From 7f8888f2c53060c4536856859d5ea94d23ea9e45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 29 Jul 2021 04:55:54 -0400 Subject: [PATCH 03/14] qga: add *reset argument to ssh-add-authorized-keys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Marc-André Lureau Message-id: <20210609100615.2501448-4-marcandre.lureau@redhat.com> Patchwork-id: 101689 O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 3/4] qga: add *reset argument to ssh-add-authorized-keys Bugzilla: 1967716 RH-Acked-by: Miroslav Rezanina RH-Acked-by: Philippe Mathieu-Daudé RH-Acked-by: Michal Privoznik From: Michael Roth I prefer 'reset' over 'clear', since 'clear' and keys may have some other relations or meaning. Signed-off-by: Marc-André Lureau *fix disallowed g_assert* usage reported by checkpatch Signed-off-by: Michael Roth (cherry picked from commit 0e3c94758e3851f0ab30d2a1e63a73284499775d) Signed-off-by: Marc-André Lureau Signed-off-by: Miroslav Rezanina --- qga/commands-posix-ssh.c | 53 ++++++++++++++++++++++++++++++++++++---- qga/qapi-schema.json | 3 ++- 2 files changed, 50 insertions(+), 6 deletions(-) diff --git a/qga/commands-posix-ssh.c b/qga/commands-posix-ssh.c index f74d89679c..362c9e8816 100644 --- a/qga/commands-posix-ssh.c +++ b/qga/commands-posix-ssh.c @@ -168,6 +168,7 @@ read_authkeys(const char *path, Error **errp) void qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys, + bool has_reset, bool reset, Error **errp) { g_autofree struct passwd *p = NULL; @@ -178,6 +179,7 @@ qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys, size_t nkeys, nauthkeys; ERRP_GUARD(); + reset = has_reset && reset; if (!check_openssh_pub_keys(keys, &nkeys, errp)) { return; @@ -191,7 +193,9 @@ qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys, ssh_path = g_build_filename(p->pw_dir, ".ssh", NULL); authkeys_path = g_build_filename(ssh_path, "authorized_keys", NULL); - authkeys = read_authkeys(authkeys_path, NULL); + if (!reset) { + authkeys = read_authkeys(authkeys_path, NULL); + } if (authkeys == NULL) { if (!g_file_test(ssh_path, G_FILE_TEST_IS_DIR) && !mkdir_for_user(ssh_path, p, 0700, errp)) { @@ -318,7 +322,7 @@ test_invalid_user(void) { Error *err = NULL; - qmp_guest_ssh_add_authorized_keys("", NULL, &err); + qmp_guest_ssh_add_authorized_keys("", NULL, FALSE, FALSE, &err); error_free_or_abort(&err); qmp_guest_ssh_remove_authorized_keys("", NULL, &err); @@ -333,7 +337,8 @@ test_invalid_key(void) }; Error *err = NULL; - qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key, &err); + qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key, + FALSE, FALSE, &err); error_free_or_abort(&err); qmp_guest_ssh_remove_authorized_keys(g_get_user_name(), &key, &err); @@ -346,13 +351,17 @@ test_add_keys(void) Error *err = NULL; qmp_guest_ssh_add_authorized_keys(g_get_user_name(), - (strList *)&test_key2, &err); + (strList *)&test_key2, + FALSE, FALSE, + &err); g_assert(err == NULL); test_authorized_keys_equal("algo key2 comments"); qmp_guest_ssh_add_authorized_keys(g_get_user_name(), - (strList *)&test_key1_2, &err); + (strList *)&test_key1_2, + FALSE, FALSE, + &err); g_assert(err == NULL); /* key2 came first, and should'nt be duplicated */ @@ -360,6 +369,39 @@ test_add_keys(void) "algo key1 comments"); } +static void +test_add_reset_keys(void) +{ + Error *err = NULL; + + qmp_guest_ssh_add_authorized_keys(g_get_user_name(), + (strList *)&test_key1_2, + FALSE, FALSE, + &err); + g_assert(err == NULL); + + /* reset with key2 only */ + test_authorized_keys_equal("algo key1 comments\n" + "algo key2 comments"); + + qmp_guest_ssh_add_authorized_keys(g_get_user_name(), + (strList *)&test_key2, + TRUE, TRUE, + &err); + g_assert(err == NULL); + + test_authorized_keys_equal("algo key2 comments"); + + /* empty should clear file */ + qmp_guest_ssh_add_authorized_keys(g_get_user_name(), + (strList *)NULL, + TRUE, TRUE, + &err); + g_assert(err == NULL); + + test_authorized_keys_equal(""); +} + static void test_remove_keys(void) { @@ -393,6 +435,7 @@ int main(int argc, char *argv[]) g_test_add_func("/qga/ssh/invalid_user", test_invalid_user); g_test_add_func("/qga/ssh/invalid_key", test_invalid_key); g_test_add_func("/qga/ssh/add_keys", test_add_keys); + g_test_add_func("/qga/ssh/add_reset_keys", test_add_reset_keys); g_test_add_func("/qga/ssh/remove_keys", test_remove_keys); return g_test_run(); diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json index 3b85f5a03f..a70ea5da77 100644 --- a/qga/qapi-schema.json +++ b/qga/qapi-schema.json @@ -1279,6 +1279,7 @@ # # @username: the user account to add the authorized keys # @keys: the public keys to add (in OpenSSH/sshd(8) authorized_keys format) +# @reset: ignore the existing content, set it with the given keys only # # Append public keys to user .ssh/authorized_keys on Unix systems (not # implemented for other systems). @@ -1288,7 +1289,7 @@ # Since: 5.2 ## { 'command': 'guest-ssh-add-authorized-keys', - 'data': { 'username': 'str', 'keys': ['str'] }, + 'data': { 'username': 'str', 'keys': ['str'], '*reset': 'bool' }, 'if': 'defined(CONFIG_POSIX)' } ## -- 2.27.0