libssh2_session: Add support for creating known_hosts file

The libssh2 code wasn't supposed to create the known_hosts file, but
recent findings show, that we can't use the default created by OpenSSH
as libssh2 might damage it. We need to create a private known_hosts file
in the config path.

This patch adds support for skipping error if the known_hosts file is
not present and let libssh2 create a new one.

diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 530c081dbc2a83323e26463f34add0bf8299c321..5a483003861b627b26527a947bdbed1e45d6f2c3 100644 (file)
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -788,8 +788,8 @@ virNetSocketNewConnectLibSSH2(const char *host,
                                                host,
                                                portN,
                                                knownHosts,
-                                               false,
-                                               verify) != 0)
+                                               verify,
+                                               VIR_NET_SSH_HOSTKEY_FILE_CREATE) != 0)
         goto error;
 
     if (virNetSSHSessionSetChannelCommand(sess, command) != 0)

diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c
index fe0197e683ddc2947711a666735b6e4373e6aca8..59013c752c7e1863114fa352fdc317f51cf5b1d8 100644 (file)
--- a/src/rpc/virnetsshsession.c
+++ b/src/rpc/virnetsshsession.c
@@ -1123,8 +1123,8 @@ virNetSSHSessionSetHostKeyVerification(virNetSSHSessionPtr sess,
                                        const char *hostname,
                                        int port,
                                        const char *hostsfile,
-                                       bool readonly,
-                                       virNetSSHHostkeyVerify opt)
+                                       virNetSSHHostkeyVerify opt,
+                                       unsigned int flags)
 {
     char *errmsg;
 
@@ -1140,19 +1140,25 @@ virNetSSHSessionSetHostKeyVerification(virNetSSHSessionPtr sess,
 
     /* load the known hosts file */
     if (hostsfile) {
-        if (libssh2_knownhost_readfile(sess->knownHosts,
-                                       hostsfile,
-                                       LIBSSH2_KNOWNHOST_FILE_OPENSSH) < 0) {
-            libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
+        if (virFileExists(hostsfile)) {
+            if (libssh2_knownhost_readfile(sess->knownHosts,
+                                           hostsfile,
+                                           LIBSSH2_KNOWNHOST_FILE_OPENSSH) < 0) {
+                libssh2_session_last_error(sess->session, &errmsg, NULL, 0);
+                virReportError(VIR_ERR_SSH,
+                               _("unable to load knownhosts file '%s': %s"),
+                               hostsfile, errmsg);
+                goto error;
+            }
+        } else if (!(flags & VIR_NET_SSH_HOSTKEY_FILE_CREATE)) {
             virReportError(VIR_ERR_SSH,
-                           _("unable to load knownhosts file '%s': %s"),
-                           hostsfile, errmsg);
+                           _("known hosts file '%s' does not exist"),
+                           hostsfile);
             goto error;
         }
 
         /* set filename only if writing to the known hosts file is requested */
-
-        if (!readonly) {
+        if (!(flags & VIR_NET_SSH_HOSTKEY_FILE_READONLY)) {
             VIR_FREE(sess->knownHostsFile);
             if (!(sess->knownHostsFile = strdup(hostsfile)))
                 goto no_memory;

diff --git a/src/rpc/virnetsshsession.h b/src/rpc/virnetsshsession.h
index eb92e43fd296034ddd10e5c8a421be47d8a6d97f..1199eeff28483a690da766c98218f2094b5366c0 100644 (file)
--- a/src/rpc/virnetsshsession.h
+++ b/src/rpc/virnetsshsession.h
@@ -36,6 +36,11 @@ typedef enum {
     VIR_NET_SSH_HOSTKEY_VERIFY_IGNORE
 } virNetSSHHostkeyVerify;
 
+typedef enum {
+    VIR_NET_SSH_HOSTKEY_FILE_READONLY = 1 << 0,
+    VIR_NET_SSH_HOSTKEY_FILE_CREATE   = 1 << 1,
+} virNetSSHHostKeyFileFlags;
+
 int virNetSSHSessionSetChannelCommand(virNetSSHSessionPtr sess,
                                       const char *command);
 
@@ -64,8 +69,8 @@ int virNetSSHSessionSetHostKeyVerification(virNetSSHSessionPtr sess,
                                            const char *hostname,
                                            int port,
                                            const char *hostsfile,
-                                           bool readonly,
-                                           virNetSSHHostkeyVerify opt);
+                                           virNetSSHHostkeyVerify opt,
+                                           unsigned int flags);
 
 int virNetSSHSessionConnect(virNetSSHSessionPtr sess,
                             int sock);