summaryrefslogtreecommitdiff
path: root/src/sss_client/ssh
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2012-03-14 07:54:16 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-03-15 14:18:03 -0400
commitbd03e67c9d2fc4ad0275e7a573385ee5b7b9307a (patch)
tree542309173476daaf2ff2f7fdc8898ed8e0fc3539 /src/sss_client/ssh
parent5363682fb2f4ed7fd0112ac46bb603424179acb7 (diff)
downloadsssd-bd03e67c9d2fc4ad0275e7a573385ee5b7b9307a.tar.gz
sssd-bd03e67c9d2fc4ad0275e7a573385ee5b7b9307a.tar.bz2
sssd-bd03e67c9d2fc4ad0275e7a573385ee5b7b9307a.zip
SSH: Allow clients to explicitly specify host alias
This change removes the need to canonicalize host names on the responder side - the relevant code was removed.
Diffstat (limited to 'src/sss_client/ssh')
-rw-r--r--src/sss_client/ssh/sss_ssh_authorizedkeys.c9
-rw-r--r--src/sss_client/ssh/sss_ssh_client.c18
-rw-r--r--src/sss_client/ssh/sss_ssh_client.h1
-rw-r--r--src/sss_client/ssh/sss_ssh_knownhostsproxy.c3
4 files changed, 25 insertions, 6 deletions
diff --git a/src/sss_client/ssh/sss_ssh_authorizedkeys.c b/src/sss_client/ssh/sss_ssh_authorizedkeys.c
index 174cb531..b64bbc3d 100644
--- a/src/sss_client/ssh/sss_ssh_authorizedkeys.c
+++ b/src/sss_client/ssh/sss_ssh_authorizedkeys.c
@@ -97,7 +97,8 @@ int main(int argc, const char **argv)
}
/* look up public keys */
- ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_USER_PUBKEYS, user, &ent);
+ ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_USER_PUBKEYS,
+ user, NULL, &ent);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret)));
@@ -111,9 +112,9 @@ int main(int argc, const char **argv)
repr = sss_ssh_format_pubkey(mem_ctx, ent, &ent->pubkeys[i],
SSS_SSH_FORMAT_OPENSSH);
if (!repr) {
- DEBUG(SSSDBG_OP_FAILURE,
- ("Out of memory formatting SSH public key\n"));
- continue;
+ ERROR("Not enough memory\n");
+ ret = EXIT_FAILURE;
+ goto fini;
}
printf("%s\n", repr);
diff --git a/src/sss_client/ssh/sss_ssh_client.c b/src/sss_client/ssh/sss_ssh_client.c
index 41b20e76..8520cd1b 100644
--- a/src/sss_client/ssh/sss_ssh_client.c
+++ b/src/sss_client/ssh/sss_ssh_client.c
@@ -70,9 +70,13 @@ int set_locale(void)
/* SSH public key request:
*
- * 0..3: flags (unsigned int, must be 0)
+ * 0..3: flags (unsigned int, must be 0 or 1)
* 4..7: name length (unsigned int)
* 8..(X-1): name (null-terminated UTF-8 string)
+ * if (flags & 1) {
+ * X..(X+3): alias length (unsigned int)
+ * (X+4)..Y: alias (null-terminated UTF-8 string)
+ * }
*
* SSH public key reply:
*
@@ -89,6 +93,7 @@ errno_t
sss_ssh_get_ent(TALLOC_CTX *mem_ctx,
enum sss_cli_command command,
const char *name,
+ const char *alias,
struct sss_ssh_ent **result)
{
TALLOC_CTX *tmp_ctx;
@@ -96,6 +101,7 @@ sss_ssh_get_ent(TALLOC_CTX *mem_ctx,
errno_t ret;
uint32_t flags;
uint32_t name_len;
+ uint32_t alias_len;
size_t req_len;
uint8_t *req = NULL;
size_t c = 0;
@@ -115,6 +121,12 @@ sss_ssh_get_ent(TALLOC_CTX *mem_ctx,
name_len = strlen(name)+1;
req_len = 2*sizeof(uint32_t) + name_len;
+ if (alias) {
+ flags |= 1;
+ alias_len = strlen(alias)+1;
+ req_len += sizeof(uint32_t) + alias_len;
+ }
+
req = talloc_array(tmp_ctx, uint8_t, req_len);
if (!req) {
ret = ENOMEM;
@@ -124,6 +136,10 @@ sss_ssh_get_ent(TALLOC_CTX *mem_ctx,
SAFEALIGN_SET_UINT32(req+c, flags, &c);
SAFEALIGN_SET_UINT32(req+c, name_len, &c);
safealign_memcpy(req+c, name, name_len, &c);
+ if (alias) {
+ SAFEALIGN_SET_UINT32(req+c, alias_len, &c);
+ safealign_memcpy(req+c, alias, alias_len, &c);
+ }
/* send request */
rd.data = req;
diff --git a/src/sss_client/ssh/sss_ssh_client.h b/src/sss_client/ssh/sss_ssh_client.h
index 1c8db1ff..7ffc3983 100644
--- a/src/sss_client/ssh/sss_ssh_client.h
+++ b/src/sss_client/ssh/sss_ssh_client.h
@@ -34,6 +34,7 @@ errno_t
sss_ssh_get_ent(TALLOC_CTX *mem_ctx,
enum sss_cli_command command,
const char *name,
+ const char *alias,
struct sss_ssh_ent **result);
#endif /* _SSS_SSH_CLIENT_H_ */
diff --git a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
index 280532b6..19206c3c 100644
--- a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
+++ b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
@@ -275,7 +275,8 @@ int main(int argc, const char **argv)
}
/* look up public keys */
- ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS, host, &ent);
+ ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS,
+ host, NULL, &ent);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret)));