From 3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Wed, 7 Dec 2011 02:50:31 -0500 Subject: Add support for SSH public keys to user and host objects. This patch adds a new multivalue param "sshpubkey" for specifying SSH public keys to both user and host objects. The accepted value is base64-encoded public key blob as specified in RFC4253, section 6.6. Additionaly, host commands automatically update DNS SSHFP records when requested by user. https://fedorahosted.org/freeipa/ticket/754 --- ipapython/ipautil.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'ipapython/ipautil.py') diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index fc0010d6..d9b0455e 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -36,6 +36,7 @@ import shutil import urllib2 import socket import ldap +import struct from ipapython import ipavalidate from types import * @@ -58,6 +59,7 @@ except ImportError: self.cmd = cmd def __str__(self): return "Command '%s' returned non-zero exit status %d" % (self.cmd, self.returncode) +from ipapython.compat import sha1, md5 def get_domain_name(): try: @@ -1395,3 +1397,22 @@ def backup_config_and_replace_variables(fstore, filepath, replacevars=dict(), ap old_values = config_replace_variables(filepath, replacevars, appendvars) return old_values + +def decode_ssh_pubkey(data, fptype=md5): + try: + (algolen,) = struct.unpack('>I', data[:4]) + if algolen > 0 and algolen <= len(data) - 4: + return (data[4:algolen+4], data[algolen+4:], fptype(data).hexdigest().upper()) + except struct.error: + pass + raise ValueError('not a SSH public key') + +def make_sshfp(key): + algo, data, fp = decode_ssh_pubkey(key, fptype=sha1) + if algo == 'ssh-rsa': + algo = 1 + elif algo == 'ssh-dss': + algo = 2 + else: + return + return '%d 1 %s' % (algo, fp) -- cgit