From 55ccab4cc682e09ace1eb989da6b7ce2b110a4db Mon Sep 17 00:00:00 2001
From: "Robin H. Johnson" <robbat2@gentoo.org>
Date: Sat, 22 Dec 2007 22:32:41 -0800
Subject: Expand SSH authorized_keys option parsing.

---
 gitosis/ssh.py | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/gitosis/ssh.py b/gitosis/ssh.py
index fb15969..f552255 100644
--- a/gitosis/ssh.py
+++ b/gitosis/ssh.py
@@ -52,10 +52,26 @@ def generateAuthorizedKeys(keys):
     for (user, key) in keys:
         yield TEMPLATE % dict(user=user, key=key)
 
-_COMMAND_RE = re.compile('^command="(/[^ "]+/)?gitosis-serve [^"]+",'
-                         +'no-port-forwarding,no-X11-forwarding,'
-                         +'no-agent-forwarding,no-pty'
-                         +' .*')
+#Protocol 1 public keys consist of the following space-separated fields: options, bits, exponent, modulus, comment. 
+#Protocol 2 public key consist of: options, keytype, base64-encoded key, comment.
+_COMMAND_OPTS_SAFE_CMD = \
+  'command="(/[^ "]+/)?gitosis-serve [^"]+"'
+_COMMAND_OPTS_SAFE = \
+  'no-port-forwarding' \
++'|no-X11-forwarding' \
++'|no-agent-forwarding' \
++'|no-pty' \
++'|from="[^"]*"'
+_COMMAND_OPTS_UNSAFE = \
+  'environment="[^"]*"' \
++'|command="[^"]*"' \
++'|permitopen="[^"]*"' \
++'|tunnel="[^"]+"'
+
+_COMMAND_RE = re.compile(
+	'^'+_COMMAND_OPTS_SAFE_CMD \
+	+'(,('+_COMMAND_OPTS_SAFE+'))+' \
+	+' .*')
 
 def filterAuthorizedKeys(fp):
     """
-- 
cgit v1.2.3