* [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys
@ 2020-10-20 8:12 marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 1/7] glib-compat: add g_unix_get_passwd_entry_qemu() marcandre.lureau
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-10-20 8:12 UTC (permalink / raw)
To: qemu-devel; +Cc: berrange, Michael Roth, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Hi
Add new commands to help modify a user .ssh/authorized_keys.
Although it's possible already to modify the authorized_keys files via
file-{read,write} or exec, the commands are often denied by default, and the
logic is left to the client. Let's add specific commands for this job.
Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1885332
v3:
- add "qga: add ssh-get-authorized-keys" & "qga: add *reset argument to
ssh-add-authorized-keys" patches
- add some fixup! patches to be squashed after review, adding 'if'
- added the reviewed-by
- misc doc improvements
v2:
- misc doc improvements
- various warnings fixes
- fix build for !unix
- added reviewed-by
Marc-André Lureau (7):
glib-compat: add g_unix_get_passwd_entry_qemu()
qga: add ssh-{add,remove}-authorized-keys
fixup! qga: add ssh-{add,remove}-authorized-keys
fixup! qga: add ssh-{add,remove}-authorized-keys
qga: add *reset argument to ssh-add-authorized-keys
meson: minor simplification
qga: add ssh-get-authorized-keys
include/glib-compat.h | 26 ++
qga/commands-posix-ssh.c | 516 +++++++++++++++++++++++++++++++++++++++
qga/meson.build | 34 ++-
qga/qapi-schema.json | 67 +++++
4 files changed, 636 insertions(+), 7 deletions(-)
create mode 100644 qga/commands-posix-ssh.c
--
2.28.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v3 1/7] glib-compat: add g_unix_get_passwd_entry_qemu()
2020-10-20 8:12 [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys marcandre.lureau
@ 2020-10-20 8:12 ` marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 2/7] qga: add ssh-{add,remove}-authorized-keys marcandre.lureau
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-10-20 8:12 UTC (permalink / raw)
To: qemu-devel; +Cc: berrange, Michael Roth, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
The glib function was introduced in 2.64. It's a safer version of
getpwnam, and also simpler to use than getpwnam_r.
Currently, it's only use by the next patch in qemu-ga, which doesn't
(well well...) need the thread safety guarantees. Since the fallback
version is still unsafe, I would rather keep the _qemu postfix, to make
sure it's not being misused by mistake. When/if necessary, we can
implement a safer fallback and drop the _qemu suffix.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
include/glib-compat.h | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/include/glib-compat.h b/include/glib-compat.h
index 0b0ec76299..64e68aa730 100644
--- a/include/glib-compat.h
+++ b/include/glib-compat.h
@@ -30,6 +30,11 @@
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
#include <glib.h>
+#if defined(G_OS_UNIX)
+#include <glib-unix.h>
+#include <sys/types.h>
+#include <pwd.h>
+#endif
/*
* Note that because of the GLIB_VERSION_MAX_ALLOWED constant above, allowing
@@ -72,6 +77,27 @@
gint g_poll_fixed(GPollFD *fds, guint nfds, gint timeout);
#endif
+#if defined(G_OS_UNIX)
+/* Note: The fallback implementation is not MT-safe, and it returns a copy of
+ * the libc passwd (must be g_free() after use) but not the content. Because of
+ * these important differences the caller must be aware of, it's not #define for
+ * GLib API substitution. */
+static inline struct passwd *
+g_unix_get_passwd_entry_qemu(const gchar *user_name, GError **error)
+{
+#if GLIB_CHECK_VERSION(2, 64, 0)
+ return g_unix_get_passwd_entry(user_name, error);
+#else
+ struct passwd *p = getpwnam(user_name);
+ if (!p) {
+ g_set_error_literal(error, G_UNIX_ERROR, 0, g_strerror(errno));
+ return NULL;
+ }
+ return (struct passwd *)g_memdup(p, sizeof(*p));
+#endif
+}
+#endif /* G_OS_UNIX */
+
#pragma GCC diagnostic pop
#endif
--
2.28.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v3 2/7] qga: add ssh-{add,remove}-authorized-keys
2020-10-20 8:12 [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 1/7] glib-compat: add g_unix_get_passwd_entry_qemu() marcandre.lureau
@ 2020-10-20 8:12 ` marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 3/7] fixup! " marcandre.lureau
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-10-20 8:12 UTC (permalink / raw)
To: qemu-devel; +Cc: berrange, Michael Roth, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Add new commands to add and remove SSH public keys from
~/.ssh/authorized_keys.
I took a different approach for testing, including the unit tests right
with the code. I wanted to overwrite the function to get the user
details, I couldn't easily do that over QMP. Furthermore, I prefer
having unit tests very close to the code, and unit files that are domain
specific (commands-posix is too crowded already). FWIW, that
coding/testing style is Rust-style (where tests can or should even be
part of the documentation!).
Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1885332
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
qga/commands-posix-ssh.c | 400 +++++++++++++++++++++++++++++++++++++++
qga/commands-win32.c | 12 ++
qga/meson.build | 20 +-
qga/qapi-schema.json | 33 ++++
4 files changed, 464 insertions(+), 1 deletion(-)
create mode 100644 qga/commands-posix-ssh.c
diff --git a/qga/commands-posix-ssh.c b/qga/commands-posix-ssh.c
new file mode 100644
index 0000000000..d41c114c3c
--- /dev/null
+++ b/qga/commands-posix-ssh.c
@@ -0,0 +1,400 @@
+ /*
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+
+#include <glib-unix.h>
+#include <glib/gstdio.h>
+#include <locale.h>
+#include <pwd.h>
+
+#include "qapi/error.h"
+#include "qga-qapi-commands.h"
+
+#ifdef QGA_BUILD_UNIT_TEST
+static struct passwd *
+test_get_passwd_entry(const gchar *user_name, GError **error)
+{
+ struct passwd *p;
+ int ret;
+
+ if (!user_name || g_strcmp0(user_name, g_get_user_name())) {
+ g_set_error(error, G_UNIX_ERROR, 0, "Invalid user name");
+ return NULL;
+ }
+
+ p = g_new0(struct passwd, 1);
+ p->pw_dir = (char *)g_get_home_dir();
+ p->pw_uid = geteuid();
+ p->pw_gid = getegid();
+
+ ret = g_mkdir_with_parents(p->pw_dir, 0700);
+ g_assert_cmpint(ret, ==, 0);
+
+ return p;
+}
+
+#define g_unix_get_passwd_entry_qemu(username, err) \
+ test_get_passwd_entry(username, err)
+#endif
+
+static struct passwd *
+get_passwd_entry(const char *username, Error **errp)
+{
+ g_autoptr(GError) err = NULL;
+ struct passwd *p;
+
+ ERRP_GUARD();
+
+ p = g_unix_get_passwd_entry_qemu(username, &err);
+ if (p == NULL) {
+ error_setg(errp, "failed to lookup user '%s': %s",
+ username, err->message);
+ return NULL;
+ }
+
+ return p;
+}
+
+static bool
+mkdir_for_user(const char *path, const struct passwd *p,
+ mode_t mode, Error **errp)
+{
+ ERRP_GUARD();
+
+ if (g_mkdir(path, mode) == -1) {
+ error_setg(errp, "failed to create directory '%s': %s",
+ path, g_strerror(errno));
+ return false;
+ }
+
+ if (chown(path, p->pw_uid, p->pw_gid) == -1) {
+ error_setg(errp, "failed to set ownership of directory '%s': %s",
+ path, g_strerror(errno));
+ return false;
+ }
+
+ if (chmod(path, mode) == -1) {
+ error_setg(errp, "failed to set permissions of directory '%s': %s",
+ path, g_strerror(errno));
+ return false;
+ }
+
+ return true;
+}
+
+static bool
+check_openssh_pub_key(const char *key, Error **errp)
+{
+ ERRP_GUARD();
+
+ /* simple sanity-check, we may want more? */
+ if (!key || key[0] == '#' || strchr(key, '\n')) {
+ error_setg(errp, "invalid OpenSSH public key: '%s'", key);
+ return false;
+ }
+
+ return true;
+}
+
+static bool
+check_openssh_pub_keys(strList *keys, size_t *nkeys, Error **errp)
+{
+ size_t n = 0;
+ strList *k;
+
+ ERRP_GUARD();
+
+ for (k = keys; k != NULL; k = k->next) {
+ if (!check_openssh_pub_key(k->value, errp)) {
+ return false;
+ }
+ n++;
+ }
+
+ if (nkeys) {
+ *nkeys = n;
+ }
+ return true;
+}
+
+static bool
+write_authkeys(const char *path, const GStrv keys, Error **errp)
+{
+ g_autofree char *contents = NULL;
+ g_autoptr(GError) err = NULL;
+
+ ERRP_GUARD();
+
+ contents = g_strjoinv("\n", keys);
+ if (!g_file_set_contents(path, contents, -1, &err)) {
+ error_setg(errp, "failed to write to '%s': %s", path, err->message);
+ return false;
+ }
+
+ if (chmod(path, 0600) == -1) {
+ error_setg(errp, "failed to set permissions of '%s': %s",
+ path, g_strerror(errno));
+ return false;
+ }
+
+ return true;
+}
+
+static GStrv
+read_authkeys(const char *path, Error **errp)
+{
+ g_autoptr(GError) err = NULL;
+ g_autofree char *contents = NULL;
+
+ ERRP_GUARD();
+
+ if (!g_file_get_contents(path, &contents, NULL, &err)) {
+ error_setg(errp, "failed to read '%s': %s", path, err->message);
+ return NULL;
+ }
+
+ return g_strsplit(contents, "\n", -1);
+
+}
+
+void
+qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
+ Error **errp)
+{
+ g_autofree struct passwd *p = NULL;
+ g_autofree char *ssh_path = NULL;
+ g_autofree char *authkeys_path = NULL;
+ g_auto(GStrv) authkeys = NULL;
+ strList *k;
+ size_t nkeys, nauthkeys;
+
+ ERRP_GUARD();
+
+ if (!check_openssh_pub_keys(keys, &nkeys, errp)) {
+ return;
+ }
+
+ p = get_passwd_entry(username, errp);
+ if (p == NULL) {
+ return;
+ }
+
+ ssh_path = g_build_filename(p->pw_dir, ".ssh", NULL);
+ authkeys_path = g_build_filename(ssh_path, "authorized_keys", NULL);
+
+ authkeys = read_authkeys(authkeys_path, NULL);
+ if (authkeys == NULL) {
+ if (!g_file_test(ssh_path, G_FILE_TEST_IS_DIR) &&
+ !mkdir_for_user(ssh_path, p, 0700, errp)) {
+ return;
+ }
+ }
+
+ nauthkeys = authkeys ? g_strv_length(authkeys) : 0;
+ authkeys = g_realloc_n(authkeys, nauthkeys + nkeys + 1, sizeof(char *));
+ memset(authkeys + nauthkeys, 0, (nkeys + 1) * sizeof(char *));
+
+ for (k = keys; k != NULL; k = k->next) {
+ if (g_strv_contains((const gchar * const *)authkeys, k->value)) {
+ continue;
+ }
+ authkeys[nauthkeys++] = g_strdup(k->value);
