remote/ssh: optional "keyfile" parameter.

New optional parameter "keyfile" for ssh transport allows the user to select
the private key to be used to authenticate to the remote host.

diff --git a/docs/remote.html.in b/docs/remote.html.in
index 39d65aaabe9d74bdee83a6c8ab30504081ff9b66..b55495093945bf18d45b1d1312eadca520b48f1d 100644 (file)
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -275,6 +275,22 @@ Note that parameter values must be
         <td colspan="2"/>
         <td> Example: <code>netcat=/opt/netcat/bin/nc</code> </td>
       </tr>
+
+      <tr>
+        <td>
+          <code>keyfile</code>
+        </td>
+        <td> ssh </td>
+        <td>
+  The name of the private key file to use to authentication to the remote
+  machine.  If this option is not used the default keys are used.
+        </td>
+      </tr>
+      <tr>
+        <td colspan="2"/>
+        <td> Example: <code>keyfile=/root/.ssh/example_key</code> </td>
+      </tr>
+
       <tr>
         <td>
           <code>no_verify</code>

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index ec4133b2bcf7610aa895fd510f0b65a10179ac06..665ef04a34da52ec5c52a139b4214f42aec97bbb 100644 (file)
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -352,7 +352,7 @@ doRemoteOpen (virConnectPtr conn,
     char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL;
     char *port = NULL, *authtype = NULL, *username = NULL;
     int no_verify = 0, no_tty = 0;
-    char *pkipath = NULL;
+    char *pkipath = NULL, *keyfile = NULL;
 
     /* Return code from this function, and the private data. */
     int retcode = VIR_DRV_OPEN_ERROR;
@@ -425,6 +425,11 @@ doRemoteOpen (virConnectPtr conn,
                 netcat = strdup (var->value);
                 if (!netcat) goto out_of_memory;
                 var->ignore = 1;
+            } else if (STRCASEEQ (var->name, "keyfile")) {
+                VIR_FREE(keyfile);
+                keyfile = strdup (var->value);
+                if (!keyfile) goto out_of_memory;
+                var->ignore = 1;
             } else if (STRCASEEQ (var->name, "no_verify")) {
                 no_verify = atoi (var->value);
                 var->ignore = 1;
@@ -582,6 +587,7 @@ doRemoteOpen (virConnectPtr conn,
                                                 no_tty,
                                                 no_verify,
                                                 netcat ? netcat : "nc",
+                                                keyfile,
                                                 sockname)))
             goto failed;
 
@@ -681,6 +687,7 @@ doRemoteOpen (virConnectPtr conn,
     VIR_FREE(sockname);
     VIR_FREE(authtype);
     VIR_FREE(netcat);
+    VIR_FREE(keyfile);
     VIR_FREE(username);
     VIR_FREE(port);
     VIR_FREE(pkipath);

diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index 7e88abaaa944a692df8dc37d805fb71ca3cbacbf..b845555bece233d2c707fb7e425021e917c0a852 100644 (file)
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -201,11 +201,13 @@ virNetClientPtr virNetClientNewSSH(const char *nodename,
                                    bool noTTY,
                                    bool noVerify,
                                    const char *netcat,
+                                   const char *keyfile,
                                    const char *path)
 {
     virNetSocketPtr sock;
 
-    if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY, noVerify, netcat, path, &sock) < 0)
+    if (virNetSocketNewConnectSSH(nodename, service, binary, username, noTTY,
+                                  noVerify, netcat, keyfile, path, &sock) < 0)
         return NULL;
 
     return virNetClientNew(sock, NULL);

diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h
index a0983bc734b195e1c9f2762da8f2704570d5cbc6..90d19d397c8208e4ce9219b7ea4e7130a7ff80f8 100644 (file)
--- a/src/rpc/virnetclient.h
+++ b/src/rpc/virnetclient.h
@@ -46,6 +46,7 @@ virNetClientPtr virNetClientNewSSH(const char *nodename,
                                    bool noTTY,
                                    bool noVerify,
                                    const char *netcat,
+                                   const char *keyfile,
                                    const char *path);
 
 virNetClientPtr virNetClientNewExternal(const char **cmdargv);

diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 71df9512997037c5d74ecc14fa614eaebc576a0f..d4c0bdd799677fe776ce31588a60720eaceda950 100644 (file)
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -594,6 +594,7 @@ int virNetSocketNewConnectSSH(const char *nodename,
                               bool noTTY,
                               bool noVerify,
                               const char *netcat,
+                              const char *keyfile,
                               const char *path,
                               virNetSocketPtr *retsock)
 {
@@ -611,6 +612,8 @@ int virNetSocketNewConnectSSH(const char *nodename,
         virCommandAddArgList(cmd, "-p", service, NULL);
     if (username)
         virCommandAddArgList(cmd, "-l", username, NULL);
+    if (keyfile)
+        virCommandAddArgList(cmd, "-i", keyfile, NULL);
     if (noTTY)
         virCommandAddArgList(cmd, "-T", "-o", "BatchMode=yes",
                              "-e", "none", NULL);

diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h
index e13ab8fb150dba6f3951c34e1547d4c63436b022..dfb3c5d031ef7ff91c77d592bc0db4869df40d24 100644 (file)
--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -69,6 +69,7 @@ int virNetSocketNewConnectSSH(const char *nodename,
                               bool noTTY,
                               bool noVerify,
                               const char *netcat,
+                              const char *keyfile,
                               const char *path,
                               virNetSocketPtr *addr);
 

diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c
index 0c86b84e8a230df35e44786fe83f3d7b5d0a3eb7..e72b9a01ba6486a2454055afd3b92e48525a904c 100644 (file)
--- a/tests/virnetsockettest.c
+++ b/tests/virnetsockettest.c
@@ -379,6 +379,7 @@ struct testSSHData {
     bool noTTY;
     bool noVerify;
     const char *netcat;
+    const char *keyfile;
     const char *path;
 
     const char *expectOut;
@@ -400,6 +401,7 @@ static int testSocketSSH(const void *opaque)
                                   data->noTTY,
                                   data->noVerify,
                                   data->netcat,
+                                  data->keyfile,
                                   data->path,
                                   &csock) < 0)
         goto cleanup;
@@ -542,6 +544,16 @@ mymain(void)
     if (virtTestRun("SSH test 5", 1, testSocketSSH, &sshData5) < 0)
         ret = -1;
 
+    struct testSSHData sshData6 = {
+        .nodename = "example.com",
+        .path = "/tmp/socket",
+        .keyfile = "/root/.ssh/example_key",
+        .noVerify = true,
+        .expectOut = "-i /root/.ssh/example_key -o StrictHostKeyChecking=no example.com nc -U /tmp/socket\n",
+    };
+    if (virtTestRun("SSH test 6", 1, testSocketSSH, &sshData6) < 0)
+        ret = -1;
+
 #endif
 
     return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE);