On Tue, Nov 10, 2020 at 16:11:43 +0100, Michal Privoznik wrote:
The new virsh commands are:
get-user-sshkeys set-user-sshkeys
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- docs/manpages/virsh.rst | 37 ++++++++++ tools/virsh-domain.c | 152 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 189 insertions(+)
[...]
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 1ae936c6b2..f51765cb42 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c
[...]
+static const vshCmdOptDef opts_set_user_sshkeys[] = { + VIRSH_COMMON_OPT_DOMAIN_FULL(VIR_CONNECT_LIST_DOMAINS_ACTIVE), + {.name = "user", + .type = VSH_OT_DATA, + .flags = VSH_OFLAG_REQ, + .help = N_("user to list authorized keys for"), + }, + {.name = "append", + .type = VSH_OT_BOOL, + .help = N_("append keys to the file"), + }, + {.name = "remove", + .type = VSH_OT_BOOL, + .help = N_("remove keys from the file"), + }, + {.name = "keys", + .type = VSH_OT_ARGV, + .help = N_("OpenSSH keys"), + }, + {.name = NULL} +};
The --keys ARGV option is not very userfriendly, given that the ssh key has spaces in it ("ssh-rsa AAA...... user@host") ...
+static bool +cmdSetUserSSHKeys(vshControl *ctl, const vshCmd *cmd) +{ + virDomainPtr dom = NULL; + const char *user; + const vshCmdOpt *opt = NULL; + g_autofree const char **keys = NULL; + int nkeys = 0; + unsigned int flags = 0; + bool ret = false; + + if (!(dom = virshCommandOptDomain(ctl, cmd, NULL))) + return false; + + if (vshCommandOptStringReq(ctl, cmd, "user", &user) < 0) + goto cleanup; + + if (vshCommandOptBool(cmd, "append")) + flags |= VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_APPEND; + if (vshCommandOptBool(cmd, "remove")) + flags |= VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_REMOVE; + + while ((opt = vshCommandOptArgv(ctl, cmd, opt))) { + keys = g_renew(const char *, keys, nkeys + 1); + keys[nkeys] = opt->data; + nkeys++;
... especially the way it's implemented here, where without using quotes it would treat the key as 3 keys. IMO a way better way is to read the key from a file. If you really want to take key from command line, make using file optional at least.
+ } + + if (virDomainAuthorizedSSHKeysSet(dom, user, keys, nkeys, flags) < 0) + goto cleanup;