summaryrefslogtreecommitdiffstats
path: root/src/responder/ssh
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2013-05-27 17:10:59 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-27 19:02:50 +0200
commit374c4f45cc8823a7bd7de12528b74dd860541d6c (patch)
tree7d27b8a8aeb801db98719511df0b3a39505db524 /src/responder/ssh
parent7b1f8721183647546e0da1aa458c02495f84a995 (diff)
downloadsssd-374c4f45cc8823a7bd7de12528b74dd860541d6c.tar.gz
sssd-374c4f45cc8823a7bd7de12528b74dd860541d6c.tar.xz
sssd-374c4f45cc8823a7bd7de12528b74dd860541d6c.zip
SSH: Update known_hosts file after unsuccessful requests as well.
https://fedorahosted.org/sssd/ticket/1949
Diffstat (limited to 'src/responder/ssh')
-rw-r--r--src/responder/ssh/sshsrv_cmd.c56
1 files changed, 36 insertions, 20 deletions
diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c
index bb765c628..76c364350 100644
--- a/src/responder/ssh/sshsrv_cmd.c
+++ b/src/responder/ssh/sshsrv_cmd.c
@@ -38,11 +38,10 @@ static errno_t
ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx);
static errno_t
-ssh_cmd_done(struct ssh_cmd_ctx *cmd_ctx,
- errno_t ret);
-
-static errno_t
ssh_user_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx);
+static errno_t
+ssh_cmd_get_user_pubkeys_done(struct ssh_cmd_ctx *cmd_ctx,
+ errno_t ret);
int
sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx)
@@ -85,11 +84,14 @@ sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx)
ret = ssh_user_pubkeys_search(cmd_ctx);
done:
- return ssh_cmd_done(cmd_ctx, ret);
+ return ssh_cmd_get_user_pubkeys_done(cmd_ctx, ret);
}
static errno_t
ssh_host_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx);
+static errno_t
+ssh_cmd_get_host_pubkeys_done(struct ssh_cmd_ctx *cmd_ctx,
+ errno_t ret);
static int
sss_ssh_cmd_get_host_pubkeys(struct cli_ctx *cctx)
@@ -128,7 +130,7 @@ sss_ssh_cmd_get_host_pubkeys(struct cli_ctx *cctx)
ret = ssh_host_pubkeys_search(cmd_ctx);
done:
- return ssh_cmd_done(cmd_ctx, ret);
+ return ssh_cmd_get_host_pubkeys_done(cmd_ctx, ret);
}
static void
@@ -283,7 +285,7 @@ ssh_user_pubkeys_search_dp_callback(uint16_t err_maj,
}
ret = ssh_user_pubkeys_search_next(cmd_ctx);
- ssh_cmd_done(cmd_ctx, ret);
+ ssh_cmd_get_user_pubkeys_done(cmd_ctx, ret);
}
static errno_t
@@ -338,9 +340,6 @@ ssh_host_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx)
}
static errno_t
-ssh_host_pubkeys_update_known_hosts(struct ssh_cmd_ctx *cmd_ctx);
-
-static errno_t
ssh_host_pubkeys_search_next(struct ssh_cmd_ctx *cmd_ctx)
{
errno_t ret;
@@ -379,9 +378,6 @@ ssh_host_pubkeys_search_next(struct ssh_cmd_ctx *cmd_ctx)
return ENOENT;
}
- /* one result found */
- ssh_host_pubkeys_update_known_hosts(cmd_ctx);
-
return EOK;
}
@@ -402,7 +398,7 @@ ssh_host_pubkeys_search_dp_callback(uint16_t err_maj,
}
ret = ssh_host_pubkeys_search_next(cmd_ctx);
- ssh_cmd_done(cmd_ctx, ret);
+ ssh_cmd_get_host_pubkeys_done(cmd_ctx, ret);
}
static char *
@@ -568,12 +564,14 @@ ssh_host_pubkeys_update_known_hosts(struct ssh_cmd_ctx *cmd_ctx)
return ENOMEM;
}
- ret = sysdb_update_ssh_known_host_expire(cmd_ctx->domain->sysdb,
- cmd_ctx->domain,
- cmd_ctx->name, now,
- ssh_ctx->known_hosts_timeout);
- if (ret != EOK) {
- goto done;
+ if (cmd_ctx->domain) {
+ ret = sysdb_update_ssh_known_host_expire(cmd_ctx->domain->sysdb,
+ cmd_ctx->domain,
+ cmd_ctx->name, now,
+ ssh_ctx->known_hosts_timeout);
+ if (ret != EOK && ret != ENOENT) {
+ goto done;
+ }
}
/* write known_hosts file */
@@ -936,6 +934,24 @@ ssh_cmd_done(struct ssh_cmd_ctx *cmd_ctx,
return EOK;
}
+static errno_t
+ssh_cmd_get_user_pubkeys_done(struct ssh_cmd_ctx *cmd_ctx,
+ errno_t ret)
+{
+ return ssh_cmd_done(cmd_ctx, ret);
+}
+
+static errno_t
+ssh_cmd_get_host_pubkeys_done(struct ssh_cmd_ctx *cmd_ctx,
+ errno_t ret)
+{
+ if (ret == EOK || ret == ENOENT) {
+ ssh_host_pubkeys_update_known_hosts(cmd_ctx);
+ }
+
+ return ssh_cmd_done(cmd_ctx, ret);
+}
+
struct cli_protocol_version *register_cli_protocol_version(void)
{
static struct cli_protocol_version ssh_cli_protocol_version[] = {