+ }
+
+ write_authkeys(authkeys_path, authkeys, errp);
+}
+
+void
+qmp_guest_ssh_remove_authorized_keys(const char *username, strList *keys,
+ Error **errp)
+{
+ g_autofree struct passwd *p = NULL;
+ g_autofree char *authkeys_path = NULL;
+ g_autofree GStrv new_keys = NULL; /* do not own the strings */
+ g_auto(GStrv) authkeys = NULL;
+ GStrv a;
+ size_t nkeys = 0;
+
+ ERRP_GUARD();
+
+ if (!check_openssh_pub_keys(keys, NULL, errp)) {
+ return;
+ }
+
+ p = get_passwd_entry(username, errp);
+ if (p == NULL) {
+ return;
+ }
+
+ authkeys_path = g_build_filename(p->pw_dir, ".ssh",
+ "authorized_keys", NULL);
+ if (!g_file_test(authkeys_path, G_FILE_TEST_EXISTS)) {
+ return;
+ }
+ authkeys = read_authkeys(authkeys_path, errp);
+ if (authkeys == NULL) {
+ return;
+ }
+
+ new_keys = g_new0(char *, g_strv_length(authkeys) + 1);
+ for (a = authkeys; *a != NULL; a++) {
+ strList *k;
+
+ for (k = keys; k != NULL; k = k->next) {
+ if (g_str_equal(k->value, *a)) {
+ break;
+ }
+ }
+ if (k != NULL) {
+ continue;
+ }
+
+ new_keys[nkeys++] = *a;
+ }
+
+ write_authkeys(authkeys_path, new_keys, errp);
+}
+
+
+#ifdef QGA_BUILD_UNIT_TEST
+#if GLIB_CHECK_VERSION(2, 60, 0)
+static const strList test_key2 = {
+ .value = (char *)"algo key2 comments"
+};
+
+static const strList test_key1_2 = {
+ .value = (char *)"algo key1 comments",
+ .next = (strList *)&test_key2,
+};
+
+static char *
+test_get_authorized_keys_path(void)
+{
+ return g_build_filename(g_get_home_dir(), ".ssh", "authorized_keys", NULL);
+}
+
+static void
+test_authorized_keys_set(const char *contents)
+{
+ g_autoptr(GError) err = NULL;
+ g_autofree char *path = NULL;
+ int ret;
+
+ path = g_build_filename(g_get_home_dir(), ".ssh", NULL);
+ ret = g_mkdir_with_parents(path, 0700);
+ g_assert_cmpint(ret, ==, 0);
+ g_free(path);
+
+ path = test_get_authorized_keys_path();
+ g_file_set_contents(path, contents, -1, &err);
+ g_assert_no_error(err);
+}
+
+static void
+test_authorized_keys_equal(const char *expected)
+{
+ g_autoptr(GError) err = NULL;
+ g_autofree char *path = NULL;
+ g_autofree char *contents = NULL;
+
+ path = test_get_authorized_keys_path();
+ g_file_get_contents(path, &contents, NULL, &err);
+ g_assert_no_error(err);
+
+ g_assert_cmpstr(contents, ==, expected);
+}
+
+static void
+test_invalid_user(void)
+{
+ Error *err = NULL;
+
+ qmp_guest_ssh_add_authorized_keys("", NULL, &err);
+ error_free_or_abort(&err);
+
+ qmp_guest_ssh_remove_authorized_keys("", NULL, &err);
+ error_free_or_abort(&err);
+}
+
+static void
+test_invalid_key(void)
+{
+ strList key = {
+ .value = (char *)"not a valid\nkey"
+ };
+ Error *err = NULL;
+
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key, &err);
+ error_free_or_abort(&err);
+
+ qmp_guest_ssh_remove_authorized_keys(g_get_user_name(), &key, &err);
+ error_free_or_abort(&err);
+}
+
+static void
+test_add_keys(void)
+{
+ Error *err = NULL;
+
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
+ (strList *)&test_key2, &err);
+ g_assert_null(err);
+
+ test_authorized_keys_equal("algo key2 comments");
+
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
+ (strList *)&test_key1_2, &err);
+ g_assert_null(err);
+
+ /* key2 came first, and should'nt be duplicated */
+ test_authorized_keys_equal("algo key2 comments\n"
+ "algo key1 comments");
+}
+
+static void
+test_remove_keys(void)
+{
+ Error *err = NULL;
+ static const char *authkeys =
+ "algo key1 comments\n"
+ /* originally duplicated */
+ "algo key1 comments\n"
+ "# a commented line\n"
+ "algo some-key another\n";
+
+ test_authorized_keys_set(authkeys);
+ qmp_guest_ssh_remove_authorized_keys(g_get_user_name(),
+ (strList *)&test_key2, &err);
+ g_assert_null(err);
+ test_authorized_keys_equal(authkeys);
+
+ qmp_guest_ssh_remove_authorized_keys(g_get_user_name(),
+ (strList *)&test_key1_2, &err);
+ g_assert_null(err);
+ test_authorized_keys_equal("# a commented line\n"
+ "algo some-key another\n");
+}
+
+int main(int argc, char *argv[])
+{
+ setlocale(LC_ALL, "");
+
+ g_test_init(&argc, &argv, G_TEST_OPTION_ISOLATE_DIRS, NULL);
+
+ g_test_add_func("/qga/ssh/invalid_user", test_invalid_user);
+ g_test_add_func("/qga/ssh/invalid_key", test_invalid_key);
+ g_test_add_func("/qga/ssh/add_keys", test_add_keys);
+ g_test_add_func("/qga/ssh/remove_keys", test_remove_keys);
+
+ return g_test_run();
+}
+#else
+int main(int argc, char *argv[])
+{
+ g_test_message("test skipped, needs glib >= 2.60");
+ return 0;
+}
+#endif /* GLIB_2_60 */
+#endif /* BUILD_UNIT_TEST */
diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index 0c3c05484f..1e188b03d3 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -2457,3 +2457,15 @@ GuestDeviceInfoList *qmp_guest_get_devices(Error **errp)
}
return head;
}
+
+void qmp_guest_ssh_add_authorized_keys(const char *username,
+ strList *keys, Error **errp)
+{
+ error_setg(errp, QERR_UNSUPPORTED);
+}
+
+void qmp_guest_ssh_remove_authorized_keys(const char *username,
