virnetsshsession: Pass in username via virNetSSHSessionNew rather than auth functions

We only ever allow one username so there's no point passing it to each
authentication registration function. Additionally the only caller
(virNetClientNewLibSSH2) always passes a username so all the checks were
pointless.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>

diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index b9b7328f871ef13178bf2703b22af764c9efd5b8..b248ce24dcde86460381bab10e16ad403d8a1040 100644 (file)
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -909,7 +909,7 @@ virNetSocketNewConnectLibSSH2(const char *host,
     }
 
     /* create ssh session context */
-    if (!(sess = virNetSSHSessionNew()))
+    if (!(sess = virNetSSHSessionNew(username)))
         goto error;
 
     /* set ssh session parameters */
@@ -946,17 +946,13 @@ virNetSocketNewConnectLibSSH2(const char *host,
         const char *authMethod = *authMethodNext;
 
         if (STRCASEEQ(authMethod, "keyboard-interactive")) {
-            ret = virNetSSHSessionAuthAddKeyboardAuth(sess, username, -1);
+            ret = virNetSSHSessionAuthAddKeyboardAuth(sess, -1);
         } else if (STRCASEEQ(authMethod, "password")) {
-            ret = virNetSSHSessionAuthAddPasswordAuth(sess,
-                                                      uri,
-                                                      username);
+            ret = virNetSSHSessionAuthAddPasswordAuth(sess, uri);
         } else if (STRCASEEQ(authMethod, "privkey")) {
-            ret = virNetSSHSessionAuthAddPrivKeyAuth(sess,
-                                                     username,
-                                                     privkey);
+            ret = virNetSSHSessionAuthAddPrivKeyAuth(sess, privkey);
         } else if (STRCASEEQ(authMethod, "agent")) {
-            ret = virNetSSHSessionAuthAddAgentAuth(sess, username);
+            ret = virNetSSHSessionAuthAddAgentAuth(sess);
         } else {
             virReportError(VIR_ERR_INVALID_ARG,
                            _("Invalid authentication method: '%s'"),

diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c
index dd5792802574392c3c561eb5b4e3c38c01645255..8584a961d66c005564c4b97eeaf8ca698d8aafdf 100644 (file)
--- a/src/rpc/virnetsshsession.c
+++ b/src/rpc/virnetsshsession.c
@@ -70,7 +70,6 @@ typedef struct _virNetSSHAuthMethod virNetSSHAuthMethod;
 
 struct _virNetSSHAuthMethod {
     virNetSSHAuthMethods method;
-    char *username;
     char *filename;
 
     int tries;
@@ -93,6 +92,7 @@ struct _virNetSSHSession {
     int port;
 
     /* authentication stuff */
+    char *username;
     virConnectAuthPtr cred;
     char *authPath;
     virNetSSHAuthCallbackError authCbErr;
@@ -115,7 +115,6 @@ virNetSSHSessionAuthMethodsClear(virNetSSHSession *sess)
     size_t i;
 
     for (i = 0; i < sess->nauths; i++) {
-        VIR_FREE(sess->auths[i]->username);
         VIR_FREE(sess->auths[i]->filename);
         VIR_FREE(sess->auths[i]);
     }
@@ -151,6 +150,7 @@ virNetSSHSessionDispose(void *obj)
     g_free(sess->hostname);
     g_free(sess->knownHostsFile);
     g_free(sess->authPath);
+    g_free(sess->username);
 }
 
 static virClass *virNetSSHSessionClass;
@@ -488,8 +488,7 @@ virNetSSHCheckHostKey(virNetSSHSession *sess)
  *         -1 on error
  */
 static int
-virNetSSHAuthenticateAgent(virNetSSHSession *sess,
-                           virNetSSHAuthMethod *priv)
+virNetSSHAuthenticateAgent(virNetSSHSession *sess)
 {
     struct libssh2_agent_publickey *agent_identity = NULL;
     bool no_identity = true;
@@ -515,7 +514,7 @@ virNetSSHAuthenticateAgent(virNetSSHSession *sess,
                                               agent_identity))) {
         no_identity = false;
         if (!(ret = libssh2_agent_userauth(sess->agent,
-                                           priv->username,
+                                           sess->username,
                                            agent_identity)))
             return 0; /* key accepted */
 
