[SSSD] [sssd PR#93][opened] SSH: Use default_domain_suffix for users' authorized keys

Thu, 24 Nov 2016 09:11:28 -0800 

   URL: https://github.com/SSSD/sssd/pull/93
Author: jhrozek
 Title: #93: SSH: Use default_domain_suffix for users' authorized keys
Action: opened

PR body:
"""
None
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/93/head:pr93
git checkout pr93

From 9806f0bda1fb96b860790ae96cdf707b7e612864 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Thu, 24 Nov 2016 18:07:56 +0100
Subject: [PATCH] SSH: Use default_domain_suffix for users' authorized keys

In commit eeecc48d22a28bb69da56f6ffd8824163fc9bf00 we disabled
default_domain_suffix for the SSH responder, but in a wrong way -- we
disabled the functionality completely, also for users, not only for
groups. This might have been correct at the time, since SSH keys in ID
overrides are a relatively new feature, but it's definitely not correct
in general.

Instead, this patch restores the use of default_domain_suffix, but only
for looking up public keys of users, not of groups.
---
 src/responder/ssh/sshsrv_cmd.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c
index ab721d6..2e64893 100644
--- a/src/responder/ssh/sshsrv_cmd.c
+++ b/src/responder/ssh/sshsrv_cmd.c
@@ -36,7 +36,8 @@
 #include "responder/ssh/sshsrv_private.h"
 
 static errno_t
-ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx);
+ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx,
+                      char *default_domain);
 
 static errno_t
 ssh_user_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx);
@@ -57,7 +58,7 @@ sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx)
     cmd_ctx->cctx = cctx;
     cmd_ctx->is_user = true;
 
-    ret = ssh_cmd_parse_request(cmd_ctx);
+    ret = ssh_cmd_parse_request(cmd_ctx, cctx->rctx->default_domain);
     if (ret != EOK) {
         goto done;
     }
@@ -107,7 +108,7 @@ sss_ssh_cmd_get_host_pubkeys(struct cli_ctx *cctx)
     cmd_ctx->cctx = cctx;
     cmd_ctx->is_user = false;
 
-    ret = ssh_cmd_parse_request(cmd_ctx);
+    ret = ssh_cmd_parse_request(cmd_ctx, NULL);
     if (ret != EOK) {
         goto done;
     }
@@ -681,7 +682,8 @@ ssh_host_pubkeys_update_known_hosts(struct ssh_cmd_ctx *cmd_ctx)
 }
 
 static errno_t
-ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx)
+ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx,
+                      char *default_domain)
 {
     struct cli_protocol *pctx;
     struct ssh_ctx *ssh_ctx;
@@ -754,6 +756,8 @@ ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx)
                 return EINVAL;
             }
             c += domain_len;
+        } else {
+            domain = default_domain;
         }
 
         DEBUG(SSSDBG_TRACE_FUNC,

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to