summaryrefslogtreecommitdiffstats
path: root/ipapython
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2011-12-07 02:50:31 -0500
committerRob Crittenden <rcritten@redhat.com>2012-02-13 22:21:27 -0500
commit3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29 (patch)
tree856f8f2850043d1f3eb6f3df1c2d3287ae7fc969 /ipapython
parent9b6baf9beeb733d77883f4ed32e553265ee15543 (diff)
downloadfreeipa-3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29.tar.gz
freeipa-3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29.tar.xz
freeipa-3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29.zip
Add support for SSH public keys to user and host objects.
This patch adds a new multivalue param "sshpubkey" for specifying SSH public keys to both user and host objects. The accepted value is base64-encoded public key blob as specified in RFC4253, section 6.6. Additionaly, host commands automatically update DNS SSHFP records when requested by user. https://fedorahosted.org/freeipa/ticket/754
Diffstat (limited to 'ipapython')
-rw-r--r--ipapython/ipautil.py21
1 files changed, 21 insertions, 0 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index fc0010d6e..d9b0455e5 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -36,6 +36,7 @@ import shutil
import urllib2
import socket
import ldap
+import struct
from ipapython import ipavalidate
from types import *
@@ -58,6 +59,7 @@ except ImportError:
self.cmd = cmd
def __str__(self):
return "Command '%s' returned non-zero exit status %d" % (self.cmd, self.returncode)
+from ipapython.compat import sha1, md5
def get_domain_name():
try:
@@ -1395,3 +1397,22 @@ def backup_config_and_replace_variables(fstore, filepath, replacevars=dict(), ap
old_values = config_replace_variables(filepath, replacevars, appendvars)
return old_values
+
+def decode_ssh_pubkey(data, fptype=md5):
+ try:
+ (algolen,) = struct.unpack('>I', data[:4])
+ if algolen > 0 and algolen <= len(data) - 4:
+ return (data[4:algolen+4], data[algolen+4:], fptype(data).hexdigest().upper())
+ except struct.error:
+ pass
+ raise ValueError('not a SSH public key')
+
+def make_sshfp(key):
+ algo, data, fp = decode_ssh_pubkey(key, fptype=sha1)
+ if algo == 'ssh-rsa':
+ algo = 1
+ elif algo == 'ssh-dss':
+ algo = 2
+ else:
+ return
+ return '%d 1 %s' % (algo, fp)