Show More
@@ -97,6 +97,18 b' def parse_pub_key(ssh_key):' | |||||
97 | SSH_OPTIONS = 'no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding' |
|
97 | SSH_OPTIONS = 'no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding' | |
98 |
|
98 | |||
99 |
|
99 | |||
|
100 | def _safe_check(s, rec = re.compile('^[a-zA-Z0-9+/]+={0,2}$')): | |||
|
101 | """Return true if s really has the right content for base64 encoding and only contains safe characters | |||
|
102 | >>> _safe_check('asdf') | |||
|
103 | True | |||
|
104 | >>> _safe_check('as df') | |||
|
105 | False | |||
|
106 | >>> _safe_check('AAAAB3NzaC1yc2EAAAALVGhpcyBpcyBmYWtlIQ==') | |||
|
107 | True | |||
|
108 | """ | |||
|
109 | return rec.match(s) is not None | |||
|
110 | ||||
|
111 | ||||
100 | def authorized_keys_line(kallithea_cli_path, config_file, key): |
|
112 | def authorized_keys_line(kallithea_cli_path, config_file, key): | |
101 | """ |
|
113 | """ | |
102 | Return a line as it would appear in .authorized_keys |
|
114 | Return a line as it would appear in .authorized_keys | |
@@ -113,6 +125,8 b' def authorized_keys_line(kallithea_cli_p' | |||||
113 | except SshKeyParseError: |
|
125 | except SshKeyParseError: | |
114 | return '# Invalid Kallithea SSH key: %s %s\n' % (key.user.user_id, key.user_ssh_key_id) |
|
126 | return '# Invalid Kallithea SSH key: %s %s\n' % (key.user.user_id, key.user_ssh_key_id) | |
115 | mimekey = decoded.encode('base64').replace('\n', '') |
|
127 | mimekey = decoded.encode('base64').replace('\n', '') | |
|
128 | if not _safe_check(mimekey): | |||
|
129 | return '# Invalid Kallithea SSH key - bad base64 encoding: %s %s\n' % (key.user.user_id, key.user_ssh_key_id) | |||
116 | return '%s,command="%s ssh-serve -c %s %s %s" %s %s\n' % ( |
|
130 | return '%s,command="%s ssh-serve -c %s %s %s" %s %s\n' % ( | |
117 | SSH_OPTIONS, kallithea_cli_path, config_file, |
|
131 | SSH_OPTIONS, kallithea_cli_path, config_file, | |
118 | key.user.user_id, key.user_ssh_key_id, |
|
132 | key.user.user_id, key.user_ssh_key_id, |
General Comments 0
You need to be logged in to leave comments.
Login now