Use OpenSSH-style public keys as the preferred format of SSH public keys.

Public keys in the old format (raw RFC 4253 blob) are automatically
converted to OpenSSH-style public keys. OpenSSH-style public keys are now
stored in LDAP.

Changed sshpubkeyfp to be an output parameter, as that is what it actually
is.

Allow parameter normalizers to be used on values of any type, not just
unicode, so that public key blobs (which are str) can be normalized to
OpenSSH-style public keys.

ticket 2932, 2935

1 files changed, 11 insertions, 18 deletions

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index d87fcc2a6..03a8bd3e8 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -29,7 +29,6 @@ try:
     from ipapython.ipa_log_manager import *
     import tempfile
     import getpass
-    from base64 import b64decode
     from ipaclient import ipadiscovery
     import ipaclient.ipachangeconf
     import ipaclient.ntpconf
@@ -42,6 +41,7 @@ try:
     from ipapython.config import IPAOptionParser
     from ipalib import api, errors
     from ipapython.dn import DN
+    from ipapython.ssh import SSHPublicKey
     import SSSDConfig
     from ConfigParser import RawConfigParser
     from optparse import SUPPRESS_HELP, OptionGroup
@@ -1112,29 +1112,23 @@ def update_ssh_keys(server, hostname, ssh_dir, create_sshfp):
             continue
 
         for line in f:
-            line = line[:-1]
-            if line.startswith('#'):
-                continue
-            parts = line.split()
-            if len(parts) < 2:
-                continue
-            try:
-                pubkey = b64decode(parts[1])
-            except TypeError:
+            line = line[:-1].lstrip()
+            if not line or line.startswith('#'):
                 continue
             try:
-                algo, data, fp = ipautil.decode_ssh_pubkey(pubkey)
-            except ValueError:
-                continue
-            if parts[0] != algo:
+                pubkey = SSHPublicKey(line)
+            except ValueError, UnicodeDecodeError:
                 continue
             root_logger.info("Adding SSH public key from %s", filename)
-            pubkeys.append(unicode(parts[1]))
+            pubkeys.append(pubkey)
 
         f.close()
 
     try:
-        result = api.Command['host_mod'](unicode(hostname), ipasshpubkey=pubkeys, updatedns=False)
+        result = api.Command['host_mod'](unicode(hostname),
+            ipasshpubkey=[pk.openssh() for pk in pubkeys],
+            updatedns=False
+        )
     except errors.EmptyModlist:
         pass
     except StandardError, e:
@@ -1148,8 +1142,7 @@ def update_ssh_keys(server, hostname, ssh_dir, create_sshfp):
 
         update_txt = 'zone %s.\nupdate delete %s. IN SSHFP\nsend\n' % (zone, hostname)
         for pubkey in pubkeys:
-            pubkey = b64decode(pubkey)
-            sshfp = ipautil.make_sshfp(pubkey)
+            sshfp = pubkey.fingerprint_dns_sha1()
             if sshfp is not None:
                 update_txt += 'update add %s. %s IN SSHFP %s\n' % (hostname, ttl, sshfp)
         update_txt += 'send\n'