[PATCH v2 2/6] remote: Implement OpenSSH authorized key file mgmt APIs

Mon Nov 16 14:51:09 UTC 2020

On Mon, Nov 16, 2020 at 13:20:59 +0100, Michal Privoznik wrote:
> Since both APIs accept/return an array of strings we can't have
> client/server dispatch code generated. But implementation is
> fairly trivial, although verbose.
> 
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
>  src/remote/remote_daemon_dispatch.c | 82 +++++++++++++++++++++++++++
>  src/remote/remote_driver.c          | 87 +++++++++++++++++++++++++++++
>  src/remote/remote_protocol.x        | 34 ++++++++++-
>  src/remote_protocol-structs         | 22 ++++++++
>  4 files changed, 224 insertions(+), 1 deletion(-)

[...]

> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index 9cd2fd36ae..0b8d1e753f 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -8027,6 +8027,91 @@ remoteDomainGetGuestInfo(virDomainPtr dom,
>      return rv;
>  }
>  
> +static int
> +remoteDomainAuthorizedSSHKeysGet(virDomainPtr domain,
> +                                 const char *user,
> +                                 char ***keys,
> +                                 unsigned int flags)
> +{
> +    int rv = -1;
> +    size_t i;
> +    struct private_data *priv = domain->conn->privateData;
> +    remote_domain_authorized_ssh_keys_get_args args;
> +    remote_domain_authorized_ssh_keys_get_ret ret;
> +
> +    remoteDriverLock(priv);
> +
> +    make_nonnull_domain(&args.dom, domain);
> +    args.user = (char *) user;
> +    args.flags = flags;
> +    memset(&ret, 0, sizeof(ret));
> +
> +    if (call(domain->conn, priv, 0, REMOTE_PROC_DOMAIN_AUTHORIZED_SSH_KEYS_GET,
> +             (xdrproc_t) xdr_remote_domain_authorized_ssh_keys_get_args, (char *)&args,
> +             (xdrproc_t) xdr_remote_domain_authorized_ssh_keys_get_ret, (char *)&ret) == -1) {
> +        goto cleanup;
> +    }
> +
> +    if (ret.keys.keys_len > REMOTE_DOMAIN_AUTHORIZED_SSH_KEYS_MAX) {
> +        virReportError(VIR_ERR_RPC, "%s",
> +                       _("remoteDomainAuthorizedSSHKeysGet: "
> +                         "returned number of keys exceeds limit"));
> +        goto cleanup;
> +    }
> +
> +    *keys = g_new0(char *, ret.keys.keys_len);

Please over-allocate by 1 to ensure a NULL-terminated list.

> +    for (i = 0; i < ret.keys.keys_len; i++)
> +        (*keys)[i] = g_strdup(ret.keys.keys_val[i]);
> +
> +    rv = ret.keys.keys_len;
> +
> + cleanup:
> +    remoteDriverUnlock(priv);
> +    xdr_free((xdrproc_t)xdr_remote_domain_authorized_ssh_keys_get_ret,
> +             (char *) &ret);
> +    return rv;
> +}
> +

Reviewed-by: Peter Krempa <pkrempa at redhat.com>