From: Michael Roth <michael.roth@amd.com>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org,
"Marc-André Lureau" <marcandre.lureau@redhat.com>
Subject: [PULL v2 10/12] qga: add *reset argument to ssh-add-authorized-keys
Date: Mon, 2 Nov 2020 19:11:32 -0600 [thread overview]
Message-ID: <20201103011134.887744-11-michael.roth@amd.com> (raw)
In-Reply-To: <20201103011134.887744-1-michael.roth@amd.com>
From: Marc-André Lureau <marcandre.lureau@redhat.com>
I prefer 'reset' over 'clear', since 'clear' and keys may have some
other relations or meaning.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
qga/commands-posix-ssh.c | 53 ++++++++++++++++++++++++++++++++++++----
qga/qapi-schema.json | 3 ++-
2 files changed, 50 insertions(+), 6 deletions(-)
diff --git a/qga/commands-posix-ssh.c b/qga/commands-posix-ssh.c
index a7bc9a1c24..f974bc4b64 100644
--- a/qga/commands-posix-ssh.c
+++ b/qga/commands-posix-ssh.c
@@ -168,6 +168,7 @@ read_authkeys(const char *path, Error **errp)
void
qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
+ bool has_reset, bool reset,
Error **errp)
{
g_autofree struct passwd *p = NULL;
@@ -178,6 +179,7 @@ qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
size_t nkeys, nauthkeys;
ERRP_GUARD();
+ reset = has_reset && reset;
if (!check_openssh_pub_keys(keys, &nkeys, errp)) {
return;
@@ -191,7 +193,9 @@ qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
ssh_path = g_build_filename(p->pw_dir, ".ssh", NULL);
authkeys_path = g_build_filename(ssh_path, "authorized_keys", NULL);
- authkeys = read_authkeys(authkeys_path, NULL);
+ if (!reset) {
+ authkeys = read_authkeys(authkeys_path, NULL);
+ }
if (authkeys == NULL) {
if (!g_file_test(ssh_path, G_FILE_TEST_IS_DIR) &&
!mkdir_for_user(ssh_path, p, 0700, errp)) {
@@ -318,7 +322,7 @@ test_invalid_user(void)
{
Error *err = NULL;
- qmp_guest_ssh_add_authorized_keys("", NULL, &err);
+ qmp_guest_ssh_add_authorized_keys("", NULL, FALSE, FALSE, &err);
error_free_or_abort(&err);
qmp_guest_ssh_remove_authorized_keys("", NULL, &err);
@@ -333,7 +337,8 @@ test_invalid_key(void)
};
Error *err = NULL;
- qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key, &err);
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key,
+ FALSE, FALSE, &err);
error_free_or_abort(&err);
qmp_guest_ssh_remove_authorized_keys(g_get_user_name(), &key, &err);
@@ -346,13 +351,17 @@ test_add_keys(void)
Error *err = NULL;
qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
- (strList *)&test_key2, &err);
+ (strList *)&test_key2,
+ FALSE, FALSE,
+ &err);
g_assert_null(err);
test_authorized_keys_equal("algo key2 comments");
qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
- (strList *)&test_key1_2, &err);
+ (strList *)&test_key1_2,
+ FALSE, FALSE,
+ &err);
g_assert_null(err);
/* key2 came first, and should'nt be duplicated */
@@ -360,6 +369,39 @@ test_add_keys(void)
"algo key1 comments");
}
+static void
+test_add_reset_keys(void)
+{
+ Error *err = NULL;
+
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
+ (strList *)&test_key1_2,
+ FALSE, FALSE,
+ &err);
+ g_assert_null(err);
+
+ /* reset with key2 only */
+ test_authorized_keys_equal("algo key1 comments\n"
+ "algo key2 comments");
+
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
+ (strList *)&test_key2,
+ TRUE, TRUE,
+ &err);
+ g_assert_null(err);
+
+ test_authorized_keys_equal("algo key2 comments");
+
+ /* empty should clear file */
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
+ (strList *)NULL,
+ TRUE, TRUE,
+ &err);
+ g_assert_null(err);
+
+ test_authorized_keys_equal("");
+}
+
static void
test_remove_keys(void)
{
@@ -393,6 +435,7 @@ int main(int argc, char *argv[])
g_test_add_func("/qga/ssh/invalid_user", test_invalid_user);
g_test_add_func("/qga/ssh/invalid_key", test_invalid_key);
g_test_add_func("/qga/ssh/add_keys", test_add_keys);
+ g_test_add_func("/qga/ssh/add_reset_keys", test_add_reset_keys);
g_test_add_func("/qga/ssh/remove_keys", test_remove_keys);
return g_test_run();
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index a2727ed86b..4ddea898fa 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -1352,6 +1352,7 @@
#
# @username: the user account to add the authorized keys
# @keys: the public keys to add (in OpenSSH/sshd(8) authorized_keys format)
+# @reset: ignore the existing content, set it with the given keys only
#
# Append public keys to user .ssh/authorized_keys on Unix systems (not
# implemented for other systems).
@@ -1361,7 +1362,7 @@
# Since: 5.2
##
{ 'command': 'guest-ssh-add-authorized-keys',
- 'data': { 'username': 'str', 'keys': ['str'] },
+ 'data': { 'username': 'str', 'keys': ['str'], '*reset': 'bool' },
'if': 'defined(CONFIG_POSIX)' }
##
--
2.25.1
next prev parent reply other threads:[~2020-11-03 1:16 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-03 1:11 [PULL v2 00/12] qemu-ga patch queue for soft-freeze Michael Roth
2020-11-03 1:11 ` [PULL v2 01/12] qga: Rename guest-get-devices return member 'address' to 'id' Michael Roth
2020-11-03 1:11 ` [PULL v2 02/12] qga: Use common time encoding for guest-get-devices 'driver-date' Michael Roth
2020-11-03 1:11 ` [PULL v2 03/12] qga-win: Fix guest-get-devices error API violations Michael Roth
2020-11-03 1:11 ` [PULL v2 04/12] qga: Flatten simple union GuestDeviceId Michael Roth
2020-11-03 1:11 ` [PULL v2 05/12] qga: add command guest-get-disks Michael Roth
2020-11-03 1:11 ` [PULL v2 06/12] qga: add implementation of guest-get-disks for Linux Michael Roth
2020-11-03 1:11 ` [PULL v2 07/12] qga: add implementation of guest-get-disks for Windows Michael Roth
2020-11-03 1:11 ` [PULL v2 08/12] glib-compat: add g_unix_get_passwd_entry_qemu() Michael Roth
2020-11-03 1:11 ` [PULL v2 09/12] qga: add ssh-{add,remove}-authorized-keys Michael Roth
2020-11-03 1:11 ` Michael Roth [this message]
2020-11-03 1:11 ` [PULL v2 11/12] meson: minor simplification Michael Roth
2020-11-03 1:11 ` [PULL v2 12/12] qga: add ssh-get-authorized-keys Michael Roth
2020-11-03 1:39 ` [PULL v2 00/12] qemu-ga patch queue for soft-freeze no-reply
2020-11-03 2:37 ` Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201103011134.887744-11-michael.roth@amd.com \
--to=michael.roth@amd.com \
--cc=marcandre.lureau@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).