summaryrefslogtreecommitdiffstats
path: root/src/responder/ssh/sshsrv_cmd.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/responder/ssh/sshsrv_cmd.c')
-rw-r--r--src/responder/ssh/sshsrv_cmd.c123
1 files changed, 94 insertions, 29 deletions
diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c
index ad8316398..5bed2e0ad 100644
--- a/src/responder/ssh/sshsrv_cmd.c
+++ b/src/responder/ssh/sshsrv_cmd.c
@@ -232,8 +232,8 @@ ssh_user_pubkeys_search_next(struct ssh_cmd_ctx *cmd_ctx)
return EFAULT;
}
- ret = sysdb_get_user_attr(cmd_ctx, cmd_ctx->domain,
- cmd_ctx->name, attrs, &res);
+ ret = sysdb_get_user_attr_with_views(cmd_ctx, cmd_ctx->domain,
+ cmd_ctx->name, attrs, &res);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to make request to our cache!\n");
@@ -782,6 +782,65 @@ ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx)
return EOK;
}
+static errno_t decode_and_add_base64_data(struct ssh_cmd_ctx *cmd_ctx,
+ struct ldb_message_element *el,
+ size_t fqname_len,
+ const char *fqname,
+ size_t *c)
+{
+ struct cli_ctx *cctx = cmd_ctx->cctx;
+ uint8_t *key;
+ size_t key_len;
+ uint8_t *body;
+ size_t body_len;
+ int ret;
+ size_t d;
+ TALLOC_CTX *tmp_ctx;
+
+ if (el == NULL) {
+ DEBUG(SSSDBG_TRACE_ALL, "Mssing element, nothing to do.\n");
+ return EOK;
+ }
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
+ return ENOMEM;
+ }
+
+ for (d = 0; d < el->num_values; d++) {
+ key = sss_base64_decode(tmp_ctx, (const char *) el->values[d].data,
+ &key_len);
+ if (key == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = sss_packet_grow(cctx->creq->out,
+ 3*sizeof(uint32_t) + key_len + fqname_len);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "sss_packet_grow failed.\n");
+ goto done;
+ }
+ sss_packet_get_body(cctx->creq->out, &body, &body_len);
+
+ SAFEALIGN_SET_UINT32(body+(*c), 0, c);
+ SAFEALIGN_SET_UINT32(body+(*c), fqname_len, c);
+ safealign_memcpy(body+(*c), fqname, fqname_len, c);
+ SAFEALIGN_SET_UINT32(body+(*c), key_len, c);
+ safealign_memcpy(body+(*c), key, key_len, c);
+
+ }
+
+ ret = EOK;
+
+done:
+ talloc_free(tmp_ctx);
+
+ return ret;
+}
+
static errno_t
ssh_cmd_build_reply(struct ssh_cmd_ctx *cmd_ctx)
{
@@ -790,14 +849,13 @@ ssh_cmd_build_reply(struct ssh_cmd_ctx *cmd_ctx)
uint8_t *body;
size_t body_len;
size_t c = 0;
- unsigned int i;
- struct ldb_message_element *el;
+ struct ldb_message_element *el = NULL;
+ struct ldb_message_element *el_override = NULL;
+ struct ldb_message_element *el_orig = NULL;
uint32_t count = 0;
const char *name;
char *fqname;
uint32_t fqname_len;
- uint8_t *key;
- size_t key_len;
ret = sss_packet_new(cctx->creq, 0,
sss_packet_get_cmd(cctx->creq->in),
@@ -811,6 +869,20 @@ ssh_cmd_build_reply(struct ssh_cmd_ctx *cmd_ctx)
count = el->num_values;
}
+ el_orig = ldb_msg_find_element(cmd_ctx->result,
+ ORIGINALAD_PREFIX SYSDB_SSH_PUBKEY);
+ if (el_orig) {
+ count = el_orig->num_values;
+ }
+
+ if (DOM_HAS_VIEWS(cmd_ctx->domain)) {
+ el_override = ldb_msg_find_element(cmd_ctx->result,
+ OVERRIDE_PREFIX SYSDB_SSH_PUBKEY);
+ if (el_override) {
+ count += el_override->num_values;
+ }
+ }
+
ret = sss_packet_grow(cctx->creq->out, 2*sizeof(uint32_t));
if (ret != EOK) {
return ret;
@@ -820,7 +892,7 @@ ssh_cmd_build_reply(struct ssh_cmd_ctx *cmd_ctx)
SAFEALIGN_SET_UINT32(body+c, count, &c);
SAFEALIGN_SET_UINT32(body+c, 0, &c);
- if (!el) {
+ if (count == 0) {
return EOK;
}
@@ -840,30 +912,23 @@ ssh_cmd_build_reply(struct ssh_cmd_ctx *cmd_ctx)
fqname_len = strlen(fqname)+1;
- for (i = 0; i < el->num_values; i++) {
- key = sss_base64_decode(cmd_ctx,
- (const char *)el->values[i].data,
- &key_len);
- if (!key) {
- return ENOMEM;
- }
-
- ret = sss_packet_grow(cctx->creq->out,
- 3*sizeof(uint32_t) + key_len + fqname_len);
- if (ret != EOK) {
- talloc_free(key);
- return ret;
- }
- sss_packet_get_body(cctx->creq->out, &body, &body_len);
+ ret = decode_and_add_base64_data(cmd_ctx, el, fqname_len, fqname, &c);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "decode_and_add_base64_data failed.\n");
+ return ret;
+ }
- SAFEALIGN_SET_UINT32(body+c, 0, &c);
- SAFEALIGN_SET_UINT32(body+c, fqname_len, &c);
- safealign_memcpy(body+c, fqname, fqname_len, &c);
- SAFEALIGN_SET_UINT32(body+c, key_len, &c);
- safealign_memcpy(body+c, key, key_len, &c);
+ ret = decode_and_add_base64_data(cmd_ctx, el_orig, fqname_len, fqname, &c);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "decode_and_add_base64_data failed.\n");
+ return ret;
+ }
- talloc_free(key);
- count++;
+ ret = decode_and_add_base64_data(cmd_ctx, el_override, fqname_len, fqname,
+ &c);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "decode_and_add_base64_data failed.\n");
+ return ret;
}
return EOK;
generated by cgit (git 2.34.1) at 2024-04-23 17:05:14 +0000