+ strList *keys, Error **errp)
+{
+ error_setg(errp, QERR_UNSUPPORTED);
+}
diff --git a/qga/meson.build b/qga/meson.build
index cd08bd953a..6315bb357e 100644
--- a/qga/meson.build
+++ b/qga/meson.build
@@ -35,7 +35,9 @@ qga_ss.add(files(
))
qga_ss.add(when: 'CONFIG_POSIX', if_true: files(
'channel-posix.c',
- 'commands-posix.c'))
+ 'commands-posix.c',
+ 'commands-posix-ssh.c',
+))
qga_ss.add(when: 'CONFIG_WIN32', if_true: files(
'channel-win32.c',
'commands-win32.c',
@@ -87,3 +89,19 @@ else
endif
alias_target('qemu-ga', all_qga)
+
+test_env = environment()
+test_env.set('G_TEST_SRCDIR', meson.current_source_dir())
+test_env.set('G_TEST_BUILDDIR', meson.current_build_dir())
+
+if 'CONFIG_POSIX' in config_host
+ qga_ssh_test = executable('qga-ssh-test',
+ files('commands-posix-ssh.c'),
+ dependencies: [qemuutil],
+ c_args: ['-DQGA_BUILD_UNIT_TEST'])
+
+ test('qga-ssh-test',
+ qga_ssh_test,
+ env: test_env,
+ suite: ['unit', 'qga'])
+endif
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index cec98c7e06..361883f870 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -1306,3 +1306,36 @@
##
{ 'command': 'guest-get-devices',
'returns': ['GuestDeviceInfo'] }
+
+##
+# @guest-ssh-add-authorized-keys:
+#
+# @username: the user account to add the authorized keys
+# @keys: the public keys to add (in OpenSSH/sshd(8) authorized_keys format)
+#
+# Append public keys to user .ssh/authorized_keys on Unix systems (not
+# implemented for other systems).
+#
+# Returns: Nothing on success.
+#
+# Since: 5.2
+##
+{ 'command': 'guest-ssh-add-authorized-keys',
+ 'data': { 'username': 'str', 'keys': ['str'] } }
+
+##
+# @guest-ssh-remove-authorized-keys:
+#
+# @username: the user account to remove the authorized keys
+# @keys: the public keys to remove (in OpenSSH/sshd(8) authorized_keys format)
+#
+# Remove public keys from the user .ssh/authorized_keys on Unix systems (not
+# implemented for other systems). It's not an error if the key is already
+# missing.
+#
+# Returns: Nothing on success.
+#
+# Since: 5.2
+##
+{ 'command': 'guest-ssh-remove-authorized-keys',
+ 'data': { 'username': 'str', 'keys': ['str'] } }
--
2.28.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v3 3/7] fixup! qga: add ssh-{add,remove}-authorized-keys
2020-10-20 8:12 [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 1/7] glib-compat: add g_unix_get_passwd_entry_qemu() marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 2/7] qga: add ssh-{add,remove}-authorized-keys marcandre.lureau
@ 2020-10-20 8:12 ` marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 4/7] " marcandre.lureau
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-10-20 8:12 UTC (permalink / raw)
To: qemu-devel; +Cc: berrange, Michael Roth, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
I forgot to reset the file ownership after it is written.
---
qga/commands-posix-ssh.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/qga/commands-posix-ssh.c b/qga/commands-posix-ssh.c
index d41c114c3c..a7bc9a1c24 100644
--- a/qga/commands-posix-ssh.c
+++ b/qga/commands-posix-ssh.c
@@ -120,7 +120,8 @@ check_openssh_pub_keys(strList *keys, size_t *nkeys, Error **errp)
}
static bool
-write_authkeys(const char *path, const GStrv keys, Error **errp)
+write_authkeys(const char *path, const GStrv keys,
+ const struct passwd *p, Error **errp)
{
g_autofree char *contents = NULL;
g_autoptr(GError) err = NULL;
@@ -133,6 +134,12 @@ write_authkeys(const char *path, const GStrv keys, Error **errp)
return false;
}
+ if (chown(path, p->pw_uid, p->pw_gid) == -1) {
+ error_setg(errp, "failed to set ownership of directory '%s': %s",
+ path, g_strerror(errno));
+ return false;
+ }
+
if (chmod(path, 0600) == -1) {
error_setg(errp, "failed to set permissions of '%s': %s",
path, g_strerror(errno));
@@ -203,7 +210,7 @@ qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
authkeys[nauthkeys++] = g_strdup(k->value);
}
- write_authkeys(authkeys_path, authkeys, errp);
+ write_authkeys(authkeys_path, authkeys, p, errp);
}
void
@@ -254,7 +261,7 @@ qmp_guest_ssh_remove_authorized_keys(const char *username, strList *keys,
new_keys[nkeys++] = *a;
}
- write_authkeys(authkeys_path, new_keys, errp);
+ write_authkeys(authkeys_path, new_keys, p, errp);
}
--
2.28.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v3 4/7] fixup! qga: add ssh-{add,remove}-authorized-keys
2020-10-20 8:12 [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys marcandre.lureau
` (2 preceding siblings ...)
2020-10-20 8:12 ` [PATCH v3 3/7] fixup! " marcandre.lureau
@ 2020-10-20 8:12 ` marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 5/7] qga: add *reset argument to ssh-add-authorized-keys marcandre.lureau
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-10-20 8:12 UTC (permalink / raw)
To: qemu-devel; +Cc: berrange, Michael Roth, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Use 'if' condition, as suggested by E. Blake.
---
qga/commands-win32.c | 12 ------------
qga/qapi-schema.json | 6 ++++--
2 files changed, 4 insertions(+), 14 deletions(-)
diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index 1e188b03d3..0c3c05484f 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -2457,15 +2457,3 @@ GuestDeviceInfoList *qmp_guest_get_devices(Error **errp)
}
return head;
}
-
-void qmp_guest_ssh_add_authorized_keys(const char *username,
- strList *keys, Error **errp)
-{
- error_setg(errp, QERR_UNSUPPORTED);
-}
-
-void qmp_guest_ssh_remove_authorized_keys(const char *username,
- strList *keys, Error **errp)
-{
- error_setg(errp, QERR_UNSUPPORTED);
-}
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index 361883f870..90615f95d4 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -1321,7 +1321,8 @@
# Since: 5.2
##
{ 'command': 'guest-ssh-add-authorized-keys',
- 'data': { 'username': 'str', 'keys': ['str'] } }
+ 'data': { 'username': 'str', 'keys': ['str'] },
+ 'if': 'defined(CONFIG_POSIX)' }
##
# @guest-ssh-remove-authorized-keys:
@@ -1338,4 +1339,5 @@
# Since: 5.2
##
{ 'command': 'guest-ssh-remove-authorized-keys',
- 'data': { 'username': 'str', 'keys': ['str'] } }
+ 'data': { 'username': 'str', 'keys': ['str'] },
+ 'if': 'defined(CONFIG_POSIX)' }
--
2.28.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v3 5/7] qga: add *reset argument to ssh-add-authorized-keys
2020-10-20 8:12 [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys marcandre.lureau
` (3 preceding siblings ...)
2020-10-20 8:12 ` [PATCH v3 4/7] " marcandre.lureau
@ 2020-10-20 8:12 ` marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 6/7] meson: minor simplification marcandre.lureau
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-10-20 8:12 UTC (permalink / raw)
To: qemu-devel; +Cc: berrange, Michael Roth, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
I prefer 'reset' over 'clear', since 'clear' and keys may have some
other relations or meaning.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
qga/commands-posix-ssh.c | 53 ++++++++++++++++++++++++++++++++++++----
qga/qapi-schema.json | 3 ++-
2 files changed, 50 insertions(+), 6 deletions(-)
diff --git a/qga/commands-posix-ssh.c b/qga/commands-posix-ssh.c
index a7bc9a1c24..f974bc4b64 100644
--- a/qga/commands-posix-ssh.c
+++ b/qga/commands-posix-ssh.c
@@ -168,6 +168,7 @@ read_authkeys(const char *path, Error **errp)
void
qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
+ bool has_reset, bool reset,
Error **errp)
{
g_autofree struct passwd *p = NULL;
@@ -178,6 +179,7 @@ qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
size_t nkeys, nauthkeys;
ERRP_GUARD();
+ reset = has_reset && reset;
if (!check_openssh_pub_keys(keys, &nkeys, errp)) {
return;
@@ -191,7 +193,9 @@ qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
ssh_path = g_build_filename(p->pw_dir, ".ssh", NULL);
authkeys_path = g_build_filename(ssh_path, "authorized_keys", NULL);
- authkeys = read_authkeys(authkeys_path, NULL);
+ if (!reset) {
+ authkeys = read_authkeys(authkeys_path, NULL);
+ }
if (authkeys == NULL) {
if (!g_file_test(ssh_path, G_FILE_TEST_IS_DIR) &&
!mkdir_for_user(ssh_path, p, 0700, errp)) {
@@ -318,7 +322,7 @@ test_invalid_user(void)
{
Error *err = NULL;
- qmp_guest_ssh_add_authorized_keys("", NULL, &err);
+ qmp_guest_ssh_add_authorized_keys("", NULL, FALSE, FALSE, &err);
error_free_or_abort(&err);
qmp_guest_ssh_remove_authorized_keys("", NULL, &err);
@@ -333,7 +337,8 @@ test_invalid_key(void)
};
Error *err = NULL;
- qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key, &err);
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key,
+ FALSE, FALSE, &err);
error_free_or_abort(&err);
qmp_guest_ssh_remove_authorized_keys(g_get_user_name(), &key, &err);
@@ -346,13 +351,17 @@ test_add_keys(void)
Error *err = NULL;
qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
- (strList *)&test_key2, &err);
+ (strList *)&test_key2,
+ FALSE, FALSE,
+ &err);
g_assert_null(err);
test_authorized_keys_equal("algo key2 comments");
qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
- (strList *)&test_key1_2, &err);
+ (strList *)&test_key1_2,
+ FALSE, FALSE,
+ &err);
g_assert_null(err);
/* key2 came first, and should'nt be duplicated */
@@ -360,6 +369,39 @@ test_add_keys(void)
"algo key1 comments");
}
+static void
+test_add_reset_keys(void)
+{
+ Error *err = NULL;
+
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
+ (strList *)&test_key1_2,
+ FALSE, FALSE,
+ &err);
+ g_assert_null(err);
+
+ /* reset with key2 only */
+ test_authorized_keys_equal("algo key1 comments\n"
+ "algo key2 comments");
+
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
+ (strList *)&test_key2,
+ TRUE, TRUE,
+ &err);
+ g_assert_null(err);
+
+ test_authorized_keys_equal("algo key2 comments");
+
+ /* empty should clear file */
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
+ (strList *)NULL,
+ TRUE, TRUE,
+ &err);
+ g_assert_null(err);
+
+ test_authorized_keys_equal("");
+}
+
static void
test_remove_keys(void)
{
@@ -393,6 +435,7 @@ int main(int argc, char *argv[])
g_test_add_func("/qga/ssh/invalid_user", test_invalid_user);
g_test_add_func("/qga/ssh/invalid_key", test_invalid_key);
g_test_add_func("/qga/ssh/add_keys", test_add_keys);
+ g_test_add_func("/qga/ssh/add_reset_keys", test_add_reset_keys);
g_test_add_func("/qga/ssh/remove_keys", test_remove_keys);
return g_test_run();
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index 90615f95d4..6b7cb86dee 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -1312,6 +1312,7 @@
