[libvirt PATCH] qemu: add qemuAgentSSH{Add,Remove,Get}AuthorizedKeys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

In QEMU 5.2, the guest agent learned to manipulate a user
~/.ssh/authorized_keys. Bind the JSON API to libvirt.

https://wiki.qemu.org/ChangeLog/5.2#Guest_agent

Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1888537

Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
---
 src/qemu/qemu_agent.c | 158 ++++++++++++++++++++++++++++++++++++++++++
 src/qemu/qemu_agent.h |  26 +++++++
 tests/qemuagenttest.c |  80 +++++++++++++++++++++
 3 files changed, 264 insertions(+)

diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
index 7fbb4a9431..75e7fea9e4 100644
--- a/src/qemu/qemu_agent.c
+++ b/src/qemu/qemu_agent.c
@@ -2496,3 +2496,161 @@ qemuAgentSetResponseTimeout(qemuAgentPtr agent,
 {
     agent->timeout = timeout;
 }
+
+void qemuAgentSSHAuthorizedKeyFree(qemuAgentSSHAuthorizedKeyPtr key)
+{
+    if (!key)
+        return;
+
+    g_free(key->key);
+    g_free(key);
+}
+
+/* Returns: 0 on success
+ *          -2 when agent command is not supported by the agent and
+ *             'report_unsupported' is false (libvirt error is not reported)
+ *          -1 otherwise (libvirt error is reported)
+ */
+int qemuAgentSSHGetAuthorizedKeys(qemuAgentPtr agent,
+                                  const char *user,
+                                  qemuAgentSSHAuthorizedKeyPtr **keys,
+                                  bool report_unsupported)
+{
+    g_autoptr(virJSONValue) cmd = NULL;
+    g_autoptr(virJSONValue) reply = NULL;
+    virJSONValuePtr data = NULL;
+    size_t ndata;
+    size_t i;
+    int rc;
+    qemuAgentSSHAuthorizedKeyPtr *keys_ret = NULL;
+
+    if (!(cmd = qemuAgentMakeCommand("guest-ssh-get-authorized-keys",
+                                     "s:username", user,
+                                      NULL)))
+        return -1;
+
+    if ((rc = qemuAgentCommandFull(agent, cmd, &reply, agent->timeout,
+                                   report_unsupported)) < 0)
+        return rc;
+
+    if (!(data = virJSONValueObjectGetArray(reply, "return"))) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("qemu agent didn't return an array of keys"));
+        return -1;
+    }
+    ndata = virJSONValueArraySize(data);
+
+    keys_ret = g_new0(qemuAgentSSHAuthorizedKeyPtr, ndata);
+
+    for (i = 0; i < ndata; i++) {
+        virJSONValuePtr entry = virJSONValueArrayGet(data, i);
+
+        if (!entry) {
+            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                           _("array element missing in guest-ssh-get-authorized-keys return "
+                             "value"));
+            goto cleanup;
+        }
+
+        keys_ret[i] = g_new0(qemuAgentSSHAuthorizedKey, 1);
+        keys_ret[i]->key = g_strdup(virJSONValueGetString(entry));
+    }
+
+    *keys = g_steal_pointer(&keys_ret);
+    return ndata;
+
+ cleanup:
+    if (keys_ret) {
+        for (i = 0; i < ndata; i++)
+            qemuAgentSSHAuthorizedKeyFree(keys_ret[i]);
+        g_free(keys_ret);
+    }
+    return -1;
+}
+
+static virJSONValuePtr
