import errno
import logging
import os
-import re
import sys
from pkg_resources import resource_filename
from gitosis import repository
from gitosis import run_hook
+from gitosis import ssh
from gitosis import util
from gitosis import app
line = fp.readline()
return line
-_ACCEPTABLE_USER_RE = re.compile(r'^[a-z][a-z0-9]*(@[a-z][a-z0-9.-]*)?$')
-
class InsecureSSHKeyUsername(Exception):
"""Username contains not allowed characters"""
def ssh_extract_user(pubkey):
_, user = pubkey.rsplit(None, 1)
- if _ACCEPTABLE_USER_RE.match(user):
+ if ssh.isSafeUsername(user):
return user
else:
raise InsecureSSHKeyUsername(repr(user))
import os, errno, re
+import logging
+
+log = logging.getLogger('gitosis.ssh')
+
+_ACCEPTABLE_USER_RE = re.compile(r'^[a-z][a-z0-9]*(@[a-z][a-z0-9.-]*)?$')
+
+def isSafeUsername(user):
+ match = _ACCEPTABLE_USER_RE.match(user)
+ return (match is not None)
def readKeys(keydir):
"""
if ext != '.pub':
continue
+ if not isSafeUsername(basename):
+ log.warn('Unsafe SSH username in keyfile: %r', filename)
+ continue
+
path = os.path.join(keydir, filename)
f = file(path)
for line in f:
]))
def test_multiple_lines(self):
+ tmp = maketemp()
+ keydir = os.path.join(tmp, 'keys')
+ mkdir(keydir)
+ writeFile(os.path.join(keydir, 'jd"oe.pub'), KEY_1+'\n')
+
+ gen = ssh.readKeys(keydir=keydir)
+ got = frozenset(gen)
+ eq(got, frozenset([]))
+
+ def test_bad_filename(self):
tmp = maketemp()
keydir = os.path.join(tmp, 'two')
mkdir(keydir)