aboutsummaryrefslogtreecommitdiff
path: root/gitosis/ssh.py
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2007-12-22 22:32:41 -0800
committerRobin H. Johnson <robbat2@gentoo.org>2007-12-22 22:32:41 -0800
commit55ccab4cc682e09ace1eb989da6b7ce2b110a4db (patch)
treeb9d5ee6130635967581236877dc1f131446134de /gitosis/ssh.py
parentFix tabs for spaces. (diff)
downloadgitosis-dakkar-55ccab4cc682e09ace1eb989da6b7ce2b110a4db.tar.gz
gitosis-dakkar-55ccab4cc682e09ace1eb989da6b7ce2b110a4db.tar.bz2
gitosis-dakkar-55ccab4cc682e09ace1eb989da6b7ce2b110a4db.zip
Expand SSH authorized_keys option parsing.
Diffstat (limited to 'gitosis/ssh.py')
-rw-r--r--gitosis/ssh.py24
1 files changed, 20 insertions, 4 deletions
diff --git a/gitosis/ssh.py b/gitosis/ssh.py
index fb15969..f552255 100644
--- a/gitosis/ssh.py
+++ b/gitosis/ssh.py
@@ -52,10 +52,26 @@ def generateAuthorizedKeys(keys):
for (user, key) in keys:
yield TEMPLATE % dict(user=user, key=key)
-_COMMAND_RE = re.compile('^command="(/[^ "]+/)?gitosis-serve [^"]+",'
- +'no-port-forwarding,no-X11-forwarding,'
- +'no-agent-forwarding,no-pty'
- +' .*')
+#Protocol 1 public keys consist of the following space-separated fields: options, bits, exponent, modulus, comment.
+#Protocol 2 public key consist of: options, keytype, base64-encoded key, comment.
+_COMMAND_OPTS_SAFE_CMD = \
+ 'command="(/[^ "]+/)?gitosis-serve [^"]+"'
+_COMMAND_OPTS_SAFE = \
+ 'no-port-forwarding' \
++'|no-X11-forwarding' \
++'|no-agent-forwarding' \
++'|no-pty' \
++'|from="[^"]*"'
+_COMMAND_OPTS_UNSAFE = \
+ 'environment="[^"]*"' \
++'|command="[^"]*"' \
++'|permitopen="[^"]*"' \
++'|tunnel="[^"]+"'
+
+_COMMAND_RE = re.compile(
+ '^'+_COMMAND_OPTS_SAFE_CMD \
+ +'(,('+_COMMAND_OPTS_SAFE+'))+' \
+ +' .*')
def filterAuthorizedKeys(fp):
"""
generated by cgit v1.2.3 (git 2.46.0) at 2025-04-30 21:32:18 +0000