Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
[qemu.git] / qga / commands-posix-ssh.c
1 /*
2 * This work is licensed under the terms of the GNU GPL, version 2 or later.
3 * See the COPYING file in the top-level directory.
4 */
5 #include "qemu/osdep.h"
6
7 #include <glib-unix.h>
8 #include <glib/gstdio.h>
9 #include <locale.h>
10 #include <pwd.h>
11
12 #include "qapi/error.h"
13 #include "qga-qapi-commands.h"
14
15 #ifdef QGA_BUILD_UNIT_TEST
16 static struct passwd *
17 test_get_passwd_entry(const gchar *user_name, GError **error)
18 {
19 struct passwd *p;
20 int ret;
21
22 if (!user_name || g_strcmp0(user_name, g_get_user_name())) {
23 g_set_error(error, G_UNIX_ERROR, 0, "Invalid user name");
24 return NULL;
25 }
26
27 p = g_new0(struct passwd, 1);
28 p->pw_dir = (char *)g_get_home_dir();
29 p->pw_uid = geteuid();
30 p->pw_gid = getegid();
31
32 ret = g_mkdir_with_parents(p->pw_dir, 0700);
33 g_assert(ret == 0);
34
35 return p;
36 }
37
38 #define g_unix_get_passwd_entry_qemu(username, err) \
39 test_get_passwd_entry(username, err)
40 #endif
41
42 static struct passwd *
43 get_passwd_entry(const char *username, Error **errp)
44 {
45 g_autoptr(GError) err = NULL;
46 struct passwd *p;
47
48 p = g_unix_get_passwd_entry_qemu(username, &err);
49 if (p == NULL) {
50 error_setg(errp, "failed to lookup user '%s': %s",
51 username, err->message);
52 return NULL;
53 }
54
55 return p;
56 }
57
58 static bool
59 mkdir_for_user(const char *path, const struct passwd *p,
60 mode_t mode, Error **errp)
61 {
62 if (g_mkdir(path, mode) == -1) {
63 error_setg(errp, "failed to create directory '%s': %s",
64 path, g_strerror(errno));
65 return false;
66 }
67
68 if (chown(path, p->pw_uid, p->pw_gid) == -1) {
69 error_setg(errp, "failed to set ownership of directory '%s': %s",
70 path, g_strerror(errno));
71 return false;
72 }
73
74 if (chmod(path, mode) == -1) {
75 error_setg(errp, "failed to set permissions of directory '%s': %s",
76 path, g_strerror(errno));
77 return false;
78 }
79
80 return true;
81 }
82
83 static bool
84 check_openssh_pub_key(const char *key, Error **errp)
85 {
86 /* simple sanity-check, we may want more? */
87 if (!key || key[0] == '#' || strchr(key, '\n')) {
88 error_setg(errp, "invalid OpenSSH public key: '%s'", key);
89 return false;
90 }
91
92 return true;
93 }
94
95 static bool
96 check_openssh_pub_keys(strList *keys, size_t *nkeys, Error **errp)
97 {
98 size_t n = 0;
99 strList *k;
100
101 for (k = keys; k != NULL; k = k->next) {
102 if (!check_openssh_pub_key(k->value, errp)) {
103 return false;
104 }
105 n++;
106 }
107
108 if (nkeys) {
109 *nkeys = n;
110 }
111 return true;
112 }
113
114 static bool
115 write_authkeys(const char *path, const GStrv keys,
116 const struct passwd *p, Error **errp)
117 {
118 g_autofree char *contents = NULL;
119 g_autoptr(GError) err = NULL;
120
121 contents = g_strjoinv("\n", keys);
122 if (!g_file_set_contents(path, contents, -1, &err)) {
123 error_setg(errp, "failed to write to '%s': %s", path, err->message);
124 return false;
125 }
126
127 if (chown(path, p->pw_uid, p->pw_gid) == -1) {
128 error_setg(errp, "failed to set ownership of directory '%s': %s",
129 path, g_strerror(errno));
130 return false;
131 }
132
133 if (chmod(path, 0600) == -1) {
134 error_setg(errp, "failed to set permissions of '%s': %s",
135 path, g_strerror(errno));
136 return false;
137 }
138
139 return true;
140 }
141
142 static GStrv
143 read_authkeys(const char *path, Error **errp)
144 {
145 g_autoptr(GError) err = NULL;
146 g_autofree char *contents = NULL;
147
148 if (!g_file_get_contents(path, &contents, NULL, &err)) {
149 error_setg(errp, "failed to read '%s': %s", path, err->message);
150 return NULL;
151 }
152
153 return g_strsplit(contents, "\n", -1);
154
155 }
156
157 void
158 qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
159 bool has_reset, bool reset,
160 Error **errp)
161 {
162 g_autofree struct passwd *p = NULL;
163 g_autofree char *ssh_path = NULL;
164 g_autofree char *authkeys_path = NULL;
165 g_auto(GStrv) authkeys = NULL;
166 strList *k;
167 size_t nkeys, nauthkeys;
168
169 reset = has_reset && reset;
170
