diff options
author | Andrew Cady <d@jerkface.net> | 2020-05-31 18:56:30 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2020-05-31 18:56:30 -0400 |
commit | 740c2c44b18bbf7be4dde0eb5622b2793fa0e774 (patch) | |
tree | a528674c4fb00f8ac74fdd50248a6da4a5dab89d | |
parent | 6d9dfd28cd3190570e2a3e4d6c057c55191df995 (diff) |
switch to base32 encoded key hashes
-rwxr-xr-x | bin/samizdat-ssh-uid | 8 | ||||
-rw-r--r-- | control.d/depends.control | 3 |
2 files changed, 9 insertions, 2 deletions
diff --git a/bin/samizdat-ssh-uid b/bin/samizdat-ssh-uid index 2b4b311..94d8f8c 100755 --- a/bin/samizdat-ssh-uid +++ b/bin/samizdat-ssh-uid | |||
@@ -2,6 +2,11 @@ | |||
2 | 2 | ||
3 | die() { echo "$0: Error: $*" >&2; exit 1; } | 3 | die() { echo "$0: Error: $*" >&2; exit 1; } |
4 | 4 | ||
5 | b16_to_b32() | ||
6 | { | ||
7 | echo -n "$1" | basez -x -d | basez -j -l | tr -d = | ||
8 | } | ||
9 | |||
5 | [ "$SSH_USER_AUTH" ] || die "not defined: \$SSH_USER_AUTH" | 10 | [ "$SSH_USER_AUTH" ] || die "not defined: \$SSH_USER_AUTH" |
6 | [ -f "$SSH_USER_AUTH" ] || die "file does not exist: \$SSH_USER_AUTH=${SSH_USER_AUTH}" | 11 | [ -f "$SSH_USER_AUTH" ] || die "file does not exist: \$SSH_USER_AUTH=${SSH_USER_AUTH}" |
7 | 12 | ||
@@ -11,6 +16,7 @@ sed -ne 's/^publickey //p' < "${SSH_USER_AUTH}" > "${PEMFILE}" || die "could not | |||
11 | 16 | ||
12 | SSH_CLIENT_FINGERPRINT=$(ssh-keygen -r . -f "${PEMFILE}" | sed -ne 's/^. IN SSHFP [0-9]* 2 //p') && | 17 | SSH_CLIENT_FINGERPRINT=$(ssh-keygen -r . -f "${PEMFILE}" | sed -ne 's/^. IN SSHFP [0-9]* 2 //p') && |
13 | [ "$SSH_CLIENT_FINGERPRINT" ] || die "could not determine ssh client fingerprint" | 18 | [ "$SSH_CLIENT_FINGERPRINT" ] || die "could not determine ssh client fingerprint" |
19 | SSH_CLIENT_FINGERPRINT_B32=$(b16_to_b32 "$SSH_CLIENT_FINGERPRINT") | ||
14 | 20 | ||
15 | read keytype keydata < "${PEMFILE}" || die "reading from PEMFILE=$PEMFILE" | 21 | read keytype keydata < "${PEMFILE}" || die "reading from PEMFILE=$PEMFILE" |
16 | case "$keytype" in | 22 | case "$keytype" in |
@@ -31,7 +37,7 @@ else | |||
31 | fi | 37 | fi |
32 | 38 | ||
33 | env -i \ | 39 | env -i \ |
34 | SSH_CLIENT_FINGERPRINT="$SSH_CLIENT_FINGERPRINT" \ | 40 | SSH_CLIENT_FINGERPRINT="$SSH_CLIENT_FINGERPRINT_B32" \ |
35 | SSH_CLIENT_KEYTYPE="$keytype" \ | 41 | SSH_CLIENT_KEYTYPE="$keytype" \ |
36 | SSH_CLIENT_DOMAIN="$domain" \ | 42 | SSH_CLIENT_DOMAIN="$domain" \ |
37 | SSH_CLIENT_PEMFILE="$PEMFILE" \ | 43 | SSH_CLIENT_PEMFILE="$PEMFILE" \ |
diff --git a/control.d/depends.control b/control.d/depends.control index 710c001..f285bc1 100644 --- a/control.d/depends.control +++ b/control.d/depends.control | |||
@@ -1,2 +1,3 @@ | |||
1 | Depends: pdns-backend-sqlite3, | 1 | Depends: basez, |
2 | pdns-backend-sqlite3, | ||
2 | pdns-server | 3 | pdns-server |