diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2015-02-03 09:53:20 -0800 |
---|---|---|
committer | Sitaram Chamarty <sitaram@atc.tcs.com> | 2015-02-07 15:41:08 +0530 |
commit | d500cb7da94ea66ddc46b5cb50bce3779684e0cf (patch) | |
tree | 7bd718c8c8562780861852c0df6c83ef3ba2ea51 | |
parent | fix ugliness in http output when only base URL is given (diff) | |
download | gitolite-gentoo-d500cb7da94ea66ddc46b5cb50bce3779684e0cf.tar.gz gitolite-gentoo-d500cb7da94ea66ddc46b5cb50bce3779684e0cf.tar.bz2 gitolite-gentoo-d500cb7da94ea66ddc46b5cb50bce3779684e0cf.zip |
sshkeys-lint: refactor keytype and accept ed25519
sshkeys-lint was rejecting Ed25519 type keys, and also not detecting
ecdsa keys for shell users; refactor the key type detection code to use
a single variable and introduce Ed25519 into the new variable.
Also explicitly matches the ECDSA key types now, rather than leaving it
open-ended.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-rwxr-xr-x | src/commands/sshkeys-lint | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/commands/sshkeys-lint b/src/commands/sshkeys-lint index 3b2689d..7c0f508 100755 --- a/src/commands/sshkeys-lint +++ b/src/commands/sshkeys-lint @@ -17,6 +17,7 @@ $|++; my $in_gl_section = 0; my $warnings = 0; +my $KEYTYPE_REGEX = qr/\b(?:ssh-(?:rsa|dss|ed25519)|ecdsa-sha2-nistp(?:256|384|521))\b/; sub dbg { use Data::Dumper; @@ -126,7 +127,7 @@ sub user { my $user = ''; $user ||= "user $1" if /^command=.*gitolite-shell (.*?)"/; $user ||= "unknown command" if /^command/; - $user ||= "shell access" if /^ssh-(rsa|dss)/; + $user ||= "shell access" if /$KEYTYPE_REGEX/; return $user; } @@ -142,10 +143,10 @@ sub ak_comment { sub fprint { local $_ = shift; my ( $fh, $tempfn, $in ); - if ( /ssh-(dss|rsa) / || /ecdsa-/ ) { + if ( /$KEYTYPE_REGEX/ ) { # an actual key was passed. Since ssh-keygen requires an actual file, # make a temp file to take the data and pass on to ssh-keygen - s/^.* (ssh-dss|ssh-rsa|ecdsa-\S+)/$1/; + s/^.* ($KEYTYPE_REGEX)/$1/; use File::Temp qw(tempfile); ( $fh, $tempfn ) = tempfile(); $in = $tempfn; |