diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-04-26 09:53:47 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-07 14:23:51 +0200 |
commit | 728b10c81204929be5669c1e67bd086e09c47c00 (patch) | |
tree | 65ca341e759ee75126e24d21d2dea3d53ea71f36 /src/responder/ssh/sshsrv_cmd.c | |
parent | f54b271376b23cb968eafb9ffd5100c6dadad2a7 (diff) | |
download | sssd-728b10c81204929be5669c1e67bd086e09c47c00.tar.gz sssd-728b10c81204929be5669c1e67bd086e09c47c00.tar.xz sssd-728b10c81204929be5669c1e67bd086e09c47c00.zip |
SSH: Fix parsing of names from client requests
Try to parse names in the form user@domain first, as that's what sss_ssh_*
send in requests when the --domain option is used. Do not parse host names
using domain-specific regular expression.
Diffstat (limited to 'src/responder/ssh/sshsrv_cmd.c')
-rw-r--r-- | src/responder/ssh/sshsrv_cmd.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c index 671160ea7..374abe6c6 100644 --- a/src/responder/ssh/sshsrv_cmd.c +++ b/src/responder/ssh/sshsrv_cmd.c @@ -55,6 +55,7 @@ sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx) return ENOMEM; } cmd_ctx->cctx = cctx; + cmd_ctx->is_user = true; ret = ssh_cmd_parse_request(cmd_ctx); if (ret != EOK) { @@ -101,6 +102,7 @@ sss_ssh_cmd_get_host_pubkeys(struct cli_ctx *cctx) return ENOMEM; } cmd_ctx->cctx = cctx; + cmd_ctx->is_user = false; ret = ssh_cmd_parse_request(cmd_ctx); if (ret != EOK) { @@ -673,6 +675,8 @@ static errno_t ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx) { struct cli_ctx *cctx = cmd_ctx->cctx; + struct ssh_ctx *ssh_ctx = talloc_get_type(cctx->rctx->pvt_ctx, + struct ssh_ctx); errno_t ret; uint8_t *body; size_t body_len; @@ -705,14 +709,27 @@ ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx) } c += name_len; - ret = sss_parse_name_for_domains(cmd_ctx, cctx->rctx->domains, - cctx->rctx->default_domain,name, - &cmd_ctx->domname, &cmd_ctx->name); + ret = sss_parse_name(cmd_ctx, ssh_ctx->snctx, name, + &cmd_ctx->domname, &cmd_ctx->name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Invalid name received [%s]\n", name)); return ENOENT; } + if (cmd_ctx->is_user && cmd_ctx->domname == NULL) { + name = cmd_ctx->name; + + ret = sss_parse_name_for_domains(cmd_ctx, cctx->rctx->domains, + cctx->rctx->default_domain, name, + &cmd_ctx->domname, + &cmd_ctx->name); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Invalid name received [%s]\n", name)); + return ENOENT; + } + } + if (flags & 1) { SAFEALIGN_COPY_UINT32_CHECK(&alias_len, body+c, body_len, &c); if (alias_len == 0 || alias_len > body_len - c) { |