Skip to content

Commit

Permalink
Fix authorized keys parsing (#147)
Browse files Browse the repository at this point in the history 
* Do not freeze while parsing a wrong authorized key
* Bump version and update changes file
  • Loading branch information
@imobachgs
imobachgs committed Sep 6, 2017
1 parent 1b5061a commit 4ae2769
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 8 deletions.
6 changes: 6 additions & 0 deletions package/yast2-users.changes
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Sep 5 14:47:25 UTC 2017 - igonzalezsosa@suse.com

- Do not freeze while parsing authorized_keys (bsc#1053564)
- 3.2.12

-------------------------------------------------------------------
Thu Mar 16 15:35:45 UTC 2017 - kanderssen@suse.com

Expand Down
2 changes: 1 addition & 1 deletion package/yast2-users.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@


Name: yast2-users
Version: 3.2.11
Version: 3.2.12
Release: 0

BuildRoot: %{_tmppath}/%{name}-%{version}-build
Expand Down
9 changes: 4 additions & 5 deletions src/lib/users/ssh_authorized_keys_file.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,10 +61,6 @@ def keys
@keys
end

# https://github.com/jordansissel/ruby-sshkeyauth/commit/12c9bb34399babf4040337e5695f3f453cd6745e#diff-4d8f3d488c1e25a30942c0e90f4e6ce4R14
AUTHORIZED_KEYS_REGEX =
/\A((?:[A-Za-z0-9-]+(?:="[^"]+")?,?)+)? *((?:ssh|ecdsa)-[^ ]+) *([^ ]+) *(.+)?\z/

# Validate and add a key to the keyring
#
# The key is validated before adding it to the keyring.
Expand Down Expand Up @@ -98,7 +94,10 @@ def keys=(new_keys)
keys
end

# Determines is a string qualifies like a valid keys
# https://github.com/puppetlabs/puppet/blob/master/lib/puppet/type/ssh_authorized_key.rb#L138
AUTHORIZED_KEYS_REGEX = /\A(?<env>(.+)\s+)?(?<type>(ssh|ecdsa)-\S+)\s+(?<key>[^ ]+)\s*(?<comment>.*)\z/

# Determine is a string qualifies like a valid key
#
# @param key [String] SSH authorized keys
# @return [Boolean] +true+ if it's valid; +false+ otherwise
Expand Down
8 changes: 7 additions & 1 deletion test/fixtures/home/user1/.ssh/authorized_keys
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,8 @@
# valid key with environment and comment
environment="PATH=/usr/local/bin:$PATH",command="/srv/logon.sh $USER" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpZC8ctjmn90B/MxLOdSjYM3Yl3qd+BhTWYdBNgO3B1fJ1JSegTgCpDM0krMHqd/OAslW5H3MRED7g7g9WkKZh5xTMGvH56yRitJySfSiK8uSxCu6Jg7NM11kqOs5/RwycHO8955QrEYyiWOx80unD+CBJxGEZCOu/DH3ca4yEigAt2HSuC8NPicmRJWua6IbDa+VSICvdOTdFTM8izScSd5WBFH1ULz0bBfLnyi/pIiMjuHB69AN4gsUGYgKjzUsnufKli+DmzACgVWTdQ3Ukax/4/wgXFMr3KsDNpTbn7ZZOKzPpIXpzlP9AwbHQdym6J2NAPYV+DDY3Kcr/vql9 dummy1@example.net
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZXHfWaMch5VrgbogbW8lVuuwYCxQrgh00fF0V+GBBc0F6sux+WFlIENRLDNDSGBWol1X9LnbpgElzgM/PDX/3Uj+p+LVkt7sTk4k3tQQqFkrHEC+1TFnRk22AB4Xcw5KQ/bQnw1Cu0IfA/8c3c3Eh56WNiNi6F/bUeYKsdLLueGC/wKO/dCjM5xsLy/tXALrH0Y4NKbIZauM4BcEnZ7Cl6Wzl1AT/Mg+UK7bD8onufNd1l2w0rC0+BEy8VtBBobicp/Wv3nKkumKpNzP6jvpFE8CKiGx/fYzH/pLfe7bxEfBkKyR7A4gGWv6GHUaCYV+T+nac2ctWLLne1uQhRZcj dummy2@example.net
# valid key with comment
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZXHfWaMch5VrgbogbW8lVuuwYCxQrgh00fF0V+GBBc0F6sux+WFlIENRLDNDSGBWol1X9LnbpgElzgM/PDX/3Uj+p+LVkt7sTk4k3tQQqFkrHEC+1TFnRk22AB4Xcw5KQ/bQnw1Cu0IfA/8c3c3Eh56WNiNi6F/bUeYKsdLLueGC/wKO/dCjM5xsLy/tXALrH0Y4NKbIZauM4BcEnZ7Cl6Wzl1AT/Mg+UK7bD8onufNd1l2w0rC0+BEy8VtBBobicp/Wv3nKkumKpNzP6jvpFE8CKiGx/fYzH/pLfe7bxEfBkKyR7A4gGWv6GHUaCYV+T+nac2ctWLLne1uQhRZcj dummy2@example.net
# minimal key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZXHfWaMch5VrgbogbW8lVuuwYCxQrgh00fF0V+GBBc0F6sux+WFlIENRLDNDSGBWol1X9LnbpgElzgM/PDX/3Uj+p+LVkt7sTk4k3tQQqFkrHEC+1TFnRk22AB4Xcw5KQ/bQnw1Cu0IfA/8c3c3Eh56WNiNi6F/bUeYKsdLLueGC/wKO/dCjM5xsLy/tXALrH0Y4NKbIZauM4BcEnZ7Cl6Wzl1AT/Mg+UK7bD8onufNd1l2w0rC0+BEy8VtBBobicp/Wv3nKkumKpNzP6jvpFE8CKiGx/fYzH/pLfe7bxEfBkKyR7A4gGWv6GHUaCYV+T+nac2ctWLLne1uQhRZcj
# not valid key
AAAAB3NzaC1yc2EAAAADAQABAAABAQCZXHfWaMch5VrgbogbW8lVuuwYCxQrgh00fF0V+GBBc0F6sux+WFlIENRLDNDSGBWol1X9LnbpgElzgM/PDX/3Uj+p+LVkt7sTk4k3tQQqFkrHEC+1TFnRk22AB4Xcw5KQ/bQnw1Cu0IfA/8c3c3Eh56WNiNi6F/bUeYKsdLLueGC/wKO/dCjM5xsLy/tXALrH0Y4NKbIZauM4BcEnZ7Cl6Wzl1AT/Mg+UK7bD8onufNd1l2w0rC0+BEy8VtBBobicp/Wv3nKkumKpNzP6jvpFE8CKiGx/fYzH/pLfe7bxEfBkKyR7A4gGWv6GHUaCYV+T+nac2ctWLLne1uQhRZcj dummy2@example.net
3 changes: 2 additions & 1 deletion test/lib/users/ssh_authorized_keys_file_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,10 @@
let(:path) { FIXTURES_PATH.join("home", "user1", ".ssh", "authorized_keys") }

it "returns the keys that are present in the file" do
first, second = subject.keys
first, second, third = subject.keys
expect(first).to match(/environment=.+/)
expect(second).to match(/ssh-rsa/)
expect(third).to match(/ssh-rsa/)
end
end

Expand Down

0 comments on commit 4ae2769

Please sign in to comment.