diff options
author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2020-10-20 12:12:57 +0400 |
---|---|---|
committer | Michael Roth <michael.roth@amd.com> | 2020-11-02 20:04:13 -0600 |
commit | cad97c08a1c17830d77a46780088bc0199df89d1 (patch) | |
tree | f9fd40d6616798892f101c0b2b2777d996ad558a /qga | |
parent | 2a127f96a558bf6a42067604860d6ee63ffe685a (diff) |
qga: add ssh-get-authorized-keys
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
*fix-up merge conflicts due to qga-ssh-test being disabled in earlier
patch due to G_TEST_OPTION_ISOLATE_DIRS triggering build-oss-fuzz
leak detector.
*fix up style and disallowed g_assert* usage reported by checkpatch
Signed-off-by: Michael Roth <michael.roth@amd.com>
Diffstat (limited to 'qga')
-rw-r--r-- | qga/commands-posix-ssh.c | 66 | ||||
-rw-r--r-- | qga/meson.build | 11 | ||||
-rw-r--r-- | qga/qapi-schema.json | 31 |
3 files changed, 106 insertions, 2 deletions
diff --git a/qga/commands-posix-ssh.c b/qga/commands-posix-ssh.c index 362c9e8816..749167e82d 100644 --- a/qga/commands-posix-ssh.c +++ b/qga/commands-posix-ssh.c @@ -268,6 +268,46 @@ qmp_guest_ssh_remove_authorized_keys(const char *username, strList *keys, write_authkeys(authkeys_path, new_keys, p, errp); } +GuestAuthorizedKeys * +qmp_guest_ssh_get_authorized_keys(const char *username, Error **errp) +{ + g_autofree struct passwd *p = NULL; + g_autofree char *authkeys_path = NULL; + g_auto(GStrv) authkeys = NULL; + g_autoptr(GuestAuthorizedKeys) ret = NULL; + int i; + + ERRP_GUARD(); + + p = get_passwd_entry(username, errp); + if (p == NULL) { + return NULL; + } + + authkeys_path = g_build_filename(p->pw_dir, ".ssh", + "authorized_keys", NULL); + authkeys = read_authkeys(authkeys_path, errp); + if (authkeys == NULL) { + return NULL; + } + + ret = g_new0(GuestAuthorizedKeys, 1); + for (i = 0; authkeys[i] != NULL; i++) { + strList *new; + + g_strstrip(authkeys[i]); + if (!authkeys[i][0] || authkeys[i][0] == '#') { + continue; + } + + new = g_new0(strList, 1); + new->value = g_strdup(authkeys[i]); + new->next = ret->keys; + ret->keys = new; + } + + return g_steal_pointer(&ret); +} #ifdef QGA_BUILD_UNIT_TEST #if GLIB_CHECK_VERSION(2, 60, 0) @@ -426,6 +466,31 @@ test_remove_keys(void) "algo some-key another\n"); } +static void +test_get_keys(void) +{ + Error *err = NULL; + static const char *authkeys = + "algo key1 comments\n" + "# a commented line\n" + "algo some-key another\n"; + g_autoptr(GuestAuthorizedKeys) ret = NULL; + strList *k; + size_t len = 0; + + test_authorized_keys_set(authkeys); + + ret = qmp_guest_ssh_get_authorized_keys(g_get_user_name(), &err); + g_assert(err == NULL); + + for (len = 0, k = ret->keys; k != NULL; k = k->next) { + g_assert(g_str_has_prefix(k->value, "algo ")); + len++; + } + + g_assert(len == 2); +} + int main(int argc, char *argv[]) { setlocale(LC_ALL, ""); @@ -437,6 +502,7 @@ int main(int argc, char *argv[]) g_test_add_func("/qga/ssh/add_keys", test_add_keys); g_test_add_func("/qga/ssh/add_reset_keys", test_add_reset_keys); g_test_add_func("/qga/ssh/remove_keys", test_remove_keys); + g_test_add_func("/qga/ssh/get_keys", test_get_keys); return g_test_run(); } diff --git a/qga/meson.build b/qga/meson.build index 4cb3b3f259..53ba6de5f8 100644 --- a/qga/meson.build +++ b/qga/meson.build @@ -95,8 +95,15 @@ test_env.set('G_TEST_BUILDDIR', meson.current_build_dir()) # issue is identified/fix #if 'CONFIG_POSIX' in config_host if false - qga_ssh_test = executable('qga-ssh-test', - files('commands-posix-ssh.c'), + srcs = [files('commands-posix-ssh.c')] + i = 0 + foreach output: qga_qapi_outputs + if output.startswith('qga-qapi-types') or output.startswith('qga-qapi-visit') + srcs += qga_qapi_files[i] + endif + i = i + 1 + endforeach + qga_ssh_test = executable('qga-ssh-test', srcs, dependencies: [qemuutil], c_args: ['-DQGA_BUILD_UNIT_TEST']) diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json index 4ddea898fa..6ca85f995f 100644 --- a/qga/qapi-schema.json +++ b/qga/qapi-schema.json @@ -1348,6 +1348,37 @@ 'returns': ['GuestDeviceInfo'] } ## +# @GuestAuthorizedKeys: +# +# @keys: public keys (in OpenSSH/sshd(8) authorized_keys format) +# +# Since: 5.2 +## +{ 'struct': 'GuestAuthorizedKeys', + 'data': { + 'keys': ['str'] + }, + 'if': 'defined(CONFIG_POSIX)' } + + +## +# @guest-ssh-get-authorized-keys: +# +# @username: the user account to add the authorized keys +# +# Return the public keys from user .ssh/authorized_keys on Unix systems (not +# implemented for other systems). +# +# Returns: @GuestAuthorizedKeys +# +# Since: 5.2 +## +{ 'command': 'guest-ssh-get-authorized-keys', + 'data': { 'username': 'str' }, + 'returns': 'GuestAuthorizedKeys', + 'if': 'defined(CONFIG_POSIX)' } + +## # @guest-ssh-add-authorized-keys: # # @username: the user account to add the authorized keys |