From 273745b43122a77adf8c73b2e0a852ac42387349 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Tue, 9 Jul 2013 16:46:32 +0200 Subject: [PATCH] remote: Improve libssh2 password authentication This patch enables the password authentication in the libssh2 connection driver. There are a few benefits to this step: 1) Hosts with challenge response authentication will now be supported with the libssh2 connection driver. 2) Credential for hosts can now be stored in the authentication credential config file --- src/remote/remote_driver.c | 3 ++- src/rpc/virnetclient.c | 11 ++++++----- src/rpc/virnetclient.h | 4 +++- src/rpc/virnetsocket.c | 8 ++++---- src/rpc/virnetsocket.h | 3 ++- src/rpc/virnetsshsession.c | 30 ++++++++++++++++-------------- src/rpc/virnetsshsession.h | 5 +++-- 7 files changed, 36 insertions(+), 28 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 94d3b8375e..81ecef15e1 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -659,7 +659,8 @@ doRemoteOpen(virConnectPtr conn, sshauth, netcat, sockname, - auth); + auth, + conn->uri); if (!priv->client) goto failed; diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index fb5c108370..9deec9e212 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -389,7 +389,8 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host, const char *authMethods, const char *netcatPath, const char *socketPath, - virConnectAuthPtr authPtr) + virConnectAuthPtr authPtr, + virURIPtr uri) { virNetSocketPtr sock = NULL; virNetClientPtr ret = NULL; @@ -443,9 +444,9 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host, if (!authMethods) { if (privkey) - authMethods = "agent,privkey,keyboard-interactive"; + authMethods = "agent,privkey,password,keyboard-interactive"; else - authMethods = "agent,keyboard-interactive"; + authMethods = "agent,password,keyboard-interactive"; } DEFAULT_VALUE(host, "localhost"); @@ -471,9 +472,9 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host, if (!(command = virBufferContentAndReset(&buf))) goto no_memory; - if (virNetSocketNewConnectLibSSH2(host, port, username, NULL, privkey, + if (virNetSocketNewConnectLibSSH2(host, port, username, privkey, knownhosts, knownHostsVerify, authMethods, - command, authPtr, &sock) != 0) + command, authPtr, uri, &sock) != 0) goto cleanup; if (!(ret = virNetClientNew(sock, NULL))) diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h index 4204a9354d..3bcde63243 100644 --- a/src/rpc/virnetclient.h +++ b/src/rpc/virnetclient.h @@ -33,6 +33,7 @@ # include "virnetclientprogram.h" # include "virnetclientstream.h" # include "virobject.h" +# include "viruri.h" virNetClientPtr virNetClientNewUNIX(const char *path, @@ -61,7 +62,8 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host, const char *authMethods, const char *netcatPath, const char *socketPath, - virConnectAuthPtr authPtr); + virConnectAuthPtr authPtr, + virURIPtr uri); virNetClientPtr virNetClientNewExternal(const char **cmdargv); diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index 1bfd87bf85..ae81512e71 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -740,13 +740,13 @@ int virNetSocketNewConnectLibSSH2(const char *host, const char *port, const char *username, - const char *password, const char *privkey, const char *knownHosts, const char *knownHostsVerify, const char *authMethods, const char *command, virConnectAuthPtr auth, + virURIPtr uri, virNetSocketPtr *retsock) { virNetSocketPtr sock = NULL; @@ -808,8 +808,8 @@ virNetSocketNewConnectLibSSH2(const char *host, ret = virNetSSHSessionAuthAddKeyboardAuth(sess, username, -1); else if (STRCASEEQ(authMethod, "password")) ret = virNetSSHSessionAuthAddPasswordAuth(sess, - username, - password); + uri, + username); else if (STRCASEEQ(authMethod, "privkey")) ret = virNetSSHSessionAuthAddPrivKeyAuth(sess, username, @@ -854,13 +854,13 @@ int virNetSocketNewConnectLibSSH2(const char *host ATTRIBUTE_UNUSED, const char *port ATTRIBUTE_UNUSED, const char *username ATTRIBUTE_UNUSED, - const char *password ATTRIBUTE_UNUSED, const char *privkey ATTRIBUTE_UNUSED, const char *knownHosts ATTRIBUTE_UNUSED, const char *knownHostsVerify ATTRIBUTE_UNUSED, const char *authMethods ATTRIBUTE_UNUSED, const char *command ATTRIBUTE_UNUSED, virConnectAuthPtr auth ATTRIBUTE_UNUSED, + virURIPtr uri ATTRIBUTE_UNUSED, virNetSocketPtr *retsock ATTRIBUTE_UNUSED) { virReportSystemError(ENOSYS, "%s", diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h index ea42081d49..ca9ae914c0 100644 --- a/src/rpc/virnetsocket.h +++ b/src/rpc/virnetsocket.h @@ -34,6 +34,7 @@ # include "virnetsaslcontext.h" # endif # include "virjson.h" +# include "viruri.h" typedef struct _virNetSocket virNetSocket; typedef virNetSocket *virNetSocketPtr; @@ -84,13 +85,13 @@ int virNetSocketNewConnectSSH(const char *nodename, int virNetSocketNewConnectLibSSH2(const char *host, const char *port, const char *username, - const char *password, const char *privkey, const char *knownHosts, const char *knownHostsVerify, const char *authMethods, const char *command, virConnectAuthPtr auth, + virURIPtr uri, virNetSocketPtr *retsock); int virNetSocketNewConnectExternal(const char **cmdargv, diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c index 25a7efd753..816c54e634 100644 --- a/src/rpc/virnetsshsession.c +++ b/src/rpc/virnetsshsession.c @@ -991,31 +991,34 @@ virNetSSHSessionAuthReset(virNetSSHSessionPtr sess) int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess, - const char *username, - const char *password) + virURIPtr uri, + const char *username) { virNetSSHAuthMethodPtr auth; char *user = NULL; - char *pass = NULL; - if (!username || !password) { - virReportError(VIR_ERR_SSH, "%s", - _("Username and password must be provided " - "for password authentication")); - return -1; + if (uri) { + VIR_FREE(sess->authPath); + + if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0) + goto error; } - virObjectLock(sess); + if (!username) { + if (!(user = virAuthGetUsernamePath(sess->authPath, sess->cred, + "ssh", NULL, sess->hostname))) + goto error; + } else { + if (VIR_STRDUP(user, username) < 0) + goto error; + } - if (VIR_STRDUP(user, username) < 0 || - VIR_STRDUP(pass, password) < 0) - goto error; + virObjectLock(sess); if (!(auth = virNetSSHSessionAuthMethodNew(sess))) goto error; auth->username = user; - auth->password = pass; auth->method = VIR_NET_SSH_AUTH_PASSWORD; virObjectUnlock(sess); @@ -1023,7 +1026,6 @@ virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess, error: VIR_FREE(user); - VIR_FREE(pass); virObjectUnlock(sess); return -1; } diff --git a/src/rpc/virnetsshsession.h b/src/rpc/virnetsshsession.h index 8bd2445f4a..65bd76a94b 100644 --- a/src/rpc/virnetsshsession.h +++ b/src/rpc/virnetsshsession.h @@ -23,6 +23,7 @@ # define __VIR_NET_SSH_SESSION_H__ # include "internal.h" +# include "viruri.h" typedef struct _virNetSSHSession virNetSSHSession; typedef virNetSSHSession *virNetSSHSessionPtr; @@ -50,8 +51,8 @@ int virNetSSHSessionAuthSetCallback(virNetSSHSessionPtr sess, virConnectAuthPtr auth); int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSessionPtr sess, - const char *username, - const char *password); + virURIPtr uri, + const char *username); int virNetSSHSessionAuthAddAgentAuth(virNetSSHSessionPtr sess, const char *username); -- GitLab