virNetLibsshAuthMethod: Drop 'password' field

The field was never populated so we can remove it and all the associated logic. Both for password authentication and fetching the password for the public key we still can use the authentication callbacks. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2025-02-25 18:55:26 -06:00 · 2022-12-08 13:53:17 +01:00 · 2022-12-08 13:53:17 +01:00 · 22e9e238d5
commit 22e9e238d5
parent bf5f65fead
1 changed files with 26 additions and 37 deletions
--- a/src/rpc/virnetlibsshsession.c
+++ b/src/rpc/virnetlibsshsession.c
@ -69,7 +69,6 @@ struct _virNetLibsshAuthMethod {
    virNetLibsshAuthMethods method;
    int ssh_flags;  /* SSH_AUTH_METHOD_* for this auth method */
    char *password;
    char *filename;
    int tries;
@ -129,8 +128,6 @@ virNetLibsshSessionDispose(void *obj)
    }
    for (i = 0; i < sess->nauths; i++) {
        virSecureEraseString(sess->auths[i]->password);
        g_free(sess->auths[i]->password);
        g_free(sess->auths[i]->filename);
        g_free(sess->auths[i]);
    }
@ -456,7 +453,7 @@ virNetLibsshImportPrivkey(virNetLibsshSession *sess,
     * failed or libssh did.
     */
    virResetLastError();
-    ret = ssh_pki_import_privkey_file(priv->filename, priv->password,
+    ret = ssh_pki_import_privkey_file(priv->filename, NULL,
                                      virNetLibsshAuthenticatePrivkeyCb,
                                      sess, &key);
    if (ret == SSH_EOF) {
@ -564,47 +561,39 @@ virNetLibsshAuthenticatePrivkey(virNetLibsshSession *sess,
 * returns SSH_AUTH_* values
 */
 static int
-virNetLibsshAuthenticatePassword(virNetLibsshSession *sess,
+virNetLibsshAuthenticatePassword(virNetLibsshSession *sess)
                                 virNetLibsshAuthMethod *priv)
 {
    const char *errmsg;
    int rc = SSH_AUTH_ERROR;
    VIR_DEBUG("sess=%p", sess);
-    if (priv->password) {
+    /* password authentication with interactive password request */
-        /* tunnelled password authentication */
+    if (!sess->cred || !sess->cred->cb) {
-        if ((rc = ssh_userauth_password(sess->session, NULL,
+        virReportError(VIR_ERR_LIBSSH, "%s",
-                                        priv->password)) == 0)
+                       _("Can't perform authentication: "
-            return SSH_AUTH_SUCCESS;
+                         "Authentication callback not provided"));
-    } else {
+        return SSH_AUTH_ERROR;
-        /* password authentication with interactive password request */
+    }
-        if (!sess->cred || !sess->cred->cb) {
+
-            virReportError(VIR_ERR_LIBSSH, "%s",
+    /* Try the authenticating the set amount of times. The server breaks the
-                           _("Can't perform authentication: "
+     * connection if maximum number of bad auth tries is exceeded */
-                             "Authentication callback not provided"));
+    while (true) {
        g_autofree char *password = NULL;
        if (!(password = virAuthGetPasswordPath(sess->authPath, sess->cred,
                                                "ssh", sess->username,
                                                sess->hostname)))
            return SSH_AUTH_ERROR;
        }
-        /* Try the authenticating the set amount of times. The server breaks the
+        /* tunnelled password authentication */
-         * connection if maximum number of bad auth tries is exceeded */
+        rc = ssh_userauth_password(sess->session, NULL, password);
-        while (true) {
+        virSecureEraseString(password);
            g_autofree char *password = NULL;
-            if (!(password = virAuthGetPasswordPath(sess->authPath, sess->cred,
+        if (rc == 0)
-                                                    "ssh", sess->username,
+            return SSH_AUTH_SUCCESS;
-                                                    sess->hostname)))
+        else if (rc != SSH_AUTH_DENIED)
-                return SSH_AUTH_ERROR;
+            break;
            /* tunnelled password authentication */
            rc = ssh_userauth_password(sess->session, NULL, password);
            virSecureEraseString(password);
            if (rc == 0)
                return SSH_AUTH_SUCCESS;
            else if (rc != SSH_AUTH_DENIED)
                break;
        }
    }
    /* error path */
@ -809,7 +798,7 @@ virNetLibsshAuthenticate(virNetLibsshSession *sess)
            break;
        case VIR_NET_LIBSSH_AUTH_PASSWORD:
            /* try to authenticate with password */
-            ret = virNetLibsshAuthenticatePassword(sess, auth);
+            ret = virNetLibsshAuthenticatePassword(sess);
            break;
        }