diff options
author | Jan Cholasta <jcholast@redhat.com> | 2011-12-07 02:50:31 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-13 22:21:27 -0500 |
commit | 3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29 (patch) | |
tree | 856f8f2850043d1f3eb6f3df1c2d3287ae7fc969 /ipapython | |
parent | 9b6baf9beeb733d77883f4ed32e553265ee15543 (diff) | |
download | freeipa-3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29.tar.gz freeipa-3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29.tar.xz freeipa-3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29.zip |
Add support for SSH public keys to user and host objects.
This patch adds a new multivalue param "sshpubkey" for specifying SSH public
keys to both user and host objects. The accepted value is base64-encoded
public key blob as specified in RFC4253, section 6.6.
Additionaly, host commands automatically update DNS SSHFP records when
requested by user.
https://fedorahosted.org/freeipa/ticket/754
Diffstat (limited to 'ipapython')
-rw-r--r-- | ipapython/ipautil.py | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index fc0010d6e..d9b0455e5 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -36,6 +36,7 @@ import shutil import urllib2 import socket import ldap +import struct from ipapython import ipavalidate from types import * @@ -58,6 +59,7 @@ except ImportError: self.cmd = cmd def __str__(self): return "Command '%s' returned non-zero exit status %d" % (self.cmd, self.returncode) +from ipapython.compat import sha1, md5 def get_domain_name(): try: @@ -1395,3 +1397,22 @@ def backup_config_and_replace_variables(fstore, filepath, replacevars=dict(), ap old_values = config_replace_variables(filepath, replacevars, appendvars) return old_values + +def decode_ssh_pubkey(data, fptype=md5): + try: + (algolen,) = struct.unpack('>I', data[:4]) + if algolen > 0 and algolen <= len(data) - 4: + return (data[4:algolen+4], data[algolen+4:], fptype(data).hexdigest().upper()) + except struct.error: + pass + raise ValueError('not a SSH public key') + +def make_sshfp(key): + algo, data, fp = decode_ssh_pubkey(key, fptype=sha1) + if algo == 'ssh-rsa': + algo = 1 + elif algo == 'ssh-dss': + algo = 2 + else: + return + return '%d 1 %s' % (algo, fp) |