diff options
Diffstat (limited to 'gitosis/ssh.py')
-rw-r--r-- | gitosis/ssh.py | 35 |
1 files changed, 12 insertions, 23 deletions
diff --git a/gitosis/ssh.py b/gitosis/ssh.py index a9ed206..7b2c0c3 100644 --- a/gitosis/ssh.py +++ b/gitosis/ssh.py @@ -28,7 +28,7 @@ def readKeys(keydir): fp = file(path) for line in fp: line = line.rstrip('\n') - yield (basename, line) + yield (basename, sshkey.get_ssh_pubkey(line)) fp.close() COMMENT = '### autogenerated by gitosis, DO NOT EDIT' @@ -38,30 +38,14 @@ def generateAuthorizedKeys(keys): Genarate the lines for the Gitosis ~/.ssh/authorized_keys. """ TEMPLATE = ('command="gitosis-serve %(user)s",no-port-forwarding,' - +'no-X11-forwarding,no-agent-forwarding,no-pty %(key)s') + +'no-X11-forwarding,no-agent-forwarding,no-pty %(key)s %(comment)s') yield COMMENT for (user, key) in keys: - yield TEMPLATE % dict(user=user, key=key) + yield TEMPLATE % dict(user=user, key=key.key, comment=key.comment) -_COMMAND_OPTS_SAFE_CMD = \ - 'command="(/[^ "]+/)?gitosis-serve [^"]+"' -_COMMAND_OPTS_SAFE = \ - 'no-port-forwarding' \ -+'|no-X11-forwarding' \ -+'|no-agent-forwarding' \ -+'|no-pty' \ -+'|from="[^"]*"' -_COMMAND_OPTS_UNSAFE = \ - 'environment="[^"]*"' \ -+'|command="[^"]*"' \ -+'|permitopen="[^"]*"' \ -+'|tunnel="[^"]+"' - -_COMMAND_RE = re.compile( -'^'+_COMMAND_OPTS_SAFE_CMD \ -+'(,('+_COMMAND_OPTS_SAFE+'))+' \ -+' .*') +_GITOSIS_CMD_RE = '(/[^ "]+/)?gitosis-serve [^"]+' +_COMMAND_RE = re.compile(_GITOSIS_CMD_RE) def filterAuthorizedKeys(fp): """ @@ -74,8 +58,13 @@ def filterAuthorizedKeys(fp): line = line.rstrip('\n') if line == COMMENT: continue - if _COMMAND_RE.match(line): - continue + try: + key = sshkey.get_ssh_pubkey(line) + if 'command' in key.options and \ + _COMMAND_RE.match(key.options['command']): + continue + except sshkey.MalformedSSHKey: + pass yield line def writeAuthorizedKeys(path, keydir): |