From 36f2fe8f6306df3b5495f34110280d0d6133d7b0 Mon Sep 17 00:00:00 2001
From: Fabiano Fidêncio <fidencio@redhat.com>
Date: Jul 30 2018 20:01:49 +0000
Subject: sss_ssh_knownhostsproxy: add option to only print the pubkey


Related:
https://pagure.io/SSSD/sssd/issue/3542

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

---

diff --git a/src/man/sss_ssh_knownhostsproxy.1.xml b/src/man/sss_ssh_knownhostsproxy.1.xml
index b71e1ea..f84732c 100644
--- a/src/man/sss_ssh_knownhostsproxy.1.xml
+++ b/src/man/sss_ssh_knownhostsproxy.1.xml
@@ -84,6 +84,16 @@ GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
                     </para>
                 </listitem>
             </varlistentry>
+            <varlistentry>
+                <term>
+                    <option>-k</option>,<option>--pubkeys</option>
+                </term>
+                <listitem>
+                    <para>
+                        Print the host ssh public keys for host <replaceable>HOST</replaceable>.
+                    </para>
+                </listitem>
+            </varlistentry>
             <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/param_help.xml" />
         </variablelist>
     </refsect1>
diff --git a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
index 976ba86..9e574ad 100644
--- a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
+++ b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
@@ -197,6 +197,7 @@ int main(int argc, const char **argv)
     const char *pc_domain = NULL;
     const char *pc_host = NULL;
     const char **pc_args = NULL;
+    int pc_pubkeys = 0;
     struct poptOption long_options[] = {
         POPT_AUTOHELP
         { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0,
@@ -205,6 +206,8 @@ int main(int argc, const char **argv)
           _("The port to use to connect to the host"), NULL },
         { "domain", 'd', POPT_ARG_STRING, &pc_domain, 0,
           _("The SSSD domain to use"), NULL },
+        { "pubkey", 'k', POPT_ARG_NONE, &pc_pubkeys, 0,
+          _("Print the host ssh public keys"), NULL },
         POPT_TABLEEND
     };
     poptContext pc = NULL;
@@ -213,7 +216,7 @@ int main(int argc, const char **argv)
     struct addrinfo *ai = NULL;
     char canonhost[NI_MAXHOST];
     const char *host = NULL;
-    struct sss_ssh_ent *ent;
+    struct sss_ssh_ent *ent = NULL;
     int ret;
 
     debug_prg_name = argv[0];
@@ -302,6 +305,25 @@ int main(int argc, const char **argv)
         }
     }
 
+    if (pc_pubkeys) {
+        /* print results */
+        if (ent != NULL) {
+            for (size_t i = 0; i < ent->num_pubkeys; i++) {
+                ret = sss_ssh_print_pubkey(&ent->pubkeys[i]);
+                if (ret != EOK && ret != EINVAL) {
+                    DEBUG(SSSDBG_CRIT_FAILURE,
+                          "ssh_ssh_print_pubkey() failed (%d): %s\n",
+                          ret, strerror(ret));
+                    ret = EXIT_FAILURE;
+                    goto fini;
+                }
+            }
+        }
+
+        ret = EXIT_SUCCESS;
+        goto fini;
+    }
+
     /* connect to server */
     if (pc_args) {
         ret = connect_proxy_command(discard_const(pc_args));