@@ -575,7 +574,7 @@ virNetSSHAuthenticatePrivkey(virNetSSHSession *sess,
 
     /* try open the key with no password */
     if ((ret = libssh2_userauth_publickey_fromfile(sess->session,
-                                                   priv->username,
+                                                   sess->username,
                                                    NULL,
                                                    priv->filename,
                                                    NULL)) == 0)
@@ -634,7 +633,7 @@ virNetSSHAuthenticatePrivkey(virNetSSHSession *sess,
     VIR_FREE(tmp);
 
     ret = libssh2_userauth_publickey_fromfile(sess->session,
-                                              priv->username,
+                                              sess->username,
                                               NULL,
                                               priv->filename,
                                               retr_passphrase.result);
@@ -668,8 +667,7 @@ virNetSSHAuthenticatePrivkey(virNetSSHSession *sess,
  *         -1 on error
  */
 static int
-virNetSSHAuthenticatePassword(virNetSSHSession *sess,
-                              virNetSSHAuthMethod *priv)
+virNetSSHAuthenticatePassword(virNetSSHSession *sess)
 {
     char *password = NULL;
     char *errmsg;
@@ -690,13 +688,13 @@ virNetSSHAuthenticatePassword(virNetSSHSession *sess,
      * connection if maximum number of bad auth tries is exceeded */
     while (true) {
         if (!(password = virAuthGetPasswordPath(sess->authPath, sess->cred,
-                                                "ssh", priv->username,
+                                                "ssh", sess->username,
                                                 sess->hostname)))
             goto cleanup;
 
         /* tunnelled password authentication */
         if ((rc = libssh2_userauth_password(sess->session,
-                                            priv->username,
+                                            sess->username,
                                             password)) == 0) {
             ret = 0;
             goto cleanup;
@@ -751,7 +749,7 @@ virNetSSHAuthenticateKeyboardInteractive(virNetSSHSession *sess,
      * connection if maximum number of bad auth tries is exceeded */
     while (priv->tries < 0 || priv->tries-- > 0) {
         ret = libssh2_userauth_keyboard_interactive(sess->session,
-                                                    priv->username,
+                                                    sess->username,
                                                     virNetSSHKbIntCb);
 
         /* check for errors while calling the callback */
@@ -817,9 +815,8 @@ virNetSSHAuthenticate(virNetSSHSession *sess)
     }
 
     /* obtain list of supported auth methods */
-    auth_list = libssh2_userauth_list(sess->session,
-                                      sess->auths[0]->username,
-                                      strlen(sess->auths[0]->username));
+    auth_list = libssh2_userauth_list(sess->session, sess->username,
+                                      strlen(sess->username));
     if (!auth_list) {
         /* unlikely event, authentication succeeded with NONE as method */
         if (libssh2_userauth_authenticated(sess->session) == 1)
@@ -845,7 +842,7 @@ virNetSSHAuthenticate(virNetSSHSession *sess)
             break;
         case VIR_NET_SSH_AUTH_AGENT:
             if (strstr(auth_list, "publickey"))
-                ret = virNetSSHAuthenticateAgent(sess, auth);
+                ret = virNetSSHAuthenticateAgent(sess);
             break;
         case VIR_NET_SSH_AUTH_PRIVKEY:
             if (strstr(auth_list, "publickey"))
@@ -853,7 +850,7 @@ virNetSSHAuthenticate(virNetSSHSession *sess)
             break;
         case VIR_NET_SSH_AUTH_PASSWORD:
             if (strstr(auth_list, "password"))
-                ret = virNetSSHAuthenticatePassword(sess, auth);
+                ret = virNetSSHAuthenticatePassword(sess);
             break;
         }
 
@@ -969,11 +966,9 @@ virNetSSHSessionAuthReset(virNetSSHSession *sess)
 
 int
 virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess,
-                                    virURI *uri,
-                                    const char *username)
+                                    virURI *uri)
 {
     virNetSSHAuthMethod *auth;
-    char *user = NULL;
 
     if (uri) {
         VIR_FREE(sess->authPath);
@@ -982,75 +977,50 @@ virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess,
             goto error;
     }
 
-    if (!username) {
-        if (!(user = virAuthGetUsernamePath(sess->authPath, sess->cred,
-                                            "ssh", NULL, sess->hostname)))
-            goto error;
-    } else {
-        user = g_strdup(username);
-    }
-
     virObjectLock(sess);
 
     if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
         goto error;
 
