diff options
author | Jan Cholasta <jcholast@redhat.com> | 2012-02-26 13:24:16 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-02-26 20:34:18 -0500 |
commit | 748ba184db97b7534254f97018fa04e8aa458fae (patch) | |
tree | b083c6a3c3bc7a0fc116af69d17e3c04627833a8 /src/util | |
parent | 9e896dc45792ea7d2f267b4fbd49542d10339c63 (diff) | |
download | sssd-748ba184db97b7534254f97018fa04e8aa458fae.tar.gz sssd-748ba184db97b7534254f97018fa04e8aa458fae.tar.xz sssd-748ba184db97b7534254f97018fa04e8aa458fae.zip |
SSH: Refactor responder and client common code
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/sss_ssh.c | 174 | ||||
-rw-r--r-- | src/util/sss_ssh.h | 59 |
2 files changed, 233 insertions, 0 deletions
diff --git a/src/util/sss_ssh.c b/src/util/sss_ssh.c new file mode 100644 index 000000000..83c1ec152 --- /dev/null +++ b/src/util/sss_ssh.c @@ -0,0 +1,174 @@ +/* + Authors: + Jan Cholasta <jcholast@redhat.com> + + Copyright (C) 2012 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <arpa/inet.h> + +#include "db/sysdb.h" +#include "util/util.h" +#include "util/crypto/sss_crypto.h" +#include "util/sss_ssh.h" + +errno_t +sss_ssh_make_ent(TALLOC_CTX *mem_ctx, + struct ldb_message *msg, + struct sss_ssh_ent **result) +{ + TALLOC_CTX *tmp_ctx; + struct sss_ssh_ent *res = NULL; + errno_t ret; + const char *name; + struct ldb_message_element *el; + unsigned int i; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return ENOMEM; + } + + name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); + if (!name) { + ret = EINVAL; + goto done; + } + + res = talloc_zero(tmp_ctx, struct sss_ssh_ent); + if (!res) { + ret = ENOMEM; + goto done; + } + + res->name = talloc_strdup(res, name); + if (!res->name) { + ret = ENOMEM; + goto done; + } + + el = ldb_msg_find_element(msg, SYSDB_SSH_PUBKEY); + if (el) { + res->num_pubkeys = el->num_values; + + res->pubkeys = talloc_array(res, struct sss_ssh_pubkey, + res->num_pubkeys); + if (!res->pubkeys) { + ret = ENOMEM; + goto done; + } + + for (i = 0; i < el->num_values; i++) { + res->pubkeys[i].data = sss_base64_decode(res->pubkeys, + (char *)el->values[i].data, &res->pubkeys[i].data_len); + if (!res->pubkeys[i].data) { + ret = ENOMEM; + goto done; + } + } + } + + el = ldb_msg_find_element(msg, SYSDB_NAME_ALIAS); + if (el) { + res->num_aliases = el->num_values; + + res->aliases = talloc_array(res, char *, res->num_aliases); + if (!res->aliases) { + ret = ENOMEM; + goto done; + } + + for (i = 0; i < el->num_values; i++) { + res->aliases[i] = talloc_strdup(res->aliases, + (char *)el->values[i].data); + if (!res->aliases[i]) { + ret = ENOMEM; + goto done; + } + } + } + + *result = talloc_steal(mem_ctx, res); + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} + +char * +sss_ssh_get_pubkey_algorithm(TALLOC_CTX *mem_ctx, + struct sss_ssh_pubkey *pubkey) +{ + size_t c = 0; + uint32_t algo_len; + char *algo; + + SAFEALIGN_COPY_UINT32(&algo_len, pubkey->data, &c); + algo_len = ntohl(algo_len); + + algo = talloc_zero_array(mem_ctx, char, algo_len+1); + if (!algo) { + return NULL; + } + + memcpy(algo, pubkey->data+c, algo_len); + + return algo; +} + +char * +sss_ssh_format_pubkey(TALLOC_CTX *mem_ctx, + struct sss_ssh_ent *ent, + struct sss_ssh_pubkey *pubkey, + enum sss_ssh_pubkey_format format) +{ + TALLOC_CTX *tmp_ctx; + char *blob; + char *algo; + char *result = NULL; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return NULL; + } + + blob = sss_base64_encode(tmp_ctx, pubkey->data, pubkey->data_len); + if (!blob) { + goto done; + } + + switch (format) { + case SSS_SSH_FORMAT_RAW: + /* base64-encoded key blob */ + result = talloc_steal(mem_ctx, blob); + + case SSS_SSH_FORMAT_OPENSSH: + /* OpenSSH authorized_keys/known_hosts format */ + algo = sss_ssh_get_pubkey_algorithm(tmp_ctx, pubkey); + if (!algo) { + goto done; + } + + result = talloc_asprintf(mem_ctx, "%s %s %s", algo, blob, ent->name); + } + +done: + talloc_free(tmp_ctx); + + return result; +} diff --git a/src/util/sss_ssh.h b/src/util/sss_ssh.h new file mode 100644 index 000000000..a4ac73915 --- /dev/null +++ b/src/util/sss_ssh.h @@ -0,0 +1,59 @@ +/* + Authors: + Jan Cholasta <jcholast@redhat.com> + + Copyright (C) 2012 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _SSS_SSH_H_ +#define _SSS_SSH_H_ + +struct sss_ssh_pubkey { + uint8_t *data; + size_t data_len; +}; + +struct sss_ssh_ent { + char *name; + + struct sss_ssh_pubkey *pubkeys; + size_t num_pubkeys; + + char **aliases; + size_t num_aliases; +}; + +errno_t +sss_ssh_make_ent(TALLOC_CTX *mem_ctx, + struct ldb_message *msg, + struct sss_ssh_ent **result); + +char * +sss_ssh_get_pubkey_algorithm(TALLOC_CTX *mem_ctx, + struct sss_ssh_pubkey *pubkey); + +enum sss_ssh_pubkey_format { + SSS_SSH_FORMAT_RAW, + SSS_SSH_FORMAT_OPENSSH +}; + +char * +sss_ssh_format_pubkey(TALLOC_CTX *mem_ctx, + struct sss_ssh_ent *ent, + struct sss_ssh_pubkey *pubkey, + enum sss_ssh_pubkey_format format); + +#endif /* _SSS_SSH_H_ */ |