diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2013-04-26 10:45:42 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-07 14:23:51 +0200 |
| commit | 28e55560008f21a532b103b3f612c6fca2a54d76 (patch) | |
| tree | a32c61fc482cfbe873c2682cc5e7fce8a7868f2e /src/sss_client | |
| parent | 728b10c81204929be5669c1e67bd086e09c47c00 (diff) | |
| download | sssd-28e55560008f21a532b103b3f612c6fca2a54d76.tar.gz sssd-28e55560008f21a532b103b3f612c6fca2a54d76.tar.xz sssd-28e55560008f21a532b103b3f612c6fca2a54d76.zip | |
SSH: Use separate field for domain name in client requests
Instead of appending @domain to names when the --domain option of sss_ssh_* is
used, put domain name in a separate field in client requests.
Diffstat (limited to 'src/sss_client')
| -rw-r--r-- | src/sss_client/ssh/sss_ssh_authorizedkeys.c | 15 | ||||
| -rw-r--r-- | src/sss_client/ssh/sss_ssh_client.c | 38 | ||||
| -rw-r--r-- | src/sss_client/ssh/sss_ssh_client.h | 1 | ||||
| -rw-r--r-- | src/sss_client/ssh/sss_ssh_knownhostsproxy.c | 12 |
4 files changed, 29 insertions, 37 deletions
diff --git a/src/sss_client/ssh/sss_ssh_authorizedkeys.c b/src/sss_client/ssh/sss_ssh_authorizedkeys.c index 11deff9a6..bc991a837 100644 --- a/src/sss_client/ssh/sss_ssh_authorizedkeys.c +++ b/src/sss_client/ssh/sss_ssh_authorizedkeys.c @@ -43,7 +43,6 @@ int main(int argc, const char **argv) POPT_TABLEEND }; poptContext pc = NULL; - const char *user; struct sss_ssh_ent *ent; size_t i; char *repr; @@ -84,21 +83,9 @@ int main(int argc, const char **argv) BAD_POPT_PARAMS(pc, _("User not specified\n"), ret, fini); } - /* append domain to username if domain is specified */ - if (pc_domain) { - user = talloc_asprintf(mem_ctx, "%s@%s", pc_user, pc_domain); - if (!user) { - ERROR("Not enough memory\n"); - ret = EXIT_FAILURE; - goto fini; - } - } else { - user = pc_user; - } - /* look up public keys */ ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_USER_PUBKEYS, - user, NULL, &ent); + pc_user, pc_domain, NULL, &ent); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret))); diff --git a/src/sss_client/ssh/sss_ssh_client.c b/src/sss_client/ssh/sss_ssh_client.c index 645f29289..5312dba2b 100644 --- a/src/sss_client/ssh/sss_ssh_client.c +++ b/src/sss_client/ssh/sss_ssh_client.c @@ -70,29 +70,34 @@ int set_locale(void) /* SSH public key request: * - * 0..3: flags (unsigned int, must be 0 or 1) - * 4..7: name length (unsigned int) - * 8..(X-1): name (null-terminated UTF-8 string) - * if (flags & 1) { - * X..(X+3): alias length (unsigned int) - * (X+4)..Y: alias (null-terminated UTF-8 string) - * } + * header: + * 0..3: flags (unsigned int, must be combination of SSS_SSH_REQ_* flags) + * 4..7: name length (unsigned int) + * 8..X: name (null-terminated UTF-8 string) + * alias (only included if flags & SSS_SSH_REQ_ALIAS): + * 0..3: alias length (unsigned int) + * 4..X: alias (null-terminated UTF-8 string) + * domain (ony included if flags & SSS_SSH_REQ_DOMAIN): + * 0..3: domain length (unsigned int, 0 means default domain) + * 4..X: domain (null-terminated UTF-8 string) * * SSH public key reply: * - * 0..3: number of results (unsigned int) - * 4..7: reserved (unsigned int, must be 0) - * 8..$: array of results: + * header: + * 0..3: number of results (unsigned int) + * 4..7: reserved (unsigned int, must be 0) + * results (repeated for each result): * 0..3: flags (unsigned int, must be 0) * 4..7: name length (unsigned int) * 8..(X-1): name (null-terminated UTF-8 string) * X..(X+3): key length (unsigned int) - * (X+4)..Y: key (public key blob as defined in RFC4253, section 6.6) + * (X+4)..Y: key (public key data) */ errno_t sss_ssh_get_ent(TALLOC_CTX *mem_ctx, enum sss_cli_command command, const char *name, + const char *domain, const char *alias, struct sss_ssh_ent **result) { @@ -102,6 +107,7 @@ sss_ssh_get_ent(TALLOC_CTX *mem_ctx, uint32_t flags; uint32_t name_len; uint32_t alias_len; + uint32_t domain_len; size_t req_len; uint8_t *req = NULL; size_t c = 0; @@ -122,11 +128,15 @@ sss_ssh_get_ent(TALLOC_CTX *mem_ctx, req_len = 2*sizeof(uint32_t) + name_len; if (alias) { - flags |= 1; + flags |= SSS_SSH_REQ_ALIAS; alias_len = strlen(alias)+1; req_len += sizeof(uint32_t) + alias_len; } + flags |= SSS_SSH_REQ_DOMAIN; + domain_len = domain ? (strlen(domain)+1) : 0; + req_len += sizeof(uint32_t) + domain_len; + req = talloc_array(tmp_ctx, uint8_t, req_len); if (!req) { ret = ENOMEM; @@ -140,6 +150,10 @@ sss_ssh_get_ent(TALLOC_CTX *mem_ctx, SAFEALIGN_SET_UINT32(req+c, alias_len, &c); safealign_memcpy(req+c, alias, alias_len, &c); } + SAFEALIGN_SET_UINT32(req+c, domain_len, &c); + if (domain_len > 0) { + safealign_memcpy(req+c, domain, domain_len, &c); + } /* send request */ rd.data = req; diff --git a/src/sss_client/ssh/sss_ssh_client.h b/src/sss_client/ssh/sss_ssh_client.h index 7ffc3983e..5ad0643f9 100644 --- a/src/sss_client/ssh/sss_ssh_client.h +++ b/src/sss_client/ssh/sss_ssh_client.h @@ -34,6 +34,7 @@ errno_t sss_ssh_get_ent(TALLOC_CTX *mem_ctx, enum sss_cli_command command, const char *name, + const char *domain, const char *alias, struct sss_ssh_ent **result); diff --git a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c index 600895d1f..e2202b183 100644 --- a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c +++ b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c @@ -282,19 +282,9 @@ int main(int argc, const char **argv) } if (host) { - /* append domain to hostname if domain is specified */ - if (pc_domain) { - host = talloc_asprintf(mem_ctx, "%s@%s", host, pc_domain); - if (!host) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Not enough memory\n")); - ret = EXIT_FAILURE; - goto fini; - } - } - /* look up public keys */ ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS, - host, pc_host, &ent); + host, pc_domain, pc_host, &ent); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret))); |