[PATCH 3/6] virsh: Expose OpenSSH authorized key file mgmt APIs
Peter Krempa
pkrempa at redhat.com
Wed Nov 11 08:17:30 UTC 2020
On Tue, Nov 10, 2020 at 16:11:43 +0100, Michal Privoznik wrote:
> The new virsh commands are:
>
> get-user-sshkeys
> set-user-sshkeys
>
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
> docs/manpages/virsh.rst | 37 ++++++++++
> tools/virsh-domain.c | 152 ++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 189 insertions(+)
[...]
> diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
> index 1ae936c6b2..f51765cb42 100644
> --- a/tools/virsh-domain.c
> +++ b/tools/virsh-domain.c
[...]
> +static const vshCmdOptDef opts_set_user_sshkeys[] = {
> + VIRSH_COMMON_OPT_DOMAIN_FULL(VIR_CONNECT_LIST_DOMAINS_ACTIVE),
> + {.name = "user",
> + .type = VSH_OT_DATA,
> + .flags = VSH_OFLAG_REQ,
> + .help = N_("user to list authorized keys for"),
> + },
> + {.name = "append",
> + .type = VSH_OT_BOOL,
> + .help = N_("append keys to the file"),
> + },
> + {.name = "remove",
> + .type = VSH_OT_BOOL,
> + .help = N_("remove keys from the file"),
> + },
> + {.name = "keys",
> + .type = VSH_OT_ARGV,
> + .help = N_("OpenSSH keys"),
> + },
> + {.name = NULL}
> +};
The --keys ARGV option is not very userfriendly, given that the ssh key
has spaces in it ("ssh-rsa AAA...... user at host") ...
> +static bool
> +cmdSetUserSSHKeys(vshControl *ctl, const vshCmd *cmd)
> +{
> + virDomainPtr dom = NULL;
> + const char *user;
> + const vshCmdOpt *opt = NULL;
> + g_autofree const char **keys = NULL;
> + int nkeys = 0;
> + unsigned int flags = 0;
> + bool ret = false;
> +
> + if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
> + return false;
> +
> + if (vshCommandOptStringReq(ctl, cmd, "user", &user) < 0)
> + goto cleanup;
> +
> + if (vshCommandOptBool(cmd, "append"))
> + flags |= VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_APPEND;
> + if (vshCommandOptBool(cmd, "remove"))
> + flags |= VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_REMOVE;
> +
> + while ((opt = vshCommandOptArgv(ctl, cmd, opt))) {
> + keys = g_renew(const char *, keys, nkeys + 1);
> + keys[nkeys] = opt->data;
> + nkeys++;
... especially the way it's implemented here, where without using quotes
it would treat the key as 3 keys.
IMO a way better way is to read the key from a file. If you really want
to take key from command line, make using file optional at least.
> + }
> +
> + if (virDomainAuthorizedSSHKeysSet(dom, user, keys, nkeys, flags) < 0)
> + goto cleanup;
More information about the libvir-list
mailing list