#
# @username: the user account to add the authorized keys
# @keys: the public keys to add (in OpenSSH/sshd(8) authorized_keys format)
+# @reset: ignore the existing content, set it with the given keys only
#
# Append public keys to user .ssh/authorized_keys on Unix systems (not
# implemented for other systems).
@@ -1321,7 +1322,7 @@
# Since: 5.2
##
{ 'command': 'guest-ssh-add-authorized-keys',
- 'data': { 'username': 'str', 'keys': ['str'] },
+ 'data': { 'username': 'str', 'keys': ['str'], '*reset': 'bool' },
'if': 'defined(CONFIG_POSIX)' }
##
--
2.28.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v3 6/7] meson: minor simplification
2020-10-20 8:12 [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys marcandre.lureau
` (4 preceding siblings ...)
2020-10-20 8:12 ` [PATCH v3 5/7] qga: add *reset argument to ssh-add-authorized-keys marcandre.lureau
@ 2020-10-20 8:12 ` marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 7/7] qga: add ssh-get-authorized-keys marcandre.lureau
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-10-20 8:12 UTC (permalink / raw)
To: qemu-devel; +Cc: berrange, Michael Roth, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
qga/meson.build | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/qga/meson.build b/qga/meson.build
index 6315bb357e..8340892139 100644
--- a/qga/meson.build
+++ b/qga/meson.build
@@ -22,12 +22,7 @@ qga_qapi_files = custom_target('QGA QAPI files',
depend_files: qapi_gen_depends)
qga_ss = ss.source_set()
-i = 0
-foreach output: qga_qapi_outputs
- qga_ss.add(qga_qapi_files[i])
- i = i + 1
-endforeach
-
+qga_ss.add(qga_qapi_files.to_list())
qga_ss.add(files(
'commands.c',
'guest-agent-command-state.c',
--
2.28.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v3 7/7] qga: add ssh-get-authorized-keys
2020-10-20 8:12 [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys marcandre.lureau
` (5 preceding siblings ...)
2020-10-20 8:12 ` [PATCH v3 6/7] meson: minor simplification marcandre.lureau
@ 2020-10-20 8:12 ` marcandre.lureau
2020-10-20 8:24 ` [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys no-reply
2020-10-26 17:10 ` Marc-André Lureau
8 siblings, 0 replies; 10+ messages in thread
From: marcandre.lureau @ 2020-10-20 8:12 UTC (permalink / raw)
To: qemu-devel; +Cc: berrange, Michael Roth, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
qga/commands-posix-ssh.c | 66 ++++++++++++++++++++++++++++++++++++++++
qga/meson.build | 11 +++++--
qga/qapi-schema.json | 31 +++++++++++++++++++
3 files changed, 106 insertions(+), 2 deletions(-)
diff --git a/qga/commands-posix-ssh.c b/qga/commands-posix-ssh.c
index f974bc4b64..4d75cb0113 100644
--- a/qga/commands-posix-ssh.c
+++ b/qga/commands-posix-ssh.c
@@ -268,6 +268,46 @@ qmp_guest_ssh_remove_authorized_keys(const char *username, strList *keys,
write_authkeys(authkeys_path, new_keys, p, errp);
}
+GuestAuthorizedKeys *
+qmp_guest_ssh_get_authorized_keys(const char *username, Error **errp)
+{
+ g_autofree struct passwd *p = NULL;
+ g_autofree char *authkeys_path = NULL;
+ g_auto(GStrv) authkeys = NULL;
+ g_autoptr(GuestAuthorizedKeys) ret = NULL;
+ int i;
+
+ ERRP_GUARD();
+
+ p = get_passwd_entry(username, errp);
+ if (p == NULL) {
+ return NULL;
+ }
+
+ authkeys_path = g_build_filename(p->pw_dir, ".ssh",
+ "authorized_keys", NULL);
+ authkeys = read_authkeys(authkeys_path, errp);
+ if (authkeys == NULL) {
+ return NULL;
+ }
+
+ ret = g_new0(GuestAuthorizedKeys, 1);
+ for (i = 0; authkeys[i] != NULL; i++) {
+ strList *new;
+
+ g_strstrip(authkeys[i]);
+ if (!authkeys[i][0] || authkeys[i][0] == '#') {
+ continue;
+ }
+
+ new = g_new0(strList, 1);
+ new->value = g_strdup(authkeys[i]);
+ new->next = ret->keys;
+ ret->keys = new;
+ }
+
+ return g_steal_pointer (&ret);
+}
#ifdef QGA_BUILD_UNIT_TEST
#if GLIB_CHECK_VERSION(2, 60, 0)
@@ -426,6 +466,31 @@ test_remove_keys(void)
"algo some-key another\n");
}
+static void
+test_get_keys(void)
+{
+ Error *err = NULL;
+ static const char *authkeys =
+ "algo key1 comments\n"
+ "# a commented line\n"
+ "algo some-key another\n";
+ g_autoptr(GuestAuthorizedKeys) ret = NULL;
+ strList *k;
+ size_t len = 0;
+
+ test_authorized_keys_set(authkeys);
+
+ ret = qmp_guest_ssh_get_authorized_keys(g_get_user_name(), &err);
+ g_assert_null(err);
+
+ for (len = 0, k = ret->keys; k != NULL; k = k->next) {
+ g_assert(g_str_has_prefix(k->value, "algo "));
+ len++;
+ }
+
+ g_assert_cmpint(len, ==, 2);
+}
+
int main(int argc, char *argv[])
{
setlocale(LC_ALL, "");
@@ -437,6 +502,7 @@ int main(int argc, char *argv[])
g_test_add_func("/qga/ssh/add_keys", test_add_keys);
g_test_add_func("/qga/ssh/add_reset_keys", test_add_reset_keys);
g_test_add_func("/qga/ssh/remove_keys", test_remove_keys);
+ g_test_add_func("/qga/ssh/get_keys", test_get_keys);
return g_test_run();
}
