From 82e6bb752f9aed42b694d38df762352c023e33de Mon Sep 17 00:00:00 2001
From: "Leigh B. Stoller" <stoller@flux.utah.edu>
Date: Tue, 20 Aug 2002 21:20:29 +0000
Subject: [PATCH] Add ssh2 key support to all of the pages that deal with ssh
 keys.

---
 www/deletepubkey.php3 |  6 +++---
 www/joinproject.php3  | 46 +++++++++++++++++++++++++++++--------------
 www/newproject.php3   | 41 ++++++++++++++++++++++++++++----------
 www/showpubkeys.php3  | 27 ++++++++++++++-----------
 4 files changed, 81 insertions(+), 39 deletions(-)

diff --git a/www/deletepubkey.php3 b/www/deletepubkey.php3
index 805006653..81285f8c2 100644
--- a/www/deletepubkey.php3
+++ b/www/deletepubkey.php3
@@ -88,10 +88,10 @@ if ($canceled) {
 if (!$confirmed) {
     PAGEHEADER("SSH Public Key Maintenance");
 
-    echo "<center><h2><br>
+    echo "<center><h3><br>
           Are you <b>REALLY</b>
-          sure you want to delete SSH Public Key '$key' for user '$target_uid'?
-          </h2>\n";
+          sure you want to delete this SSH Public Key for user '$target_uid'?
+          </h3>\n";
     
     echo "<form action='deletepubkey.php3?target_uid=$target_uid&key=$key'
                 method=post>";
diff --git a/www/joinproject.php3 b/www/joinproject.php3
index f76fbc082..f5a13983c 100644
--- a/www/joinproject.php3
+++ b/www/joinproject.php3
@@ -415,11 +415,6 @@ if (! $returning) {
 			    $formfields[usr_email], $checkerror)) {
 	$errors["Password"] = "$checkerror";
     }
-    if (isset($formfields[usr_key]) &&
-	strcmp($formfields[usr_key], "") &&
-	! ereg("^[0-9a-zA-Z\@\. ]*$", $formfields[usr_key])) {
-	$errors["PubKey"] = "Invalid characters";
-    }
 }
 if (!isset($formfields[pid]) ||
     strcmp($formfields[pid], "") == 0) {
@@ -460,7 +455,21 @@ if (!$returning) {
     # 
     if (isset($formfields[usr_key]) &&
 	strcmp($formfields[usr_key], "")) {
-	$usr_key[] = $formfields[usr_key];
+        #
+        # Replace any embedded newlines first.
+        #
+	$formfields[usr_key] = ereg_replace("[\n]", "", $formfields[usr_key]);
+
+	if (! preg_match("/^[-\w\s\.\@\+\/\=]*$/", $formfields[usr_key])) {
+	    $errors["PubKey"] = "Invalid characters";
+
+	    SPITFORM($formfields, $errors);
+	    PAGEFOOTER();
+	    return;
+	}
+	else {
+	    $usr_key[] = $formfields[usr_key];
+	}
     }
     
     #
@@ -477,7 +486,10 @@ if (!$returning) {
 	while (!feof($fp)) {
 	    $buffer = fgets($fp, 4096);
 
-	    if (! ereg("^[0-9a-zA-Z\@\. \n]*$", $buffer)) {
+	    if (ereg("^[\n\#]", $buffer))
+		continue;
+
+	    if (! preg_match("/^[-\w\s\.\@\+\/\=\r\n]*$/", $buffer)) {
 		$errors["PubKey File Contents"] = "Invalid characters";
 
 		fclose($fp);
@@ -562,16 +574,20 @@ if (! $returning) {
             #
 	    $pieces = explode(" ", $stuff);
 
-	    if (count($pieces) != 4) {
-		if (count($pieces) != 1) {
-		    TBERROR("Bad Key for $joining_uid: $stuff", 0);
-		}
+	    if (count($pieces) == 4) {
+		$key     = "$pieces[0] $pieces[1] $pieces[2] $pieces[3]";
+		$comment = $pieces[3];
+	    }
+	    elseif (count($pieces) == 3) {
+		$key     = "$pieces[0] $pieces[1] $pieces[2]";
+		$comment = $pieces[0] . "-" . $pieces[2];
+	    }
+	    elseif (count($pieces) == 1) {
 		continue;
 	    }
-            # These have already been tested for bad chars above (ereg).
-	    $key     = "$pieces[0] $pieces[1] $pieces[2] $pieces[3]";
-	    $comment = $pieces[3];
-	
+	    else {
+		TBERROR("Improper key: $stuff", 0);
+	    }
 	    DBQueryFatal("replace into user_pubkeys ".
 			 "values ('$joining_uid', '$comment', '$key', now())");
 	}
diff --git a/www/newproject.php3 b/www/newproject.php3
index 01c05b3e5..8b392d943 100755
--- a/www/newproject.php3
+++ b/www/newproject.php3
@@ -693,7 +693,21 @@ if (!$returning) {
     # 
     if (isset($formfields[usr_key]) &&
 	strcmp($formfields[usr_key], "")) {
-	$usr_key[] = $formfields[usr_key];
+        #
+        # Replace any embedded newlines first.
+        #
+	$formfields[usr_key] = ereg_replace("[\n]", "", $formfields[usr_key]);
+
+	if (! preg_match("/^[-\w\s\.\@\+\/\=]*$/", $formfields[usr_key])) {
+	    $errors["PubKey"] = "Invalid characters";
+
+	    SPITFORM($formfields, $errors);
+	    PAGEFOOTER();
+	    return;
+	}
+	else {
+	    $usr_key[] = $formfields[usr_key];
+	}
     }
     