-    auth->username = user;
     auth->method = VIR_NET_SSH_AUTH_PASSWORD;
 
     virObjectUnlock(sess);
     return 0;
 
  error:
-    VIR_FREE(user);
     virObjectUnlock(sess);
     return -1;
 }
 
 int
-virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess,
-                                 const char *username)
+virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess)
 {
     virNetSSHAuthMethod *auth;
-    char *user = NULL;
-
-    if (!username) {
-        virReportError(VIR_ERR_SSH, "%s",
-                       _("Username must be provided "
-                         "for ssh agent authentication"));
-        return -1;
-    }
 
     virObjectLock(sess);
 
-    user = g_strdup(username);
-
     if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
         goto error;
 
-    auth->username = user;
     auth->method = VIR_NET_SSH_AUTH_AGENT;
 
     virObjectUnlock(sess);
     return 0;
 
  error:
-    VIR_FREE(user);
     virObjectUnlock(sess);
     return -1;
 }
 
 int
 virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess,
-                                   const char *username,
                                    const char *keyfile)
 {
     virNetSSHAuthMethod *auth;
 
-    if (!username || !keyfile) {
+    if (!keyfile) {
         virReportError(VIR_ERR_SSH, "%s",
-                       _("Username and key file path must be provided "
-                         "for private key authentication"));
+                       _("Key file path must be provided for private key authentication"));
         return -1;
     }
 
@@ -1061,7 +1031,6 @@ virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess,
         return -1;
     }
 
-    auth->username = g_strdup(username);
     auth->filename = g_strdup(keyfile);
     auth->method = VIR_NET_SSH_AUTH_PRIVKEY;
 
@@ -1071,27 +1040,15 @@ virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess,
 
 int
 virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSession *sess,
-                                    const char *username,
                                     int tries)
 {
     virNetSSHAuthMethod *auth;
-    char *user = NULL;
-
-    if (!username) {
-        virReportError(VIR_ERR_SSH, "%s",
-                       _("Username must be provided "
-                         "for ssh agent authentication"));
-        return -1;
-    }
 
     virObjectLock(sess);
 
-    user = g_strdup(username);
-
     if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
         goto error;
 
-    auth->username = user;
     auth->tries = tries;
     auth->method = VIR_NET_SSH_AUTH_KEYBOARD_INTERACTIVE;
 
@@ -1099,7 +1056,6 @@ virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSession *sess,
     return 0;
 
  error:
-    VIR_FREE(user);
     virObjectUnlock(sess);
     return -1;
 
@@ -1172,7 +1128,7 @@ virNetSSHSessionSetHostKeyVerification(virNetSSHSession *sess,
 }
 
 /* allocate and initialize a ssh session object */
-virNetSSHSession *virNetSSHSessionNew(void)
+virNetSSHSession *virNetSSHSessionNew(const char *username)
 {
     virNetSSHSession *sess = NULL;
 
@@ -1182,6 +1138,8 @@ virNetSSHSession *virNetSSHSessionNew(void)
     if (!(sess = virObjectLockableNew(virNetSSHSessionClass)))
         goto error;
 
+    sess->username = g_strdup(username);
+
     /* initialize session data, use the internal data for callbacks
      * and stick to default memory management functions */
     if (!(sess->session = libssh2_session_init_ex(NULL,

diff --git a/src/rpc/virnetsshsession.h b/src/rpc/virnetsshsession.h
index 8d6c99c5477789fb3f31aa6e5459074cb1105ac7..8187346000dbcbbe0ac29750c49474ad1696dbde 100644 (file)
--- a/src/rpc/virnetsshsession.h
+++ b/src/rpc/virnetsshsession.h
@@ -25,7 +25,7 @@
 
 typedef struct _virNetSSHSession virNetSSHSession;
 
-virNetSSHSession *virNetSSHSessionNew(void);
+virNetSSHSession *virNetSSHSessionNew(const char *username);
 void virNetSSHSessionFree(virNetSSHSession *sess);
 
 typedef enum {
@@ -48,18 +48,14 @@ int virNetSSHSessionAuthSetCallback(virNetSSHSession *sess,
                                     virConnectAuthPtr auth);
 
 int virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess,
-                                        virURI *uri,
-                                        const char *username);
+                                        virURI *uri);
 
-int virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess,
-                                     const char *username);
+int virNetSSHSessionAuthAddAgentAuth(virNetSSHSession *sess);
 
 int virNetSSHSessionAuthAddPrivKeyAuth(virNetSSHSession *sess,
-                                       const char *username,
                                        const char *keyfile);
 
 int virNetSSHSessionAuthAddKeyboardAuth(virNetSSHSession *sess,
-                                        const char *username,
                                         int tries);
 
 int virNetSSHSessionSetHostKeyVerification(virNetSSHSession *sess,