diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2012-09-01 16:47:18 -0400 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-09-04 10:17:42 +0200 |
| commit | f130a609a840d4548c795ce5e63afb5891358e20 (patch) | |
| tree | 4a2ef63293ea2dfee8517cd7c4832d992167e309 /src | |
| parent | 4a628b83d129463e7886c8cdaa31739512947e42 (diff) | |
| download | sssd-f130a609a840d4548c795ce5e63afb5891358e20.tar.gz sssd-f130a609a840d4548c795ce5e63afb5891358e20.tar.xz sssd-f130a609a840d4548c795ce5e63afb5891358e20.zip | |
SSH: Add support for OpenSSH-style public keys
Diffstat (limited to 'src')
| -rw-r--r-- | src/util/sss_ssh.c | 50 |
1 files changed, 37 insertions, 13 deletions
diff --git a/src/util/sss_ssh.c b/src/util/sss_ssh.c index d36e3c62d..e31876272 100644 --- a/src/util/sss_ssh.c +++ b/src/util/sss_ssh.c @@ -152,27 +152,51 @@ sss_ssh_format_pubkey(TALLOC_CTX *mem_ctx, char *blob; char *algo; char *out = NULL; + size_t i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } - blob = sss_base64_encode(tmp_ctx, pubkey->data, pubkey->data_len); - if (!blob) { - ret = ENOMEM; - goto done; - } + if (pubkey->data_len > 4 && memcmp(pubkey->data, "\0\0\0", 3) == 0) { + /* All valid public key blobs start with 3 null bytes (see RFC 4253 + * section 6.6, RFC 4251 section 5 and RFC 4250 section 4.6) + */ + blob = sss_base64_encode(tmp_ctx, pubkey->data, pubkey->data_len); + if (!blob) { + ret = ENOMEM; + goto done; + } - ret = sss_ssh_get_pubkey_algorithm(tmp_ctx, pubkey, &algo); - if (ret != EOK) { - goto done; - } + ret = sss_ssh_get_pubkey_algorithm(tmp_ctx, pubkey, &algo); + if (ret != EOK) { + goto done; + } - out = talloc_asprintf(mem_ctx, "%s %s", algo, blob); - if (!out) { - ret = ENOMEM; - goto done; + out = talloc_asprintf(mem_ctx, "%s %s", algo, blob); + if (!out) { + ret = ENOMEM; + goto done; + } + } else { + /* Not a valid public key blob, so this must be a textual public key */ + for (i = 0; i < pubkey->data_len; i++) { + if (!pubkey->data[i] || pubkey->data[i] == '\n' || + pubkey->data[i] == '\r') { + ret = EINVAL; + goto done; + } + } + + out = talloc_array(mem_ctx, char, pubkey->data_len + 1); + if (!out) { + ret = ENOMEM; + goto done; + } + + memcpy(out, pubkey->data, pubkey->data_len); + out[pubkey->data_len] = 0; } *result = out; |