X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=ud-generate;h=a787dfad5df514b5f7120ac6d5e92767e32d64c0;hp=22eda37737d9aed20285647ef4627270db4e412b;hb=HEAD;hpb=5c955bb67db1644d85599d8b71e5c3a7cc23ad6f

diff --git a/ud-generate b/ud-generate
index 22eda37..a787dfa 100755
--- a/ud-generate
+++ b/ud-generate
@@ -904,21 +904,33 @@ def ExtractDNSInfo(x):
 
    Algorithm = None
 
+   ssh_hostnames = [ hostname ]
+   if x[1].has_key("sshfpHostname"):
+      ssh_hostnames += [ h for h in x[1]["sshfpHostname"] ]
+
    if 'sshRSAHostKey' in x[1]:
       for I in x[1]["sshRSAHostKey"]:
          Split = I.split()
-         if Split[0] == 'ssh-rsa':
+         key_prefix = Split[0]
+         key = base64.decodestring(Split[1])
+
+         # RFC4255
+         # https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml
+         if key_prefix == 'ssh-rsa':
             Algorithm = 1
-         if Split[0] == 'ssh-dss':
+         if key_prefix == 'ssh-dss':
             Algorithm = 2
-         if Split[0] == 'ssh-ed25519':
+         if key_prefix == 'ssh-ed25519':
             Algorithm = 4
          if Algorithm == None:
             continue
-         Fingerprint = hashlib.new('sha1', base64.decodestring(Split[1])).hexdigest()
-         DNSInfo.append("%s.\t%sIN\tSSHFP\t%u 1 %s" % (hostname, TTLprefix, Algorithm, Fingerprint))
-         Fingerprint = hashlib.new('sha256', base64.decodestring(Split[1])).hexdigest()
-         DNSInfo.append("%s.\t%sIN\tSSHFP\t%u 2 %s" % (hostname, TTLprefix, Algorithm, Fingerprint))
+         # and more from the registry
+         sshfp_digest_codepoints = [ (1, 'sha1'), (2, 'sha256') ]
+
+         fingerprints = [ ( digest_codepoint, hashlib.new(algorithm, key).hexdigest() ) for digest_codepoint, algorithm in sshfp_digest_codepoints ]
+         for h in ssh_hostnames:
+            for digest_codepoint, fingerprint in fingerprints:
+               DNSInfo.append("%s.\t%sIN\tSSHFP\t%u %d %s" % (h, TTLprefix, Algorithm, digest_codepoint, fingerprint))
 
    if 'architecture' in x[1]:
       Arch = GetAttr(x, "architecture")
@@ -954,29 +966,6 @@ def GenZoneRecords(host_attrs, File):
          for Line in ExtractDNSInfo(x):
             F.write(Line + "\n")
 
-        # this would write sshfp lines for services on machines
-        # but we can't yet, since some are cnames and we'll make
-        # an invalid zonefile
-        #
-        # for i in x[1].get("purpose", []):
-        #    m = PurposeHostField.match(i)
-        #    if m:
-        #       m = m.group(1)
-        #       # we ignore [[*..]] entries
-        #       if m.startswith('*'):
-        #          continue
-        #       if m.startswith('-'):
-        #          m = m[1:]
-        #       if m:
-        #          if not m.endswith(HostDomain):
-        #             continue
-        #          if not m.endswith('.'):
-        #             m = m + "."
-        #          for Line in DNSInfo:
-        #             if isSSHFP.match(Line):
-        #                Line = "%s\t%s" % (m, Line)
-        #                F.write(Line + "\n")
-
    # Oops, something unspeakable happened.
    except:
       Die(File, F, None)
@@ -1154,7 +1143,8 @@ def get_hosts(ldap_conn):
    # Fetch all the hosts
    HostAttrs    = ldap_conn.search_s(HostBaseDn, ldap.SCOPE_ONELEVEL, "objectClass=debianServer",\
                    ["hostname", "sshRSAHostKey", "purpose", "allowedGroups", "exportOptions",\
-                    "mXRecord", "ipHostNumber", "dnsTTL", "machine", "architecture"])
+                    "mXRecord", "ipHostNumber", "dnsTTL", "machine", "architecture",
+                    "sshfpHostname"])
 
    if HostAttrs == None:
       raise UDEmptyList, "No Hosts"