From: "Richard W.M. Jones" <rjones@redhat.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: kwolf@redhat.com, qemu-devel@nongnu.org, stefanha@redhat.com
Subject: Re: [Qemu-devel] [PATCH 06/18] block/ssh: Propagate errors through check_host_key()
Date: Wed, 14 May 2014 15:57:44 +0100 [thread overview]
Message-ID: <20140514145744.GU1302@redhat.com> (raw)
In-Reply-To: <1399996972-23429-7-git-send-email-armbru@redhat.com>
On Tue, May 13, 2014 at 06:02:40PM +0200, Markus Armbruster wrote:
> Cc: "Richard W.M. Jones" <rjones@redhat.com>
> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
> block/ssh.c | 68 ++++++++++++++++++++++++++++++++++++++++++++-----------------
> 1 file changed, 49 insertions(+), 19 deletions(-)
>
> diff --git a/block/ssh.c b/block/ssh.c
> index e38d232..1df1946 100644
> --- a/block/ssh.c
> +++ b/block/ssh.c
> @@ -106,6 +106,31 @@ static void ssh_state_free(BDRVSSHState *s)
> }
> }
>
> +static void GCC_FMT_ATTR(3, 4)
> +session_error_setg(Error **errp, BDRVSSHState *s, const char *fs, ...)
> +{
> + va_list args;
> + char *msg;
> +
> + va_start(args, fs);
> + msg = g_strdup_vprintf(fs, args);
> + va_end(args);
> +
> + if (s->session) {
> + char *ssh_err;
> + int ssh_err_code;
> +
> + /* This is not an errno. See <libssh2.h>. */
> + ssh_err_code = libssh2_session_last_error(s->session,
> + &ssh_err, NULL, 0);
> + error_setg(errp, "%s: %s (libssh2 error code: %d)",
> + msg, ssh_err, ssh_err_code);
> + } else {
> + error_setg(errp, "%s", msg);
> + }
> + g_free(msg);
> +}
> +
> /* Wrappers around error_report which make sure to dump as much
> * information from libssh2 as possible.
> */
> @@ -242,7 +267,7 @@ static void ssh_parse_filename(const char *filename, QDict *options,
> }
>
> static int check_host_key_knownhosts(BDRVSSHState *s,
> - const char *host, int port)
> + const char *host, int port, Error **errp)
> {
> const char *home;
> char *knh_file = NULL;
> @@ -256,14 +281,15 @@ static int check_host_key_knownhosts(BDRVSSHState *s,
> hostkey = libssh2_session_hostkey(s->session, &len, &type);
> if (!hostkey) {
> ret = -EINVAL;
> - session_error_report(s, "failed to read remote host key");
> + session_error_setg(errp, s, "failed to read remote host key");
> goto out;
> }
>
> knh = libssh2_knownhost_init(s->session);
> if (!knh) {
> ret = -EINVAL;
> - session_error_report(s, "failed to initialize known hosts support");
> + session_error_setg(errp, s,
> + "failed to initialize known hosts support");
> goto out;
> }
>
> @@ -288,21 +314,23 @@ static int check_host_key_knownhosts(BDRVSSHState *s,
> break;
> case LIBSSH2_KNOWNHOST_CHECK_MISMATCH:
> ret = -EINVAL;
> - session_error_report(s, "host key does not match the one in known_hosts (found key %s)",
> - found->key);
> + session_error_setg(errp, s,
> + "host key does not match the one in known_hosts"
> + " (found key %s)", found->key);
> goto out;
> case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND:
> ret = -EINVAL;
> - session_error_report(s, "no host key was found in known_hosts");
> + session_error_setg(errp, s, "no host key was found in known_hosts");
> goto out;
> case LIBSSH2_KNOWNHOST_CHECK_FAILURE:
> ret = -EINVAL;
> - session_error_report(s, "failure matching the host key with known_hosts");
> + session_error_setg(errp, s,
> + "failure matching the host key with known_hosts");
> goto out;
> default:
> ret = -EINVAL;
> - session_error_report(s, "unknown error matching the host key with known_hosts (%d)",
> - r);
> + session_error_setg(errp, s, "unknown error matching the host key"
> + " with known_hosts (%d)", r);
> goto out;
> }
>
> @@ -357,20 +385,20 @@ static int compare_fingerprint(const unsigned char *fingerprint, size_t len,
>
> static int
> check_host_key_hash(BDRVSSHState *s, const char *hash,
> - int hash_type, size_t fingerprint_len)
> + int hash_type, size_t fingerprint_len, Error **errp)
> {
> const char *fingerprint;
>
> fingerprint = libssh2_hostkey_hash(s->session, hash_type);
> if (!fingerprint) {
> - session_error_report(s, "failed to read remote host key");
> + session_error_setg(errp, s, "failed to read remote host key");
> return -EINVAL;
> }
>
> if(compare_fingerprint((unsigned char *) fingerprint, fingerprint_len,
> hash) != 0) {
> - error_report("remote host key does not match host_key_check '%s'",
> - hash);
> + error_setg(errp, "remote host key does not match host_key_check '%s'",
> + hash);
> return -EPERM;
> }
>
> @@ -378,7 +406,7 @@ check_host_key_hash(BDRVSSHState *s, const char *hash,
> }
>
> static int check_host_key(BDRVSSHState *s, const char *host, int port,
> - const char *host_key_check)
> + const char *host_key_check, Error **errp)
> {
> /* host_key_check=no */
> if (strcmp(host_key_check, "no") == 0) {
> @@ -388,21 +416,21 @@ static int check_host_key(BDRVSSHState *s, const char *host, int port,
> /* host_key_check=md5:xx:yy:zz:... */
> if (strncmp(host_key_check, "md5:", 4) == 0) {
> return check_host_key_hash(s, &host_key_check[4],
> - LIBSSH2_HOSTKEY_HASH_MD5, 16);
> + LIBSSH2_HOSTKEY_HASH_MD5, 16, errp);
> }
>
> /* host_key_check=sha1:xx:yy:zz:... */
> if (strncmp(host_key_check, "sha1:", 5) == 0) {
> return check_host_key_hash(s, &host_key_check[5],
> - LIBSSH2_HOSTKEY_HASH_SHA1, 20);
> + LIBSSH2_HOSTKEY_HASH_SHA1, 20, errp);
> }
>
> /* host_key_check=yes */
> if (strcmp(host_key_check, "yes") == 0) {
> - return check_host_key_knownhosts(s, host, port);
> + return check_host_key_knownhosts(s, host, port, errp);
> }
>
> - error_report("unknown host_key_check setting (%s)", host_key_check);
> + error_setg(errp, "unknown host_key_check setting (%s)", host_key_check);
> return -EINVAL;
> }
>
> @@ -541,8 +569,10 @@ static int connect_to_ssh(BDRVSSHState *s, QDict *options,
> }
>
> /* Check the remote host's key against known_hosts. */
> - ret = check_host_key(s, host, port, host_key_check);
> + ret = check_host_key(s, host, port, host_key_check, &err);
> if (ret < 0) {
> + qerror_report_err(err);
> + error_free(err);
> goto err;
> }
>
> --
> 1.8.1.4
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
next prev parent reply other threads:[~2014-05-14 14:58 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-13 16:02 [Qemu-devel] [PATCH 00/18] [PATCH 00/18] block: Purge qerror_report() Markus Armbruster
2014-05-13 16:02 ` [Qemu-devel] [PATCH 01/18] blockdev: Don't use qerror_report_err() in drive_init() Markus Armbruster
2014-05-13 17:04 ` Eric Blake
2014-05-13 16:02 ` [Qemu-devel] [PATCH 02/18] blockdev: Don't use qerror_report() in do_drive_del() Markus Armbruster
2014-05-13 19:38 ` Eric Blake
2014-05-13 16:02 ` [Qemu-devel] [PATCH 03/18] qemu-nbd: Don't use qerror_report() Markus Armbruster
2014-05-13 19:39 ` Eric Blake
2014-05-13 16:02 ` [Qemu-devel] [PATCH 04/18] block/rbd: Propagate errors to open and create methods Markus Armbruster
2014-05-13 19:51 ` Eric Blake
2014-05-14 5:41 ` Markus Armbruster
2014-05-13 16:02 ` [Qemu-devel] [PATCH 05/18] block/ssh: Drop superfluous libssh2_session_last_errno() calls Markus Armbruster
2014-05-14 9:11 ` Richard W.M. Jones
2014-05-14 11:06 ` Markus Armbruster
2014-05-14 12:01 ` Richard W.M. Jones
2014-05-14 14:48 ` Markus Armbruster
2014-05-14 14:57 ` Richard W.M. Jones
2014-05-13 16:02 ` [Qemu-devel] [PATCH 06/18] block/ssh: Propagate errors through check_host_key() Markus Armbruster
2014-05-14 14:57 ` Richard W.M. Jones [this message]
2014-05-13 16:02 ` [Qemu-devel] [PATCH 07/18] block/ssh: Propagate errors through authenticate() Markus Armbruster
2014-05-14 14:57 ` Richard W.M. Jones
2014-05-13 16:02 ` [Qemu-devel] [PATCH 08/18] block/ssh: Propagate errors through connect_to_ssh() Markus Armbruster
2014-05-14 14:57 ` Richard W.M. Jones
2014-05-13 16:02 ` [Qemu-devel] [PATCH 09/18] block/ssh: Propagate errors to open and create methods Markus Armbruster
2014-05-14 9:13 ` Richard W.M. Jones
2014-05-14 14:58 ` Richard W.M. Jones
2014-05-13 16:02 ` [Qemu-devel] [PATCH 10/18] block/vvfat: Propagate errors through enable_write_target() Markus Armbruster
2014-05-14 16:57 ` Eric Blake
2014-05-14 17:36 ` Markus Armbruster
2014-05-13 16:02 ` [Qemu-devel] [PATCH 11/18] block/vvfat: Propagate errors through init_directories() Markus Armbruster
2014-05-14 17:45 ` Eric Blake
2014-05-14 19:48 ` Markus Armbruster
2014-05-13 16:02 ` [Qemu-devel] [PATCH 12/18] block/sheepdog: Propagate errors through connect_to_sdog() Markus Armbruster
2014-05-14 18:19 ` Eric Blake
2014-05-13 16:02 ` [Qemu-devel] [PATCH 13/18] block/sheepdog: Propagate errors through get_sheep_fd() Markus Armbruster
2014-05-15 18:54 ` Eric Blake
2014-05-13 16:02 ` [Qemu-devel] [PATCH 14/18] block/sheepdog: Propagate errors through sd_prealloc() Markus Armbruster
2014-05-15 18:59 ` Eric Blake
2014-05-15 19:45 ` Markus Armbruster
2014-05-16 8:54 ` Markus Armbruster
2014-05-13 16:02 ` [Qemu-devel] [PATCH 15/18] block/sheepdog: Propagate errors through do_sd_create() Markus Armbruster
2014-05-15 19:02 ` Eric Blake
2014-05-13 16:02 ` [Qemu-devel] [PATCH 16/18] block/sheepdog: Propagate errors through find_vdi_name() Markus Armbruster
2014-05-15 19:06 ` Eric Blake
2014-05-13 16:02 ` [Qemu-devel] [PATCH 17/18] block/sheepdog: Propagate errors to open and create methods Markus Armbruster
2014-05-15 19:07 ` Eric Blake
2014-05-13 16:02 ` [Qemu-devel] [PATCH 18/18] block/sheepdog: Don't use qerror_report() Markus Armbruster
2014-05-15 19:08 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140514145744.GU1302@redhat.com \
--to=rjones@redhat.com \
--cc=armbru@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.