From cbea1785d068bfb1e402234e08d8d74512a70c5e Mon Sep 17 00:00:00 2001
From: Tommi Virtanen <tv@eagain.net>
Date: Tue, 11 Dec 2007 22:43:05 +0200
Subject: Enforce safe usernames also when reading public key files from
 keydir.

Warning: if your keyfiles contain more than just a-z0-9, at sign, dots
or dashes, you will likely end up cutting off your access to your
gitosis repository with this upgrade.
---
 gitosis/init.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'gitosis/init.py')

diff --git a/gitosis/init.py b/gitosis/init.py
index c7443b1..87ad9a7 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -5,7 +5,6 @@ Initialize a user account for use with gitosis.
 import errno
 import logging
 import os
-import re
 import sys
 
 from pkg_resources import resource_filename
@@ -14,6 +13,7 @@ from ConfigParser import RawConfigParser
 
 from gitosis import repository
 from gitosis import run_hook
+from gitosis import ssh
 from gitosis import util
 from gitosis import app
 
@@ -25,8 +25,6 @@ def read_ssh_pubkey(fp=None):
     line = fp.readline()
     return line
 
-_ACCEPTABLE_USER_RE = re.compile(r'^[a-z][a-z0-9]*(@[a-z][a-z0-9.-]*)?$')
-
 class InsecureSSHKeyUsername(Exception):
     """Username contains not allowed characters"""
 
@@ -35,7 +33,7 @@ class InsecureSSHKeyUsername(Exception):
 
 def ssh_extract_user(pubkey):
     _, user = pubkey.rsplit(None, 1)
-    if _ACCEPTABLE_USER_RE.match(user):
+    if ssh.isSafeUsername(user):
         return user
     else:
         raise InsecureSSHKeyUsername(repr(user))
-- 
cgit v1.2.3