aboutsummaryrefslogtreecommitdiff
path: root/gitosis/ssh.py
diff options
context:
space:
mode:
Diffstat (limited to 'gitosis/ssh.py')
-rw-r--r--gitosis/ssh.py35
1 files changed, 12 insertions, 23 deletions
diff --git a/gitosis/ssh.py b/gitosis/ssh.py
index a9ed206..7b2c0c3 100644
--- a/gitosis/ssh.py
+++ b/gitosis/ssh.py
@@ -28,7 +28,7 @@ def readKeys(keydir):
fp = file(path)
for line in fp:
line = line.rstrip('\n')
- yield (basename, line)
+ yield (basename, sshkey.get_ssh_pubkey(line))
fp.close()
COMMENT = '### autogenerated by gitosis, DO NOT EDIT'
@@ -38,30 +38,14 @@ def generateAuthorizedKeys(keys):
Genarate the lines for the Gitosis ~/.ssh/authorized_keys.
"""
TEMPLATE = ('command="gitosis-serve %(user)s",no-port-forwarding,'
- +'no-X11-forwarding,no-agent-forwarding,no-pty %(key)s')
+ +'no-X11-forwarding,no-agent-forwarding,no-pty %(key)s %(comment)s')
yield COMMENT
for (user, key) in keys:
- yield TEMPLATE % dict(user=user, key=key)
+ yield TEMPLATE % dict(user=user, key=key.key, comment=key.comment)
-_COMMAND_OPTS_SAFE_CMD = \
- 'command="(/[^ "]+/)?gitosis-serve [^"]+"'
-_COMMAND_OPTS_SAFE = \
- 'no-port-forwarding' \
-+'|no-X11-forwarding' \
-+'|no-agent-forwarding' \
-+'|no-pty' \
-+'|from="[^"]*"'
-_COMMAND_OPTS_UNSAFE = \
- 'environment="[^"]*"' \
-+'|command="[^"]*"' \
-+'|permitopen="[^"]*"' \
-+'|tunnel="[^"]+"'
-
-_COMMAND_RE = re.compile(
-'^'+_COMMAND_OPTS_SAFE_CMD \
-+'(,('+_COMMAND_OPTS_SAFE+'))+' \
-+' .*')
+_GITOSIS_CMD_RE = '(/[^ "]+/)?gitosis-serve [^"]+'
+_COMMAND_RE = re.compile(_GITOSIS_CMD_RE)
def filterAuthorizedKeys(fp):
"""
@@ -74,8 +58,13 @@ def filterAuthorizedKeys(fp):
line = line.rstrip('\n')
if line == COMMENT:
continue
- if _COMMAND_RE.match(line):
- continue
+ try:
+ key = sshkey.get_ssh_pubkey(line)
+ if 'command' in key.options and \
+ _COMMAND_RE.match(key.options['command']):
+ continue
+ except sshkey.MalformedSSHKey:
+ pass
yield line
def writeAuthorizedKeys(path, keydir):