From bd1fa0ec90be717c3b7796d74b6f243f40178d16 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mar 29 2017 13:01:21 +0000
Subject: ssh: handle binary keys correctly


Related to https://pagure.io/SSSD/sssd/issue/3332

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

---

diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c
index 807f4ee..7093e47 100644
--- a/src/responder/ssh/ssh_reply.c
+++ b/src/responder/ssh/ssh_reply.c
@@ -32,6 +32,11 @@
 #include "responder/common/cache_req/cache_req.h"
 #include "responder/ssh/ssh_private.h"
 
+/* Locally used flag for libldb's ldb_message_element structure to indicate
+ * binary data. Since the related data is only used in memory it is safe. If
+ * should be used with care if libldb's I/O operations are involved. */
+#define SSS_EL_FLAG_BIN_DATA (1<<4)
+
 static errno_t get_valid_certs_keys(TALLOC_CTX *mem_ctx,
                                     struct ssh_ctx *ssh_ctx,
                                     struct ldb_message_element *el_cert,
@@ -148,7 +153,7 @@ static errno_t decode_and_add_base64_data(struct sss_packet *packet,
     }
 
     for (d = 0; d < el->num_values; d++) {
-        if (skip_base64_decode) {
+        if (skip_base64_decode || (el->flags & SSS_EL_FLAG_BIN_DATA)) {
             key = el->values[d].data;
             key_len = el->values[d].length;
         } else  {
@@ -233,6 +238,7 @@ ssh_get_output_keys(TALLOC_CTX *mem_ctx,
         }
 
         if (elements[i] != NULL) {
+            elements[i]->flags |= SSS_EL_FLAG_BIN_DATA;
             num_keys += elements[i]->num_values;
             i++;
         }