diff options
| author | Peter Krempa <pkrempa@redhat.com> | 2013-07-09 16:46:32 +0200 |
|---|---|---|
| committer | Peter Krempa <pkrempa@redhat.com> | 2013-07-12 09:22:38 +0200 |
| commit | 273745b43122a77adf8c73b2e0a852ac42387349 (patch) | |
| tree | 3320136c89f6dc49a443b6c5fa8cd9870208ed35 /src/rpc | |
| parent | 676504e3be2833d606f076b4ba939f1d8dbea0cf (diff) | |
| download | libvirt-273745b43122a77adf8c73b2e0a852ac42387349.tar.gz | |
remote: Improve libssh2 password authentication
This patch enables the password authentication in the libssh2 connection
driver. There are a few benefits to this step:
1) Hosts with challenge response authentication will now be supported
with the libssh2 connection driver.
2) Credential for hosts can now be stored in the authentication
credential config file
Diffstat (limited to 'src/rpc')
| -rw-r--r-- | src/rpc/virnetclient.c | 11 | ||||
| -rw-r--r-- | src/rpc/virnetclient.h | 4 | ||||
| -rw-r--r-- | src/rpc/virnetsocket.c | 8 | ||||
| -rw-r--r-- | src/rpc/virnetsocket.h | 3 | ||||
| -rw-r--r-- | src/rpc/virnetsshsession.c | 30 | ||||
| -rw-r--r-- | src/rpc/virnetsshsession.h | 5 |
6 files changed, 34 insertions, 27 deletions
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index fb5c108370..9deec9e212 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -389,7 +389,8 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host, const char *authMethods, const char *netcatPath, const char *socketPath, - virConnectAuthPtr authPtr) + virConnectAuthPtr authPtr, + virURIPtr uri) { virNetSocketPtr sock = NULL; virNetClientPtr ret = NULL; @@ -443,9 +444,9 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host, if (!authMethods) { if (privkey) - authMethods = "agent,privkey,keyboard-interactive"; + authMethods = "agent,privkey,password,keyboard-interactive"; else - authMethods = "agent,keyboard-interactive"; + authMethods = "agent,password,keyboard-interactive"; } DEFAULT_VALUE(host, "localhost"); @@ -471,9 +472,9 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host, if (!(command = virBufferContentAndReset(&buf))) goto no_memory; - if (virNetSocketNewConnectLibSSH2(host, port, username, NULL, privkey, + if (virNetSocketNewConnectLibSSH2(host, port, username, privkey, knownhosts, knownHostsVerify, authMethods, - command, authPtr, &sock) != 0) + command, authPtr, uri, &sock) != 0) goto cleanup; if (!(ret = virNetClientNew(sock, NULL))) diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h index 4204a9354d..3bcde63243 100644 --- a/src/rpc/virnetclient.h +++ b/src/rpc/virnetclient.h @@ -33,6 +33,7 @@ # include "virnetclientprogram.h" # include "virnetclientstream.h" # include "virobject.h" +# include "viruri.h" virNetClientPtr virNetClientNewUNIX(const char *path, @@ -61,7 +62,8 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host, const char *authMethods, const char *netcatPath, const char *socketPath, - virConnectAuthPtr authPtr); + virConnectAuthPtr authPtr, + virURIPtr uri); virNetClientPtr virNetClientNewExternal(const char **cmdargv); diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index 1bfd87bf85..ae81512e71 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -740,13 +740,13 @@ int virNetSocketNewConnectLibSSH2(const char *host, const char *port, const char *username, - const char *password, const char *privkey, const char *knownHosts, const char *knownHostsVerify, const char *authMethods, const char *command, virConnectAuthPtr auth, + virURIPtr uri, virNetSocketPtr *retsock) { virNetSocketPtr sock = NULL; @@ -808,8 +808,8 @@ virNetSocketNewConnectLibSSH2(const char *host, ret = virNetSSHSessionAuthAddKeyboardAuth(sess, username, -1); else if (STRCASEEQ(authMethod, "password")) ret = virNetSSHSessionAuthAddPasswordAuth(sess, - username, - password); + uri, + username); else if (STRCASEEQ(authMethod, "privkey")) ret = virNetSSHSessionAuthAddPrivKeyAuth(sess, username, @@ -854,13 +854,13 @@ int virNetSocketNewConnectLibSSH2(const char *host ATTRIBUTE_UNUSED, const char *port ATTRIBUTE_UNUSED, const char *username ATTRIBUTE_UNUSED, - const char *password ATTRIBUTE_UNUSED, const char *privkey ATTRIBUTE_UNUSED, const char *knownHosts ATTRIBUTE_UNUSED, const char *knownHostsVerify ATTRIBUTE_UNUSED, const char *authMethods ATTRIBUTE_UNUSED, const char *command ATTRIBUTE_UNUSED, virConnectAuthPtr auth ATTRIBUTE_UNUSED, + virURIPtr uri ATTRIBUTE_UNUSED, virNetSocketPtr *retsock ATTRIBUTE_UNUSED) { virReportSystemError(ENOSYS, "%s", diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h index ea42081d49..ca9ae914c0 100644 --- a/src/rpc/virnetsocket.h +++ b/src/rpc/virnetsocket.h @@ -34,6 +34,7 @@ # include "virnetsaslcontext.h" # endif # include "virjson.h" +# include "viruri.h" typedef struct _virNetSocket virNetSocket; typedef virNetSocket *virNetSocketPtr; @@ -84,13 +85,13 @@ int virNetSocketNewConnectSSH(const char *nodename, int virNetSocketNewConnectLibSSH2(const char *host, const char *port, const char *username, - const char *password, const char *privkey, const char *knownHosts, const char *knownHostsVerify, const char *authMethods, const char *command, virConnectAuthPtr auth, + virURIPtr uri, virNetSocketPtr *retsock); int virNetSocketNewConnectExternal(const char **cmdargv, diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c index 25a7efd753..816c54e634 100644 --- a/src/rpc/virnetsshsession.c +++ b/src/rpc/virnetsshsession.c @@ -991,31 +991,34 @@ virNetSSHSessionAuthReset(virNetSSHSessionPtr sess) int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess, - const char *username, - const char *password) + virURIPtr uri, + const char *username) { virNetSSHAuthMethodPtr auth; char *user = NULL; - char *pass = NULL; - if (!username || !password) { - virReportError(VIR_ERR_SSH, "%s", - _("Username and password must be provided " - "for password authentication")); - return -1; + if (uri) { + VIR_FREE(sess->authPath); + + if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0) + goto error; } - virObjectLock(sess); + if (!username) { + if (!(user = virAuthGetUsernamePath(sess->authPath, sess->cred, + "ssh", NULL, sess->hostname))) + goto error; + } else { + if (VIR_STRDUP(user, username) < 0) + goto error; + } - if (VIR_STRDUP(user, username) < 0 || - VIR_STRDUP(pass, password) < 0) - goto error; + virObjectLock(sess); if (!(auth = virNetSSHSessionAuthMethodNew(sess))) goto error; auth->username = user; - auth->password = pass; auth->method = VIR_NET_SSH_AUTH_PASSWORD; virObjectUnlock(sess); @@ -1023,7 +1026,6 @@ virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess, error: VIR_FREE(user); - VIR_FREE(pass); virObjectUnlock(sess); return -1; } diff --git a/src/rpc/virnetsshsession.h b/src/rpc/virnetsshsession.h index 8bd2445f4a..65bd76a94b 100644 --- a/src/rpc/virnetsshsession.h +++ b/src/rpc/virnetsshsession.h @@ -23,6 +23,7 @@ # define __VIR_NET_SSH_SESSION_H__ # include "internal.h" +# include "viruri.h" typedef struct _virNetSSHSession virNetSSHSession; typedef virNetSSHSession *virNetSSHSessionPtr; @@ -50,8 +51,8 @@ int virNetSSHSessionAuthSetCallback(virNetSSHSessionPtr sess, virConnectAuthPtr auth); int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess, - const char *username, - const char *password); + virURIPtr uri, + const char *username); int virNetSSHSessionAuthAddAgentAuth(virNetSSHSessionPtr sess, const char *username); |