+makeJSONArrayFromKeys(qemuAgentSSHAuthorizedKeyPtr *keys,
+                      size_t nkeys)
+{
+    g_autoptr(virJSONValue) jkeys = NULL;
+    size_t i;
+
+    jkeys = virJSONValueNewArray();
+
+    for (i = 0; i < nkeys; i++) {
+        qemuAgentSSHAuthorizedKeyPtr k = keys[i];
+
+        if (virJSONValueArrayAppendString(jkeys, k->key) < 0)
+            return NULL;
+    }
+
+    return g_steal_pointer(&jkeys);
+}
+
+/* Returns: 0 on success
+ *          -2 when agent command is not supported by the agent and
+ *             'report_unsupported' is false (libvirt error is not reported)
+ *          -1 otherwise (libvirt error is reported)
+ */
+int qemuAgentSSHAddAuthorizedKeys(qemuAgentPtr agent,
+                                  const char *user,
+                                  qemuAgentSSHAuthorizedKeyPtr *keys,
+                                  size_t nkeys,
+                                  bool reset,
+                                  bool report_unsupported)
+{
+    g_autoptr(virJSONValue) cmd = NULL;
+    g_autoptr(virJSONValue) reply = NULL;
+    g_autoptr(virJSONValue) jkeys = NULL;
+    int rc;
+
+    jkeys = makeJSONArrayFromKeys(keys, nkeys);
+    if (jkeys == NULL)
+        return -1;
+
+    if (!(cmd = qemuAgentMakeCommand("guest-ssh-add-authorized-keys",
+                                     "s:username", user,
+                                     "a:keys", &jkeys,
+                                     "b:reset", reset,
+                                      NULL)))
+        return -1;
+
+    if ((rc = qemuAgentCommandFull(agent, cmd, &reply, agent->timeout,
+                                   report_unsupported)) < 0)
+        return rc;
+
+    return 0;
+}
+
+/* Returns: 0 on success
+ *          -2 when agent command is not supported by the agent and
+ *             'report_unsupported' is false (libvirt error is not reported)
+ *          -1 otherwise (libvirt error is reported)
+ */
+int qemuAgentSSHRemoveAuthorizedKeys(qemuAgentPtr agent,
+                                     const char *user,
+                                     qemuAgentSSHAuthorizedKeyPtr *keys,
+                                     size_t nkeys,
+                                     bool report_unsupported)
+{
+    g_autoptr(virJSONValue) cmd = NULL;
+    g_autoptr(virJSONValue) reply = NULL;
+    g_autoptr(virJSONValue) jkeys = NULL;
+    int rc;
+
+    jkeys = makeJSONArrayFromKeys(keys, nkeys);
+    if (jkeys == NULL)
+        return -1;
+
+    if (!(cmd = qemuAgentMakeCommand("guest-ssh-remove-authorized-keys",
+                                     "s:username", user,
+                                     "a:keys", &jkeys,
+                                      NULL)))
+        return -1;
+
+    if ((rc = qemuAgentCommandFull(agent, cmd, &reply, agent->timeout,
+                                   report_unsupported)) < 0)
+        return rc;
+
+    return 0;
+}
diff --git a/src/qemu/qemu_agent.h b/src/qemu/qemu_agent.h
index 2eeb376a68..3e70a55c19 100644
--- a/src/qemu/qemu_agent.h
+++ b/src/qemu/qemu_agent.h
@@ -67,6 +67,12 @@ typedef enum {
     QEMU_AGENT_SHUTDOWN_LAST,
 } qemuAgentShutdownMode;
 
