#3332 Issue processing ssh keys from certificates in ssh respoder

Created 13 days ago by sbose
Modified 4 days ago

The keys returned by get_valid_certs_keys() are already binary and not base64 encoded.

decode_and_add_base64_data() is called later with the third argument unconditionally set to 'false' which indicates that base64_decode should be called on the data which fails with the data returned by get_valid_certs_keys().

So either get_valid_certs_keys() should return base64 encoded data which would be a bit redundant because base64_decode is called a few cycles later. Or ssh_get_output_keys() should return base64 encoded and binary key in two different variable and decode_and_add_base64_data() is called for each of them with the right setting of the third argument.

11 days ago

Metadata Update from @sbose:
- Issue assigned to sbose

How to test:
Add a valid certificate to an IPA user object and call

sss_sssh_authorizedkeys usersname

The command will fail and the sssd_ssh.log file contains:

(Thu Mar 16 12:00:55 2017) [sssd[ssh]] [decode_and_add_base64_data] (0x0040): sss_base64_decode failed.
(Thu Mar 16 12:00:55 2017) [sssd[ssh]] [ssh_protocol_build_reply] (0x0040): decode_and_add_base64_data failed.
11 days ago

Metadata Update from @sbose:
- Custom field patch adjusted to on

4 days ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1434991

4 days ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1434991

Issue linked to Bugzilla: Bug 1434991

4 days ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.15.3

Login to comment on this ticket.

on

https://bugzilla.redhat.com/show_bug.cgi?id=1434991

cancel