a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina Jan Cholasta <jcholast@redhat.com>
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina Copyright (C) 2012 Red Hat
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina This program is free software; you can redistribute it and/or modify
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina it under the terms of the GNU General Public License as published by
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina the Free Software Foundation; either version 3 of the License, or
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina (at your option) any later version.
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina This program is distributed in the hope that it will be useful,
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina but WITHOUT ANY WARRANTY; without even the implied warranty of
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina GNU General Public License for more details.
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina You should have received a copy of the GNU General Public License
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina along with this program. If not, see <http://www.gnu.org/licenses/>.
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březinassh_host_pubkeys_format_known_host_plain(TALLOC_CTX *mem_ctx,
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina name = talloc_asprintf_append(name, ",%s", ent->aliases[i]);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina ret = sss_ssh_format_pubkey(tmp_ctx, &ent->pubkeys[i], &pubkey);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina result = talloc_asprintf_append(result, "%s %s\n", name, pubkey);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březinassh_host_pubkeys_format_known_host_hashed(TALLOC_CTX *mem_ctx,
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina char *name, *pubkey, *saltstr, *hashstr, *result;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina unsigned char salt[SSS_SHA1_LENGTH], hash[SSS_SHA1_LENGTH];
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina ret = sss_ssh_format_pubkey(tmp_ctx, &ent->pubkeys[i], &pubkey);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina name = (j == 0 ? ent->name : ent->aliases[j-1]);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina for (k = 0; k < SSS_SHA1_LENGTH; k++) {
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina "sss_hmac_sha1() failed (%d): %s\n",
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina saltstr = sss_base64_encode(tmp_ctx, salt, SSS_SHA1_LENGTH);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina hashstr = sss_base64_encode(tmp_ctx, hash, SSS_SHA1_LENGTH);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina result = talloc_asprintf_append(result, "|1|%s|%s %s\n",
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březinassh_write_known_hosts(struct sss_domain_info *domains,
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory!\n");
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina for (dom = domains; dom != NULL; dom = get_next_domain(dom, false)) {
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina "Fatal: Sysdb CTX not found for this domain!\n");
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina ret = sysdb_get_ssh_known_hosts(tmp_ctx, dom, now, attrs,
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina DEBUG(SSSDBG_OP_FAILURE, "Host search failed for domain "
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina "%s [%d]: %s\n", dom->name, ret, sss_strerror(ret));
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina for (i = 0; i < num_hosts; i++) {
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina ret = sss_ssh_make_ent(tmp_ctx, hosts[i], &ent);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina "Failed to get SSH host public keys\n");
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina entstr = ssh_host_pubkeys_format_known_host_hashed(ent, ent);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina entstr = ssh_host_pubkeys_format_known_host_plain(ent, ent);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina DEBUG(SSSDBG_OP_FAILURE, "Failed to format known_hosts data "
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina wret = sss_atomic_write_s(fd, entstr, strlen(entstr));
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březinassh_update_known_hosts_file(struct sss_domain_info *domains,
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory!\n");
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina /* Update host's expiration time. */
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina ret = sysdb_update_ssh_known_host_expire(domain, name, now,
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina /* Create temporary known hosts file. */
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina filename = talloc_strdup(tmp_ctx, SSS_SSH_KNOWN_HOSTS_TEMP_TMPL);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina fd = sss_unique_file_ex(tmp_ctx, filename, 0133, &ret);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina /* Write contents. */
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina ret = ssh_write_known_hosts(domains, hash_known_hosts, now, fd);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to write known hosts file "
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina /* Rename to SSH known hosts file. */