Hi,
I'm trying to use the experimental feature "sss_ssh_authorizedkeys" on
a up-to-date fedora 17. Now it seems everytime I call that binary, it
returns the non-descriptive error "Not enough memory".
Using my basic C-skills, I downloaded the latest SSSD sources (1.8.4)
and recompiled them myself: the result was the same.
Adding some print-statements, I stumbled upon this function
sss_ssh_get_pubkey_algorithm in src/util/sss_ssh.c:
char *
sss_ssh_get_pubkey_algorithm(TALLOC_CTX *mem_ctx,
struct sss_ssh_pubkey *pubkey)
{
size_t c = 0;
uint32_t algo_len;
char *algo;
SAFEALIGN_COPY_UINT32(&algo_len, pubkey->data, &c);
algo_len = ntohl(algo_len);
algo = talloc_zero_array(mem_ctx, char, algo_len+1);
if (!algo) {
return NULL;
}
memcpy(algo, pubkey->data+c, algo_len);
return algo;
}
==> it seems I always end up in the "return NULL" statement, which
seems very weird to me. Current SSH setups can get their authorized keys
from LDAP just fine (using "AuthorizedKeysCommand
/usr/libexec/openssh/ssh-ldap-wrapper" in sshd_config), so my keys are
just fine in LDAP.
I believe the call to SAFEALIGN_COPY_UINT32 is either wrong or has the
wrong arguments, since algo_len is a bizare huge number ...
Trying to change the
return NULL
in
return "ssh-dss
resulted in better effects (but still my key wasn't being accepted,
maybe another issue). The result (a bit obfuscated):
./sss_ssh_authorizedkeys MYUSER
ssh-dss c3NoXXXXXXXXX MYUSER@default
Also, fixing algo_len to "7" seemed to have an effect, but resulted in
another output:
dss AAA c3NoXXXXXXXXX MYUSER@default
So, there seems something wrong here, but I can't figure it out. Any
tips?
Franky