From nobody Thu Apr 25 23:44:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562692625; cv=none; d=zoho.com; s=zohoarc; b=icuFwiJqcsZP6udILOABlbQOMC4TXa+FVRg44cgE8O4FEcAQ+oHPFLM2nVVKLF3CH3bgfMPfkIo1mksyf/HxWmVJhmd1T4i06xxa7EFduDLJg5eGiEigNPsVwP+sk8+QbtZZp6hjdbtfHvj+qWCkFWxwikdUm5W2jqy63UuscNE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562692625; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=EpiWqxGdX7Aq5lkuCO7c8ao312nbfEP/uIseaLRUa3c=; b=k35g7g4U6rMxoYqHg3qqLGgqCiAiJxiIKQ2BDIxJBiHDTnsKHbswGh4sapRBcFz2L8OCULIcEWCK1gJn+2LZ2Cji+OKBpL/yCogKOiMJWTA8A08laLq4OpIAE9m8i4FWTtrjFi+59Uzm5sjVHSvq++HncPftOgcFi+MIZafjZs8= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562692625351280.38959945655665; Tue, 9 Jul 2019 10:17:05 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B53183082E4B; Tue, 9 Jul 2019 17:16:32 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B91545B09D; Tue, 9 Jul 2019 17:16:25 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C4FA3206D2; Tue, 9 Jul 2019 17:16:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69HG5kC024628 for ; Tue, 9 Jul 2019 13:16:05 -0400 Received: by smtp.corp.redhat.com (Postfix) id EB74070699; Tue, 9 Jul 2019 17:16:05 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-31.ams2.redhat.com [10.36.112.31]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1E89C9D47; Tue, 9 Jul 2019 17:16:02 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 18:15:59 +0100 Message-Id: <20190709171559.3372-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] rpc: always pass "-T -e none" args to ssh X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 09 Jul 2019 17:16:58 +0000 (UTC) Way back in the past, the "no_tty=3D1" option was added for the remote driver to disable local password prompting by disabling use of the local tty: commit b32f42984994a397441a1c48f1a002e906624c51 Author: Daniel P. Berrange Date: Fri Sep 21 20:17:09 2007 +0000 Added a no_tty param to remote URIs to stop SSH prompting for password This was done by adding "-T -o BatchMode=3Dyes -e none" args to ssh. This achieved the desired results but is none the less semantically flawed because it is mixing up config parameters for the local tty vs the remote tty. The "-T" arg stops allocation of a TTY on the remote host. This is good for all libvirt SSH tunnels as we never require a TTY for our usage model, so we should have just passed this unconditionally. The "-e none" option disables the escape character for sessions with a TTY. If we pass "-T" this is not required, but it also not harmful to add it, so we should just pass it unconditionally too. Only the "-o BatchMode=3Dyes" option is related to disabling local password prompts and thus needs control via the no_tty URI param. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Andrea Bolognani --- src/rpc/virnetsocket.c | 4 ++-- tests/virnetsockettest.c | 34 ++++++++++++++++++---------------- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index bfa1952989..aa46b83da6 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -854,9 +854,9 @@ int virNetSocketNewConnectSSH(const char *nodename, virCommandAddArgList(cmd, "-l", username, NULL); if (keyfile) virCommandAddArgList(cmd, "-i", keyfile, NULL); + virCommandAddArgList(cmd, "-T", "-e", "none", NULL); if (noTTY) - virCommandAddArgList(cmd, "-T", "-o", "BatchMode=3Dyes", - "-e", "none", NULL); + virCommandAddArgList(cmd, "-o", "BatchMode=3Dyes", NULL); if (noVerify) virCommandAddArgList(cmd, "-o", "StrictHostKeyChecking=3Dno", NULL= ); =20 diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c index 9c14989287..bb8357f7cd 100644 --- a/tests/virnetsockettest.c +++ b/tests/virnetsockettest.c @@ -571,12 +571,13 @@ mymain(void) struct testSSHData sshData1 =3D { .nodename =3D "somehost", .path =3D "/tmp/socket", - .expectOut =3D "-- somehost sh -c 'if 'nc' -q 2>&1 | grep \"requir= es an argument\" >/dev/null 2>&1; then " - "ARG=3D-q0;" - "else " - "ARG=3D;" - "fi;" - "'nc' $ARG -U /tmp/socket'\n", + .expectOut =3D "-T -e none -- somehost sh -c '" + "if 'nc' -q 2>&1 | grep \"requires an argument\" >/de= v/null 2>&1; then " + "ARG=3D-q0;" + "else " + "ARG=3D;" + "fi;" + "'nc' $ARG -U /tmp/socket'\n", }; if (virTestRun("SSH test 1", testSocketSSH, &sshData1) < 0) ret =3D -1; @@ -589,7 +590,7 @@ mymain(void) .noTTY =3D true, .noVerify =3D false, .path =3D "/tmp/socket", - .expectOut =3D "-p 9000 -l fred -T -o BatchMode=3Dyes -e none -- s= omehost sh -c '" + .expectOut =3D "-p 9000 -l fred -T -e none -o BatchMode=3Dyes -- s= omehost sh -c '" "if 'netcat' -q 2>&1 | grep \"requires an argument\" = >/dev/null 2>&1; then " "ARG=3D-q0;" "else " @@ -608,7 +609,7 @@ mymain(void) .noTTY =3D false, .noVerify =3D true, .path =3D "/tmp/socket", - .expectOut =3D "-p 9000 -l fred -o StrictHostKeyChecking=3Dno -- s= omehost sh -c '" + .expectOut =3D "-p 9000 -l fred -T -e none -o StrictHostKeyCheckin= g=3Dno -- somehost sh -c '" "if 'netcat' -q 2>&1 | grep \"requires an argument\" = >/dev/null 2>&1; then " "ARG=3D-q0;" "else " @@ -630,7 +631,7 @@ mymain(void) struct testSSHData sshData5 =3D { .nodename =3D "crashyhost", .path =3D "/tmp/socket", - .expectOut =3D "-- crashyhost sh -c " + .expectOut =3D "-T -e none -- crashyhost sh -c " "'if 'nc' -q 2>&1 | grep \"requires an argument\" >/d= ev/null 2>&1; then " "ARG=3D-q0;" "else " @@ -647,7 +648,7 @@ mymain(void) .path =3D "/tmp/socket", .keyfile =3D "/root/.ssh/example_key", .noVerify =3D true, - .expectOut =3D "-i /root/.ssh/example_key -o StrictHostKeyChecking= =3Dno -- example.com sh -c '" + .expectOut =3D "-i /root/.ssh/example_key -T -e none -o StrictHost= KeyChecking=3Dno -- example.com sh -c '" "if 'nc' -q 2>&1 | grep \"requires an argument\" >/de= v/null 2>&1; then " "ARG=3D-q0;" "else " @@ -662,12 +663,13 @@ mymain(void) .nodename =3D "somehost", .netcat =3D "nc -4", .path =3D "/tmp/socket", - .expectOut =3D "-- somehost sh -c 'if ''nc -4'' -q 2>&1 | grep \"r= equires an argument\" >/dev/null 2>&1; then " - "ARG=3D-q0;" - "else " - "ARG=3D;" - "fi;" - "''nc -4'' $ARG -U /tmp/socket'\n", + .expectOut =3D "-T -e none -- somehost sh -c '" + "if ''nc -4'' -q 2>&1 | grep \"requires an argument\"= >/dev/null 2>&1; then " + "ARG=3D-q0;" + "else " + "ARG=3D;" + "fi;" + "''nc -4'' $ARG -U /tmp/socket'\n", }; if (virTestRun("SSH test 7", testSocketSSH, &sshData7) < 0) ret =3D -1; --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list