[PATCH v3 1/6] Introduce OpenSSH authorized key file mgmt APIs

Michal Prívozník mprivozn at redhat.com
Mon Nov 23 12:12:34 UTC 2020 

On 11/23/20 12:50 PM, Daniel P. Berrangé wrote:
> On Wed, Nov 18, 2020 at 02:34:19PM +0100, Michal Privoznik wrote:
>> When setting up a new guest or when a management software wants
>> to allow access to an existing guest the
>> virDomainSetUserPassword() API can be used, but that might be not
>> good enough if user want to ssh into the guest. Not only sshd has
>> to be configured to accept password authentication (which is
>> usually not the case for root), user have to type in their
>> password. Using SSH keys is more convenient. Therefore, two new
>> APIs are introduced:
>>
>> virDomainAuthorizedSSHKeysGet() which lists authorized keys for
>> given user, and
>>
>> virDomainAuthorizedSSHKeysSet() which modifies the authorized
>> keys file for given user (append, set or remove keys from the
>> file).
>>
>> It's worth nothing that while authorized_keys file entries have
>> some structure (as defined by sshd(8)), expressing that structure
>> goes beyond libvirt's focus and thus "keys" are nothing but an
>> opaque string to libvirt.
>>
>> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
>> Reviewed-by: Peter Krempa <pkrempa at redhat.com>
>> ---
>>   include/libvirt/libvirt-domain.h |  17 ++++
>>   src/driver-hypervisor.h          |  15 ++++
>>   src/libvirt-domain.c             | 133 +++++++++++++++++++++++++++++++
>>   src/libvirt_public.syms          |   6 ++
>>   4 files changed, 171 insertions(+)
>>
>> diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
>> index e1095a193d..d81157ccaf 100644
>> --- a/include/libvirt/libvirt-domain.h
>> +++ b/include/libvirt/libvirt-domain.h
>> @@ -5101,4 +5101,21 @@ int virDomainBackupBegin(virDomainPtr domain,
>>   char *virDomainBackupGetXMLDesc(virDomainPtr domain,
>>                                   unsigned int flags);
>>   
>> +int virDomainAuthorizedSSHKeysGet(virDomainPtr domain,
>> +                                  const char *user,
>> +                                  char ***keys,
>> +                                  unsigned int flags);
>> +
>> +typedef enum {
>> +    VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_APPEND = (1 << 0), /* don't truncate file, just append */
>> +    VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_REMOVE = (1 << 1), /* remove keys, instead of adding them */
>> +
>> +} virDomainAuthorizedSSHKeysSetFlags;
>> +
>> +int virDomainAuthorizedSSHKeysSet(virDomainPtr domain,
>> +                                  const char *user,
>> +                                  const char **keys,
>> +                                  int nkeys,
>> +                                  unsigned int flags);
> 
> Is there a reason you used  "int nkeys" here rather than "unsigned int nkeys".

No, you're right - it should have been uint.

> 
> The code clearly requires a non-negative value, but nothing ever checks that,
> so a caller passing -1 would have undefined behaviour AFAICT.

Technically, passing a negative value would fail at RPC because it would 
hit the limit for keys stored in one RPC message, but that's not good 
either.

> 
> So can we change this to unsigned int ?

Yep, will post a patch.

Michal

More information about the libvir-list mailing list