summaryrefslogtreecommitdiffstats
path: root/openssh-model.lua
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2009-04-01 14:44:51 +0000
committerTed Trask <ttrask01@yahoo.com>2009-04-01 14:44:51 +0000
commit1d4de0dba3e3cc249b59143e2872e0a5f7c9ccde (patch)
tree5a97cc54d82db0d820206dfcb9bd38ab8fbf799e /openssh-model.lua
parentb1ef9b435646872c63d6547eab840f3d7bbf845d (diff)
downloadacf-openssh-1d4de0dba3e3cc249b59143e2872e0a5f7c9ccde.tar.bz2
acf-openssh-1d4de0dba3e3cc249b59143e2872e0a5f7c9ccde.tar.xz
Fixed openssh authorized keys parsing to allow for access phrase and arbitrary characters.
Diffstat (limited to 'openssh-model.lua')
-rw-r--r--openssh-model.lua45
1 files changed, 31 insertions, 14 deletions
diff --git a/openssh-model.lua b/openssh-model.lua
index 12f3f6a..3b8718b 100644
--- a/openssh-model.lua
+++ b/openssh-model.lua
@@ -2,6 +2,7 @@ module(..., package.seeall)
-- Load libraries
require("modelfunctions")
+require("posix")
require("validator")
require("fs")
require("format")
@@ -182,13 +183,30 @@ end
function list_users()
local users = {"root"}
- for dir in fs.find(null, "/home/") do
- local user = basename(dir)
- if fs.is_dir(dir) and not string.find(user, "^%.") then users[#users + 1] = user end
+ -- The only users we're going to worry about in this ACF are root and ones with home directories
+ for user in posix.files("/home") do
+ if fs.is_dir("/home/" .. user) and not string.find(user, "^%.") then users[#users + 1] = user end
end
return cfe({ type="list", value=users, label="User list" })
end
+local function parseauthline(line)
+ local retval = {}
+ local words = format.string_to_table(line, "%s")
+ if string.match(words[1], "^ssh%-%ws%w$") then
+ retval.perm = ""
+ retval.key = words[2]
+ retval.id = table.concat(words, " ", 3)
+ elseif string.match(words[2], "^ssh%-%ws%w$") then
+ retval.perm = words[1]
+ retval.key = words[3]
+ retval.id = table.concat(words, " ", 4)
+ else
+ retval = nil
+ end
+ return retval
+end
+
function list_auths(user)
user = user or "root"
local cmdresult = cfe({ type="group", value={}, label="Authorized Key List" })
@@ -201,8 +219,7 @@ function list_auths(user)
if user ~= "root" then file = "/home"..file end
local data = fs.read_file(file) or ""
for line in string.gmatch(data, "([^\n]+)\n?") do
- local typ,key,id = string.match(line, "(%S+)%s(%S+)%s(%S+)")
- table.insert(cmdresult.value.auth.value, {key=key, id=id})
+ table.insert(cmdresult.value.auth.value, parseauthline(line))
end
end
return cmdresult
@@ -220,7 +237,8 @@ function delete_auth(user, auth)
if data then
local newdata = {}
for line in string.gmatch(data, "([^\n]+)\n?") do
- if string.match(line, "%s(%S+)$") == auth then
+ local val = parseauthline(line)
+ if val.id == auth then
cmdresult.value = "Deleted key"
cmdresult.errtxt = nil
else
@@ -251,11 +269,9 @@ function create_auth(authstr)
success = false
end
-- not sure how to validate the cert
- authstr.value.cert.value = string.match(authstr.value.cert.value, "^[%s\n]*(.*%S)[%s\n]*$") or ""
- if authstr.value.cert.value == "" then
- authstr.value.cert.errtxt = "Cert cannot be empty"
- success = false
- elseif not string.match(authstr.value.cert.value, "ssh%-%S+%s%S+%s%S+$") then
+ authstr.value.cert.value = string.gsub(format.dostounix(authstr.value.cert.value), "\n", "")
+ local val = parseauthline(authstr.value.cert.value)
+ if not val then
authstr.value.cert.errtxt = "Invalid format"
success = false
end
@@ -267,9 +283,10 @@ function create_auth(authstr)
data = authstr.value.cert.value
else
data = string.match(data, "^[%s\n]*(.*%S)[%s\n]*$")
- for id in string.gmatch(data, "([^\n]+)\n?") do
- if string.match(id, "%S+$") == string.match(authstr.value.cert.value, "%S+$") then
- authstr.value.cert.errtxt = "This ID already exists"
+ for line in string.gmatch(data, "([^\n]+)\n?") do
+ local val2 = parseauthline(line)
+ if val.id == val2.id or val.key == val2.key then
+ authstr.value.cert.errtxt = "This key / ID already exists"
success = false
break
end