| OLD | NEW |
|---|
| 1 package config | 1 package config |
| 2 | 2 |
| 3 import ( | 3 import ( |
| 4 "bytes" | 4 "bytes" |
| 5 "crypto/tls" |
| 6 "crypto/x509" |
| 7 "encoding/pem" |
| 5 "fmt" | 8 "fmt" |
| 6 "io/ioutil" | 9 "io/ioutil" |
| 7 "os" | 10 "os" |
| 8 "path/filepath" | 11 "path/filepath" |
| 9 "strings" | 12 "strings" |
| 10 ) | 13 ) |
| 11 | 14 |
| 12 func expandTilde(f string) string { | 15 func expandTilde(f string) string { |
| 13 // TODO expansion of other user's home directories. | 16 // TODO expansion of other user's home directories. |
| 14 // Q what characters are valid in a user name? | 17 // Q what characters are valid in a user name? |
| 15 if strings.HasPrefix(f, "~"+string(filepath.Separator)) { | 18 if strings.HasPrefix(f, "~"+string(filepath.Separator)) { |
| 16 return os.Getenv("HOME") + f[1:] | 19 return os.Getenv("HOME") + f[1:] |
| 17 } | 20 } |
| 18 return f | 21 return f |
| 19 } | 22 } |
| 20 | 23 |
| 21 // authorizedKeys implements the standard juju behaviour for finding | 24 // authorizedKeys implements the standard juju behaviour for finding |
| 22 // authorized_keys. It returns a set of keys in in authorized_keys format | 25 // authorized_keys. It returns a set of keys in in authorized_keys format |
| 23 // (see sshd(8) for a description). If path is non-empty, it names the | 26 // (see sshd(8) for a description). If path is non-empty, it names the |
| 24 // file to use; otherwise the user's .ssh directory will be searched. | 27 // file to use; otherwise the user's .ssh directory will be searched. |
| 25 // Home directory expansion will be performed on the path if it starts with | 28 // Home directory expansion will be performed on the path if it starts with |
| 26 // a ~; if the expanded path is relative, it will be interpreted relative | 29 // a ~; if the expanded path is relative, it will be interpreted relative |
| 27 // to $HOME/.ssh. | 30 // to $HOME/.ssh. |
| 28 func authorizedKeys(path string) (string, error) { | 31 func readAuthorizedKeys(path string) (string, error) { |
| 29 var files []string | 32 var files []string |
| 30 if path == "" { | 33 if path == "" { |
| 31 files = []string{"id_dsa.pub", "id_rsa.pub", "identity.pub"} | 34 files = []string{"id_dsa.pub", "id_rsa.pub", "identity.pub"} |
| 32 } else { | 35 } else { |
| 33 files = []string{path} | 36 files = []string{path} |
| 34 } | 37 } |
| 35 var firstError error | 38 var firstError error |
| 36 var keyData []byte | 39 var keyData []byte |
| 37 for _, f := range files { | 40 for _, f := range files { |
| 38 f = expandTilde(f) | 41 f = expandTilde(f) |
| (...skipping 11 matching lines...) Expand all Loading... |
| 50 keyData = append(keyData, '\n') | 53 keyData = append(keyData, '\n') |
| 51 } | 54 } |
| 52 if len(keyData) == 0 { | 55 if len(keyData) == 0 { |
| 53 if firstError == nil { | 56 if firstError == nil { |
| 54 firstError = fmt.Errorf("no public ssh keys found") | 57 firstError = fmt.Errorf("no public ssh keys found") |
| 55 } | 58 } |
| 56 return "", firstError | 59 return "", firstError |
| 57 } | 60 } |
| 58 return string(keyData), nil | 61 return string(keyData), nil |
| 59 } | 62 } |
| 63 |
| 64 // verifyKeyPair verifies that the certificate and key parse correctly. |
| 65 // The key is optional - if it is provided, we also check that the key |
| 66 // matches the certificate. |
| 67 func verifyKeyPair(certPEM, keyPEM []byte) error { |
| 68 if keyPEM != nil { |
| 69 _, err := tls.X509KeyPair(certPEM, keyPEM) |
| 70 return err |
| 71 } |
| 72 for len(certPEM) > 0 { |
| 73 var certBlock *pem.Block |
| 74 certBlock, certPEM = pem.Decode(certPEM) |
| 75 if certBlock == nil { |
| 76 break |
| 77 } |
| 78 if certBlock.Type == "CERTIFICATE" { |
| 79 _, err := x509.ParseCertificate(certBlock.Bytes) |
| 80 return err |
| 81 } |
| 82 } |
| 83 return fmt.Errorf("no certificates found") |
| 84 } |
| OLD | NEW |
|---|
