src/rpc/virnetclient.h | 4 +++-
src/rpc/virnetsocket.c | 8 ++++----
src/rpc/virnetsocket.h | 3 ++-
src/rpc/virnetsshsession.c | 30 ++++++++++++++++--------------
src/rpc/virnetsshsession.h | 5 +++--
7 files changed, 36 insertions(+), 28 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 7f3e833..7bd3aa5 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -659,7 +659,8 @@ doRemoteOpen(virConnectPtr conn,
sshauth,
netcat,
sockname,
- auth);
+ auth,
+ conn->uri);
if (!priv->client)
goto failed;
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index fed2c87..b10d090 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -389,7 +389,8 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
const char *authMethods,
const char *netcatPath,
const char *socketPath,
- virConnectAuthPtr authPtr)
+ virConnectAuthPtr authPtr,
+ virURIPtr uri)
{
virNetSocketPtr sock = NULL;
virNetClientPtr ret = NULL;
@@ -443,9 +444,9 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
if (!authMethods) {
if (privkey)
- authMethods = "agent,privkey,keyboard-interactive";
+ authMethods = "agent,privkey,password,keyboard-interactive";
else
- authMethods = "agent,keyboard-interactive";
+ authMethods = "agent,password,keyboard-interactive";
}
DEFAULT_VALUE(host, "localhost");
@@ -471,9 +472,9 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
if (!(command = virBufferContentAndReset(&buf)))
goto no_memory;
- if (virNetSocketNewConnectLibSSH2(host, port, username, NULL, privkey,
+ if (virNetSocketNewConnectLibSSH2(host, port, username, privkey,
knownhosts, knownHostsVerify, authMethods,
- command, authPtr, &sock) != 0)
+ command, authPtr, uri, &sock) != 0)
goto cleanup;
if (!(ret = virNetClientNew(sock, NULL)))
diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h
index 4204a93..3bcde63 100644
--- a/src/rpc/virnetclient.h
+++ b/src/rpc/virnetclient.h
@@ -33,6 +33,7 @@
# include "virnetclientprogram.h"
# include "virnetclientstream.h"
# include "virobject.h"
+# include "viruri.h"
virNetClientPtr virNetClientNewUNIX(const char *path,
@@ -61,7 +62,8 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
const char *authMethods,
const char *netcatPath,
const char *socketPath,
- virConnectAuthPtr authPtr);
+ virConnectAuthPtr authPtr,
+ virURIPtr uri);
virNetClientPtr virNetClientNewExternal(const char **cmdargv);
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 27709d8..c457bbd 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -742,13 +742,13 @@ int
virNetSocketNewConnectLibSSH2(const char *host,
const char *port,
const char *username,
- const char *password,
const char *privkey,
const char *knownHosts,
const char *knownHostsVerify,
const char *authMethods,
const char *command,
virConnectAuthPtr auth,
+ virURIPtr uri,
virNetSocketPtr *retsock)
{
virNetSocketPtr sock = NULL;
@@ -810,8 +810,8 @@ virNetSocketNewConnectLibSSH2(const char *host,
ret = virNetSSHSessionAuthAddKeyboardAuth(sess, username, -1);
else if (STRCASEEQ(authMethod, "password"))
ret = virNetSSHSessionAuthAddPasswordAuth(sess,
- username,
- password);
+ uri,
+ username);
else if (STRCASEEQ(authMethod, "privkey"))
ret = virNetSSHSessionAuthAddPrivKeyAuth(sess,
username,
@@ -856,13 +856,13 @@ int
virNetSocketNewConnectLibSSH2(const char *host ATTRIBUTE_UNUSED,
const char *port ATTRIBUTE_UNUSED,
const char *username ATTRIBUTE_UNUSED,
- const char *password ATTRIBUTE_UNUSED,
const char *privkey ATTRIBUTE_UNUSED,
const char *knownHosts ATTRIBUTE_UNUSED,
const char *knownHostsVerify ATTRIBUTE_UNUSED,
const char *authMethods ATTRIBUTE_UNUSED,
const char *command ATTRIBUTE_UNUSED,
virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+ virURIPtr uri ATTRIBUTE_UNUSED,
virNetSocketPtr *retsock ATTRIBUTE_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h
index ea42081..ca9ae91 100644
--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -34,6 +34,7 @@
# include "virnetsaslcontext.h"
# endif
# include "virjson.h"
+# include "viruri.h"
typedef struct _virNetSocket virNetSocket;
typedef virNetSocket *virNetSocketPtr;
@@ -84,13 +85,13 @@ int virNetSocketNewConnectSSH(const char *nodename,
int virNetSocketNewConnectLibSSH2(const char *host,
const char *port,
const char *username,
- const char *password,
const char *privkey,
const char *knownHosts,
const char *knownHostsVerify,
const char *authMethods,
const char *command,
virConnectAuthPtr auth,
+ virURIPtr uri,
virNetSocketPtr *retsock);
int virNetSocketNewConnectExternal(const char **cmdargv,
diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c
index 113fc6b..9965623 100644
--- a/src/rpc/virnetsshsession.c
+++ b/src/rpc/virnetsshsession.c
@@ -994,25 +994,29 @@ virNetSSHSessionAuthReset(virNetSSHSessionPtr sess)
int
virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
- const char *username,
- const char *password)
+ virURIPtr uri,
+ const char *username)
{
virNetSSHAuthMethodPtr auth;
char *user = NULL;
- char *pass = NULL;
- if (!username || !password) {
- virReportError(VIR_ERR_SSH, "%s",
- _("Username and password must be provided "
- "for password authentication"));
- return -1;
+ if (uri) {
+ VIR_FREE(sess->authPath);
+
+ if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0)
+ goto error;
}
- virObjectLock(sess);
+ if (!username) {
+ if (!(user = virAuthGetUsernamePath(sess->authPath, sess->cred,
+ "ssh", NULL, sess->hostname)))
+ goto error;
+ } else {
+ if (VIR_STRDUP(user, username) < 0)
+ goto error;
+ }
- if (VIR_STRDUP(user, username) < 0 ||
- VIR_STRDUP(pass, password) < 0)
- goto error;
+ virObjectLock(sess);
if (!(auth = virNetSSHSessionAuthMethodNew(sess))) {
virReportOOMError();
@@ -1020,7 +1024,6 @@ virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
}
auth->username = user;
- auth->password = pass;
auth->method = VIR_NET_SSH_AUTH_PASSWORD;
virObjectUnlock(sess);
@@ -1028,7 +1031,6 @@ virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
error:
VIR_FREE(user);
- VIR_FREE(pass);
virObjectUnlock(sess);
return -1;
}
diff --git a/src/rpc/virnetsshsession.h b/src/rpc/virnetsshsession.h
index 8bd2445..65bd76a 100644
--- a/src/rpc/virnetsshsession.h
+++ b/src/rpc/virnetsshsession.h
@@ -23,6 +23,7 @@
# define __VIR_NET_SSH_SESSION_H__
# include "internal.h"
+# include "viruri.h"
typedef struct _virNetSSHSession virNetSSHSession;
typedef virNetSSHSession *virNetSSHSessionPtr;
@@ -50,8 +51,8 @@ int virNetSSHSessionAuthSetCallback(virNetSSHSessionPtr sess,
virConnectAuthPtr auth);
int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess,
- const char *username,
- const char *password);
+ virURIPtr uri,
+ const char *username);
int virNetSSHSessionAuthAddAgentAuth(virNetSSHSessionPtr sess,
const char *username);
--
1.8.2.1
More information about the libvir-list
mailing list