Commit b10d49d7 authored by Pino Toscano's avatar Pino Toscano Committed by Max Reitz
Browse files

ssh: switch from libssh2 to libssh 



Rewrite the implementation of the ssh block driver to use libssh instead
of libssh2.  The libssh library has various advantages over libssh2:
- easier API for authentication (for example for using ssh-agent)
- easier API for known_hosts handling
- supports newer types of keys in known_hosts

Use APIs/features available in libssh 0.8 conditionally, to support
older versions (which are not recommended though).

Adjust the iotest 207 according to the different error message, and to
find the default key type for localhost (to properly compare the
fingerprint with).
Contributed-by: default avatarMax Reitz <mreitz@redhat.com>

Adjust the various Docker/Travis scripts to use libssh when available
instead of libssh2. The mingw/mxe testing is dropped for now, as there
are no packages for it.

Signed-off-by: default avatarPino Toscano <ptoscano@redhat.com>
Tested-by: default avatarPhilippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: default avatarAlex Bennée <alex.bennee@linaro.org>
Message-id: 20190620200840.17655-1-ptoscano@redhat.com
Reviewed-by: default avatarPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 5873173.t2JhDm7DL7@lindworm.usersys.redhat.com
Signed-off-by: default avatarMax Reitz <mreitz@redhat.com>
parent 98eb9733

.travis.yml

+2 −2
Original line number Diff line number Diff line
@@ -31,7 +31,7 @@ addons: 
      - libseccomp-dev

      - libspice-protocol-dev

      - libspice-server-dev

      - libssh2-1-dev

      - libssh-dev

      - liburcu-dev

      - libusb-1.0-0-dev

      - libvte-2.91-dev
@@ -270,7 +270,7 @@ matrix: 
            - libseccomp-dev

            - libspice-protocol-dev

            - libspice-server-dev

            - libssh2-1-dev

            - libssh-dev

            - liburcu-dev

            - libusb-1.0-0-dev

            - libvte-2.91-dev

block/Makefile.objs

+3 −3
Original line number Diff line number Diff line
@@ -31,7 +31,7 @@ block-obj-$(CONFIG_CURL) += curl.o 
block-obj-$(CONFIG_RBD) += rbd.o

block-obj-$(CONFIG_GLUSTERFS) += gluster.o

block-obj-$(CONFIG_VXHS) += vxhs.o

block-obj-$(CONFIG_LIBSSH2) += ssh.o

block-obj-$(CONFIG_LIBSSH) += ssh.o

block-obj-y += accounting.o dirty-bitmap.o

block-obj-y += write-threshold.o

block-obj-y += backup.o
@@ -52,8 +52,8 @@ rbd.o-libs := $(RBD_LIBS) 
gluster.o-cflags   := $(GLUSTERFS_CFLAGS)

gluster.o-libs     := $(GLUSTERFS_LIBS)

vxhs.o-libs        := $(VXHS_LIBS)

ssh.o-cflags       := $(LIBSSH2_CFLAGS)

ssh.o-libs         := $(LIBSSH2_LIBS)

ssh.o-cflags       := $(LIBSSH_CFLAGS)

ssh.o-libs         := $(LIBSSH_LIBS)

block-obj-dmg-bz2-$(CONFIG_BZIP2) += dmg-bz2.o

block-obj-$(if $(CONFIG_DMG),m,n) += $(block-obj-dmg-bz2-y)

dmg-bz2.o-libs     := $(BZIP2_LIBS)

block/ssh.c

+360 −292

File changed.

Preview size limit exceeded, changes collapsed.

block/trace-events

+8 −6
Original line number Diff line number Diff line
@@ -171,19 +171,21 @@ nbd_client_connect_success(const char *export_name) "export '%s'" 
# ssh.c

ssh_restart_coroutine(void *co) "co=%p"

ssh_flush(void) "fsync"

ssh_check_host_key_knownhosts(const char *key) "host key OK: %s"

ssh_check_host_key_knownhosts(void) "host key OK"

ssh_connect_to_ssh(char *path, int flags, int mode) "opening file %s flags=0x%x creat_mode=0%o"

ssh_co_yield(int sock, void *rd_handler, void *wr_handler) "s->sock=%d rd_handler=%p wr_handler=%p"

ssh_co_yield_back(int sock) "s->sock=%d - back"

ssh_getlength(int64_t length) "length=%" PRIi64

ssh_co_create_opts(uint64_t size) "total_size=%" PRIu64

ssh_read(int64_t offset, size_t size) "offset=%" PRIi64 " size=%zu"

ssh_read_buf(void *buf, size_t size) "sftp_read buf=%p size=%zu"

ssh_read_return(ssize_t ret) "sftp_read returned %zd"

ssh_read_buf(void *buf, size_t size, size_t actual_size) "sftp_read buf=%p size=%zu (actual size=%zu)"

ssh_read_return(ssize_t ret, int sftp_err) "sftp_read returned %zd (sftp error=%d)"

ssh_write(int64_t offset, size_t size) "offset=%" PRIi64 " size=%zu"

ssh_write_buf(void *buf, size_t size) "sftp_write buf=%p size=%zu"

ssh_write_return(ssize_t ret) "sftp_write returned %zd"

ssh_write_buf(void *buf, size_t size, size_t actual_size) "sftp_write buf=%p size=%zu (actual size=%zu)"

ssh_write_return(ssize_t ret, int sftp_err) "sftp_write returned %zd (sftp error=%d)"

ssh_seek(int64_t offset) "seeking to offset=%" PRIi64

ssh_auth_methods(int methods) "auth methods=0x%x"

ssh_server_status(int status) "server status=%d"



# curl.c

curl_timer_cb(long timeout_ms) "timer callback timeout_ms %ld"
@@ -216,4 +218,4 @@ sheepdog_snapshot_create(const char *sn_name, const char *id) "%s %s" 
sheepdog_snapshot_create_inode(const char *name, uint32_t snap, uint32_t vdi) "s->inode: name %s snap_id 0x%" PRIx32 " vdi 0x%" PRIx32



# ssh.c

sftp_error(const char *op, const char *ssh_err, int ssh_err_code, unsigned long sftp_err_code) "%s failed: %s (libssh2 error code: %d, sftp error code: %lu)"
 
sftp_error(const char *op, const char *ssh_err, int ssh_err_code, int sftp_err_code) "%s failed: %s (libssh error code: %d, sftp error code: %d)"

configure

+28 −37
Original line number Diff line number Diff line
@@ -472,7 +472,7 @@ auth_pam="" 
vte=""

virglrenderer=""

tpm=""

libssh2=""

libssh=""

live_block_migration="yes"

numa=""

tcmalloc="no"
@@ -1439,9 +1439,9 @@ for opt do 
  ;;

  --enable-tpm) tpm="yes"

  ;;

  --disable-libssh2) libssh2="no"

  --disable-libssh) libssh="no"

  ;;

  --enable-libssh2) libssh2="yes"

  --enable-libssh) libssh="yes"

  ;;

  --disable-live-block-migration) live_block_migration="no"

  ;;
@@ -1810,7 +1810,7 @@ disabled with --disable-FEATURE, default is enabled if available: 
  coroutine-pool  coroutine freelist (better performance)

  glusterfs       GlusterFS backend

  tpm             TPM support

  libssh2         ssh block device support

  libssh          ssh block device support

  numa            libnuma support

  libxml2         for Parallels image format

  tcmalloc        tcmalloc support
@@ -3914,43 +3914,34 @@ EOF 
fi



##########################################

# libssh2 probe

min_libssh2_version=1.2.8

if test "$libssh2" != "no" ; then

  if $pkg_config --atleast-version=$min_libssh2_version libssh2; then

    libssh2_cflags=$($pkg_config libssh2 --cflags)

    libssh2_libs=$($pkg_config libssh2 --libs)

    libssh2=yes

# libssh probe

if test "$libssh" != "no" ; then

  if $pkg_config --exists libssh; then

    libssh_cflags=$($pkg_config libssh --cflags)

    libssh_libs=$($pkg_config libssh --libs)

    libssh=yes

  else

    if test "$libssh2" = "yes" ; then

      error_exit "libssh2 >= $min_libssh2_version required for --enable-libssh2"

    if test "$libssh" = "yes" ; then

      error_exit "libssh required for --enable-libssh"

    fi

    libssh2=no

    libssh=no

  fi

fi



##########################################

# libssh2_sftp_fsync probe

# Check for libssh 0.8

# This is done like this instead of using the LIBSSH_VERSION_* and

# SSH_VERSION_* macros because some distributions in the past shipped

# snapshots of the future 0.8 from Git, and those snapshots did not

# have updated version numbers (still referring to 0.7.0).



if test "$libssh2" = "yes"; then

if test "$libssh" = "yes"; then

  cat > $TMPC <<EOF

#include <stdio.h>

#include <libssh2.h>

#include <libssh2_sftp.h>

int main(void) {

    LIBSSH2_SESSION *session;

    LIBSSH2_SFTP *sftp;

    LIBSSH2_SFTP_HANDLE *sftp_handle;

    session = libssh2_session_init ();

    sftp = libssh2_sftp_init (session);

    sftp_handle = libssh2_sftp_open (sftp, "/", 0, 0);

    libssh2_sftp_fsync (sftp_handle);

    return 0;

}

#include <libssh/libssh.h>

int main(void) { return ssh_get_server_publickey(NULL, NULL); }

EOF

  # libssh2_cflags/libssh2_libs defined in previous test.

  if compile_prog "$libssh2_cflags" "$libssh2_libs" ; then

    QEMU_CFLAGS="-DHAS_LIBSSH2_SFTP_FSYNC $QEMU_CFLAGS"

  if compile_prog "$libssh_cflags" "$libssh_libs"; then

    libssh_cflags="-DHAVE_LIBSSH_0_8 $libssh_cflags"

  fi

fi
@@ -6451,7 +6442,7 @@ echo "GlusterFS support $glusterfs" 
echo "gcov              $gcov_tool"

echo "gcov enabled      $gcov"

echo "TPM support       $tpm"

echo "libssh2 support   $libssh2"

echo "libssh support    $libssh"

echo "QOM debugging     $qom_cast_debug"

echo "Live block migration $live_block_migration"

echo "lzo support       $lzo"
@@ -7144,10 +7135,10 @@ if test "$glusterfs_iocb_has_stat" = "yes" ; then 
  echo "CONFIG_GLUSTERFS_IOCB_HAS_STAT=y" >> $config_host_mak

fi



if test "$libssh2" = "yes" ; then

  echo "CONFIG_LIBSSH2=m" >> $config_host_mak

  echo "LIBSSH2_CFLAGS=$libssh2_cflags" >> $config_host_mak

  echo "LIBSSH2_LIBS=$libssh2_libs" >> $config_host_mak

if test "$libssh" = "yes" ; then

  echo "CONFIG_LIBSSH=m" >> $config_host_mak

  echo "LIBSSH_CFLAGS=$libssh_cflags" >> $config_host_mak

  echo "LIBSSH_LIBS=$libssh_libs" >> $config_host_mak

fi



if test "$live_block_migration" = "yes" ; then