From nobody Mon Feb 9 11:32:09 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1673972480; cv=none; d=zohomail.com; s=zohoarc; b=Pk30TAGcP/b4RpNpPRtSUEstsvH85VUomnj45YOEGPjT/X6SjpjH6oziinz5EI/YQsYp3SX5MDGrJ+5qBXxA74+dOmqealO2EGwlpvD3BbCkvZe8kK7iO0rz05mOxIlNfxEY/QHLqp3kg21YjwoBWCC5bYtT5Cwkiy71EOw9icw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673972480; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=CSobbf1bFaMeKCIETOgvZcmPhbiPmMsFCajXpG57wQU=; b=W5bBDeLsBJC1TKht+3dKYwXFDijk4FlJyk43KEwFE+n492VFY4CSWeXCMRxAPMQFCbvoskNRMpg0uGJHRoxaucGuO/2RtHXVpXlcIJmEPHqt7Z9GafU3KmGQlgRPcCl51i/9zCOcncwYv9EY6F+k5aV7pBX6RCrA2NYWgHMxD7o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1673972480059775.3121694484723; Tue, 17 Jan 2023 08:21:20 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-548-oozkKq0eNTedcZSRp1__Fg-1; Tue, 17 Jan 2023 11:21:14 -0500 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D2F3085CCE6; Tue, 17 Jan 2023 16:20:52 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id BADD7492B00; Tue, 17 Jan 2023 16:20:52 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 99D2E19465B9; Tue, 17 Jan 2023 16:20:52 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id C0FF219465A3 for ; Tue, 17 Jan 2023 16:20:50 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id B29EA1121319; Tue, 17 Jan 2023 16:20:50 +0000 (UTC) Received: from speedmetal.lan (ovpn-208-29.brq.redhat.com [10.40.208.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1F21A1121318 for ; Tue, 17 Jan 2023 16:20:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1673972478; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=CSobbf1bFaMeKCIETOgvZcmPhbiPmMsFCajXpG57wQU=; b=WMUYVm4cIwJkL5UgGHI/ikoRy4yFEr1eBhZ5KuULrO7RCvLyDgJ6sgivIgphTvWOQlAWwi d1G4b3iocgi7HyqVWSghXUyrFFZmNQE+WTWWAnO16qWNCYmBJElGdMnGdFRq72YwA4xfwi r6zwlGDyy++NRqM8TMT26oHDibmy0w8= X-MC-Unique: oozkKq0eNTedcZSRp1__Fg-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 08/15] virnetsshsession: Pass in username via virNetSSHSessionNew rather than auth functions Date: Tue, 17 Jan 2023 17:20:33 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1673972480736100004 Content-Type: text/plain; charset="utf-8" We only ever allow one username so there's no point passing it to each authentication registration function. Additionally the only caller (virNetClientNewLibSSH2) always passes a username so all the checks were pointless. Signed-off-by: Peter Krempa --- src/rpc/virnetsocket.c | 14 +++---- src/rpc/virnetsshsession.c | 84 ++++++++++---------------------------- src/rpc/virnetsshsession.h | 10 ++--- 3 files changed, 29 insertions(+), 79 deletions(-) diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index b9b7328f87..b248ce24dc 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -909,7 +909,7 @@ virNetSocketNewConnectLibSSH2(const char *host, } /* create ssh session context */ - if (!(sess =3D virNetSSHSessionNew())) + if (!(sess =3D virNetSSHSessionNew(username))) goto error; /* set ssh session parameters */ @@ -946,17 +946,13 @@ virNetSocketNewConnectLibSSH2(const char *host, const char *authMethod =3D *authMethodNext; if (STRCASEEQ(authMethod, "keyboard-interactive")) { - ret =3D virNetSSHSessionAuthAddKeyboardAuth(sess, username, -1= ); + ret =3D virNetSSHSessionAuthAddKeyboardAuth(sess, -1); } else if (STRCASEEQ(authMethod, "password")) { - ret =3D virNetSSHSessionAuthAddPasswordAuth(sess, - uri, - username); + ret =3D virNetSSHSessionAuthAddPasswordAuth(sess, uri); } else if (STRCASEEQ(authMethod, "privkey")) { - ret =3D virNetSSHSessionAuthAddPrivKeyAuth(sess, - username, - privkey); + ret =3D virNetSSHSessionAuthAddPrivKeyAuth(sess, privkey); } else if (STRCASEEQ(authMethod, "agent")) { - ret =3D virNetSSHSessionAuthAddAgentAuth(sess, username); + ret =3D virNetSSHSessionAuthAddAgentAuth(sess); } else { virReportError(VIR_ERR_INVALID_ARG, _("Invalid authentication method: '%s'"), diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c index 0454deec16..8f59906b4a 100644 --- a/src/rpc/virnetsshsession.c +++ b/src/rpc/virnetsshsession.c @@ -70,7 +70,6 @@ typedef struct _virNetSSHAuthMethod virNetSSHAuthMethod; struct _virNetSSHAuthMethod { virNetSSHAuthMethods method; - char *username; char *filename; int tries; @@ -93,6 +92,7 @@ struct _virNetSSHSession { int port; /* authentication stuff */ + char *username; virConnectAuthPtr cred; char *authPath; virNetSSHAuthCallbackError authCbErr; @@ -115,7 +115,6 @@ virNetSSHSessionAuthMethodsClear(virNetSSHSession *sess) size_t i; for (i =3D 0; i < sess->nauths; i++) { - VIR_FREE(sess->auths[i]->username); VIR_FREE(sess->auths[i]->filename); VIR_FREE(sess->auths[i]); } @@ -151,6 +150,7 @@ virNetSSHSessionDispose(void *obj) g_free(sess->hostname); g_free(sess->knownHostsFile); g_free(sess->authPath); + g_free(sess->username); } static virClass *virNetSSHSessionClass; @@ -488,8 +488,7 @@ virNetSSHCheckHostKey(virNetSSHSession *sess) * -1 on error */ static int -virNetSSHAuthenticateAgent(virNetSSHSession *sess, - virNetSSHAuthMethod *priv) +virNetSSHAuthenticateAgent(virNetSSHSession *sess) { struct libssh2_agent_publickey *agent_identity =3D NULL; bool no_identity =3D true; @@ -515,7 +514,7 @@ virNetSSHAuthenticateAgent(virNetSSHSession *sess, agent_identity))) { no_identity =3D false; if (!(ret =3D libssh2_agent_userauth(sess->agent, - priv->username, + sess->username, agent_identity))) return 0; /* key accepted */ @@ -575,7 +574,7 @@ virNetSSHAuthenticatePrivkey(virNetSSHSession *sess, /* try open the key with no password */ if ((ret =3D libssh2_userauth_publickey_fromfile(sess->session, - priv->username, + sess->username, NULL, priv->filename, NULL)) =3D=3D 0) @@ -634,7 +633,7 @@ virNetSSHAuthenticatePrivkey(virNetSSHSession *sess, VIR_FREE(tmp); ret =3D libssh2_userauth_publickey_fromfile(sess->session, - priv->username, + sess->username, NULL, priv->filename, retr_passphrase.result); @@ -668,8 +667,7 @@ virNetSSHAuthenticatePrivkey(virNetSSHSession *sess, * -1 on error */ static int -virNetSSHAuthenticatePassword(virNetSSHSession *sess, - virNetSSHAuthMethod *priv) +virNetSSHAuthenticatePassword(virNetSSHSession *sess) { char *password =3D NULL; char *errmsg; @@ -690,13 +688,13 @@ virNetSSHAuthenticatePassword(virNetSSHSession *sess, * connection if maximum number of bad auth tries is exceeded */ while (true) { if (!(password =3D virAuthGetPasswordPath(sess->authPath, sess->cr= ed, - "ssh", priv->username, + "ssh", sess->username, sess->hostname))) goto cleanup; /* tunnelled password authentication */ if ((rc =3D libssh2_userauth_password(sess->session, - priv->username, + sess->username, password)) =3D=3D 0) { ret =3D 0; goto cleanup; @@ -751,7 +749,7 @@ virNetSSHAuthenticateKeyboardInteractive(virNetSSHSessi= on *sess, * connection if maximum number of bad auth tries is exceeded */ while (priv->tries < 0 || priv->tries-- > 0) { ret =3D libssh2_userauth_keyboard_interactive(sess->session, - priv->username, + sess->username, virNetSSHKbIntCb); /* check for errors while calling the callback */ @@ -817,9 +815,8 @@ virNetSSHAuthenticate(virNetSSHSession *sess) } /* obtain list of supported auth methods */ - auth_list =3D libssh2_userauth_list(sess->session, - sess->auths[0]->username, - strlen(sess->auths[0]->username)); + auth_list =3D libssh2_userauth_list(sess->session, sess->username, + strlen(sess->username)); if (!auth_list) { /* unlikely event, authentication succeeded with NONE as method */ if (libssh2_userauth_authenticated(sess->session) =3D=3D 1) @@ -845,7 +842,7 @@ virNetSSHAuthenticate(virNetSSHSession *sess) break; case VIR_NET_SSH_AUTH_AGENT: if (strstr(auth_list, "publickey")) - ret =3D virNetSSHAuthenticateAgent(sess, auth); + ret =3D virNetSSHAuthenticateAgent(sess); break; case VIR_NET_SSH_AUTH_PRIVKEY: if (strstr(auth_list, "publickey")) @@ -853,7 +850,7 @@ virNetSSHAuthenticate(virNetSSHSession *sess) break; case VIR_NET_SSH_AUTH_PASSWORD: if (strstr(auth_list, "password")) - ret =3D virNetSSHAuthenticatePassword(sess, auth); + ret =3D virNetSSHAuthenticatePassword(sess); break; } @@ -969,11 +966,9 @@ virNetSSHSessionAuthReset(virNetSSHSession *sess) int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess, - virURI *uri, - const char *username) + virURI *uri) { virNetSSHAuthMethod *auth; - char *user =3D NULL; if (uri) { VIR_FREE(sess->authPath); @@ -982,75 +977,50 @@ virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession = *sess, goto error; } - if (!username) { - if (!