|
 |
6e7d01 |
From 7f8888f2c53060c4536856859d5ea94d23ea9e45 Mon Sep 17 00:00:00 2001
|
|
|
6e7d01 |
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
|
|
6e7d01 |
Date: Thu, 29 Jul 2021 04:55:54 -0400
|
|
|
6e7d01 |
Subject: [PATCH 03/14] qga: add *reset argument to ssh-add-authorized-keys
|
|
|
6e7d01 |
MIME-Version: 1.0
|
|
|
6e7d01 |
Content-Type: text/plain; charset=UTF-8
|
|
|
6e7d01 |
Content-Transfer-Encoding: 8bit
|
|
|
6e7d01 |
|
|
|
6e7d01 |
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
|
6e7d01 |
Message-id: <20210609100615.2501448-4-marcandre.lureau@redhat.com>
|
|
|
6e7d01 |
Patchwork-id: 101689
|
|
|
6e7d01 |
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 3/4] qga: add *reset argument to ssh-add-authorized-keys
|
|
|
6e7d01 |
Bugzilla: 1967716
|
|
|
6e7d01 |
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
6e7d01 |
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
6e7d01 |
RH-Acked-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
6e7d01 |
|
|
|
6e7d01 |
From: Michael Roth <michael.roth@amd.com>
|
|
|
6e7d01 |
|
|
|
6e7d01 |
I prefer 'reset' over 'clear', since 'clear' and keys may have some
|
|
|
6e7d01 |
other relations or meaning.
|
|
|
6e7d01 |
|
|
|
6e7d01 |
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
|
6e7d01 |
*fix disallowed g_assert* usage reported by checkpatch
|
|
|
6e7d01 |
Signed-off-by: Michael Roth <michael.roth@amd.com>
|
|
|
6e7d01 |
|
|
|
6e7d01 |
(cherry picked from commit 0e3c94758e3851f0ab30d2a1e63a73284499775d)
|
|
|
6e7d01 |
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
|
6e7d01 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
6e7d01 |
---
|
|
|
6e7d01 |
qga/commands-posix-ssh.c | 53 ++++++++++++++++++++++++++++++++++++----
|
|
|
6e7d01 |
qga/qapi-schema.json | 3 ++-
|
|
|
6e7d01 |
2 files changed, 50 insertions(+), 6 deletions(-)
|
|
|
6e7d01 |
|
|
|
6e7d01 |
diff --git a/qga/commands-posix-ssh.c b/qga/commands-posix-ssh.c
|
|
|
6e7d01 |
index f74d89679c..362c9e8816 100644
|
|
|
6e7d01 |
--- a/qga/commands-posix-ssh.c
|
|
|
6e7d01 |
+++ b/qga/commands-posix-ssh.c
|
|
|
6e7d01 |
@@ -168,6 +168,7 @@ read_authkeys(const char *path, Error **errp)
|
|
|
6e7d01 |
|
|
|
6e7d01 |
void
|
|
|
6e7d01 |
qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
|
|
|
6e7d01 |
+ bool has_reset, bool reset,
|
|
|
6e7d01 |
Error **errp)
|
|
|
6e7d01 |
{
|
|
|
6e7d01 |
g_autofree struct passwd *p = NULL;
|
|
|
6e7d01 |
@@ -178,6 +179,7 @@ qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
|
|
|
6e7d01 |
size_t nkeys, nauthkeys;
|
|
|
6e7d01 |
|
|
|
6e7d01 |
ERRP_GUARD();
|
|
|
6e7d01 |
+ reset = has_reset && reset;
|
|
|
6e7d01 |
|
|
|
6e7d01 |
if (!check_openssh_pub_keys(keys, &nkeys, errp)) {
|
|
|
6e7d01 |
return;
|
|
|
6e7d01 |
@@ -191,7 +193,9 @@ qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
|
|
|
6e7d01 |
ssh_path = g_build_filename(p->pw_dir, ".ssh", NULL);
|
|
|
6e7d01 |
authkeys_path = g_build_filename(ssh_path, "authorized_keys", NULL);
|
|
|
6e7d01 |
|
|
|
6e7d01 |
- authkeys = read_authkeys(authkeys_path, NULL);
|
|
|
6e7d01 |
+ if (!reset) {
|
|
|
6e7d01 |
+ authkeys = read_authkeys(authkeys_path, NULL);
|
|
|
6e7d01 |
+ }
|
|
|
6e7d01 |
if (authkeys == NULL) {
|
|
|
6e7d01 |
if (!g_file_test(ssh_path, G_FILE_TEST_IS_DIR) &&
|
|
|
6e7d01 |
!mkdir_for_user(ssh_path, p, 0700, errp)) {
|
|
|
6e7d01 |
@@ -318,7 +322,7 @@ test_invalid_user(void)
|
|
|
6e7d01 |
{
|
|
|
6e7d01 |
Error *err = NULL;
|
|
|
6e7d01 |
|
|
|
6e7d01 |
- qmp_guest_ssh_add_authorized_keys("", NULL, &err;;
|
|
|
6e7d01 |
+ qmp_guest_ssh_add_authorized_keys("", NULL, FALSE, FALSE, &err;;
|
|
|
6e7d01 |
error_free_or_abort(&err;;
|
|
|
6e7d01 |
|
|
|
6e7d01 |
qmp_guest_ssh_remove_authorized_keys("", NULL, &err;;
|
|
|
6e7d01 |
@@ -333,7 +337,8 @@ test_invalid_key(void)
|
|
|
6e7d01 |
};
|
|
|
6e7d01 |
Error *err = NULL;
|
|
|
6e7d01 |
|
|
|
6e7d01 |
- qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key, &err;;
|
|
|
6e7d01 |
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key,
|
|
|
6e7d01 |
+ FALSE, FALSE, &err;;
|
|
|
6e7d01 |
error_free_or_abort(&err;;
|
|
|
6e7d01 |
|
|
|
6e7d01 |
qmp_guest_ssh_remove_authorized_keys(g_get_user_name(), &key, &err;;
|
|
|
6e7d01 |
@@ -346,13 +351,17 @@ test_add_keys(void)
|
|
|
6e7d01 |
Error *err = NULL;
|
|
|
6e7d01 |
|
|
|
6e7d01 |
qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
|
|
|
6e7d01 |
- (strList *)&test_key2, &err;;
|
|
|
6e7d01 |
+ (strList *)&test_key2,
|
|
|
6e7d01 |
+ FALSE, FALSE,
|
|
|
6e7d01 |
+ &err;;
|
|
|
6e7d01 |
g_assert(err == NULL);
|
|
|
6e7d01 |
|
|
|
6e7d01 |
test_authorized_keys_equal("algo key2 comments");
|
|
|
6e7d01 |
|
|
|
6e7d01 |
qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
|
|
|
6e7d01 |
- (strList *)&test_key1_2, &err;;
|
|
|
6e7d01 |
+ (strList *)&test_key1_2,
|
|
|
6e7d01 |
+ FALSE, FALSE,
|
|
|
6e7d01 |
+ &err;;
|
|
|
6e7d01 |
g_assert(err == NULL);
|
|
|
6e7d01 |
|
|
|
6e7d01 |
/* key2 came first, and should'nt be duplicated */
|
|
|
6e7d01 |
@@ -360,6 +369,39 @@ test_add_keys(void)
|
|
|
6e7d01 |
"algo key1 comments");
|
|
|
6e7d01 |
}
|
|
|
6e7d01 |
|
|
|
6e7d01 |
+static void
|
|
|
6e7d01 |
+test_add_reset_keys(void)
|
|
|
6e7d01 |
+{
|
|
|
6e7d01 |
+ Error *err = NULL;
|
|
|
6e7d01 |
+
|
|
|
6e7d01 |
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
|
|
|
6e7d01 |
+ (strList *)&test_key1_2,
|
|
|
6e7d01 |
+ FALSE, FALSE,
|
|
|
6e7d01 |
+ &err;;
|
|
|
6e7d01 |
+ g_assert(err == NULL);
|
|
|
6e7d01 |
+
|
|
|
6e7d01 |
+ /* reset with key2 only */
|
|
|
6e7d01 |
+ test_authorized_keys_equal("algo key1 comments\n"
|
|
|
6e7d01 |
+ "algo key2 comments");
|
|
|
6e7d01 |
+
|
|
|
6e7d01 |
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
|
|
|
6e7d01 |
+ (strList *)&test_key2,
|
|
|
6e7d01 |
+ TRUE, TRUE,
|
|
|
6e7d01 |
+ &err;;
|
|
|
6e7d01 |
+ g_assert(err == NULL);
|
|
|
6e7d01 |
+
|
|
|
6e7d01 |
+ test_authorized_keys_equal("algo key2 comments");
|
|
|
6e7d01 |
+
|
|
|
6e7d01 |
+ /* empty should clear file */
|
|
|
6e7d01 |
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
|
|
|
6e7d01 |
+ (strList *)NULL,
|
|
|
6e7d01 |
+ TRUE, TRUE,
|
|
|
6e7d01 |
+ &err;;
|
|
|
6e7d01 |
+ g_assert(err == NULL);
|
|
|
6e7d01 |
+
|
|
|
6e7d01 |
+ test_authorized_keys_equal("");
|
|
|
6e7d01 |
+}
|
|
|
6e7d01 |
+
|
|
|
6e7d01 |
static void
|
|
|
6e7d01 |
test_remove_keys(void)
|
|
|
6e7d01 |
{
|
|
|
6e7d01 |
@@ -393,6 +435,7 @@ int main(int argc, char *argv[])
|
|
|
6e7d01 |
g_test_add_func("/qga/ssh/invalid_user", test_invalid_user);
|
|
|
6e7d01 |
g_test_add_func("/qga/ssh/invalid_key", test_invalid_key);
|
|
|
6e7d01 |
g_test_add_func("/qga/ssh/add_keys", test_add_keys);
|
|
|
6e7d01 |
+ g_test_add_func("/qga/ssh/add_reset_keys", test_add_reset_keys);
|
|
|
6e7d01 |
g_test_add_func("/qga/ssh/remove_keys", test_remove_keys);
|
|
|
6e7d01 |
|
|
|
6e7d01 |
return g_test_run();
|
|
|
6e7d01 |
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
|
|
|
6e7d01 |
index 3b85f5a03f..a70ea5da77 100644
|
|
|
6e7d01 |
--- a/qga/qapi-schema.json
|
|
|
6e7d01 |
+++ b/qga/qapi-schema.json
|
|
|
6e7d01 |
@@ -1279,6 +1279,7 @@
|
|
|
6e7d01 |
#
|
|
|
6e7d01 |
# @username: the user account to add the authorized keys
|
|
|
6e7d01 |
# @keys: the public keys to add (in OpenSSH/sshd(8) authorized_keys format)
|
|
|
6e7d01 |
+# @reset: ignore the existing content, set it with the given keys only
|
|
|
6e7d01 |
#
|
|
|
6e7d01 |
# Append public keys to user .ssh/authorized_keys on Unix systems (not
|
|
|
6e7d01 |
# implemented for other systems).
|
|
|
6e7d01 |
@@ -1288,7 +1289,7 @@
|
|
|
6e7d01 |
# Since: 5.2
|
|
|
6e7d01 |
##
|
|
|
6e7d01 |
{ 'command': 'guest-ssh-add-authorized-keys',
|
|
|
6e7d01 |
- 'data': { 'username': 'str', 'keys': ['str'] },
|
|
|
6e7d01 |
+ 'data': { 'username': 'str', 'keys': ['str'], '*reset': 'bool' },
|
|
|
6e7d01 |
'if': 'defined(CONFIG_POSIX)' }
|
|
|
6e7d01 |
|
|
|
6e7d01 |
##
|
|
|
6e7d01 |
--
|
|
|
6e7d01 |
2.27.0
|
|
|
6e7d01 |
|