diff options
| author | Andrew Cady <d@jerkface.net> | 2020-05-31 18:56:30 -0400 |
|---|---|---|
| committer | Andrew Cady <d@jerkface.net> | 2020-05-31 18:56:30 -0400 |
| commit | 740c2c44b18bbf7be4dde0eb5622b2793fa0e774 (patch) | |
| tree | a528674c4fb00f8ac74fdd50248a6da4a5dab89d | |
| parent | 6d9dfd28cd3190570e2a3e4d6c057c55191df995 (diff) | |
switch to base32 encoded key hashes
| -rwxr-xr-x | bin/samizdat-ssh-uid | 8 | ||||
| -rw-r--r-- | control.d/depends.control | 3 |
2 files changed, 9 insertions, 2 deletions
diff --git a/bin/samizdat-ssh-uid b/bin/samizdat-ssh-uid index 2b4b311..94d8f8c 100755 --- a/bin/samizdat-ssh-uid +++ b/bin/samizdat-ssh-uid | |||
| @@ -2,6 +2,11 @@ | |||
| 2 | 2 | ||
| 3 | die() { echo "$0: Error: $*" >&2; exit 1; } | 3 | die() { echo "$0: Error: $*" >&2; exit 1; } |
| 4 | 4 | ||
| 5 | b16_to_b32() | ||
| 6 | { | ||
| 7 | echo -n "$1" | basez -x -d | basez -j -l | tr -d = | ||
| 8 | } | ||
| 9 | |||
| 5 | [ "$SSH_USER_AUTH" ] || die "not defined: \$SSH_USER_AUTH" | 10 | [ "$SSH_USER_AUTH" ] || die "not defined: \$SSH_USER_AUTH" |
| 6 | [ -f "$SSH_USER_AUTH" ] || die "file does not exist: \$SSH_USER_AUTH=${SSH_USER_AUTH}" | 11 | [ -f "$SSH_USER_AUTH" ] || die "file does not exist: \$SSH_USER_AUTH=${SSH_USER_AUTH}" |
| 7 | 12 | ||
| @@ -11,6 +16,7 @@ sed -ne 's/^publickey //p' < "${SSH_USER_AUTH}" > "${PEMFILE}" || die "could not | |||
| 11 | 16 | ||
| 12 | SSH_CLIENT_FINGERPRINT=$(ssh-keygen -r . -f "${PEMFILE}" | sed -ne 's/^. IN SSHFP [0-9]* 2 //p') && | 17 | SSH_CLIENT_FINGERPRINT=$(ssh-keygen -r . -f "${PEMFILE}" | sed -ne 's/^. IN SSHFP [0-9]* 2 //p') && |
| 13 | [ "$SSH_CLIENT_FINGERPRINT" ] || die "could not determine ssh client fingerprint" | 18 | [ "$SSH_CLIENT_FINGERPRINT" ] || die "could not determine ssh client fingerprint" |
| 19 | SSH_CLIENT_FINGERPRINT_B32=$(b16_to_b32 "$SSH_CLIENT_FINGERPRINT") | ||
| 14 | 20 | ||
| 15 | read keytype keydata < "${PEMFILE}" || die "reading from PEMFILE=$PEMFILE" | 21 | read keytype keydata < "${PEMFILE}" || die "reading from PEMFILE=$PEMFILE" |
| 16 | case "$keytype" in | 22 | case "$keytype" in |
| @@ -31,7 +37,7 @@ else | |||
| 31 | fi | 37 | fi |
| 32 | 38 | ||
| 33 | env -i \ | 39 | env -i \ |
| 34 | SSH_CLIENT_FINGERPRINT="$SSH_CLIENT_FINGERPRINT" \ | 40 | SSH_CLIENT_FINGERPRINT="$SSH_CLIENT_FINGERPRINT_B32" \ |
| 35 | SSH_CLIENT_KEYTYPE="$keytype" \ | 41 | SSH_CLIENT_KEYTYPE="$keytype" \ |
| 36 | SSH_CLIENT_DOMAIN="$domain" \ | 42 | SSH_CLIENT_DOMAIN="$domain" \ |
| 37 | SSH_CLIENT_PEMFILE="$PEMFILE" \ | 43 | SSH_CLIENT_PEMFILE="$PEMFILE" \ |
diff --git a/control.d/depends.control b/control.d/depends.control index 710c001..f285bc1 100644 --- a/control.d/depends.control +++ b/control.d/depends.control | |||
| @@ -1,2 +1,3 @@ | |||
| 1 | Depends: pdns-backend-sqlite3, | 1 | Depends: basez, |
| 2 | pdns-backend-sqlite3, | ||
| 2 | pdns-server | 3 | pdns-server |