SSH: Fix parsing of names from client requests

Try to parse names in the form user@domain first, as that's what sss_ssh_* send in requests when the --domain option is used. Do not parse host names using domain-specific regular expression.
author: Jan Cholasta <jcholast@redhat.com> 2013-04-26 09:53:47 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-05-07 14:23:51 +0200
commit: 728b10c81204929be5669c1e67bd086e09c47c00 (patch)
tree: 65ca341e759ee75126e24d21d2dea3d53ea71f36 /src/responder/ssh/sshsrv_cmd.c
parent: f54b271376b23cb968eafb9ffd5100c6dadad2a7 (diff)
download: sssd-728b10c81204929be5669c1e67bd086e09c47c00.tar.gz
sssd-728b10c81204929be5669c1e67bd086e09c47c00.tar.xz
sssd-728b10c81204929be5669c1e67bd086e09c47c00.zip
1 files changed, 20 insertions, 3 deletions
diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c
index 671160ea7..374abe6c6 100644
--- a/src/responder/ssh/sshsrv_cmd.c
+++ b/src/responder/ssh/sshsrv_cmd.c
@@ -55,6 +55,7 @@ sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx)
         return ENOMEM;
     }
     cmd_ctx->cctx = cctx;
+    cmd_ctx->is_user = true;
 
     ret = ssh_cmd_parse_request(cmd_ctx);
     if (ret != EOK) {
@@ -101,6 +102,7 @@ sss_ssh_cmd_get_host_pubkeys(struct cli_ctx *cctx)
         return ENOMEM;
     }
     cmd_ctx->cctx = cctx;
+    cmd_ctx->is_user = false;
 
     ret = ssh_cmd_parse_request(cmd_ctx);
     if (ret != EOK) {
@@ -673,6 +675,8 @@ static errno_t
 ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx)
 {
     struct cli_ctx *cctx = cmd_ctx->cctx;
+    struct ssh_ctx *ssh_ctx = talloc_get_type(cctx->rctx->pvt_ctx,
+                                              struct ssh_ctx);
     errno_t ret;
     uint8_t *body;
     size_t body_len;
@@ -705,14 +709,27 @@ ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx)
     }
     c += name_len;
 
-    ret = sss_parse_name_for_domains(cmd_ctx, cctx->rctx->domains,
-                                     cctx->rctx->default_domain,name,
-                                     &cmd_ctx->domname, &cmd_ctx->name);
+    ret = sss_parse_name(cmd_ctx, ssh_ctx->snctx, name,
+                         &cmd_ctx->domname, &cmd_ctx->name);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("Invalid name received [%s]\n", name));
         return ENOENT;
     }
 
+    if (cmd_ctx->is_user && cmd_ctx->domname == NULL) {
+        name = cmd_ctx->name;
+
+        ret = sss_parse_name_for_domains(cmd_ctx, cctx->rctx->domains,
+                                         cctx->rctx->default_domain, name,
+                                         &cmd_ctx->domname,
+                                         &cmd_ctx->name);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE,
+                  ("Invalid name received [%s]\n", name));
+            return ENOENT;
+        }
+    }
+
     if (flags & 1) {
         SAFEALIGN_COPY_UINT32_CHECK(&alias_len, body+c, body_len, &c);
         if (alias_len == 0 || alias_len > body_len - c) {
author	Jan Cholasta <jcholast@redhat.com>	2013-04-26 09:53:47 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-05-07 14:23:51 +0200
commit	728b10c81204929be5669c1e67bd086e09c47c00 (patch)
tree	65ca341e759ee75126e24d21d2dea3d53ea71f36 /src/responder/ssh/sshsrv_cmd.c
parent	f54b271376b23cb968eafb9ffd5100c6dadad2a7 (diff)
download	sssd-728b10c81204929be5669c1e67bd086e09c47c00.tar.gz sssd-728b10c81204929be5669c1e67bd086e09c47c00.tar.xz sssd-728b10c81204929be5669c1e67bd086e09c47c00.zip