kallithea Changeset - 155c52d8f210

Changeset - 155c52d8f210

Parent rev.

Child rev.

[Not reviewed]

stable

0 1 0

Mads Kiilerich - 6 years ago 2019-12-29 15:31:25
mads@kiilerich.com

Grafted from: 9b628fbec144

ssh: extra paranoid check for authorized_keys lines having safe content

1 file changed with 14 insertions and 0 deletions:

kallithea/lib/ssh.py

0 comments (0 inline, 0 general)

kallithea/lib/ssh.py

➞

Show inline comments

@@ @@ -76,44 +76,58 @@ def parse_pub_key(ssh_key): @@
     if len(parts) < 2:
         raise SshKeyParseError(_("Incorrect SSH key - it must have both a key type and a base64 part, like 'ssh-rsa ASRNeaZu4FA...xlJp='"))
     keytype, keyvalue, comment = (parts + [''])[:3]
     if keytype not in ('ssh-rsa', 'ssh-dss', 'ssh-ed25519'):
         raise SshKeyParseError(_("Incorrect SSH key - it must start with 'ssh-(rsa|dss|ed25519)'"))
     if re.search(r'[^a-zA-Z0-9+/=]', keyvalue):
         raise SshKeyParseError(_("Incorrect SSH key - unexpected characters in base64 part %r") % keyvalue)
     try:
         decoded = keyvalue.decode('base64')
     except binascii.Error:
         raise SshKeyParseError(_("Incorrect SSH key - failed to decode base64 part %r") % keyvalue)
     if not decoded.startswith('\x00\x00\x00' + chr(len(keytype)) + str(keytype) + '\x00'):
         raise SshKeyParseError(_("Incorrect SSH key - base64 part is not %r as claimed but %r") % (str(keytype), str(decoded[4:].split('\0', 1)[0])))
     return keytype, decoded, comment
 SSH_OPTIONS = 'no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
 def _safe_check(s, rec = re.compile('^[a-zA-Z0-9+/]+={0,2}$')):
     """Return true if s really has the right content for base64 encoding and only contains safe characters
     >>> _safe_check('asdf')
     True
     >>> _safe_check('as df')
     False
     >>> _safe_check('AAAAB3NzaC1yc2EAAAALVGhpcyBpcyBmYWtlIQ==')
     True
     """
     return rec.match(s) is not None
 def authorized_keys_line(kallithea_cli_path, config_file, key):
     """
     Return a line as it would appear in .authorized_keys
     >>> from kallithea.model.db import UserSshKeys, User
     >>> user = User(user_id=7, username='uu')
     >>> key = UserSshKeys(user_ssh_key_id=17, user=user, description='test key')
     >>> key.public_key='''ssh-rsa  AAAAB3NzaC1yc2EAAAALVGhpcyBpcyBmYWtlIQ== and a comment'''
     >>> authorized_keys_line('/srv/kallithea/venv/bin/kallithea-cli', '/srv/kallithea/my.ini', key)
     'no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/srv/kallithea/venv/bin/kallithea-cli ssh-serve -c /srv/kallithea/my.ini 7 17" ssh-rsa AAAAB3NzaC1yc2EAAAALVGhpcyBpcyBmYWtlIQ==\\n'
     """
     try:
         keytype, decoded, comment = parse_pub_key(key.public_key)
     except SshKeyParseError:
         return '# Invalid Kallithea SSH key: %s %s\n' % (key.user.user_id, key.user_ssh_key_id)
     mimekey = decoded.encode('base64').replace('\n', '')
     if not _safe_check(mimekey):
         return '# Invalid Kallithea SSH key - bad base64 encoding: %s %s\n' % (key.user.user_id, key.user_ssh_key_id)
     return '%s,command="%s ssh-serve -c %s %s %s" %s %s\n' % (
         SSH_OPTIONS, kallithea_cli_path, config_file,
         key.user.user_id, key.user_ssh_key_id,
         keytype, mimekey)

0 comments (0 inline, 0 general)