mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
Add support for RFC 6594 SSHFP DNS records.
https://fedorahosted.org/freeipa/ticket/2642
This commit is contained in:
parent
c1735e1c80
commit
86dde3a38e
@ -1325,6 +1325,9 @@ def update_ssh_keys(server, hostname, ssh_dir, create_sshfp):
|
||||
sshfp = pubkey.fingerprint_dns_sha1()
|
||||
if sshfp is not None:
|
||||
update_txt += 'update add %s. %s IN SSHFP %s\n' % (hostname, ttl, sshfp)
|
||||
sshfp = pubkey.fingerprint_dns_sha256()
|
||||
if sshfp is not None:
|
||||
update_txt += 'update add %s. %s IN SSHFP %s\n' % (hostname, ttl, sshfp)
|
||||
update_txt += 'send\n'
|
||||
|
||||
if not do_nsupdate(update_txt):
|
||||
|
@ -139,6 +139,12 @@ def update_sshfp_record(zone, record, entry_attrs):
|
||||
continue
|
||||
if sshfp is not None:
|
||||
sshfps.append(sshfp)
|
||||
try:
|
||||
sshfp = SSHPublicKey(pubkey).fingerprint_dns_sha256()
|
||||
except ValueError, UnicodeDecodeError:
|
||||
continue
|
||||
if sshfp is not None:
|
||||
sshfps.append(sshfp)
|
||||
|
||||
try:
|
||||
api.Command['dnsrecord_mod'](zone, record, sshfprecord=sshfps)
|
||||
|
@ -26,6 +26,7 @@ import base64
|
||||
import re
|
||||
import struct
|
||||
from hashlib import md5, sha1
|
||||
from hashlib import sha256 #pylint: disable=E0611
|
||||
|
||||
__all__ = ['SSHPublicKey']
|
||||
|
||||
@ -187,12 +188,20 @@ class SSHPublicKey(object):
|
||||
fp = u':'.join([fp[j:j+2] for j in range(0, len(fp), 2)])
|
||||
return fp
|
||||
|
||||
def fingerprint_dns_sha1(self):
|
||||
def _fingerprint_dns(self, fpfunc, fptype):
|
||||
if self._keytype == 'ssh-rsa':
|
||||
keytype = 1
|
||||
elif self._keytype == 'ssh-dss':
|
||||
keytype = 2
|
||||
elif self._keytype.startswith('ecdsa-sha2-') and '@' not in self._keytype:
|
||||
keytype = 3
|
||||
else:
|
||||
return
|
||||
fp = sha1(self._key).hexdigest().upper()
|
||||
return u'%d 1 %s' % (keytype, fp)
|
||||
fp = fpfunc(self._key).hexdigest().upper()
|
||||
return u'%d %d %s' % (keytype, fptype, fp)
|
||||
|
||||
def fingerprint_dns_sha1(self):
|
||||
return self._fingerprint_dns(sha1, 1)
|
||||
|
||||
def fingerprint_dns_sha256(self):
|
||||
return self._fingerprint_dns(sha256, 2)
|
||||
|
Loading…
Reference in New Issue
Block a user