[X2Go-Commits] [x2gobroker] 03/03: x2gobroker-pubkeyauthorizer: Handle replacement of SSH pubkeys with wrong/ old SSH options.
git-admin at x2go.org
git-admin at x2go.org
Wed Apr 1 14:17:44 CEST 2015
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2gobroker.
commit 2ab4eec987ab55dd496973b1727a4e9c992c6664
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Wed Apr 1 14:17:35 2015 +0200
x2gobroker-pubkeyauthorizer: Handle replacement of SSH pubkeys with wrong/ old SSH options.
---
debian/changelog | 2 ++
sbin/x2gobroker-pubkeyauthorizer | 15 ++++++++++++---
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 45e4ccd..0f5d81f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -298,6 +298,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low
and let X2Go Client release itself, that the host is unreachable.
- x2gobroker-loadchecker: Don't freeze if load information for a complete
load-balanced server farm is unavailable.
+ - x2gobroker-pubkeyauthorizer: Handle replacement of SSH pubkeys with wrong/
+ old SSH options.
* debian/control:
+ Provide separate bin:package for SSH brokerage: x2gobroker-ssh.
+ Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
diff --git a/sbin/x2gobroker-pubkeyauthorizer b/sbin/x2gobroker-pubkeyauthorizer
index 619fe20..2bf6f8d 100755
--- a/sbin/x2gobroker-pubkeyauthorizer
+++ b/sbin/x2gobroker-pubkeyauthorizer
@@ -145,15 +145,23 @@ if __name__ == '__main__':
logger_broker.info(' Found {i} public keys at URL {url}'.format(i=len(new_pubkeys), url=cmdline_args.broker_url))
tmpfile.close()
+ append_newline = ""
try:
read_authorized_keys = open('{home}/.ssh/authorized_keys'.format(home=broker_home), 'rb')
- already_authorized_keys = read_authorized_keys.read().split('\n')
+ _content = read_authorized_keys.read()
+ if _content and ord(_content[-1]) != 10:
+ append_newline = '\n'
+ already_authorized_keys = _content.split('\n')
read_authorized_keys.close()
except IOError:
already_authorized_keys = []
append_authorized_keys = open('{home}/.ssh/authorized_keys'.format(home=broker_home), 'ab')
+ if append_newline:
+ logger_broker.warning(' The file {authorized_keys} does not end with a newline character. Adding it.'.format(authorized_keys='{home}/.ssh/authorized_keys'.format(home=broker_home)))
+ append_authorized_keys.write(append_newline)
+
i = 0
to_be_removed = []
for new_pubkey in new_pubkeys:
@@ -181,8 +189,9 @@ if __name__ == '__main__':
keyopts = ""
if " " in keytype:
keyopts, keytype = keytype.rsplit(" ", 1)
- if " ".join([keytype, pubkey, owner]) in already_authorized_keys:
- to_be_removed.append(" ".join([keytype, pubkey, owner]))
+ for authorized_key in [ k for k in already_authorized_keys if k ]:
+ if authorized_key.endswith(" ".join([keytype, pubkey, owner])) and not authorized_key.startswith(keyopts):
+ to_be_removed.append(authorized_key)
if new_pubkey not in already_authorized_keys:
append_authorized_keys.write('{k}\n'.format(k=new_pubkey))
--
Alioth's /srv/git/code.x2go.org/x2gobroker.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
More information about the x2go-commits
mailing list