(user =3D virAuthGetUsernamePath(sess->authPath, sess->cred, - "ssh", NULL, sess->hostname))) - goto error; - } else { - user =3D g_strdup(username); - } - virObjectLock(sess); if (!(auth =3D virNetSSHSessionAuthMethodNew(sess))) goto error; - auth->username =3D user; auth->method =3D VIR_NET_SSH_AUTH_PASSWORD; virObjectUnlock(sess); return 0; error: - VIR_FREE(user); virObjectUnlock(sess); return -1; } int -virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess, - const char *username) +virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess) { virNetSSHAuthMethod *auth; - char *user =3D NULL; - - if (!username) { - virReportError(VIR_ERR_SSH, "%s", - _("Username must be provided " - "for ssh agent authentication")); - return -1; - } virObjectLock(sess); - user =3D g_strdup(username); - if (!(auth =3D virNetSSHSessionAuthMethodNew(sess))) goto error; - auth->username =3D user; auth->method =3D VIR_NET_SSH_AUTH_AGENT; virObjectUnlock(sess); return 0; error: - VIR_FREE(user); virObjectUnlock(sess); return -1; } int virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess, - const char *username, const char *keyfile) { virNetSSHAuthMethod *auth; - if (!username || !keyfile) { + if (!keyfile) { virReportError(VIR_ERR_SSH, "%s", - _("Username and key file path must be provided " - "for private key authentication")); + _("Key file path must be provided for private key a= uthentication")); return -1; } @@ -1059,7 +1029,6 @@ virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *= sess, if (!(auth =3D virNetSSHSessionAuthMethodNew(sess))) return -1; - auth->username =3D g_strdup(username); auth->filename =3D g_strdup(keyfile); auth->method =3D VIR_NET_SSH_AUTH_PRIVKEY; @@ -1069,27 +1038,15 @@ virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession= *sess, int virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSession *sess, - const char *username, int tries) { virNetSSHAuthMethod *auth; - char *user =3D NULL; - - if (!username) { - virReportError(VIR_ERR_SSH, "%s", - _("Username must be provided " - "for ssh agent authentication")); - return -1; - } virObjectLock(sess); - user =3D g_strdup(username); - if (!(auth =3D virNetSSHSessionAuthMethodNew(sess))) goto error; - auth->username =3D user; auth->tries =3D tries; auth->method =3D VIR_NET_SSH_AUTH_KEYBOARD_INTERACTIVE; @@ -1097,7 +1054,6 @@ virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSession = *sess, return 0; error: - VIR_FREE(user); virObjectUnlock(sess); return -1; @@ -1170,7 +1126,7 @@ virNetSSHSessionSetHostKeyVerification(virNetSSHSessi= on *sess, } /* allocate and initialize a ssh session object */ -virNetSSHSession *virNetSSHSessionNew(void) +virNetSSHSession *virNetSSHSessionNew(const char *username) { virNetSSHSession *sess =3D NULL; @@ -1180,6 +1136,8 @@ virNetSSHSession *virNetSSHSessionNew(void) if (!(sess =3D virObjectLockableNew(virNetSSHSessionClass))) goto error; + sess->username =3D g_strdup(username); + /* initialize session data, use the internal data for callbacks * and stick to default memory management functions */ if (!(sess->session =3D libssh2_session_init_ex(NULL, diff --git a/src/rpc/virnetsshsession.h b/src/rpc/virnetsshsession.h index 8d6c99c547..8187346000 100644 --- a/src/rpc/virnetsshsession.h +++ b/src/rpc/virnetsshsession.h @@ -25,7 +25,7 @@ typedef struct _virNetSSHSession virNetSSHSession; -virNetSSHSession *virNetSSHSessionNew(void); +virNetSSHSession *virNetSSHSessionNew(const char *username); void virNetSSHSessionFree(virNetSSHSession *sess); typedef enum { @@ -48,18 +48,14 @@ int virNetSSHSessionAuthSetCallback(virNetSSHSession *s= ess, virConnectAuthPtr auth); int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess, - virURI *uri, - const char *username); + virURI *uri); -int virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess, - const char *username); +int virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess); int virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess, - const char *username, const char *keyfile); int virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSession *sess, - const char *username, int tries); int virNetSSHSessionSetHostKeyVerification(virNetSSHSession *sess, --=20 2.38.1