#3332 Issue processing ssh keys from certificates in ssh respoder

Created 6 months ago by sbose
Modified 6 months ago

The keys returned by get_valid_certs_keys() are already binary and not base64 encoded.

decode_and_add_base64_data() is called later with the third argument unconditionally set to 'false' which indicates that base64_decode should be called on the data which fails with the data returned by get_valid_certs_keys().

So either get_valid_certs_keys() should return base64 encoded data which would be a bit redundant because base64_decode is called a few cycles later. Or ssh_get_output_keys() should return base64 encoded and binary key in two different variable and decode_and_add_base64_data() is called for each of them with the right setting of the third argument.

6 months ago

Metadata Update from @sbose:
- Issue assigned to sbose

How to test:
Add a valid certificate to an IPA user object and call

sss_sssh_authorizedkeys usersname

The command will fail and the sssd_ssh.log file contains:

(Thu Mar 16 12:00:55 2017) [sssd[ssh]] [decode_and_add_base64_data] (0x0040): sss_base64_decode failed.
(Thu Mar 16 12:00:55 2017) [sssd[ssh]] [ssh_protocol_build_reply] (0x0040): decode_and_add_base64_data failed.
6 months ago

Metadata Update from @sbose:
- Custom field patch adjusted to on

6 months ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1434991

6 months ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1434991

Issue linked to Bugzilla: Bug 1434991

6 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.15.3

  • master:
  • 1b5d6b1afc9c3dc696b7b45f2d73b2634f42800a
  • bd1fa0ec90be717c3b7796d74b6f243f40178d16
6 months ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

Login to comment on this ticket.

on

https://bugzilla.redhat.com/show_bug.cgi?id=1434991

cancel