natalie/indefero
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added the option to have a strong check of the ssh key with ssh-keygen.

Browse Source
This commit is contained in:
Loic d'Anterroches 2010-02-27 17:42:09 +01:00
parent 64fb5b3bf0
commit d3b76975cd
2 changed files with 30 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/IDF/Form/Admin/UserCreate.php
View File

@ -164,15 +164,7 @@ class IDF_Form_Admin_UserCreate extends Pluf_Form
function clean_ssh_key() function clean_ssh_key()
{ {
$key = trim($this->cleaned_data['ssh_key']); return IDF_Form_UserAccount::checkSshKey($this->cleaned_data['ssh_key']);
if (strlen($key) == 0) {
return '';
}
$key = str_replace(array("\n", "\r"), '', $key);
if (!preg_match('#^ssh\-[a-z]{3}\s(\S+)\s\S+$#', $key, $matches)) {
throw new Pluf_Form_Invalid(__('The format of the key is not valid. It must start with ssh-dss or ssh-rsa, a long string on a single line and at the end a comment.'));
}
return $key;
} }
function clean_last_name() function clean_last_name()

31
src/IDF/Form/UserAccount.php
View File

@ -189,9 +189,19 @@ class IDF_Form_UserAccount extends Pluf_Form
return $this->user; return $this->user;
} }
function clean_ssh_key() /**
* Check an ssh key.
*
* It will throw a Pluf_Form_Invalid exception if it cannot
* validate the key.
*
* @param $key string The key
* @param $user int The user id of the user of the key (0)
* @return string The clean key
*/
public static function checkSshKey($key, $user=0)
{ {
$key = trim($this->cleaned_data['ssh_key']); $key = trim($key);
if (strlen($key) == 0) { if (strlen($key) == 0) {
return ''; return '';
} }
@ -199,9 +209,26 @@ class IDF_Form_UserAccount extends Pluf_Form
if (!preg_match('#^ssh\-[a-z]{3}\s(\S+)\s\S+$#', $key, $matches)) { if (!preg_match('#^ssh\-[a-z]{3}\s(\S+)\s\S+$#', $key, $matches)) {
throw new Pluf_Form_Invalid(__('The format of the key is not valid. It must start with ssh-dss or ssh-rsa, a long string on a single line and at the end a comment.')); throw new Pluf_Form_Invalid(__('The format of the key is not valid. It must start with ssh-dss or ssh-rsa, a long string on a single line and at the end a comment.'));
} }
if (Pluf::f('idf_strong_key_check', false)) {
$tmpfile = Pluf::f('tmp_folder', '/tmp').$user.'-key';
file_put_contents($tmpfile, $key, LOCK_EX);
$cmd = Pluf::f('idf_exec_cmd_prefix', '').
'ssh-keygen -l -f '.escapeshellarg($tmpfile);
exec($cmd, $out, $return);
unlink($tmpfile);
if ($return != 0) {
throw new Pluf_Form_Invalid(__('Please check the key as it does not appears to be a valid key.'));
}
}
return $key; return $key;
} }
function clean_ssh_key()
{
return self::checkSshKey($this->cleaned_data['ssh_key'],
$this->user->id);
}
function clean_last_name() function clean_last_name()
{ {
$last_name = trim($this->cleaned_data['last_name']); $last_name = trim($this->cleaned_data['last_name']);