[X2Go-Commits] [x2gobroker] 03/03: x2gobroker-pubkeyauthorizer: Handle replacement of SSH pubkeys with wrong/ old SSH options.

git-admin at x2go.org git-admin at x2go.org
Wed Apr 1 14:17:44 CEST 2015


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository x2gobroker.

commit 2ab4eec987ab55dd496973b1727a4e9c992c6664
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Wed Apr 1 14:17:35 2015 +0200

    x2gobroker-pubkeyauthorizer: Handle replacement of SSH pubkeys with wrong/ old SSH options.
---
 debian/changelog                 |    2 ++
 sbin/x2gobroker-pubkeyauthorizer |   15 ++++++++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 45e4ccd..0f5d81f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -298,6 +298,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low
       and let X2Go Client release itself, that the host is unreachable.
     - x2gobroker-loadchecker: Don't freeze if load information for a complete
       load-balanced server farm is unavailable.
+    - x2gobroker-pubkeyauthorizer: Handle replacement of SSH pubkeys with wrong/
+      old SSH options.
   * debian/control:
     + Provide separate bin:package for SSH brokerage: x2gobroker-ssh.
     + Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
diff --git a/sbin/x2gobroker-pubkeyauthorizer b/sbin/x2gobroker-pubkeyauthorizer
index 619fe20..2bf6f8d 100755
--- a/sbin/x2gobroker-pubkeyauthorizer
+++ b/sbin/x2gobroker-pubkeyauthorizer
@@ -145,15 +145,23 @@ if __name__ == '__main__':
         logger_broker.info('  Found {i} public keys at URL {url}'.format(i=len(new_pubkeys), url=cmdline_args.broker_url))
     tmpfile.close()
 
+    append_newline = ""
     try:
         read_authorized_keys = open('{home}/.ssh/authorized_keys'.format(home=broker_home), 'rb')
-        already_authorized_keys = read_authorized_keys.read().split('\n')
+        _content = read_authorized_keys.read()
+        if _content and ord(_content[-1]) != 10:
+            append_newline = '\n'
+        already_authorized_keys = _content.split('\n')
         read_authorized_keys.close()
     except IOError:
         already_authorized_keys = []
 
     append_authorized_keys = open('{home}/.ssh/authorized_keys'.format(home=broker_home), 'ab')
 
+    if append_newline:
+        logger_broker.warning('  The file {authorized_keys} does not end with a newline character. Adding it.'.format(authorized_keys='{home}/.ssh/authorized_keys'.format(home=broker_home)))
+        append_authorized_keys.write(append_newline)
+
     i = 0
     to_be_removed = []
     for new_pubkey in new_pubkeys:
@@ -181,8 +189,9 @@ if __name__ == '__main__':
             keyopts = ""
             if " " in keytype:
                 keyopts, keytype = keytype.rsplit(" ", 1)
-            if " ".join([keytype, pubkey, owner]) in already_authorized_keys:
-                to_be_removed.append(" ".join([keytype, pubkey, owner]))
+            for authorized_key in [ k for k in already_authorized_keys if k ]:
+                if authorized_key.endswith(" ".join([keytype, pubkey, owner])) and not authorized_key.startswith(keyopts):
+                    to_be_removed.append(authorized_key)
 
             if new_pubkey not in already_authorized_keys:
                 append_authorized_keys.write('{k}\n'.format(k=new_pubkey))

--
Alioth's /srv/git/code.x2go.org/x2gobroker.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git


More information about the x2go-commits mailing list