     #
@@ -710,7 +724,10 @@ if (!$returning) {
 	while (!feof($fp)) {
 	    $buffer = fgets($fp, 4096);
 
-	    if (! ereg("^[0-9a-zA-Z\@\. \n]*$", $buffer)) {
+	    if (ereg("^[\n\#]", $buffer))
+		continue;
+
+	    if (! preg_match("/^[-\w\s\.\@\+\/\=\r\n]*$/", $buffer)) {
 		$errors["PubKey File Contents"] = "Invalid characters";
 
 		fclose($fp);
@@ -804,16 +821,20 @@ if (! $returning) {
             #
 	    $pieces = explode(" ", $stuff);
 
-	    if (count($pieces) != 4) {
-		if (count($pieces) != 1) {
-		    TBERROR("Bad Key for $proj_head_uid: $stuff", 0);
-		}
+	    if (count($pieces) == 4) {
+		$key     = "$pieces[0] $pieces[1] $pieces[2] $pieces[3]";
+		$comment = $pieces[3];
+	    }
+	    elseif (count($pieces) == 3) {
+		$key     = "$pieces[0] $pieces[1] $pieces[2]";
+		$comment = $pieces[0] . "-" . $pieces[2];
+	    }
+	    elseif (count($pieces) == 1) {
 		continue;
 	    }
-            # These have already been tested for bad chars above (ereg).
-	    $key     = "$pieces[0] $pieces[1] $pieces[2] $pieces[3]";
-	    $comment = $pieces[3];
-	
+	    else {
+		TBERROR("Improper key: $stuff", 0);
+	    }
 	    DBQueryFatal("replace into user_pubkeys ".
 			 "values ('$proj_head_uid', ".
 			 "         '$comment', '$key', now())");
diff --git a/www/showpubkeys.php3 b/www/showpubkeys.php3
index 946795101..cf1d583b5 100644
--- a/www/showpubkeys.php3
+++ b/www/showpubkeys.php3
@@ -107,7 +107,8 @@ function SPITFORM($formfields, $errors)
 
     echo "<br><hr size=4>\n";
     echo "<center>
-          Enter new ssh public keys for user ${target_uid}[<b>1,2</b>].
+          Enter ssh (protocol 1 or 2) public keys for user
+                    ${target_uid}[<b>1,2</b>].
           </center><br>\n";
 
     if ($errors) {
@@ -223,7 +224,7 @@ if (isset($formfields[usr_key]) &&
     #
     $formfields[usr_key] = ereg_replace("[\n]", "", $formfields[usr_key]);
 
-    if (! ereg("^[0-9a-zA-Z\@\. ]*$", $formfields[usr_key])) {
+    if (! preg_match("/^[-\w\s\.\@\+\/\=]*$/", $formfields[usr_key])) {
 	$errors["PubKey"] = "Invalid characters";
 
 	SPITFORM($formfields, $errors);
@@ -252,7 +253,7 @@ if (isset($usr_keyfile) &&
 	if (ereg("^[\n\#]", $buffer))
 	    continue;
 
-	if (! ereg("^[0-9a-zA-Z\@\.[:space:]\r\n]*$", $buffer)) {
+	if (! preg_match("/^[-\w\s\.\@\+\/\=\r\n]*$/", $buffer)) {
 	    $errors["PubKey File Contents"] = "Invalid characters";
 
 	    fclose($fp);
@@ -294,16 +295,20 @@ if (isset($usr_key)) {
 	#
 	$pieces = explode(" ", $stuff);
 
-	if (count($pieces) != 4) {
-	    if (count($pieces) != 1) {
-		TBERROR("Bad Key for $target_uid: $stuff", 0);
-	    }
+	if (count($pieces) == 4) {
+	    $key     = "$pieces[0] $pieces[1] $pieces[2] $pieces[3]";
+	    $comment = $pieces[3];
+	}
+	elseif (count($pieces) == 3) {
+	    $key     = "$pieces[0] $pieces[1] $pieces[2]";
+	    $comment = $pieces[0] . "-" . $pieces[2];
+	}
+	elseif (count($pieces) == 1) {
 	    continue;
 	}
-	# These have already been tested for bad chars above (ereg).
-	$key     = "$pieces[0] $pieces[1] $pieces[2] $pieces[3]";
-	$comment = $pieces[3];
-	
+	else {
+	    TBERROR("Improper key: $stuff", 0);
+	}
 	DBQueryFatal("replace into user_pubkeys ".
 		     "values ('$target_uid', '$comment', '$key', now())");
 
-- 
GitLab