|
|
1072c8 |
From 1ed102f5489e6cf3168d9014e9a082909193b6fc Mon Sep 17 00:00:00 2001
|
|
|
1072c8 |
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
|
|
1072c8 |
Date: Thu, 29 Jul 2021 04:55:57 -0400
|
|
|
1072c8 |
Subject: [PATCH 04/14] qga: add ssh-get-authorized-keys
|
|
|
1072c8 |
MIME-Version: 1.0
|
|
|
1072c8 |
Content-Type: text/plain; charset=UTF-8
|
|
|
1072c8 |
Content-Transfer-Encoding: 8bit
|
|
|
1072c8 |
|
|
|
1072c8 |
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
|
1072c8 |
Message-id: <20210609100615.2501448-5-marcandre.lureau@redhat.com>
|
|
|
1072c8 |
Patchwork-id: 101690
|
|
|
1072c8 |
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 4/4] qga: add ssh-get-authorized-keys
|
|
|
1072c8 |
Bugzilla: 1967716
|
|
|
1072c8 |
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
1072c8 |
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
1072c8 |
RH-Acked-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
1072c8 |
|
|
|
1072c8 |
From: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
|
1072c8 |
|
|
|
1072c8 |
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
|
1072c8 |
*fix-up merge conflicts due to qga-ssh-test being disabled in earlier
|
|
|
1072c8 |
patch due to G_TEST_OPTION_ISOLATE_DIRS triggering build-oss-fuzz
|
|
|
1072c8 |
leak detector.
|
|
|
1072c8 |
*fix up style and disallowed g_assert* usage reported by checkpatch
|
|
|
1072c8 |
Signed-off-by: Michael Roth <michael.roth@amd.com>
|
|
|
1072c8 |
|
|
|
1072c8 |
(cherry picked from commit cad97c08a1c17830d77a46780088bc0199df89d1)
|
|
|
1072c8 |
[ Fix trivial schema conflict ]
|
|
|
1072c8 |
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
|
1072c8 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
1072c8 |
---
|
|
|
1072c8 |
qga/commands-posix-ssh.c | 66 ++++++++++++++++++++++++++++++++++++++++
|
|
|
1072c8 |
qga/qapi-schema.json | 30 ++++++++++++++++++
|
|
|
1072c8 |
2 files changed, 96 insertions(+)
|
|
|
1072c8 |
|
|
|
1072c8 |
diff --git a/qga/commands-posix-ssh.c b/qga/commands-posix-ssh.c
|
|
|
1072c8 |
index 362c9e8816..749167e82d 100644
|
|
|
1072c8 |
--- a/qga/commands-posix-ssh.c
|
|
|
1072c8 |
+++ b/qga/commands-posix-ssh.c
|
|
|
1072c8 |
@@ -268,6 +268,46 @@ qmp_guest_ssh_remove_authorized_keys(const char *username, strList *keys,
|
|
|
1072c8 |
write_authkeys(authkeys_path, new_keys, p, errp);
|
|
|
1072c8 |
}
|
|
|
1072c8 |
|
|
|
1072c8 |
+GuestAuthorizedKeys *
|
|
|
1072c8 |
+qmp_guest_ssh_get_authorized_keys(const char *username, Error **errp)
|
|
|
1072c8 |
+{
|
|
|
1072c8 |
+ g_autofree struct passwd *p = NULL;
|
|
|
1072c8 |
+ g_autofree char *authkeys_path = NULL;
|
|
|
1072c8 |
+ g_auto(GStrv) authkeys = NULL;
|
|
|
1072c8 |
+ g_autoptr(GuestAuthorizedKeys) ret = NULL;
|
|
|
1072c8 |
+ int i;
|
|
|
1072c8 |
+
|
|
|
1072c8 |
+ ERRP_GUARD();
|
|
|
1072c8 |
+
|
|
|
1072c8 |
+ p = get_passwd_entry(username, errp);
|
|
|
1072c8 |
+ if (p == NULL) {
|
|
|
1072c8 |
+ return NULL;
|
|
|
1072c8 |
+ }
|
|
|
1072c8 |
+
|
|
|
1072c8 |
+ authkeys_path = g_build_filename(p->pw_dir, ".ssh",
|
|
|
1072c8 |
+ "authorized_keys", NULL);
|
|
|
1072c8 |
+ authkeys = read_authkeys(authkeys_path, errp);
|
|
|
1072c8 |
+ if (authkeys == NULL) {
|
|
|
1072c8 |
+ return NULL;
|
|
|
1072c8 |
+ }
|
|
|
1072c8 |
+
|
|
|
1072c8 |
+ ret = g_new0(GuestAuthorizedKeys, 1);
|
|
|
1072c8 |
+ for (i = 0; authkeys[i] != NULL; i++) {
|
|
|
1072c8 |
+ strList *new;
|
|
|
1072c8 |
+
|
|
|
1072c8 |
+ g_strstrip(authkeys[i]);
|
|
|
1072c8 |
+ if (!authkeys[i][0] || authkeys[i][0] == '#') {
|
|
|
1072c8 |
+ continue;
|
