From 6b01c83a63058946c56c62ce052bde4e9a27b2d2 Mon Sep 17 00:00:00 2001 From: Oskari Saarenmaa Date: Tue, 19 Jul 2011 20:52:21 +0300 Subject: [PATCH] remote/ssh: optional "keyfile" parameter. New optional parameter "keyfile" for ssh transport allows the user to select the private key to be used to authenticate to the remote host. --- docs/remote.html.in | 16 ++++++++++++++++ src/remote/remote_driver.c | 9 ++++++++- src/rpc/virnetclient.c | 4 +++- src/rpc/virnetclient.h | 1 + src/rpc/virnetsocket.c | 3 +++ src/rpc/virnetsocket.h | 1 + tests/virnetsockettest.c | 12 ++++++++++++ 7 files changed, 44 insertions(+), 2 deletions(-) diff --git a/docs/remote.html.in b/docs/remote.html.in index 39d65aaabe..b554950939 100644 --- a/docs/remote.html.in +++ b/docs/remote.html.in @@ -275,6 +275,22 @@ Note that parameter values must be Example: netcat=/opt/netcat/bin/nc + + + + keyfile + + ssh + + The name of the private key file to use to authentication to the remote + machine. If this option is not used the default keys are used. + + + + + Example: keyfile=/root/.ssh/example_key + + no_verify diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index ec4133b2bc..665ef04a34 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -352,7 +352,7 @@ doRemoteOpen (virConnectPtr conn, char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL; char *port = NULL, *authtype = NULL, *username = NULL; int no_verify = 0, no_tty = 0; - char *pkipath = NULL; + char *pkipath = NULL, *keyfile = NULL; /* Return code from this function, and the private data. */ int retcode = VIR_DRV_OPEN_ERROR; @@ -425,6 +425,11 @@ doRemoteOpen (virConnectPtr conn, netcat = strdup (var->value); if (!netcat) goto out_of_memory; var->ignore = 1; + } else if (STRCASEEQ (var->name, "keyfile")) { + VIR_FREE(keyfile); + keyfile = strdup (var->value); + if (!keyfile) goto out_of_memory; + var->ignore = 1; } else if (STRCASEEQ (var->name, "no_verify")) { no_verify = atoi (var->value); var->ignore = 1; @@ -582,6 +587,7 @@ doRemoteOpen (virConnectPtr conn, no_tty, no_verify, netcat ? netcat : "nc", + keyfile, sockname))) goto failed; @@ -681,6 +687,7 @@ doRemoteOpen (virConnectPtr conn, VIR_FREE(sockname); VIR_FREE(authtype); VIR_FREE(netcat); + VIR_FREE(keyfile); VIR_FREE(username); VIR_FREE(port); VIR_FREE(pkipath); diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index 7e88abaaa9..b845555bec 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -201,11 +201,13 @@ virNetClientPtr virNetClientNewSSH(const char *nodename, bool noTTY, bool noVerify, const char *netcat, + const char *keyfile, const char *path) { virNetSocketPtr sock; - if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY, noVerify, netcat, path, &sock) < 0) + if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY, + noVerify, netcat, keyfile, path, &sock) < 0) return NULL; return virNetClientNew(sock, NULL); diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h index a0983bc734..90d19d397c 100644 --- a/src/rpc/virnetclient.h +++ b/src/rpc/virnetclient.h @@ -46,6 +46,7 @@ virNetClientPtr virNetClientNewSSH(const char *nodename, bool noTTY, bool noVerify, const char *netcat, + const char *keyfile, const char *path); virNetClientPtr virNetClientNewExternal(const char **cmdargv); diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index 71df951299..d4c0bdd799 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -594,6 +594,7 @@ int virNetSocketNewConnectSSH(const char *nodename, bool noTTY, bool noVerify, const char *netcat, + const char *keyfile, const char *path, virNetSocketPtr *retsock) { @@ -611,6 +612,8 @@ int virNetSocketNewConnectSSH(const char *nodename, virCommandAddArgList(cmd, "-p", service, NULL); if (username) virCommandAddArgList(cmd, "-l", username, NULL); + if (keyfile) + virCommandAddArgList(cmd, "-i", keyfile, NULL); if (noTTY) virCommandAddArgList(cmd, "-T", "-o", "BatchMode=yes", "-e", "none", NULL); diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h index e13ab8fb15..dfb3c5d031 100644 --- a/src/rpc/virnetsocket.h +++ b/src/rpc/virnetsocket.h @@ -69,6 +69,7 @@ int virNetSocketNewConnectSSH(const char *nodename, bool noTTY, bool noVerify, const char *netcat, + const char *keyfile, const char *path, virNetSocketPtr *addr); diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c index 0c86b84e8a..e72b9a01ba 100644 --- a/tests/virnetsockettest.c +++ b/tests/virnetsockettest.c @@ -379,6 +379,7 @@ struct testSSHData { bool noTTY; bool noVerify; const char *netcat; + const char *keyfile; const char *path; const char *expectOut; @@ -400,6 +401,7 @@ static int testSocketSSH(const void *opaque) data->noTTY, data->noVerify, data->netcat, + data->keyfile, data->path, &csock) < 0) goto cleanup; @@ -542,6 +544,16 @@ mymain(void) if (virtTestRun("SSH test 5", 1, testSocketSSH, &sshData5) < 0) ret = -1; + struct testSSHData sshData6 = { + .nodename = "example.com", + .path = "/tmp/socket", + .keyfile = "/root/.ssh/example_key", + .noVerify = true, + .expectOut = "-i /root/.ssh/example_key -o StrictHostKeyChecking=no example.com nc -U /tmp/socket\n", + }; + if (virtTestRun("SSH test 6", 1, testSocketSSH, &sshData6) < 0) + ret = -1; + #endif return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE);