dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From 3ba9f82ac428f509df33e509a39eb783480f5d19 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 16 Mar 2017 12:38:08 +0100
Subject: [PATCH 55/60] ssh: handle binary keys correctly

Related to https://pagure.io/SSSD/sssd/issue/3332

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/responder/ssh/ssh_reply.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c
index 807f4ee079128b4a3f1719de890ffac6e0d5b2e0..7093e47253b5687bab387feed5299c2d0841d43c 100644
--- a/src/responder/ssh/ssh_reply.c
+++ b/src/responder/ssh/ssh_reply.c
@@ -32,6 +32,11 @@
 #include "responder/common/cache_req/cache_req.h"
 #include "responder/ssh/ssh_private.h"
 
+/* Locally used flag for libldb's ldb_message_element structure to indicate
+ * binary data. Since the related data is only used in memory it is safe. If
+ * should be used with care if libldb's I/O operations are involved. */
+#define SSS_EL_FLAG_BIN_DATA (1<<4)
+
 static errno_t get_valid_certs_keys(TALLOC_CTX *mem_ctx,
                                     struct ssh_ctx *ssh_ctx,
                                     struct ldb_message_element *el_cert,
@@ -148,7 +153,7 @@ static errno_t decode_and_add_base64_data(struct sss_packet *packet,
     }
 
     for (d = 0; d < el->num_values; d++) {
-        if (skip_base64_decode) {
+        if (skip_base64_decode || (el->flags & SSS_EL_FLAG_BIN_DATA)) {
             key = el->values[d].data;
             key_len = el->values[d].length;
         } else  {
@@ -233,6 +238,7 @@ ssh_get_output_keys(TALLOC_CTX *mem_ctx,
         }
 
         if (elements[i] != NULL) {
+            elements[i]->flags |= SSS_EL_FLAG_BIN_DATA;
             num_keys += elements[i]->num_values;
             i++;
         }
-- 
2.9.3