[Fusionforge-commits] r6808 - trunk/gforge/www/account
Roland Mas
lolando at libremir.placard.fr.eu.org
Thu Jan 29 20:11:11 CET 2009
Author: lolando
Date: 2009-01-29 20:11:11 +0100 (Thu, 29 Jan 2009)
New Revision: 6808
Modified:
trunk/gforge/www/account/editsshkeys.php
Log:
Check syntax validity of uploaded SSH keys (ported from my gforge/patches/inria/validate-ssh-keys branch)
Modified: trunk/gforge/www/account/editsshkeys.php
===================================================================
--- trunk/gforge/www/account/editsshkeys.php 2009-01-29 19:11:05 UTC (rev 6807)
+++ trunk/gforge/www/account/editsshkeys.php 2009-01-29 19:11:11 UTC (rev 6808)
@@ -27,6 +27,31 @@
require_once $gfwww.'include/pre.php';
require_once $gfcommon.'include/account.php';
+/**
+ * Simple function that tries to check the validity of public ssh keys with a regexp.
+ * Exits with an error message if an invalid key is found.
+ *
+ * \param keys A string with a set of keys to check. Each key is delimited by a carriage return.
+ */
+function checkKeys($keys) {
+ $key = strtok($keys,"\n");
+
+ while ($key !== false) {
+ $key = trim($key);
+ if ((strlen($key) > 0) && ($key[0] != '#')) {
+ /* The encoded key is made of 0-9, A-Z ,a-z, +, / (base 64) characters,
+ ends with zero or up to three '=' and the length must be >= 512 bits (157 base64 characters).
+ The whole key ends with an optional comment. */
+ if ( preg_match("@^ssh-(rsa|dss)\s+[A-Za-z0-9+/]{157,}={0,2}(\s+.*)?$@", $key) === 0 ) { // Warning: we must use === for the test
+ $msg = sprintf (_('The following key has a wrong format: |%s|. Please, correct it by going back to the previous page.'),
+ htmlspecialchars($key));
+ exit_error('Error', $msg);
+ }
+ }
+ $key = strtok("\n");
+ }
+}
+
session_require(array('isloggedin'=>1));
$u =& user_get_object(user_getid());
if (!$u || !is_object($u)) {
@@ -37,6 +62,7 @@
if (getStringFromRequest('submit')) {
$authorized_keys = getStringFromRequest('authorized_keys');
+ checkKeys ($authorized_keys);
if (!$u->setAuthorizedKeys($authorized_keys)) {
exit_error(
More information about the Fusionforge-commits
mailing list