From 12ae7578fffbe931e9fe6b5417a25a439afa1c71 Mon Sep 17 00:00:00 2001
From: "Robin H. Johnson" <robbat2@gentoo.org>
Date: Mon, 24 Dec 2007 02:40:36 -0800
Subject: Convert existing SSH module to use the sshkey module, including all
 tests.

---
 gitosis/ssh.py | 35 ++++++++++++-----------------------
 1 file changed, 12 insertions(+), 23 deletions(-)

(limited to 'gitosis/ssh.py')

diff --git a/gitosis/ssh.py b/gitosis/ssh.py
index a9ed206..7b2c0c3 100644
--- a/gitosis/ssh.py
+++ b/gitosis/ssh.py
@@ -28,7 +28,7 @@ def readKeys(keydir):
         fp = file(path)
         for line in fp:
             line = line.rstrip('\n')
-            yield (basename, line)
+            yield (basename, sshkey.get_ssh_pubkey(line))
         fp.close()
 
 COMMENT = '### autogenerated by gitosis, DO NOT EDIT'
@@ -38,30 +38,14 @@ def generateAuthorizedKeys(keys):
     Genarate the lines for the Gitosis ~/.ssh/authorized_keys.
     """
     TEMPLATE = ('command="gitosis-serve %(user)s",no-port-forwarding,'
-                +'no-X11-forwarding,no-agent-forwarding,no-pty %(key)s')
+                +'no-X11-forwarding,no-agent-forwarding,no-pty %(key)s %(comment)s')
 
     yield COMMENT
     for (user, key) in keys:
-        yield TEMPLATE % dict(user=user, key=key)
+        yield TEMPLATE % dict(user=user, key=key.key, comment=key.comment)
 
-_COMMAND_OPTS_SAFE_CMD = \
-  'command="(/[^ "]+/)?gitosis-serve [^"]+"'
-_COMMAND_OPTS_SAFE = \
-  'no-port-forwarding' \
-+'|no-X11-forwarding' \
-+'|no-agent-forwarding' \
-+'|no-pty' \
-+'|from="[^"]*"'
-_COMMAND_OPTS_UNSAFE = \
-  'environment="[^"]*"' \
-+'|command="[^"]*"' \
-+'|permitopen="[^"]*"' \
-+'|tunnel="[^"]+"'
-
-_COMMAND_RE = re.compile(
-'^'+_COMMAND_OPTS_SAFE_CMD \
-+'(,('+_COMMAND_OPTS_SAFE+'))+' \
-+' .*')
+_GITOSIS_CMD_RE = '(/[^ "]+/)?gitosis-serve [^"]+'
+_COMMAND_RE = re.compile(_GITOSIS_CMD_RE)
 
 def filterAuthorizedKeys(fp):
     """
@@ -74,8 +58,13 @@ def filterAuthorizedKeys(fp):
         line = line.rstrip('\n')
         if line == COMMENT:
             continue
-        if _COMMAND_RE.match(line):
-            continue
+        try:
+            key = sshkey.get_ssh_pubkey(line)
+            if 'command' in key.options and \
+                _COMMAND_RE.match(key.options['command']):
+                continue
+        except sshkey.MalformedSSHKey:
+            pass
         yield line
 
 def writeAuthorizedKeys(path, keydir):
-- 
cgit v1.2.3