libssh2_session: Add support for creating known_hosts file

The libssh2 code wasn't supposed to create the known_hosts file, but recent findings show, that we can't use the default created by OpenSSH as libssh2 might damage it. We need to create a private known_hosts file in the config path. This patch adds support for skipping error if the known_hosts file is not present and let libssh2 create a new one.

libssh2_session: Add support for creating known_hosts file
The libssh2 code wasn't supposed to create the known_hosts file, but recent findings show, that we can't use the default created by OpenSSH as libssh2 might damage it. We need to create a private known_hosts file in the config path. This patch adds support for skipping error if the known_hosts file is not present and let libssh2 create a new one.
f1d0b92a · Peter Krempa · 50659420 · f1d0b92a · f1d0b92a · f1d0b92a
隐藏空白更改
内联并排

Showing with 25 addition and 14 deletion

src/rpc/virnetsocket.c src/rpc/virnetsocket.c +2 -2

src/rpc/virnetsshsession.c src/rpc/virnetsshsession.c +16 -10

src/rpc/virnetsshsession.h src/rpc/virnetsshsession.h +7 -2

未找到文件。
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -788,8 +788,8 @@ virNetSocketNewConnectLibSSH2(const char *host,
                                               host,
                                               portN,
                                               knownHosts,
-                                               false,
-                                               verify) != 0)
+                                               verify,
+                                               VIR_NET_SSH_HOSTKEY_FILE_CREATE) != 0)
        goto error;

    if (virNetSSHSessionSetChannelCommand(sess, command) != 0)

--- a/src/rpc/virnetsshsession.c
+++ b/src/rpc/virnetsshsession.c
@@ -1123,8 +1123,8 @@ virNetSSHSessionSetHostKeyVerification(virNetSSHSessionPtr sess,
                                       const char *hostname,
                                       int port,
                                       const char *hostsfile,
-                                       bool readonly,
-                                       virNetSSHHostkeyVerify opt)
+                                       virNetSSHHostkeyVerify opt,
+                                       unsigned int flags)
 {
    char *errmsg;

@@ -1140,19 +1140,25 @@ virNetSSHSessionSetHostKeyVerification(virNetSSHSessionPtr sess,

    /* load the known hosts file */
    if (hostsfile) {
-        if (libssh2_knownhost_readfile(sess->knownHosts,
-                                       hostsfile,
-                                       LIBSSH2_KNOWNHOST_FILE_OPENSSH) < 0) {
-            libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
+        if (virFileExists(hostsfile)) {
+            if (libssh2_knownhost_readfile(sess->knownHosts,
+                                           hostsfile,
+                                           LIBSSH2_KNOWNHOST_FILE_OPENSSH) < 0) {
+                libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
+                virReportError(VIR_ERR_SSH,
+                               _("unable to load knownhosts file '%s': %s"),
+                               hostsfile, errmsg);
+                goto error;
+            }
+        } else if (!(flags & VIR_NET_SSH_HOSTKEY_FILE_CREATE)) {
            virReportError(VIR_ERR_SSH,
-                           _("unable to load knownhosts file '%s': %s"),
-                           hostsfile, errmsg);
+                           _("known hosts file '%s' does not exist"),
+                           hostsfile);
            goto error;
        }

        /* set filename only if writing to the known hosts file is requested */
-
-        if (!readonly) {
+        if (!(flags & VIR_NET_SSH_HOSTKEY_FILE_READONLY)) {
            VIR_FREE(sess->knownHostsFile);
            if (!(sess->knownHostsFile = strdup(hostsfile)))
                goto no_memory;

--- a/src/rpc/virnetsshsession.h
+++ b/src/rpc/virnetsshsession.h
@@ -36,6 +36,11 @@ typedef enum {
    VIR_NET_SSH_HOSTKEY_VERIFY_IGNORE
 } virNetSSHHostkeyVerify;

+typedef enum {
+    VIR_NET_SSH_HOSTKEY_FILE_READONLY = 1 << 0,
+    VIR_NET_SSH_HOSTKEY_FILE_CREATE   = 1 << 1,
+} virNetSSHHostKeyFileFlags;
+
 int virNetSSHSessionSetChannelCommand(virNetSSHSessionPtr sess,
                                      const char *command);

@@ -64,8 +69,8 @@ int virNetSSHSessionSetHostKeyVerification(virNetSSHSessionPtr sess,
                                           const char *hostname,
                                           int port,
                                           const char *hostsfile,
-                                           bool readonly,
-                                           virNetSSHHostkeyVerify opt);
+                                           virNetSSHHostkeyVerify opt,
+                                           unsigned int flags);

 int virNetSSHSessionConnect(virNetSSHSessionPtr sess,
                            int sock);