[libvirt PATCH 09/10] remote: fix regression connecting to remote session daemon

Wed May 26 13:20:16 UTC 2021

While we couldn't historically connect to the remote session daemon
automatically, we do allow the user to set an explicit socket path
to enable the connections to work. This ability was accidentally
lost in

  commit f8ec7c842df9e40c6607eae9b0223766cb226336
  Author: Daniel P. Berrangé <berrange at redhat.com>
  Date:   Wed Jul 8 17:03:38 2020 +0100

    rpc: use new virt-ssh-helper binary for remote tunnelling

We need to force use of 'netcat' when a 'socket' path is given in
the URI parameters.

Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
---
 src/remote/remote_driver.c | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 6a881fff28..da672b0d00 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -868,10 +868,33 @@ doRemoteOpen(virConnectPtr conn,
             goto failed;
         }
     } else {
-        /* Historically we didn't allow ssh tunnel with session mode,
-         * since we can't construct the accurate path remotely,
-         * so we can default to modern virt-ssh-helper */
-        if (flags & REMOTE_DRIVER_OPEN_USER)
+        /*
+         * Goal is to maximise usage of virt-ssh-helper
+         *
+         * Historically tunnelling access for the session mode
+         * daemon did not automatically work, since we can't
+         * construct the accurate path remotely. Users could,
+         * however, specify the 'socket' URI parameter explicitly.
+         *
+         * If we see a 'socket' path we must always use netcat,
+         * since virt-ssh-helper won't handle an explicit socket.
+         * Autostart won't work for session mode, so we assume
+         * user started it manually on the remote host in this
+         * case.
+         *
+         * If we have a 'session' URI without explicit socket,
+         * we can just assume the use of virt-ssh-helper, since
+         * logic for constructing socket paths relies on env
+         * envs whose values have no guarantee of matching those
+         * on the remote host. It was explicitly blocked with an
+         * error check before virt-ssh-helper was introduced.
+         *
+         * For 'system' URIs, we need to try virt-ssh-helper but
+         * with fallback to netcat for back compat.
+         */
+        if (sockname)
+            proxy = VIR_NET_CLIENT_PROXY_NETCAT;
+        else if (flags & REMOTE_DRIVER_OPEN_USER)
             proxy = VIR_NET_CLIENT_PROXY_NATIVE;
         else
             proxy = VIR_NET_CLIENT_PROXY_AUTO;
-- 
2.31.1


