check that ssh public key received over the wire is sane
This commit is contained in:
parent
c20d6f4189
commit
a41255723c
2 changed files with 35 additions and 10 deletions
|
@ -83,6 +83,19 @@ sshTranscript opts input = do
|
|||
return ()
|
||||
return (transcript, ok)
|
||||
|
||||
{- Ensure that the ssh public key doesn't include any ssh options, like
|
||||
- command=foo, or other weirdness -}
|
||||
validateSshPubKey :: SshPubKey -> IO ()
|
||||
validateSshPubKey pubkey = do
|
||||
let ws = words pubkey
|
||||
when (length ws > 3 || length ws < 2) $
|
||||
error $ "wrong number of words in ssh public key " ++ pubkey
|
||||
let (ssh, keytype) = separate (== '-') (ws !! 0)
|
||||
unless (ssh == "ssh" && all isAlphaNum keytype) $
|
||||
error $ "bad ssh public key prefix " ++ ws !! 0
|
||||
when (length ws == 3) $
|
||||
unless (all (\c -> isAlphaNum c || c == '@') (ws !! 2)) $
|
||||
error $ "bad comment in ssh public key " ++ pubkey
|
||||
|
||||
makeAuthorizedKeys :: Bool -> SshPubKey -> IO Bool
|
||||
makeAuthorizedKeys rsynconly pubkey = boolSystem "sh"
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue