From: "Richard W.M. Jones" <rjones@redhat.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: qemu-devel <qemu-devel@nongnu.org>
Subject: [Qemu-devel] [PATCH] block/curl: Add support for Secure Shell (ssh/sftp) block device
Date: Fri, 22 Mar 2013 13:04:55 +0000 [thread overview]
Message-ID: <20130322130455.GI1504@rhmail.home.annexia.org> (raw)
In-Reply-To: <CAJSP0QXVf1-TFqm_xKbnxqA=F0bMah0+_zfj0KECtKwb3r4LyQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1407 bytes --]
I got it working with Curl, patch attached.
However there are multiple issues (these are mainly notes for myself):
(1) libcurl cannot read the size of the file. I had to hard-code
this. This is probably just a shortcoming of libcurl (libssh2/sftp
itself can read the size of files). Will try to work on a patch for
upstream.
(2) Fedora's curl (which is heavily patched) is broken in some way and
deadlocks itself. Upstream curl from git works better. I haven't yet
identified which patch/commit is responsible.
(3) ssh-agent authentication doesn't work. It appears that either
ssh-agent itself doesn't like multiple connections from a single
process (qemu), or libcurl/libssh2 is having a problem with making
multiple connections out to ssh-agent. If I disable ssh-agent auth,
it works. Still investigating this.
(4) You must specify a user@ in the URL, else libcurl tries to
authenticate as user "". I will see if I can send a fix for this
upstream.
(5) Although it gets much of the way through a boot of a guest, it
eventually segfaults. Still investigating this.
(6) There are several more issues marked by XXX's in the code.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v
[-- Attachment #2: 0001-block-curl-Add-support-for-Secure-Shell-ssh-sftp-blo.patch --]
[-- Type: text/plain, Size: 3280 bytes --]
>From c2ae4abf29973b8b8bc490b84fb761a8a4053fbf Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 21 Mar 2013 21:38:10 +0000
Subject: [PATCH] block/curl: Add support for Secure Shell (ssh/sftp) block
device.
qemu-system-x86_64 -drive file=sftp://user@hostname/some/image
QEMU will ssh into 'hostname' as 'user' and open '/some/image' which
is made available as a standard block device.
You must specify a 'user@' in the URL.
The server just requires a regular ssh daemon with sftp-server
support. Most ssh daemons on Unix/Linux systems will work out of the
box.
This is implemented using curl (using libssh2 underneath).
Thanks: Stefan Hajnoczi for pointing out that this could be done much
more easily using curl instead of using libssh2 directly.
---
block/curl.c | 30 +++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/block/curl.c b/block/curl.c
index 98947da..b236f7f 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -36,7 +36,7 @@
#define PROTOCOLS (CURLPROTO_HTTP | CURLPROTO_HTTPS | \
CURLPROTO_FTP | CURLPROTO_FTPS | \
- CURLPROTO_TFTP)
+ CURLPROTO_TFTP | CURLPROTO_SFTP)
#define CURL_NUM_STATES 8
#define CURL_NUM_ACB 8
@@ -305,6 +305,17 @@ static CURLState *curl_init_state(BDRVCURLState *s)
curl_easy_setopt(state->curl, CURLOPT_NOSIGNAL, 1);
curl_easy_setopt(state->curl, CURLOPT_ERRORBUFFER, state->errmsg);
curl_easy_setopt(state->curl, CURLOPT_FAILONERROR, 1);
+#if defined(CURLSSH_AUTH_ANY)
+ curl_easy_setopt(state->curl, CURLOPT_SSH_AUTH_TYPES, CURLSSH_AUTH_ANY);
+#endif
+
+ /* XXX */
+ curl_easy_setopt (state->curl, CURLOPT_SSH_PRIVATE_KEYFILE,
+ "/home/rjones/.ssh/id_rsa"); /* XXX */
+ curl_easy_setopt (state->curl, CURLOPT_SSH_PUBLIC_KEYFILE,
+ "/home/rjones/.ssh/id_rsa.pub"); /* XXX */
+ curl_easy_setopt (state->curl, CURLOPT_KEYPASSWD,
+ "XXX PUT YOUR PASSPHRASE HERE XXX"); /* XXX */
/* Restrict supported protocols to avoid security issues in the more
* obscure protocols. For example, do not allow POP3/SMTP/IMAP see
@@ -406,8 +417,12 @@ static int curl_open(BlockDriverState *bs, const char *filename, int flags)
curl_easy_setopt(state->curl, CURLOPT_NOBODY, 0);
if (d)
s->len = (size_t)d;
+#if 0
else if(!s->len)
goto out;
+#else
+ s->len = 8589934592; /* XXX */
+#endif
DPRINTF("CURL: Size = %zd\n", s->len);
curl_clean_state(state);
@@ -626,6 +641,18 @@ static BlockDriver bdrv_tftp = {
.bdrv_aio_readv = curl_aio_readv,
};
+static BlockDriver bdrv_sftp = {
+ .format_name = "sftp",
+ .protocol_name = "sftp",
+
+ .instance_size = sizeof(BDRVCURLState),
+ .bdrv_file_open = curl_open,
+ .bdrv_close = curl_close,
+ .bdrv_getlength = curl_getlength,
+
+ .bdrv_aio_readv = curl_aio_readv,
+};
+
static void curl_block_init(void)
{
bdrv_register(&bdrv_http);
@@ -633,6 +660,7 @@ static void curl_block_init(void)
bdrv_register(&bdrv_ftp);
bdrv_register(&bdrv_ftps);
bdrv_register(&bdrv_tftp);
+ bdrv_register(&bdrv_sftp);
}
block_init(curl_block_init);
--
1.8.1.4
next prev parent reply other threads:[~2013-03-22 13:05 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-21 13:38 [Qemu-devel] [PATCH] Add support for Secure Shell (ssh) block device Richard W.M. Jones
2013-03-21 13:38 ` [Qemu-devel] [PATCH] block: " Richard W.M. Jones
2013-03-21 15:26 ` Stefan Hajnoczi
2013-03-21 15:39 ` Richard W.M. Jones
2013-03-21 19:29 ` Stefan Hajnoczi
2013-03-21 19:35 ` Stefan Hajnoczi
2013-03-21 20:31 ` Richard W.M. Jones
2013-03-22 13:04 ` Richard W.M. Jones [this message]
2013-03-22 13:41 ` [Qemu-devel] [PATCH] block/curl: Add support for Secure Shell (ssh/sftp) " Stefan Hajnoczi
2013-03-25 12:32 ` Richard W.M. Jones
2013-03-25 13:12 ` Stefan Hajnoczi
2013-03-25 14:36 ` [Qemu-devel] [PATCH] block: Add support for Secure Shell (ssh) " Kevin Wolf
2013-03-25 15:11 ` Richard W.M. Jones
2013-03-26 9:37 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130322130455.GI1504@rhmail.home.annexia.org \
--to=rjones@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).