Allow multiple permitopen/permitlisten in SSH keys

SSH keys allow to have multiple entries for the permitopen and permitlisten options. Prior to this change, only one of each could be configured. Fixes: https://pagure.io/freeipa/issue/8423 Signed-off-by: Antonio Torres <antorres@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2021-02-25 18:08:53 +01:00
parent d8bc3e401e
commit 3dc58965fa
1 changed files with 14 additions and 1 deletions
--- a/ipapython/ssh.py
+++ b/ipapython/ssh.py
@@ -125,6 +125,9 @@ class SSHPublicKey:
    def _parse_openssh_with_options(self, key):
        key = key.lstrip('\t ')

+        # Options that allow multiple entries
+        multiple_allowed = ('permitopen', 'permitlisten')
+
        options = {}
        while True:
            match = OPENSSH_OPTIONS_REGEX.match(key)
@@ -136,7 +139,13 @@ class SSHPublicKey:
            if value:
                value = value.replace('\\"', '"')

-            options[name] = value
+            if name in multiple_allowed:
+                if name in options:
+                    options[name].append(value)
+                else:
+                    options[name] = [value]
+            else:
+                options[name] = value

            key = key[len(match.group(0)):]
            key0, key = key[:1], key[1:]
@@ -179,6 +188,10 @@ class SSHPublicKey:
                value = self._options[name]
                if value is None:
                    options.append(name)
+                elif type(value) is list:
+                    for v in value:
+                        v = v.replace('"', '\\"')
+                        options.append(u'%s="%s"' % (name, v))
                else:
                    value = value.replace('"', '\\"')
                    options.append(u'%s="%s"' % (name, value))