171 if (!check_openssh_pub_keys(keys, &nkeys, errp)) {
172 return;
173 }
174
175 p = get_passwd_entry(username, errp);
176 if (p == NULL) {
177 return;
178 }
179
180 ssh_path = g_build_filename(p->pw_dir, ".ssh", NULL);
181 authkeys_path = g_build_filename(ssh_path, "authorized_keys", NULL);
182
183 if (!reset) {
184 authkeys = read_authkeys(authkeys_path, NULL);
185 }
186 if (authkeys == NULL) {
187 if (!g_file_test(ssh_path, G_FILE_TEST_IS_DIR) &&
188 !mkdir_for_user(ssh_path, p, 0700, errp)) {
189 return;
190 }
191 }
192
193 nauthkeys = authkeys ? g_strv_length(authkeys) : 0;
194 authkeys = g_realloc_n(authkeys, nauthkeys + nkeys + 1, sizeof(char *));
195 memset(authkeys + nauthkeys, 0, (nkeys + 1) * sizeof(char *));
196
197 for (k = keys; k != NULL; k = k->next) {
198 if (g_strv_contains((const gchar * const *)authkeys, k->value)) {
199 continue;
200 }
201 authkeys[nauthkeys++] = g_strdup(k->value);
202 }
203
204 write_authkeys(authkeys_path, authkeys, p, errp);
205 }
206
207 void
208 qmp_guest_ssh_remove_authorized_keys(const char *username, strList *keys,
209 Error **errp)
210 {
211 g_autofree struct passwd *p = NULL;
212 g_autofree char *authkeys_path = NULL;
213 g_autofree GStrv new_keys = NULL; /* do not own the strings */
214 g_auto(GStrv) authkeys = NULL;
215 GStrv a;
216 size_t nkeys = 0;
217
218 if (!check_openssh_pub_keys(keys, NULL, errp)) {
219 return;
220 }
221
222 p = get_passwd_entry(username, errp);
223 if (p == NULL) {
224 return;
225 }
226
227 authkeys_path = g_build_filename(p->pw_dir, ".ssh",
228 "authorized_keys", NULL);
229 if (!g_file_test(authkeys_path, G_FILE_TEST_EXISTS)) {
230 return;
231 }
232 authkeys = read_authkeys(authkeys_path, errp);
233 if (authkeys == NULL) {
234 return;
235 }
236
237 new_keys = g_new0(char *, g_strv_length(authkeys) + 1);
238 for (a = authkeys; *a != NULL; a++) {
239 strList *k;
240
241 for (k = keys; k != NULL; k = k->next) {
242 if (g_str_equal(k->value, *a)) {
243 break;
244 }
245 }
246 if (k != NULL) {
247 continue;
248 }
249
250 new_keys[nkeys++] = *a;
251 }
252
253 write_authkeys(authkeys_path, new_keys, p, errp);
254 }
255
256 GuestAuthorizedKeys *
257 qmp_guest_ssh_get_authorized_keys(const char *username, Error **errp)
258 {
259 g_autofree struct passwd *p = NULL;
260 g_autofree char *authkeys_path = NULL;
261 g_auto(GStrv) authkeys = NULL;
262 g_autoptr(GuestAuthorizedKeys) ret = NULL;
263 int i;
264
265 p = get_passwd_entry(username, errp);
266 if (p == NULL) {
267 return NULL;
268 }
269
270 authkeys_path = g_build_filename(p->pw_dir, ".ssh",
271 "authorized_keys", NULL);
272 authkeys = read_authkeys(authkeys_path, errp);
273 if (authkeys == NULL) {
274 return NULL;
275 }
276
277 ret = g_new0(GuestAuthorizedKeys, 1);
278 for (i = 0; authkeys[i] != NULL; i++) {
279 g_strstrip(authkeys[i]);
280 if (!authkeys[i][0] || authkeys[i][0] == '#') {
281 continue;
282 }
283
284 QAPI_LIST_PREPEND(ret->keys, g_strdup(authkeys[i]));
285 }
286
287 return g_steal_pointer(&ret);
288 }
289
290 #ifdef QGA_BUILD_UNIT_TEST
291 #if GLIB_CHECK_VERSION(2, 60, 0)
292 static const strList test_key2 = {
293 .value = (char *)"algo key2 comments"
294 };
295
296 static const strList test_key1_2 = {
297 .value = (char *)"algo key1 comments",
298 .next = (strList *)&test_key2,
299 };
300
301 static char *
302 test_get_authorized_keys_path(void)
303 {
304 return g_build_filename(g_get_home_dir(), ".ssh", "authorized_keys", NULL);
305 }
306
307 static void
308 test_authorized_keys_set(const char *contents)
309 {
310 g_autoptr(GError) err = NULL;
311 g_autofree char *path = NULL;
312 int ret;
313
314 path = g_build_filename(g_get_home_dir(), ".ssh", NULL);
315 ret = g_mkdir_with_parents(path, 0700);
316 g_assert(ret == 0);
317 g_free(path);
318
319 path = test_get_authorized_keys_path();
320 g_file_set_contents(path, contents, -1, &err);
321 g_assert(err == NULL);
322 }
323
324 static void
325 test_authorized_keys_equal(const char *expected)
326 {
327 g_autoptr(GError) err = NULL;
328 g_autofree char *path = NULL;
329 g_autofree char *contents = NULL;
330
331 path = test_get_authorized_keys_path();
