From 37584908ebaa80e5db7dc0982ef47ad02383f16b Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Thu, 1 Sep 2011 14:47:47 +0530 Subject: [PATCH] sshkeys-lint upgraded (may need testing) upgraded to recognise host (mirroring peer) keys and shell keys --- src/sshkeys-lint | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/sshkeys-lint b/src/sshkeys-lint index bd49320..a149063 100755 --- a/src/sshkeys-lint +++ b/src/sshkeys-lint @@ -12,20 +12,22 @@ my $lineno = 0; for (@authlines) { $lineno++; - if (/^# gitolite start/ .. /^# gitolite end/) { - warn "line $lineno: non-gitolite key found in gitolite section" if /ssh-rsa|ssh-dss/ and not /command=.*gl-auth-command/; - } else { - warn "line $lineno: gitolite key found outside gitolite section" if /command=.*gl-auth-command/; - } + my $in_gs = (/^# gitolite start/ .. /^# gitolite end/); next if /\# gitolite (start|end)/; - die "line $lineno: unrecognised line\n" unless /^(?:command=".*gl-auth-command (\S+?)"\S+ )?(?:ssh-rsa|ssh-dss) (\S+)/; - my ($user, $key) = ($1 || '', $2); + + my $user = ""; + $user = "host $1" if /^command=.*gl-mirror-shell (\S+?)"/; + $user = "user $1" if /^command=.*gl-auth-command (\S+?)"/; + $user = "shell user $1" if /^command=.*gl-auth-command -s (\S+?)"/; + + die "line $lineno: unrecognised line\n" unless /^(?:command=".*(?:gl-mirror-shell|gl-auth-command(?: -s)?) (?:\S+?)"\S+ )?(?:ssh-rsa|ssh-dss) (\S+)/; + my $key = $1; if ($linenos{$key}) { warn "authkeys file line $lineno is repeat of line $linenos{$key}, will be ignored by server sshd\n"; next; } $linenos{$key} = $lineno; - $users{$key} = ($user ? "maps to gitolite user $user" : "gets you a command line"); + $users{$key} = ($user ? "maps to $user" : "gets you a command line"); } print "\n";