aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2016-01-12 23:43:22 -0800
committerSitaram Chamarty <sitaram@atc.tcs.com>2016-01-19 20:31:27 +0530
commit285c4b5f3986d1a7bbcecc5dee976ce2b78746b7 (patch)
treea2874c39cb1ebf8a6df19f7ecb12132280bb6d0d
parentssh-authkeys: use new ssh fingerprint functions. (diff)
downloadgitolite-gentoo-285c4b5f3986d1a7bbcecc5dee976ce2b78746b7.tar.gz
gitolite-gentoo-285c4b5f3986d1a7bbcecc5dee976ce2b78746b7.tar.bz2
gitolite-gentoo-285c4b5f3986d1a7bbcecc5dee976ce2b78746b7.zip
sshkeys-lint: use new ssh fingerprint functions.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-rwxr-xr-xsrc/commands/sshkeys-lint32
1 files changed, 12 insertions, 20 deletions
diff --git a/src/commands/sshkeys-lint b/src/commands/sshkeys-lint
index c7f0c81..a46e379 100755
--- a/src/commands/sshkeys-lint
+++ b/src/commands/sshkeys-lint
@@ -4,6 +4,8 @@ use warnings;
# complete rewrite of the sshkeys-lint program. Usage has changed, see
# usage() function or run without arguments.
+use lib $ENV{GL_LIBDIR};
+use Gitolite::Common;
use Getopt::Long;
my $admin = 0;
@@ -142,30 +144,20 @@ sub ak_comment {
sub fprint {
local $_ = shift;
- my ( $fh, $tempfn, $in );
+ my ($fp, $output);
if ( /$KEYTYPE_REGEX/ ) {
- # an actual key was passed. Since ssh-keygen requires an actual file,
- # make a temp file to take the data and pass on to ssh-keygen
- s/^.* ($KEYTYPE_REGEX)/$1/;
- use File::Temp qw(tempfile);
- ( $fh, $tempfn ) = tempfile();
- $in = $tempfn;
- print $fh $_;
- close $fh;
+ # an actual key was passed. ssh-keygen CAN correctly handle options on
+ # the front of the key, so don't bother to strip them at all.
+ ($fp, $output) = ssh_fingerprint_line($_);
} else {
# a filename was passed
- $in = $_;
+ ($fp, $output) = ssh_fingerprint_file($_);
+ # include the line of input as well, as it won't always be included by the ssh-keygen command
+ warn "Bad line: $_\n" unless $fp;
}
- # dbg("in = $in");
- -f $in or die "file not found: $in\n";
- open( $fh, "ssh-keygen -l -f $in |" ) or die "could not fork: $!\n";
- my $fp = <$fh>;
- # dbg("fp = $fp");
- close $fh;
- unlink $tempfn if $tempfn;
- warn "$fp\n" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/ or $fp =~ m(SHA256:([A-Za-z0-9+/]+));
-
- return $1;
+ # sshkeys-lint should only be run by a trusted admin, so we can give the output here.
+ warn "$output\n" unless $fp;
+ return $fp;
}
# ------------------------------------------------------------------------