On Mon, Nov 16, 2020 at 18:41:57 +0100, Michal Privoznik wrote: > On 11/16/20 3:46 PM, Peter Krempa wrote: > > On Mon, Nov 16, 2020 at 13:20:58 +0100, Michal Privoznik wrote: > > > When setting up a new guest or when a management software wants > > > to allow access to an existing guest the > > > virDomainSetUserPassword() API can be used, but that might be not > > > good enough if user want to ssh into the guest. Not only sshd has > > > to be configured to accept password authentication (which is > > > usually not the case for root), user have to type in their > > > password. Using SSH keys is more convenient. Therefore, two new > > > APIs are introduced: > > > > > > virDomainAuthorizedSSHKeysGet() which lists authorized keys for > > > given user, and > > > > > > virDomainAuthorizedSSHKeysSet() which modifies the authorized > > > keys file for given user (append, set or remove keys from the > > > file). > > > > > > It's worth nothing that while authorized_keys file entries have > > > some structure (as defined by sshd(8)), expressing that structure > > > goes beyond libvirt's focus and thus "keys" are nothing but an > > > opaque string to libvirt. > > > > > > Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> > > > --- > > > include/libvirt/libvirt-domain.h | 17 ++++ > > > src/driver-hypervisor.h | 15 ++++ > > > src/libvirt-domain.c | 133 +++++++++++++++++++++++++++++++ > > > src/libvirt_public.syms | 6 ++ > > > 4 files changed, 171 insertions(+) > > > > [..] > > > > > diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c > > > index 3c5f55176a..47b821f7d4 100644 > > > --- a/src/libvirt-domain.c > > > +++ b/src/libvirt-domain.c > > > @@ -12758,3 +12758,136 @@ virDomainBackupGetXMLDesc(virDomainPtr domain, > > > virDispatchError(conn); > > > return NULL; > > > } > > > + > > > + > > > +/** > > > + * virDomainAuthorizedSSHKeysGet: > > > + * @domain: a domain object > > > + * @user: user to list keys for > > > + * @keys: pointer to a variable to store authorized keys > > > + * @flags: extra flags; not used yet, so callers should always pass 0 > > > + * > > > + * For given @user in @domain fetch list of public SSH authorized > > > + * keys and store them into @keys array which is allocated upon > > > + * successful return. The caller is responsible for freeing @keys > > > + * when no longer needed. > > > > One nit. We tend to NULL-terminate such lists so that users can use > > various checks for iteration. > > > > Ah, good point. I guess it makes sense to NULL terminate only if actually > returning something, i.e. if the retval > 0. As a data-point, virDomainListAllDomains always allocates the output array with the one extra element if success is returned. For a case of 0 returned object that results in just the NULL terminator being returned.
