ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2024-09-20 23:15:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

enh: egress ssh key: compute an ID so that keys can be pointed to and deleted

Browse source
This commit is contained in:
Stéphane Lesimple 2021-02-15 11:21:47 +00:00 committed by Stéphane Lesimple
parent c88be2def1
commit fe58cf1d14
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
lib/perl/OVH/Bastion/ssh.inc
View file

@ -270,6 +270,7 @@ sub get_ssh_pub_key_info {
$pubKey =~ s/[\r\n]//g; $pubKey =~ s/[\r\n]//g;
my $mtime;
if ($file) { if ($file) {
if (open(my $fh, '<', $file)) { if (open(my $fh, '<', $file)) {
$pubKey = <$fh>; $pubKey = <$fh>;
@ -278,6 +279,7 @@ sub get_ssh_pub_key_info {
else { else {
return R('ERR_CANNOT_OPEN_FILE', msg => "Couldn't open specified file ($!)"); return R('ERR_CANNOT_OPEN_FILE', msg => "Couldn't open specified file ($!)");
} }
$mtime = (stat($file))[9];
} }
# some little sanity check # some little sanity check
@ -302,12 +304,19 @@ sub get_ssh_pub_key_info {
if ($prefix =~ /^from=["']([^ "']+)/) { if ($prefix =~ /^from=["']([^ "']+)/) {
@fromList = split /,/, $1; @fromList = split /,/, $1;
} }
# generate a uniq id f($line)
require Digest::MD5;
my $id = 'id' . substr(Digest::MD5::md5_hex($line), 0, 8);
my %return = ( my %return = (
prefix => $prefix, prefix => $prefix,
typecode => $typecode, typecode => $typecode,
base64 => $base64, base64 => $base64,
comment => $comment, comment => $comment,
line => $line, line => $line,
id => $id,
mtime => $mtime,
fromList => \@fromList, fromList => \@fromList,
); );
@ -699,6 +708,12 @@ sub print_public_key {
require Term::ANSIColor; require Term::ANSIColor;
# if id is passed directly, this is a key from an authkeys file, the id is the line number
# otherwise, we should have an id within the key, it depends on $key->line, usually this is a key from a .pub file (no line number)
if (!$id && $key->{'id'}) {
$id = $key->{'id'};
}
my $line = $key->{'line'}; my $line = $key->{'line'};
if ($key->{'base64'}) { if ($key->{'base64'}) {
$line = sprintf("%s%s %s %s", $key->{'prefix'} ? $key->{'prefix'} . ' ' : '', $key->{'typecode'}, $key->{'base64'}, $key->{'comment'}); $line = sprintf("%s%s %s %s", $key->{'prefix'} ? $key->{'prefix'} . ' ' : '', $key->{'typecode'}, $key->{'base64'}, $key->{'comment'});