summaryrefslogtreecommitdiffstats
path: root/src/util
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2012-02-26 13:24:16 -0500
committerStephen Gallagher <sgallagh@redhat.com>2012-02-26 20:34:18 -0500
commit748ba184db97b7534254f97018fa04e8aa458fae (patch)
treeb083c6a3c3bc7a0fc116af69d17e3c04627833a8 /src/util
parent9e896dc45792ea7d2f267b4fbd49542d10339c63 (diff)
downloadsssd-748ba184db97b7534254f97018fa04e8aa458fae.tar.gz
sssd-748ba184db97b7534254f97018fa04e8aa458fae.tar.xz
sssd-748ba184db97b7534254f97018fa04e8aa458fae.zip
SSH: Refactor responder and client common code
Diffstat (limited to 'src/util')
-rw-r--r--src/util/sss_ssh.c174
-rw-r--r--src/util/sss_ssh.h59
2 files changed, 233 insertions, 0 deletions
diff --git a/src/util/sss_ssh.c b/src/util/sss_ssh.c
new file mode 100644
index 000000000..83c1ec152
--- /dev/null
+++ b/src/util/sss_ssh.c
@@ -0,0 +1,174 @@
+/*
+ Authors:
+ Jan Cholasta <jcholast@redhat.com>
+
+ Copyright (C) 2012 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <arpa/inet.h>
+
+#include "db/sysdb.h"
+#include "util/util.h"
+#include "util/crypto/sss_crypto.h"
+#include "util/sss_ssh.h"
+
+errno_t
+sss_ssh_make_ent(TALLOC_CTX *mem_ctx,
+ struct ldb_message *msg,
+ struct sss_ssh_ent **result)
+{
+ TALLOC_CTX *tmp_ctx;
+ struct sss_ssh_ent *res = NULL;
+ errno_t ret;
+ const char *name;
+ struct ldb_message_element *el;
+ unsigned int i;
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) {
+ return ENOMEM;
+ }
+
+ name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
+ if (!name) {
+ ret = EINVAL;
+ goto done;
+ }
+
+ res = talloc_zero(tmp_ctx, struct sss_ssh_ent);
+ if (!res) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ res->name = talloc_strdup(res, name);
+ if (!res->name) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ el = ldb_msg_find_element(msg, SYSDB_SSH_PUBKEY);
+ if (el) {
+ res->num_pubkeys = el->num_values;
+
+ res->pubkeys = talloc_array(res, struct sss_ssh_pubkey,
+ res->num_pubkeys);
+ if (!res->pubkeys) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ for (i = 0; i < el->num_values; i++) {
+ res->pubkeys[i].data = sss_base64_decode(res->pubkeys,
+ (char *)el->values[i].data, &res->pubkeys[i].data_len);
+ if (!res->pubkeys[i].data) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+ }
+
+ el = ldb_msg_find_element(msg, SYSDB_NAME_ALIAS);
+ if (el) {
+ res->num_aliases = el->num_values;
+
+ res->aliases = talloc_array(res, char *, res->num_aliases);
+ if (!res->aliases) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ for (i = 0; i < el->num_values; i++) {
+ res->aliases[i] = talloc_strdup(res->aliases,
+ (char *)el->values[i].data);
+ if (!res->aliases[i]) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+ }
+
+ *result = talloc_steal(mem_ctx, res);
+ ret = EOK;
+
+done:
+ talloc_free(tmp_ctx);
+
+ return ret;
+}
+
+char *
+sss_ssh_get_pubkey_algorithm(TALLOC_CTX *mem_ctx,
+ struct sss_ssh_pubkey *pubkey)
+{
+ size_t c = 0;
+ uint32_t algo_len;
+ char *algo;
+
+ SAFEALIGN_COPY_UINT32(&algo_len, pubkey->data, &c);
+ algo_len = ntohl(algo_len);
+
+ algo = talloc_zero_array(mem_ctx, char, algo_len+1);
+ if (!algo) {
+ return NULL;
+ }
+
+ memcpy(algo, pubkey->data+c, algo_len);
+
+ return algo;
+}
+
+char *
+sss_ssh_format_pubkey(TALLOC_CTX *mem_ctx,
+ struct sss_ssh_ent *ent,
+ struct sss_ssh_pubkey *pubkey,
+ enum sss_ssh_pubkey_format format)
+{
+ TALLOC_CTX *tmp_ctx;
+ char *blob;
+ char *algo;
+ char *result = NULL;
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) {
+ return NULL;
+ }
+
+ blob = sss_base64_encode(tmp_ctx, pubkey->data, pubkey->data_len);
+ if (!blob) {
+ goto done;
+ }
+
+ switch (format) {
+ case SSS_SSH_FORMAT_RAW:
+ /* base64-encoded key blob */
+ result = talloc_steal(mem_ctx, blob);
+
+ case SSS_SSH_FORMAT_OPENSSH:
+ /* OpenSSH authorized_keys/known_hosts format */
+ algo = sss_ssh_get_pubkey_algorithm(tmp_ctx, pubkey);
+ if (!algo) {
+ goto done;
+ }
+
+ result = talloc_asprintf(mem_ctx, "%s %s %s", algo, blob, ent->name);
+ }
+
+done:
+ talloc_free(tmp_ctx);
+
+ return result;
+}
diff --git a/src/util/sss_ssh.h b/src/util/sss_ssh.h
new file mode 100644
index 000000000..a4ac73915
--- /dev/null
+++ b/src/util/sss_ssh.h
@@ -0,0 +1,59 @@
+/*
+ Authors:
+ Jan Cholasta <jcholast@redhat.com>
+
+ Copyright (C) 2012 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SSS_SSH_H_
+#define _SSS_SSH_H_
+
+struct sss_ssh_pubkey {
+ uint8_t *data;
+ size_t data_len;
+};
+
+struct sss_ssh_ent {
+ char *name;
+
+ struct sss_ssh_pubkey *pubkeys;
+ size_t num_pubkeys;
+
+ char **aliases;
+ size_t num_aliases;
+};
+
+errno_t
+sss_ssh_make_ent(TALLOC_CTX *mem_ctx,
+ struct ldb_message *msg,
+ struct sss_ssh_ent **result);
+
+char *
+sss_ssh_get_pubkey_algorithm(TALLOC_CTX *mem_ctx,
+ struct sss_ssh_pubkey *pubkey);
+
+enum sss_ssh_pubkey_format {
+ SSS_SSH_FORMAT_RAW,
+ SSS_SSH_FORMAT_OPENSSH
+};
+
+char *
+sss_ssh_format_pubkey(TALLOC_CTX *mem_ctx,
+ struct sss_ssh_ent *ent,
+ struct sss_ssh_pubkey *pubkey,
+ enum sss_ssh_pubkey_format format);
+
+#endif /* _SSS_SSH_H_ */