Francesco Romani has uploaded a new change for review.
Change subject: core: do not restrict user public keys to RSA
......................................................................
core: do not restrict user public keys to RSA
The users can upload ssh public keys, to be used to perform
authentication in to the ovirt-vmconsole-proxy, and then to
connect to virtio serial console.
For early implementation reasons, the key type was restricted to
RSA. This patch lift the restrictions, allowing the user to
upload any valid SSH key.
The code should now perform only the basic sanity check.
Change-Id: If3b677a140cdedd478856bf8aa62ac758932767e
Signed-off-by: Francesco Romani <from...@redhat.com>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UserProfilesOperationCommandBase.java
M
backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/ssh/OpenSSHUtils.java
2 files changed, 4 insertions(+), 16 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/80/42080/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UserProfilesOperationCommandBase.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UserProfilesOperationCommandBase.java
index 4a6889f..ac78abe 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UserProfilesOperationCommandBase.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UserProfilesOperationCommandBase.java
@@ -16,8 +16,6 @@
public abstract class UserProfilesOperationCommandBase<T extends
UserProfileParameters> extends CommandBase<T> {
- static final private String SSH_RSA = "ssh-rsa";
-
@Inject
protected UserProfileDAO userProfileDao;
diff --git
a/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/ssh/OpenSSHUtils.java
b/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/ssh/OpenSSHUtils.java
index 8b5a532..97669d3 100644
---
a/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/ssh/OpenSSHUtils.java
+++
b/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/ssh/OpenSSHUtils.java
@@ -5,10 +5,8 @@
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
-import java.nio.charset.Charset;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
-import java.util.Arrays;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
@@ -196,7 +194,7 @@
return fingerprintString;
}
- private static boolean verifyByteArray(DataInputStream dataInputStream,
byte[] expected) throws IOException {
+ private static boolean verifyByteArray(DataInputStream dataInputStream)
throws IOException {
int length = dataInputStream.readInt();
byte[] contents = new byte[length];
int numBytes = dataInputStream.read(contents, 0, length);
@@ -205,19 +203,11 @@
return false;
}
- if (expected != null) {
- return Arrays.equals(contents, expected);
- }
-
return true;
}
public static boolean isPublicKeyValid(String publicKey) {
String[] words = publicKey.split("\\s+", 3);
-
- if (!words[0].equals(SSH_RSA)) {
- return false;
- }
try {
byte[] decodedBytes = Base64.decodeBase64(words[1]);
@@ -225,9 +215,9 @@
try (ByteArrayInputStream inputStream = new
ByteArrayInputStream(decodedBytes);
DataInputStream dataInputStream = new
DataInputStream(inputStream)) {
- verifyByteArray(dataInputStream,
SSH_RSA.getBytes(Charset.forName("UTF-8")));
- verifyByteArray(dataInputStream, null);
- verifyByteArray(dataInputStream, null);
+ verifyByteArray(dataInputStream);
+ verifyByteArray(dataInputStream);
+ verifyByteArray(dataInputStream);
return true;
}
--
To view, visit https://gerrit.ovirt.org/42080
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If3b677a140cdedd478856bf8aa62ac758932767e
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Francesco Romani <from...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