|
|
1072c8 |
+ }
|
|
|
1072c8 |
+
|
|
|
1072c8 |
+ new = g_new0(strList, 1);
|
|
|
1072c8 |
+ new->value = g_strdup(authkeys[i]);
|
|
|
1072c8 |
+ new->next = ret->keys;
|
|
|
1072c8 |
+ ret->keys = new;
|
|
|
1072c8 |
+ }
|
|
|
1072c8 |
+
|
|
|
1072c8 |
+ return g_steal_pointer(&ret;;
|
|
|
1072c8 |
+}
|
|
|
1072c8 |
|
|
|
1072c8 |
#ifdef QGA_BUILD_UNIT_TEST
|
|
|
1072c8 |
#if GLIB_CHECK_VERSION(2, 60, 0)
|
|
|
1072c8 |
@@ -426,6 +466,31 @@ test_remove_keys(void)
|
|
|
1072c8 |
"algo some-key another\n");
|
|
|
1072c8 |
}
|
|
|
1072c8 |
|
|
|
1072c8 |
+static void
|
|
|
1072c8 |
+test_get_keys(void)
|
|
|
1072c8 |
+{
|
|
|
1072c8 |
+ Error *err = NULL;
|
|
|
1072c8 |
+ static const char *authkeys =
|
|
|
1072c8 |
+ "algo key1 comments\n"
|
|
|
1072c8 |
+ "# a commented line\n"
|
|
|
1072c8 |
+ "algo some-key another\n";
|
|
|
1072c8 |
+ g_autoptr(GuestAuthorizedKeys) ret = NULL;
|
|
|
1072c8 |
+ strList *k;
|
|
|
1072c8 |
+ size_t len = 0;
|
|
|
1072c8 |
+
|
|
|
1072c8 |
+ test_authorized_keys_set(authkeys);
|
|
|
1072c8 |
+
|
|
|
1072c8 |
+ ret = qmp_guest_ssh_get_authorized_keys(g_get_user_name(), &err;;
|
|
|
1072c8 |
+ g_assert(err == NULL);
|
|
|
1072c8 |
+
|
|
|
1072c8 |
+ for (len = 0, k = ret->keys; k != NULL; k = k->next) {
|
|
|
1072c8 |
+ g_assert(g_str_has_prefix(k->value, "algo "));
|
|
|
1072c8 |
+ len++;
|
|
|
1072c8 |
+ }
|
|
|
1072c8 |
+
|
|
|
1072c8 |
+ g_assert(len == 2);
|
|
|
1072c8 |
+}
|
|
|
1072c8 |
+
|
|
|
1072c8 |
int main(int argc, char *argv[])
|
|
|
1072c8 |
{
|
|
|
1072c8 |
setlocale(LC_ALL, "");
|
|
|
1072c8 |
@@ -437,6 +502,7 @@ int main(int argc, char *argv[])
|
|
|
1072c8 |
g_test_add_func("/qga/ssh/add_keys", test_add_keys);
|
|
|
1072c8 |
g_test_add_func("/qga/ssh/add_reset_keys", test_add_reset_keys);
|
|
|
1072c8 |
g_test_add_func("/qga/ssh/remove_keys", test_remove_keys);
|
|
|
1072c8 |
+ g_test_add_func("/qga/ssh/get_keys", test_get_keys);
|
|
|
1072c8 |
|
|
|
1072c8 |
return g_test_run();
|
|
|
1072c8 |
}
|
|
|
1072c8 |
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
|
|
|
1072c8 |
index a70ea5da77..97bf96712e 100644
|
|
|
1072c8 |
--- a/qga/qapi-schema.json
|
|
|
1072c8 |
+++ b/qga/qapi-schema.json
|
|
|
1072c8 |
@@ -1274,6 +1274,36 @@
|
|
|
1072c8 |
{ 'command': 'guest-get-osinfo',
|
|
|
1072c8 |
'returns': 'GuestOSInfo' }
|
|
|
1072c8 |
|
|
|
1072c8 |
+##
|
|
|
1072c8 |
+# @GuestAuthorizedKeys:
|
|
|
1072c8 |
+#
|
|
|
1072c8 |
+# @keys: public keys (in OpenSSH/sshd(8) authorized_keys format)
|
|
|
1072c8 |
+#
|
|
|
1072c8 |
+# Since: 5.2
|
|
|
1072c8 |
+##
|
|
|
1072c8 |
+{ 'struct': 'GuestAuthorizedKeys',
|
|
|
1072c8 |
+ 'data': {
|
|
|
1072c8 |
+ 'keys': ['str']
|
|
|
1072c8 |
+ },
|
|
|
1072c8 |
+ 'if': 'defined(CONFIG_POSIX)' }
|
|
|
1072c8 |
+
|
|
|
1072c8 |
+##
|
|
|
1072c8 |
+# @guest-ssh-get-authorized-keys:
|
|
|
1072c8 |
+#
|
|
|
1072c8 |
+# @username: the user account to add the authorized keys
|
|
|
1072c8 |
+#
|
|
|
1072c8 |
+# Return the public keys from user .ssh/authorized_keys on Unix systems (not
|
|
|
1072c8 |
+# implemented for other systems).
|
|
|
1072c8 |
+#
|
|
|
1072c8 |
+# Returns: @GuestAuthorizedKeys
|
|
|
1072c8 |
+#
|
|
|
1072c8 |
+# Since: 5.2
|
|
|
1072c8 |
+##
|
|
|
1072c8 |
+{ 'command': 'guest-ssh-get-authorized-keys',
|
|
|
1072c8 |
+ 'data': { 'username': 'str' },
|
|
|
1072c8 |
+ 'returns': 'GuestAuthorizedKeys',
|
|
|
1072c8 |
+ 'if': 'defined(CONFIG_POSIX)' }
|
|
|
1072c8 |
+
|
|
|
1072c8 |
##
|
|
|
1072c8 |
# @guest-ssh-add-authorized-keys:
|
|
|
1072c8 |
#
|
|
|
1072c8 |
--
|
|
|
1072c8 |
2.27.0
|
|
|
1072c8 |
|