diff options
| -rw-r--r-- | src/responder/ssh/sshsrv_cmd.c | 22 | ||||
| -rw-r--r-- | src/sss_client/ssh/sss_ssh_authorizedkeys.c | 7 | ||||
| -rw-r--r-- | src/util/util_errors.c | 1 | ||||
| -rw-r--r-- | src/util/util_errors.h | 1 |
4 files changed, 26 insertions, 5 deletions
diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c index 1baba8b03..fef0ce099 100644 --- a/src/responder/ssh/sshsrv_cmd.c +++ b/src/responder/ssh/sshsrv_cmd.c @@ -67,7 +67,7 @@ sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx) cmd_ctx->name, cmd_ctx->domname ? cmd_ctx->domname : "<ALL>"); if (strcmp(cmd_ctx->name, "root") == 0) { - ret = ENOENT; + ret = ERR_NON_SSSD_USER; goto done; } @@ -168,6 +168,20 @@ ssh_user_pubkeys_search_dp_callback(uint16_t err_maj, void *ptr); static errno_t +ssh_user_handle_not_found(const char *username) +{ + struct passwd *pwd; + + pwd = getpwnam(username); + if (pwd != NULL) { + DEBUG(SSSDBG_TRACE_ALL, "%s is a non-SSSD user\n", username); + return ERR_NON_SSSD_USER; + } + + return ENOENT; +} + +static errno_t ssh_user_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx) { struct tevent_req *req; @@ -182,7 +196,7 @@ ssh_user_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx) if (!cmd_ctx->domain) { DEBUG(SSSDBG_OP_FAILURE, "No matching domain found for [%s], fail!\n", cmd_ctx->name); - return ENOENT; + return ssh_user_handle_not_found(cmd_ctx->name); } /* refresh the user's cache entry */ @@ -256,10 +270,10 @@ ssh_user_pubkeys_search_next(struct ssh_cmd_ctx *cmd_ctx) return ssh_user_pubkeys_search(cmd_ctx); } - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_MINOR_FAILURE, "No attributes for user [%s] found.\n", cmd_ctx->name); - return ENOENT; + return ssh_user_handle_not_found(cmd_ctx->name); } cmd_ctx->result = res->msgs[0]; diff --git a/src/sss_client/ssh/sss_ssh_authorizedkeys.c b/src/sss_client/ssh/sss_ssh_authorizedkeys.c index 89eda2371..782a9f443 100644 --- a/src/sss_client/ssh/sss_ssh_authorizedkeys.c +++ b/src/sss_client/ssh/sss_ssh_authorizedkeys.c @@ -86,7 +86,12 @@ int main(int argc, const char **argv) /* look up public keys */ ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_USER_PUBKEYS, pc_user, pc_domain, NULL, &ent); - if (ret != EOK) { + if (ret == ERR_NON_SSSD_USER) { + DEBUG(SSSDBG_MINOR_FAILURE, + "The user %s is valid, but not handled by sssd\n", pc_user); + ret = EXIT_SUCCESS; + goto fini; + } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret)); ERROR("Error looking up public keys\n"); diff --git a/src/util/util_errors.c b/src/util/util_errors.c index 9beffbc39..522b0f4ff 100644 --- a/src/util/util_errors.c +++ b/src/util/util_errors.c @@ -96,6 +96,7 @@ struct err_string error_to_str[] = { { "Domain has to timestamp cache" }, /* ERR_NO_TS */ { "No timestamp cache record" }, /* ERR_TS_CACHE_MISS */ { "Dereference threshold reached" }, /* ERR_DEREF_THRESHOLD */ + { "The user is not handled by SSSD" }, /* ERR_NON_SSSD_USER */ { "ERR_LAST" } /* ERR_LAST */ }; diff --git a/src/util/util_errors.h b/src/util/util_errors.h index d234ed00f..15ec5974b 100644 --- a/src/util/util_errors.h +++ b/src/util/util_errors.h @@ -118,6 +118,7 @@ enum sssd_errors { ERR_NO_TS, ERR_TS_CACHE_MISS, ERR_DEREF_THRESHOLD, + ERR_NON_SSSD_USER, ERR_LAST /* ALWAYS LAST */ }; |