diff --git a/qga/meson.build b/qga/meson.build
index 8340892139..80e7487f32 100644
--- a/qga/meson.build
+++ b/qga/meson.build
@@ -90,8 +90,15 @@ test_env.set('G_TEST_SRCDIR', meson.current_source_dir())
test_env.set('G_TEST_BUILDDIR', meson.current_build_dir())
if 'CONFIG_POSIX' in config_host
- qga_ssh_test = executable('qga-ssh-test',
- files('commands-posix-ssh.c'),
+ srcs = [files('commands-posix-ssh.c')]
+ i = 0
+ foreach output: qga_qapi_outputs
+ if output.startswith('qga-qapi-types') or output.startswith('qga-qapi-visit')
+ srcs += qga_qapi_files[i]
+ endif
+ i = i + 1
+ endforeach
+ qga_ssh_test = executable('qga-ssh-test', srcs,
dependencies: [qemuutil],
c_args: ['-DQGA_BUILD_UNIT_TEST'])
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index 6b7cb86dee..4702bc7d72 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -1307,6 +1307,37 @@
{ 'command': 'guest-get-devices',
'returns': ['GuestDeviceInfo'] }
+##
+# @GuestAuthorizedKeys:
+#
+# @keys: public keys (in OpenSSH/sshd(8) authorized_keys format)
+#
+# Since: 5.2
+##
+{ 'struct': 'GuestAuthorizedKeys',
+ 'data': {
+ 'keys': ['str']
+ },
+ 'if': 'defined(CONFIG_POSIX)' }
+
+
+##
+# @guest-ssh-get-authorized-keys:
+#
+# @username: the user account to add the authorized keys
+#
+# Return the public keys from user .ssh/authorized_keys on Unix systems (not
+# implemented for other systems).
+#
+# Returns: @GuestAuthorizedKeys
+#
+# Since: 5.2
+##
+{ 'command': 'guest-ssh-get-authorized-keys',
+ 'data': { 'username': 'str' },
+ 'returns': 'GuestAuthorizedKeys',
+ 'if': 'defined(CONFIG_POSIX)' }
+
##
# @guest-ssh-add-authorized-keys:
#
--
2.28.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys
2020-10-20 8:12 [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys marcandre.lureau
` (6 preceding siblings ...)
2020-10-20 8:12 ` [PATCH v3 7/7] qga: add ssh-get-authorized-keys marcandre.lureau
@ 2020-10-20 8:24 ` no-reply
2020-10-26 17:10 ` Marc-André Lureau
8 siblings, 0 replies; 10+ messages in thread
From: no-reply @ 2020-10-20 8:24 UTC (permalink / raw)
To: marcandre.lureau; +Cc: marcandre.lureau, berrange, qemu-devel, mdroth
Patchew URL: https://patchew.org/QEMU/20201020081257.2054548-1-marcandre.lureau@redhat.com/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Type: series
Message-id: 20201020081257.2054548-1-marcandre.lureau@redhat.com
Subject: [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys
=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
* [new tag] patchew/20201020081257.2054548-1-marcandre.lureau@redhat.com -> patchew/20201020081257.2054548-1-marcandre.lureau@redhat.com
Switched to a new branch 'test'
37fc72c qga: add ssh-get-authorized-keys
2db2bb5 meson: minor simplification
c9f55f9 qga: add *reset argument to ssh-add-authorized-keys
a92c745 fixup! qga: add ssh-{add,remove}-authorized-keys
58c3777 fixup! qga: add ssh-{add,remove}-authorized-keys
a5060ae qga: add ssh-{add,remove}-authorized-keys
14a1529 glib-compat: add g_unix_get_passwd_entry_qemu()
=== OUTPUT BEGIN ===
1/7 Checking commit 14a152941a15 (glib-compat: add g_unix_get_passwd_entry_qemu())
WARNING: Block comments use a leading /* on a separate line
#41: FILE: include/glib-compat.h:81:
+/* Note: The fallback implementation is not MT-safe, and it returns a copy of
WARNING: Block comments use a trailing */ on a separate line
#44: FILE: include/glib-compat.h:84:
+ * GLib API substitution. */
total: 0 errors, 2 warnings, 38 lines checked
Patch 1/7 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/7 Checking commit a5060aeea7cc (qga: add ssh-{add,remove}-authorized-keys)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#27:
new file mode 100644
ERROR: Use g_assert or g_assert_not_reached
#64: FILE: qga/commands-posix-ssh.c:33:
+ g_assert_cmpint(ret, ==, 0);
ERROR: Use g_assert or g_assert_not_reached
#318: FILE: qga/commands-posix-ssh.c:287:
+ g_assert_cmpint(ret, ==, 0);
ERROR: Use g_assert or g_assert_not_reached
#323: FILE: qga/commands-posix-ssh.c:292:
+ g_assert_no_error(err);
ERROR: Use g_assert or g_assert_not_reached
#335: FILE: qga/commands-posix-ssh.c:304:
+ g_assert_no_error(err);
ERROR: Use g_assert or g_assert_not_reached
#337: FILE: qga/commands-posix-ssh.c:306:
+ g_assert_cmpstr(contents, ==, expected);
ERROR: Use g_assert or g_assert_not_reached
#374: FILE: qga/commands-posix-ssh.c:343:
+ g_assert_null(err);
ERROR: Use g_assert or g_assert_not_reached
#380: FILE: qga/commands-posix-ssh.c:349:
+ g_assert_null(err);
ERROR: Use g_assert or g_assert_not_reached
#401: FILE: qga/commands-posix-ssh.c:370:
+ g_assert_null(err);
ERROR: Use g_assert or g_assert_not_reached
#406: FILE: qga/commands-posix-ssh.c:375:
+ g_assert_null(err);
total: 9 errors, 1 warnings, 480 lines checked
Patch 2/7 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/7 Checking commit 58c37770bba2 (fixup! qga: add ssh-{add,remove}-authorized-keys)
