xref: /openbmc/qemu/qga/commands-posix-ssh.c (revision b492a4b8)
1  /*
2   * This work is licensed under the terms of the GNU GPL, version 2 or later.
3   * See the COPYING file in the top-level directory.
4   */
5 #include "qemu/osdep.h"
6 
7 #include <glib-unix.h>
8 #include <glib/gstdio.h>
9 #include <locale.h>
10 #include <pwd.h>
11 
12 #include "qapi/error.h"
13 #include "qga-qapi-commands.h"
14 
15 #ifdef QGA_BUILD_UNIT_TEST
16 static struct passwd *
17 test_get_passwd_entry(const gchar *user_name, GError **error)
18 {
19     struct passwd *p;
20     int ret;
21 
22     if (!user_name || g_strcmp0(user_name, g_get_user_name())) {
23         g_set_error(error, G_UNIX_ERROR, 0, "Invalid user name");
24         return NULL;
25     }
26 
27     p = g_new0(struct passwd, 1);
28     p->pw_dir = (char *)g_get_home_dir();
29     p->pw_uid = geteuid();
30     p->pw_gid = getegid();
31 
32     ret = g_mkdir_with_parents(p->pw_dir, 0700);
33     g_assert(ret == 0);
34 
35     return p;
36 }
37 
38 #define g_unix_get_passwd_entry_qemu(username, err) \
39    test_get_passwd_entry(username, err)
40 #endif
41 
42 static struct passwd *
43 get_passwd_entry(const char *username, Error **errp)
44 {
45     g_autoptr(GError) err = NULL;
46     struct passwd *p;
47 
48     ERRP_GUARD();
49 
50     p = g_unix_get_passwd_entry_qemu(username, &err);
51     if (p == NULL) {
52         error_setg(errp, "failed to lookup user '%s': %s",
53                    username, err->message);
54         return NULL;
55     }
56 
57     return p;
58 }
59 
60 static bool
61 mkdir_for_user(const char *path, const struct passwd *p,
62                mode_t mode, Error **errp)
63 {
64     ERRP_GUARD();
65 
66     if (g_mkdir(path, mode) == -1) {
67         error_setg(errp, "failed to create directory '%s': %s",
68                    path, g_strerror(errno));
69         return false;
70     }
71 
72     if (chown(path, p->pw_uid, p->pw_gid) == -1) {
73         error_setg(errp, "failed to set ownership of directory '%s': %s",
74                    path, g_strerror(errno));
75         return false;
76     }
77 
78     if (chmod(path, mode) == -1) {
79         error_setg(errp, "failed to set permissions of directory '%s': %s",
80                    path, g_strerror(errno));
81         return false;
82     }
83 
84     return true;
85 }
86 
87 static bool
88 check_openssh_pub_key(const char *key, Error **errp)
89 {
90     ERRP_GUARD();
91 
92     /* simple sanity-check, we may want more? */
93     if (!key || key[0] == '#' || strchr(key, '\n')) {
94         error_setg(errp, "invalid OpenSSH public key: '%s'", key);
95         return false;
96     }
97 
98     return true;
99 }
100 
101 static bool
102 check_openssh_pub_keys(strList *keys, size_t *nkeys, Error **errp)
103 {
104     size_t n = 0;
105     strList *k;
106 
107     ERRP_GUARD();
108 
109     for (k = keys; k != NULL; k = k->next) {
110         if (!check_openssh_pub_key(k->value, errp)) {
111             return false;
112         }
113         n++;
114     }
115 
116     if (nkeys) {
117         *nkeys = n;
118     }
119     return true;
120 }
121 
122 static bool
123 write_authkeys(const char *path, const GStrv keys,
124                const struct passwd *p, Error **errp)
125 {
126     g_autofree char *contents = NULL;
127     g_autoptr(GError) err = NULL;
128 
129     ERRP_GUARD();
130 
131     contents = g_strjoinv("\n", keys);
132     if (!g_file_set_contents(path, contents, -1, &err)) {
133         error_setg(errp, "failed to write to '%s': %s", path, err->message);
134         return false;
135     }
136 
137     if (chown(path, p->pw_uid, p->pw_gid) == -1) {
138         error_setg(errp, "failed to set ownership of directory '%s': %s",
139                    path, g_strerror(errno));
140         return false;
141     }
142 
143     if (chmod(path, 0600) == -1) {
144         error_setg(errp, "failed to set permissions of '%s': %s",
145                    path, g_strerror(errno));
146         return false;
147     }
148 
149     return true;
150 }
151 
152 static GStrv
153 read_authkeys(const char *path, Error **errp)
154 {
155     g_autoptr(GError) err = NULL;
156     g_autofree char *contents = NULL;
157 
158     ERRP_GUARD();
159 
160     if (!g_file_get_contents(path, &contents, NULL, &err)) {
161         error_setg(errp, "failed to read '%s': %s", path, err->message);
162         return NULL;
163     }
164 
165     return g_strsplit(contents, "\n", -1);
166 
167 }
168 
169 void
170 qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
171                                   bool has_reset, bool reset,
172                                   Error **errp)
173 {
174     g_autofree struct passwd *p = NULL;
175     g_autofree char *ssh_path = NULL;
176     g_autofree char *authkeys_path = NULL;
177     g_auto(GStrv) authkeys = NULL;
178     strList *k;
179     size_t nkeys, nauthkeys;
180 
181     ERRP_GUARD();
182     reset = has_reset && reset;
183 
184     if (!check_openssh_pub_keys(keys, &nkeys, errp)) {
185         return;
186     }
187 
188     p = get_passwd_entry(username, errp);
189     if (p == NULL) {
190         return;
191     }
192 
193     ssh_path = g_build_filename(p->pw_dir, ".ssh", NULL);
194     authkeys_path = g_build_filename(ssh_path, "authorized_keys", NULL);
195 
196     if (!reset) {
197         authkeys = read_authkeys(authkeys_path, NULL);
198     }
199     if (authkeys == NULL) {
200         if (!g_file_test(ssh_path, G_FILE_TEST_IS_DIR) &&
201             !mkdir_for_user(ssh_path, p, 0700, errp)) {
202             return;
203         }
204     }
205 
206     nauthkeys = authkeys ? g_strv_length(authkeys) : 0;
207     authkeys = g_realloc_n(authkeys, nauthkeys + nkeys + 1, sizeof(char *));
208     memset(authkeys + nauthkeys, 0, (nkeys + 1) * sizeof(char *));
209 
210     for (k = keys; k != NULL; k = k->next) {
211         if (g_strv_contains((const gchar * const *)authkeys, k->value)) {
212             continue;
213         }
214         authkeys[nauthkeys++] = g_strdup(k->value);
215     }
216 
217     write_authkeys(authkeys_path, authkeys, p, errp);
218 }
219 
220 void
221 qmp_guest_ssh_remove_authorized_keys(const char *username, strList *keys,
222                                      Error **errp)
223 {
224     g_autofree struct passwd *p = NULL;
225     g_autofree char *authkeys_path = NULL;
226     g_autofree GStrv new_keys = NULL; /* do not own the strings */
227     g_auto(GStrv) authkeys = NULL;
228     GStrv a;
229     size_t nkeys = 0;
230 
231     ERRP_GUARD();
232 
233     if (!check_openssh_pub_keys(keys, NULL, errp)) {
234         return;
235     }
236 
237     p = get_passwd_entry(username, errp);
238     if (p == NULL) {
239         return;
240     }
241 
242     authkeys_path = g_build_filename(p->pw_dir, ".ssh",
243                                      "authorized_keys", NULL);
244     if (!g_file_test(authkeys_path, G_FILE_TEST_EXISTS)) {
245         return;
246     }
247     authkeys = read_authkeys(authkeys_path, errp);
248     if (authkeys == NULL) {
249         return;
250     }
251 
252     new_keys = g_new0(char *, g_strv_length(authkeys) + 1);
253     for (a = authkeys; *a != NULL; a++) {
254         strList *k;
255 
256         for (k = keys; k != NULL; k = k->next) {
257             if (g_str_equal(k->value, *a)) {
258                 break;
259             }
260         }
261         if (k != NULL) {
262             continue;
263         }
264 
265         new_keys[nkeys++] = *a;
266     }
267 
268     write_authkeys(authkeys_path, new_keys, p, errp);
269 }
270 
271 GuestAuthorizedKeys *
272 qmp_guest_ssh_get_authorized_keys(const char *username, Error **errp)
273 {
274     g_autofree struct passwd *p = NULL;
275     g_autofree char *authkeys_path = NULL;
276     g_auto(GStrv) authkeys = NULL;
277     g_autoptr(GuestAuthorizedKeys) ret = NULL;
278     int i;
279 
280     ERRP_GUARD();
281 
282     p = get_passwd_entry(username, errp);
283     if (p == NULL) {
284         return NULL;
285     }
286 
287     authkeys_path = g_build_filename(p->pw_dir, ".ssh",
288                                      "authorized_keys", NULL);
289     authkeys = read_authkeys(authkeys_path, errp);
290     if (authkeys == NULL) {
291         return NULL;
292     }
293 
294     ret = g_new0(GuestAuthorizedKeys, 1);
295     for (i = 0; authkeys[i] != NULL; i++) {
296         strList *new;
297 
298         g_strstrip(authkeys[i]);
299         if (!authkeys[i][0] || authkeys[i][0] == '#') {
300             continue;
301         }
302 
303         new = g_new0(strList, 1);
304         new->value = g_strdup(authkeys[i]);
305         new->next = ret->keys;
306         ret->keys = new;
307     }
308 
309     return g_steal_pointer(&ret);
310 }
311 
312 #ifdef QGA_BUILD_UNIT_TEST
313 #if GLIB_CHECK_VERSION(2, 60, 0)
314 static const strList test_key2 = {
315     .value = (char *)"algo key2 comments"
316 };
317 
318 static const strList test_key1_2 = {
319     .value = (char *)"algo key1 comments",
320     .next = (strList *)&test_key2,
321 };
322 
323 static char *
324 test_get_authorized_keys_path(void)
325 {
326     return g_build_filename(g_get_home_dir(), ".ssh", "authorized_keys", NULL);
327 }
328 
329 static void
330 test_authorized_keys_set(const char *contents)
331 {
332     g_autoptr(GError) err = NULL;
333     g_autofree char *path = NULL;
334     int ret;
335 
336     path = g_build_filename(g_get_home_dir(), ".ssh", NULL);
337     ret = g_mkdir_with_parents(path, 0700);
338     g_assert(ret == 0);
339     g_free(path);
340 
341     path = test_get_authorized_keys_path();
342     g_file_set_contents(path, contents, -1, &err);
343     g_assert(err == NULL);
344 }
345 
346 static void
347 test_authorized_keys_equal(const char *expected)
348 {
349     g_autoptr(GError) err = NULL;
350     g_autofree char *path = NULL;
351     g_autofree char *contents = NULL;
352 
353     path = test_get_authorized_keys_path();
354     g_file_get_contents(path, &contents, NULL, &err);
355     g_assert(err == NULL);
356 
357     g_assert(g_strcmp0(contents, expected) == 0);
358 }
359 
360 static void
361 test_invalid_user(void)
362 {
363     Error *err = NULL;
364 
365     qmp_guest_ssh_add_authorized_keys("", NULL, FALSE, FALSE, &err);
366     error_free_or_abort(&err);
367 
368     qmp_guest_ssh_remove_authorized_keys("", NULL, &err);
369     error_free_or_abort(&err);
370 }
371 
372 static void
373 test_invalid_key(void)
374 {
375     strList key = {
376         .value = (char *)"not a valid\nkey"
377     };
378     Error *err = NULL;
379 
380     qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key,
381                                       FALSE, FALSE, &err);
382     error_free_or_abort(&err);
383 
384     qmp_guest_ssh_remove_authorized_keys(g_get_user_name(), &key, &err);
385     error_free_or_abort(&err);
386 }
387 
388 static void
389 test_add_keys(void)
390 {
391     Error *err = NULL;
392 
393     qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
394                                       (strList *)&test_key2,
395                                       FALSE, FALSE,
396                                       &err);
397     g_assert(err == NULL);
398 
399     test_authorized_keys_equal("algo key2 comments");
400 
401     qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
402                                       (strList *)&test_key1_2,
403                                       FALSE, FALSE,