332 g_file_get_contents(path, &contents, NULL, &err);
333 g_assert(err == NULL);
334
335 g_assert(g_strcmp0(contents, expected) == 0);
336 }
337
338 static void
339 test_invalid_user(void)
340 {
341 Error *err = NULL;
342
343 qmp_guest_ssh_add_authorized_keys("", NULL, FALSE, FALSE, &err);
344 error_free_or_abort(&err);
345
346 qmp_guest_ssh_remove_authorized_keys("", NULL, &err);
347 error_free_or_abort(&err);
348 }
349
350 static void
351 test_invalid_key(void)
352 {
353 strList key = {
354 .value = (char *)"not a valid\nkey"
355 };
356 Error *err = NULL;
357
358 qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key,
359 FALSE, FALSE, &err);
360 error_free_or_abort(&err);
361
362 qmp_guest_ssh_remove_authorized_keys(g_get_user_name(), &key, &err);
363 error_free_or_abort(&err);
364 }
365
366 static void
367 test_add_keys(void)
368 {
369 Error *err = NULL;
370
371 qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
372 (strList *)&test_key2,
373 FALSE, FALSE,
374 &err);
375 g_assert(err == NULL);
376
377 test_authorized_keys_equal("algo key2 comments");
378
379 qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
380 (strList *)&test_key1_2,
381 FALSE, FALSE,
382 &err);
383 g_assert(err == NULL);
384
385 /* key2 came first, and should'nt be duplicated */
386 test_authorized_keys_equal("algo key2 comments\n"
387 "algo key1 comments");
388 }
389
390 static void
391 test_add_reset_keys(void)
392 {
393 Error *err = NULL;
394
395 qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
396 (strList *)&test_key1_2,
397 FALSE, FALSE,
398 &err);
399 g_assert(err == NULL);
400
401 /* reset with key2 only */
402 test_authorized_keys_equal("algo key1 comments\n"
403 "algo key2 comments");
404
405 qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
406 (strList *)&test_key2,
407 TRUE, TRUE,
408 &err);
409 g_assert(err == NULL);
410
411 test_authorized_keys_equal("algo key2 comments");
412
413 /* empty should clear file */
414 qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
415 (strList *)NULL,
416 TRUE, TRUE,
417 &err);
418 g_assert(err == NULL);
419
420 test_authorized_keys_equal("");
421 }
422
423 static void
424 test_remove_keys(void)
425 {
426 Error *err = NULL;
427 static const char *authkeys =
428 "algo key1 comments\n"
429 /* originally duplicated */
430 "algo key1 comments\n"
431 "# a commented line\n"
432 "algo some-key another\n";
433
434 test_authorized_keys_set(authkeys);
435 qmp_guest_ssh_remove_authorized_keys(g_get_user_name(),
436 (strList *)&test_key2, &err);
437 g_assert(err == NULL);
438 test_authorized_keys_equal(authkeys);
439
440 qmp_guest_ssh_remove_authorized_keys(g_get_user_name(),
441 (strList *)&test_key1_2, &err);
442 g_assert(err == NULL);
443 test_authorized_keys_equal("# a commented line\n"
444 "algo some-key another\n");
445 }
446
447 static void
448 test_get_keys(void)
449 {
450 Error *err = NULL;
451 static const char *authkeys =
452 "algo key1 comments\n"
453 "# a commented line\n"
454 "algo some-key another\n";
455 g_autoptr(GuestAuthorizedKeys) ret = NULL;
456 strList *k;
457 size_t len = 0;
458
459 test_authorized_keys_set(authkeys);
460
461 ret = qmp_guest_ssh_get_authorized_keys(g_get_user_name(), &err);
462 g_assert(err == NULL);
463
464 for (len = 0, k = ret->keys; k != NULL; k = k->next) {
465 g_assert(g_str_has_prefix(k->value, "algo "));
466 len++;
467 }
468
469 g_assert(len == 2);
470 }
471
472 int main(int argc, char *argv[])
473 {
474 setlocale(LC_ALL, "");
475
476 g_test_init(&argc, &argv, G_TEST_OPTION_ISOLATE_DIRS, NULL);
477
478 g_test_add_func("/qga/ssh/invalid_user", test_invalid_user);
479 g_test_add_func("/qga/ssh/invalid_key", test_invalid_key);
480 g_test_add_func("/qga/ssh/add_keys", test_add_keys);
481 g_test_add_func("/qga/ssh/add_reset_keys", test_add_reset_keys);
482 g_test_add_func("/qga/ssh/remove_keys", test_remove_keys);
483 g_test_add_func("/qga/ssh/get_keys", test_get_keys);
484
485 return g_test_run();
486 }
487 #else
488 int main(int argc, char *argv[])
489 {
490 g_test_message("test skipped, needs glib >= 2.60");
491 return 0;
492 }
493 #endif /* GLIB_2_60 */
494 #endif /* BUILD_UNIT_TEST */