On Tue, Nov 10, 2020 at 16:11:43 +0100, Michal Privoznik wrote:
The new virsh commands are:
get-user-sshkeys
set-user-sshkeys
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
docs/manpages/virsh.rst | 37 ++++++++++
tools/virsh-domain.c | 152 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 189 insertions(+)
[...]
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 1ae936c6b2..f51765cb42 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
[...]
+static const vshCmdOptDef opts_set_user_sshkeys[] = {
+ VIRSH_COMMON_OPT_DOMAIN_FULL(VIR_CONNECT_LIST_DOMAINS_ACTIVE),
+ {.name = "user",
+ .type = VSH_OT_DATA,
+ .flags = VSH_OFLAG_REQ,
+ .help = N_("user to list authorized keys for"),
+ },
+ {.name = "append",
+ .type = VSH_OT_BOOL,
+ .help = N_("append keys to the file"),
+ },
+ {.name = "remove",
+ .type = VSH_OT_BOOL,
+ .help = N_("remove keys from the file"),
+ },
+ {.name = "keys",
+ .type = VSH_OT_ARGV,
+ .help = N_("OpenSSH keys"),
+ },
+ {.name = NULL}
+};
The --keys ARGV option is not very userfriendly, given that the ssh key
has spaces in it ("ssh-rsa AAA...... user@host") ...
+static bool
+cmdSetUserSSHKeys(vshControl *ctl, const vshCmd *cmd)
+{
+ virDomainPtr dom = NULL;
+ const char *user;
+ const vshCmdOpt *opt = NULL;
+ g_autofree const char **keys = NULL;
+ int nkeys = 0;
+ unsigned int flags = 0;
+ bool ret = false;
+
+ if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
+ return false;
+
+ if (vshCommandOptStringReq(ctl, cmd, "user", &user) < 0)
+ goto cleanup;
+
+ if (vshCommandOptBool(cmd, "append"))
+ flags |= VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_APPEND;
+ if (vshCommandOptBool(cmd, "remove"))
+ flags |= VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_REMOVE;
+
+ while ((opt = vshCommandOptArgv(ctl, cmd, opt))) {
+ keys = g_renew(const char *, keys, nkeys + 1);
+ keys[nkeys] = opt->data;
+ nkeys++;
... especially the way it's implemented here, where without using quotes
it would treat the key as 3 keys.
IMO a way better way is to read the key from a file. If you really want
to take key from command line, make using file optional at least.
+ }
+
+ if (virDomainAuthorizedSSHKeysSet(dom, user, keys, nkeys, flags) < 0)
+ goto cleanup;