diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2011-12-07 02:50:31 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-13 22:21:27 -0500 |
| commit | 3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29 (patch) | |
| tree | 856f8f2850043d1f3eb6f3df1c2d3287ae7fc969 /ipalib/util.py | |
| parent | 9b6baf9beeb733d77883f4ed32e553265ee15543 (diff) | |
| download | freeipa-3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29.tar.gz freeipa-3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29.tar.xz freeipa-3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29.zip | |
Add support for SSH public keys to user and host objects.
This patch adds a new multivalue param "sshpubkey" for specifying SSH public
keys to both user and host objects. The accepted value is base64-encoded
public key blob as specified in RFC4253, section 6.6.
Additionaly, host commands automatically update DNS SSHFP records when
requested by user.
https://fedorahosted.org/freeipa/ticket/754
Diffstat (limited to 'ipalib/util.py')
| -rw-r--r-- | ipalib/util.py | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/ipalib/util.py b/ipalib/util.py index f3d7970db..365dd3399 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -32,6 +32,7 @@ from weakref import WeakKeyDictionary from ipalib import errors from ipalib.text import _ from ipapython import dnsclient +from ipapython.ipautil import decode_ssh_pubkey def json_serialize(obj): @@ -278,6 +279,37 @@ def validate_hostname(hostname, check_fqdn=True): raise ValueError(_('only letters, numbers, and - are allowed. ' \ '- must not be the last name character')) +def validate_sshpubkey(ugettext, pubkey): + try: + algo, data, fp = decode_ssh_pubkey(pubkey) + except ValueError: + return _('invalid SSH public key') + +def output_sshpubkey(ldap, dn, entry_attrs): + if 'ipasshpubkey' in entry_attrs: + pubkeys = entry_attrs.get('ipasshpubkey') + else: + entry = ldap.get_entry(dn, ['ipasshpubkey']) + pubkeys = entry[1].get('ipasshpubkey') + if pubkeys is None: + return + + fingerprints = [] + for pubkey in pubkeys: + try: + algo, data, fp = decode_ssh_pubkey(pubkey) + fp = u':'.join([fp[j:j+2] for j in range(0, len(fp), 2)]) + fingerprints.append(u'%s (%s)' % (fp, algo)) + except ValueError: + pass + if fingerprints: + entry_attrs['sshpubkeyfp'] = fingerprints + +def normalize_sshpubkeyfp(value): + value = value.split()[0] + value = unicode(c for c in value if c in '0123456789ABCDEFabcdef') + return value + class cachedproperty(object): """ A property-like attribute that caches the return value of a method call. |