404                                       &err);
405     g_assert(err == NULL);
406 
407     /*  key2 came first, and should'nt be duplicated */
408     test_authorized_keys_equal("algo key2 comments\n"
409                                "algo key1 comments");
410 }
411 
412 static void
413 test_add_reset_keys(void)
414 {
415     Error *err = NULL;
416 
417     qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
418                                       (strList *)&test_key1_2,
419                                       FALSE, FALSE,
420                                       &err);
421     g_assert(err == NULL);
422 
423     /* reset with key2 only */
424     test_authorized_keys_equal("algo key1 comments\n"
425                                "algo key2 comments");
426 
427     qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
428                                       (strList *)&test_key2,
429                                       TRUE, TRUE,
430                                       &err);
431     g_assert(err == NULL);
432 
433     test_authorized_keys_equal("algo key2 comments");
434 
435     /* empty should clear file */
436     qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
437                                       (strList *)NULL,
438                                       TRUE, TRUE,
439                                       &err);
440     g_assert(err == NULL);
441 
442     test_authorized_keys_equal("");
443 }
444 
445 static void
446 test_remove_keys(void)
447 {
448     Error *err = NULL;
449     static const char *authkeys =
450         "algo key1 comments\n"
451         /* originally duplicated */
452         "algo key1 comments\n"
453         "# a commented line\n"
454         "algo some-key another\n";
455 
456     test_authorized_keys_set(authkeys);
457     qmp_guest_ssh_remove_authorized_keys(g_get_user_name(),
458                                          (strList *)&test_key2, &err);
459     g_assert(err == NULL);
460     test_authorized_keys_equal(authkeys);
461 
462     qmp_guest_ssh_remove_authorized_keys(g_get_user_name(),
463                                          (strList *)&test_key1_2, &err);
464     g_assert(err == NULL);
465     test_authorized_keys_equal("# a commented line\n"
466                                "algo some-key another\n");
467 }
468 
469 static void
470 test_get_keys(void)
471 {
472     Error *err = NULL;
473     static const char *authkeys =
474         "algo key1 comments\n"
475         "# a commented line\n"
476         "algo some-key another\n";
477     g_autoptr(GuestAuthorizedKeys) ret = NULL;
478     strList *k;
479     size_t len = 0;
480 
481     test_authorized_keys_set(authkeys);
482 
483     ret = qmp_guest_ssh_get_authorized_keys(g_get_user_name(), &err);
484     g_assert(err == NULL);
485 
486     for (len = 0, k = ret->keys; k != NULL; k = k->next) {
487         g_assert(g_str_has_prefix(k->value, "algo "));
488         len++;
489     }
490 
491     g_assert(len == 2);
492 }
493 
494 int main(int argc, char *argv[])
495 {
496     setlocale(LC_ALL, "");
497 
498     g_test_init(&argc, &argv, G_TEST_OPTION_ISOLATE_DIRS, NULL);
499 
500     g_test_add_func("/qga/ssh/invalid_user", test_invalid_user);
501     g_test_add_func("/qga/ssh/invalid_key", test_invalid_key);
502     g_test_add_func("/qga/ssh/add_keys", test_add_keys);
503     g_test_add_func("/qga/ssh/add_reset_keys", test_add_reset_keys);
504     g_test_add_func("/qga/ssh/remove_keys", test_remove_keys);
505     g_test_add_func("/qga/ssh/get_keys", test_get_keys);
506 
507     return g_test_run();
508 }
509 #else
510 int main(int argc, char *argv[])
511 {
512     g_test_message("test skipped, needs glib >= 2.60");
513     return 0;
514 }
515 #endif /* GLIB_2_60 */
516 #endif /* BUILD_UNIT_TEST */
517