ERROR: Missing Signed-off-by: line(s)
total: 1 errors, 0 warnings, 37 lines checked
Patch 3/7 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
4/7 Checking commit a92c745ffcd9 (fixup! qga: add ssh-{add,remove}-authorized-keys)
ERROR: Missing Signed-off-by: line(s)
total: 1 errors, 0 warnings, 18 lines checked
Patch 4/7 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/7 Checking commit c9f55f99e81c (qga: add *reset argument to ssh-add-authorized-keys)
ERROR: Use g_assert or g_assert_not_reached
#95: FILE: qga/commands-posix-ssh.c:381:
+ g_assert_null(err);
ERROR: Use g_assert or g_assert_not_reached
#105: FILE: qga/commands-posix-ssh.c:391:
+ g_assert_null(err);
ERROR: Use g_assert or g_assert_not_reached
#114: FILE: qga/commands-posix-ssh.c:400:
+ g_assert_null(err);
total: 3 errors, 0 warnings, 121 lines checked
Patch 5/7 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/7 Checking commit 2db2bb5dbd64 (meson: minor simplification)
7/7 Checking commit 37fc72c0a198 (qga: add ssh-get-authorized-keys)
ERROR: space prohibited between function name and open parenthesis '('
#56: FILE: qga/commands-posix-ssh.c:309:
+ return g_steal_pointer (&ret);
ERROR: Use g_assert or g_assert_not_reached
#80: FILE: qga/commands-posix-ssh.c:484:
+ g_assert_null(err);
ERROR: Use g_assert or g_assert_not_reached
#87: FILE: qga/commands-posix-ssh.c:491:
+ g_assert_cmpint(len, ==, 2);
total: 3 errors, 0 warnings, 138 lines checked
Patch 7/7 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===
Test command exited with code: 1
The full log is available at
http://patchew.org/logs/20201020081257.2054548-1-marcandre.lureau@redhat.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys
2020-10-20 8:12 [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys marcandre.lureau
` (7 preceding siblings ...)
2020-10-20 8:24 ` [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys no-reply
@ 2020-10-26 17:10 ` Marc-André Lureau
8 siblings, 0 replies; 10+ messages in thread
From: Marc-André Lureau @ 2020-10-26 17:10 UTC (permalink / raw)
To: QEMU; +Cc: Daniel P. Berrange, Michael Roth
[-- Attachment #1: Type: text/plain, Size: 1716 bytes --]
On Tue, Oct 20, 2020 at 12:14 PM <marcandre.lureau@redhat.com> wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Hi
>
> Add new commands to help modify a user .ssh/authorized_keys.
>
> Although it's possible already to modify the authorized_keys files via
> file-{read,write} or exec, the commands are often denied by default, and
> the
> logic is left to the client. Let's add specific commands for this job.
>
> Fixes:
> https://bugzilla.redhat.com/show_bug.cgi?id=1885332
>
> v3:
> - add "qga: add ssh-get-authorized-keys" & "qga: add *reset argument to
> ssh-add-authorized-keys" patches
> - add some fixup! patches to be squashed after review, adding 'if'
> - added the reviewed-by
> - misc doc improvements
>
>
ping (approaching soft-freeze)
I can resend with the fixup squashed, or let the maintainer do it?
thanks
v2:
> - misc doc improvements
> - various warnings fixes
> - fix build for !unix
> - added reviewed-by
>
> Marc-André Lureau (7):
> glib-compat: add g_unix_get_passwd_entry_qemu()
> qga: add ssh-{add,remove}-authorized-keys
> fixup! qga: add ssh-{add,remove}-authorized-keys
> fixup! qga: add ssh-{add,remove}-authorized-keys
> qga: add *reset argument to ssh-add-authorized-keys
> meson: minor simplification
> qga: add ssh-get-authorized-keys
>
> include/glib-compat.h | 26 ++
> qga/commands-posix-ssh.c | 516 +++++++++++++++++++++++++++++++++++++++
> qga/meson.build | 34 ++-
> qga/qapi-schema.json | 67 +++++
> 4 files changed, 636 insertions(+), 7 deletions(-)
> create mode 100644 qga/commands-posix-ssh.c
>
> --
> 2.28.0
>
>
>
>
--
Marc-André Lureau
[-- Attachment #2: Type: text/html, Size: 2656 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2020-10-26 17:15 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-20 8:12 [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 1/7] glib-compat: add g_unix_get_passwd_entry_qemu() marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 2/7] qga: add ssh-{add,remove}-authorized-keys marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 3/7] fixup! " marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 4/7] " marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 5/7] qga: add *reset argument to ssh-add-authorized-keys marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 6/7] meson: minor simplification marcandre.lureau
2020-10-20 8:12 ` [PATCH v3 7/7] qga: add ssh-get-authorized-keys marcandre.lureau
2020-10-20 8:24 ` [PATCH v3 0/7] qemu-ga: add ssh-{get,add,remove}-authorized-keys no-reply
2020-10-26 17:10 ` Marc-André Lureau
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).