rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0157-SSH-Use-default_domain_suffix-for-users-authorized-k.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   956cae063e19c463dbceb805f5bb04ffd039a6e0
  2.   SOURCES
  3.   0157-SSH-Use-default_domain_suffix-for-users-authorized-k.patch
Blob History Raw
4de095 
From dfdd2fe5c177d70a0c5db383820f237ebc7e722f Mon Sep 17 00:00:00 2001
4de095 
From: Jakub Hrozek <jhrozek@redhat.com>
4de095 
Date: Thu, 24 Nov 2016 18:07:56 +0100
4de095 
Subject: [PATCH 157/157] SSH: Use default_domain_suffix for users' authorized
4de095 
 keys
4de095
4de095 
In commit eeecc48d22a28bb69da56f6ffd8824163fc9bf00 we disabled
4de095 
default_domain_suffix for the SSH responder, but in a wrong way -- we
4de095 
disabled the functionality completely, also for users, not only for
4de095 
computers. This might have been correct at the time, since SSH keys in ID
4de095 
overrides are a relatively new feature, but it's definitely not correct
4de095 
in general.
4de095
4de095 
Instead, this patch restores the use of default_domain_suffix, but only
4de095 
for looking up public keys of users, not of computers.
4de095
4de095 
Resolves:
4de095 
https://fedorahosted.org/sssd/ticket/3259
4de095
4de095 
Reviewed-by: Petr Cech <pcech@redhat.com>
4de095 
(cherry picked from commit ed71fba97dfcf5b3f0f1834c06660c481b9ab3ce)
4de095 
(cherry picked from commit 2949fe58ac344c44d756ca309d4b2b7f3590cee3)
4de095 
---
4de095 
 src/responder/ssh/sshsrv_cmd.c | 12 ++++++++----
4de095 
 1 file changed, 8 insertions(+), 4 deletions(-)
4de095
4de095 
diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c
4de095 
index ab721d66e5299ba6810a599a15a10094d5792092..2e64893dfc2018727e6fc5fb80b47bd7eb1fac58 100644
4de095 
--- a/src/responder/ssh/sshsrv_cmd.c
4de095 
+++ b/src/responder/ssh/sshsrv_cmd.c
4de095 
@@ -36,7 +36,8 @@
4de095 
 #include "responder/ssh/sshsrv_private.h"
4de095
4de095 
 static errno_t
4de095 
-ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx);
4de095 
+ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx,
4de095 
+                      char *default_domain);
4de095
4de095 
 static errno_t
4de095 
 ssh_user_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx);
4de095 
@@ -57,7 +58,7 @@ sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx)
4de095 
     cmd_ctx->cctx = cctx;
4de095 
     cmd_ctx->is_user = true;
4de095
4de095 
-    ret = ssh_cmd_parse_request(cmd_ctx);
4de095 
+    ret = ssh_cmd_parse_request(cmd_ctx, cctx->rctx->default_domain);
4de095 
     if (ret != EOK) {
4de095 
         goto done;
4de095 
     }
4de095 
@@ -107,7 +108,7 @@ sss_ssh_cmd_get_host_pubkeys(struct cli_ctx *cctx)
4de095 
     cmd_ctx->cctx = cctx;
4de095 
     cmd_ctx->is_user = false;
4de095
4de095 
-    ret = ssh_cmd_parse_request(cmd_ctx);
4de095 
+    ret = ssh_cmd_parse_request(cmd_ctx, NULL);
4de095 
     if (ret != EOK) {
4de095 
         goto done;
4de095 
     }
4de095 
@@ -681,7 +682,8 @@ done:
4de095 
 }
4de095
4de095 
 static errno_t
4de095 
-ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx)
4de095 
+ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx,
4de095 
+                      char *default_domain)
4de095 
 {
4de095 
     struct cli_protocol *pctx;
4de095 
     struct ssh_ctx *ssh_ctx;
4de095 
@@ -754,6 +756,8 @@ ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx)
4de095 
                 return EINVAL;
4de095 
             }
4de095 
             c += domain_len;
4de095 
+        } else {
4de095 
+            domain = default_domain;
4de095 
         }
4de095
4de095 
         DEBUG(SSSDBG_TRACE_FUNC,
4de095 
--
4de095 
2.9.3
4de095

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation