From bd03e67c9d2fc4ad0275e7a573385ee5b7b9307a Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Wed, 14 Mar 2012 07:54:16 -0400 Subject: SSH: Allow clients to explicitly specify host alias This change removes the need to canonicalize host names on the responder side - the relevant code was removed. --- src/sss_client/ssh/sss_ssh_authorizedkeys.c | 9 +++++---- src/sss_client/ssh/sss_ssh_client.c | 18 +++++++++++++++++- src/sss_client/ssh/sss_ssh_client.h | 1 + src/sss_client/ssh/sss_ssh_knownhostsproxy.c | 3 ++- 4 files changed, 25 insertions(+), 6 deletions(-) (limited to 'src/sss_client') diff --git a/src/sss_client/ssh/sss_ssh_authorizedkeys.c b/src/sss_client/ssh/sss_ssh_authorizedkeys.c index 174cb531..b64bbc3d 100644 --- a/src/sss_client/ssh/sss_ssh_authorizedkeys.c +++ b/src/sss_client/ssh/sss_ssh_authorizedkeys.c @@ -97,7 +97,8 @@ int main(int argc, const char **argv) } /* look up public keys */ - ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_USER_PUBKEYS, user, &ent); + ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_USER_PUBKEYS, + user, NULL, &ent); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret))); @@ -111,9 +112,9 @@ int main(int argc, const char **argv) repr = sss_ssh_format_pubkey(mem_ctx, ent, &ent->pubkeys[i], SSS_SSH_FORMAT_OPENSSH); if (!repr) { - DEBUG(SSSDBG_OP_FAILURE, - ("Out of memory formatting SSH public key\n")); - continue; + ERROR("Not enough memory\n"); + ret = EXIT_FAILURE; + goto fini; } printf("%s\n", repr); diff --git a/src/sss_client/ssh/sss_ssh_client.c b/src/sss_client/ssh/sss_ssh_client.c index 41b20e76..8520cd1b 100644 --- a/src/sss_client/ssh/sss_ssh_client.c +++ b/src/sss_client/ssh/sss_ssh_client.c @@ -70,9 +70,13 @@ int set_locale(void) /* SSH public key request: * - * 0..3: flags (unsigned int, must be 0) + * 0..3: flags (unsigned int, must be 0 or 1) * 4..7: name length (unsigned int) * 8..(X-1): name (null-terminated UTF-8 string) + * if (flags & 1) { + * X..(X+3): alias length (unsigned int) + * (X+4)..Y: alias (null-terminated UTF-8 string) + * } * * SSH public key reply: * @@ -89,6 +93,7 @@ errno_t sss_ssh_get_ent(TALLOC_CTX *mem_ctx, enum sss_cli_command command, const char *name, + const char *alias, struct sss_ssh_ent **result) { TALLOC_CTX *tmp_ctx; @@ -96,6 +101,7 @@ sss_ssh_get_ent(TALLOC_CTX *mem_ctx, errno_t ret; uint32_t flags; uint32_t name_len; + uint32_t alias_len; size_t req_len; uint8_t *req = NULL; size_t c = 0; @@ -115,6 +121,12 @@ sss_ssh_get_ent(TALLOC_CTX *mem_ctx, name_len = strlen(name)+1; req_len = 2*sizeof(uint32_t) + name_len; + if (alias) { + flags |= 1; + alias_len = strlen(alias)+1; + req_len += sizeof(uint32_t) + alias_len; + } + req = talloc_array(tmp_ctx, uint8_t, req_len); if (!req) { ret = ENOMEM; @@ -124,6 +136,10 @@ sss_ssh_get_ent(TALLOC_CTX *mem_ctx, SAFEALIGN_SET_UINT32(req+c, flags, &c); SAFEALIGN_SET_UINT32(req+c, name_len, &c); safealign_memcpy(req+c, name, name_len, &c); + if (alias) { + SAFEALIGN_SET_UINT32(req+c, alias_len, &c); + safealign_memcpy(req+c, alias, alias_len, &c); + } /* send request */ rd.data = req; diff --git a/src/sss_client/ssh/sss_ssh_client.h b/src/sss_client/ssh/sss_ssh_client.h index 1c8db1ff..7ffc3983 100644 --- a/src/sss_client/ssh/sss_ssh_client.h +++ b/src/sss_client/ssh/sss_ssh_client.h @@ -34,6 +34,7 @@ errno_t sss_ssh_get_ent(TALLOC_CTX *mem_ctx, enum sss_cli_command command, const char *name, + const char *alias, struct sss_ssh_ent **result); #endif /* _SSS_SSH_CLIENT_H_ */ diff --git a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c index 280532b6..19206c3c 100644 --- a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c +++ b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c @@ -275,7 +275,8 @@ int main(int argc, const char **argv) } /* look up public keys */ - ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS, host, &ent); + ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS, + host, NULL, &ent); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret))); -- cgit