+typedef struct _qemuAgentSSHAuthorizedKey qemuAgentSSHAuthorizedKey;
+typedef qemuAgentSSHAuthorizedKey *qemuAgentSSHAuthorizedKeyPtr;
+struct _qemuAgentSSHAuthorizedKey {
+    char *key;
+};
+
 typedef struct _qemuAgentDiskInfo qemuAgentDiskInfo;
 typedef qemuAgentDiskInfo *qemuAgentDiskInfoPtr;
 struct _qemuAgentDiskInfo {
@@ -170,3 +176,23 @@ int qemuAgentGetTimezone(qemuAgentPtr mon,
 
 void qemuAgentSetResponseTimeout(qemuAgentPtr mon,
                                  int timeout);
+
+void qemuAgentSSHAuthorizedKeyFree(qemuAgentSSHAuthorizedKeyPtr key);
+
+int qemuAgentSSHGetAuthorizedKeys(qemuAgentPtr agent,
+                                  const char *user,
+                                  qemuAgentSSHAuthorizedKeyPtr **keys,
+                                  bool report_unsupported);
+
+int qemuAgentSSHAddAuthorizedKeys(qemuAgentPtr agent,
+                                  const char *user,
+                                  qemuAgentSSHAuthorizedKeyPtr *keys,
+                                  size_t nkeys,
+                                  bool reset,
+                                  bool report_unsupported);
+
+int qemuAgentSSHRemoveAuthorizedKeys(qemuAgentPtr agent,
+                                     const char *user,
+                                     qemuAgentSSHAuthorizedKeyPtr *keys,
+                                     size_t nkeys,
+                                     bool report_unsupported);
diff --git a/tests/qemuagenttest.c b/tests/qemuagenttest.c
index 607bd97b5c..eda688850f 100644
--- a/tests/qemuagenttest.c
+++ b/tests/qemuagenttest.c
@@ -35,6 +35,85 @@
 virQEMUDriver driver;
 
 
+static int
+testQemuAgentSSHKeys(const void *data)
+{
+    virDomainXMLOptionPtr xmlopt = (virDomainXMLOptionPtr)data;
+    qemuMonitorTestPtr test = qemuMonitorTestNewAgent(xmlopt);
+    qemuAgentSSHAuthorizedKeyPtr *keys = NULL;
+    int nkeys = 0, i;
+    int ret = -1;
+
+    if (!test)
+        return -1;
+
+    if (qemuMonitorTestAddAgentSyncResponse(test) < 0)
+        goto cleanup;
+
+    if (qemuMonitorTestAddItem(test, "guest-ssh-get-authorized-keys",
+                               "{ \"return\" : [\"algo1 key1 comments1\","
+                               " \"algo2 key2 comments2\"] }") < 0)
+        goto cleanup;
+
+    if (qemuMonitorTestAddAgentSyncResponse(test) < 0)
+        goto cleanup;
+
+    if (qemuMonitorTestAddItem(test, "guest-ssh-add-authorized-keys",
+                               "{ \"return\" : {} }") < 0)
+        goto cleanup;
+
+    if (qemuMonitorTestAddAgentSyncResponse(test) < 0)
+        goto cleanup;
+
+    if (qemuMonitorTestAddItem(test, "guest-ssh-remove-authorized-keys",
+                               "{ \"return\" : {} }") < 0)
+        goto cleanup;
+
+    if ((nkeys = qemuAgentSSHGetAuthorizedKeys(qemuMonitorTestGetAgent(test),
+                                               "user",
+                                               &keys,
+                                               true)) < 0)
+        goto cleanup;
+
+    if (nkeys != 2) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       "expected 2 keys, got %d", nkeys);
+        ret = -1;
+        goto cleanup;
+    }
+
+    if (STRNEQ(keys[1]->key, "algo2 key2 comments2")) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "Unexpected key returned: %s", keys[1]->key);
+        ret = -1;
+        goto cleanup;
+    }
+
+    if ((ret = qemuAgentSSHAddAuthorizedKeys(qemuMonitorTestGetAgent(test),
+                                             "user",
+                                             keys,
+                                             nkeys,
+                                             true,
+                                             true)) < 0)
+        goto cleanup;
+
+    if ((ret = qemuAgentSSHRemoveAuthorizedKeys(qemuMonitorTestGetAgent(test),
+                                                "user",
+                                                keys,
+                                                nkeys,
+                                                true)) < 0)
+        goto cleanup;
+
+    ret = 0;
+
+ cleanup:
+    for (i = 0; i < nkeys; i++)
+        qemuAgentSSHAuthorizedKeyFree(keys[i]);
+    VIR_FREE(keys);
+    qemuMonitorTestFree(test);
+    return ret;
+}
+
+
 static int
 testQemuAgentFSFreeze(const void *data)
 {
@@ -1315,6 +1394,7 @@ mymain(void)
     DO_TEST(Users);
     DO_TEST(OSInfo);
     DO_TEST(Timezone);
+    DO_TEST(SSHKeys);
 
     DO_TEST(Timeout); /* Timeout should always be called last */
 
-- 
2.29.0




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux