def readKeys(keydir):
"""
Read SSH public keys from ``keydir/*.pub``
"""
for filename in os.listdir(keydir):
if filename.startswith('.'):
continue
basename, ext = os.path.splitext(filename)
if ext != '.pub':
continue
if not sshkey.isSafeUsername(basename):
log.warn('Unsafe SSH username in keyfile: %r', filename)
continue
path = os.path.join(keydir, filename)
fp = file(path)
for line in fp:
line = line.rstrip('\n')
if line.startswith('#'):
continue
line = line.strip()
if len(line) > 0:
try:
yield (basename, sshkey.get_ssh_pubkey(line))
except sshkey.MalformedSSHKey as e:
log.warn('Malformed SSH key in %r: %r', filename, e);
fp.close()
def test_sshkey_username_caps():
_ = sshkey.get_ssh_pubkey(
'ssh-rsa '
+'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= [email protected]')
got = _.username
eq(got, '*****@*****.**')
def test_sshkey_username_no_at():
_ = sshkey.get_ssh_pubkey(
'ssh-rsa '
+'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= fakeuser')
got = _.username
eq(got, 'fakeuser')
def test_sshkey_username_dash():
_ = sshkey.get_ssh_pubkey(
'ssh-rsa '
+'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= [email protected]')
got = _.username
eq(got, '*****@*****.**')
def test_sshkey_username_simple():
_ = sshkey.get_ssh_pubkey(
'ssh-rsa '
+'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= fakeuser@fakehost')
got = _.username
eq(got, 'fakeuser@fakehost')
def test_sshkey_username_domain():
_ = sshkey.get_ssh_pubkey(
'ssh-rsa '
+'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= [email protected]')
got = _.username
eq(got, '*****@*****.**')
def test_sshkey_username_domain_dashes():
_ = sshkey.get_ssh_pubkey(
'ssh-rsa '
+'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= '
+'*****@*****.**')
got = _.username
eq(got, '*****@*****.**')
def test_sshkey_username_bad():
# The '#' and characters after it are part of an actual comment in the file
# and are ignored.
try:
_ = sshkey.get_ssh_pubkey(
'ssh-rsa AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ER3%#@e%')
got = _.username
except sshkey.InsecureSSHKeyUsername, e:
eq(str(e), "Username contains not allowed characters: 'ER3%'")
raise e
def filterAuthorizedKeys(fp):
"""
Read lines from ``fp``, filter out autogenerated ones.
Note removes newlines.
"""
for line in fp:
line = line.rstrip('\n')
if line == COMMENT:
continue
try:
key = sshkey.get_ssh_pubkey(line)
if 'command' in key.options and \
_COMMAND_RE.match(key.options['command']):
continue
except sshkey.MalformedSSHKey:
pass
yield line
def handle_args(self, parser, cfg, options, args): #pragma: no cover
"""Parse the input for this program."""
super(Main, self).handle_args(parser, cfg, options, args)
os.umask(0022)
log.info('Reading SSH public key...')
pubkey = read_ssh_pubkey(options.adminkey)
if options.adminname is None:
_ = sshkey.get_ssh_pubkey(pubkey)
user = _.username
else:
user = options.adminname
user = user.strip()
if user is None:
log.error('Cannot parse user from SSH public key.')
sys.exit(1)
log.info('Admin user is %r', user)
log.info('Creating generated files directory...')
generated = cfg.generated_files_dir
util.mkdir(generated)
log.info('Creating repository structure...')
repositories = cfg.repository_dir
util.mkdir(repositories)
admin_repository = os.path.join(repositories, 'gitosis-admin.git')
init_admin_repository(
git_dir=admin_repository,
pubkey=pubkey,
user=user,
config=cfg,
)
log.info('Running post-update hook...')
util.mkdir(os.path.expanduser('~/.ssh'), 0700)
run_hook.post_update(cfg=cfg, git_dir=admin_repository)
log.info('Symlinking ~/.gitosis.conf to repository...')
symlink_config(git_dir=admin_repository)
log.info('Done.')
def k():
yield ('jdoe', sshkey.get_ssh_pubkey(KEY_1))
yield ('wsmith', sshkey.get_ssh_pubkey(KEY_2))
