diff options
| author | Robin H. Johnson <robbat2@gentoo.org> | 2007-12-22 22:32:41 -0800 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2007-12-22 22:32:41 -0800 |
| commit | 55ccab4cc682e09ace1eb989da6b7ce2b110a4db (patch) | |
| tree | b9d5ee6130635967581236877dc1f131446134de | |
| parent | Fix tabs for spaces. (diff) | |
| download | gitosis-dakkar-55ccab4cc682e09ace1eb989da6b7ce2b110a4db.tar.gz gitosis-dakkar-55ccab4cc682e09ace1eb989da6b7ce2b110a4db.tar.bz2 gitosis-dakkar-55ccab4cc682e09ace1eb989da6b7ce2b110a4db.zip | |
Expand SSH authorized_keys option parsing.
| -rw-r--r-- | gitosis/ssh.py | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/gitosis/ssh.py b/gitosis/ssh.py index fb15969..f552255 100644 --- a/gitosis/ssh.py +++ b/gitosis/ssh.py @@ -52,10 +52,26 @@ def generateAuthorizedKeys(keys): for (user, key) in keys: yield TEMPLATE % dict(user=user, key=key) -_COMMAND_RE = re.compile('^command="(/[^ "]+/)?gitosis-serve [^"]+",' - +'no-port-forwarding,no-X11-forwarding,' - +'no-agent-forwarding,no-pty' - +' .*') +#Protocol 1 public keys consist of the following space-separated fields: options, bits, exponent, modulus, comment. +#Protocol 2 public key consist of: options, keytype, base64-encoded key, comment. +_COMMAND_OPTS_SAFE_CMD = \ + 'command="(/[^ "]+/)?gitosis-serve [^"]+"' +_COMMAND_OPTS_SAFE = \ + 'no-port-forwarding' \ ++'|no-X11-forwarding' \ ++'|no-agent-forwarding' \ ++'|no-pty' \ ++'|from="[^"]*"' +_COMMAND_OPTS_UNSAFE = \ + 'environment="[^"]*"' \ ++'|command="[^"]*"' \ ++'|permitopen="[^"]*"' \ ++'|tunnel="[^"]+"' + +_COMMAND_RE = re.compile( + '^'+_COMMAND_OPTS_SAFE_CMD \ + +'(,('+_COMMAND_OPTS_SAFE+'))+' \ + +' .*') def filterAuthorizedKeys(fp): """ |