Fixing authorized_keys module to make the key part detection better
Fixes #4677 Fixes #4657 Fixes #4599
This commit is contained in:
parent
9249cf578d
commit
0e9184eefd
1 changed files with 34 additions and 33 deletions
|
@ -65,12 +65,6 @@ options:
|
|||
required: false
|
||||
default: null
|
||||
version_added: "1.4"
|
||||
unique:
|
||||
description:
|
||||
- Ensure that there is only one key matching the specified key in the file
|
||||
required: false
|
||||
default: false
|
||||
version_added: "1.4"
|
||||
description:
|
||||
- "Adds or removes authorized keys for particular user accounts"
|
||||
author: Brad Olson
|
||||
|
@ -210,34 +204,41 @@ def parsekey(raw_key):
|
|||
'ssh-rsa',
|
||||
]
|
||||
|
||||
key_parts = shlex.split(raw_key)
|
||||
if len(key_parts) >= 4 and key_parts[1] in VALID_SSH2_KEY_TYPES:
|
||||
# this line contains options
|
||||
(options,type,key) = key_parts[0:3]
|
||||
comment = " ".join(key_parts[3:])
|
||||
elif len(key_parts) >= 3 and key_parts[0] in VALID_SSH2_KEY_TYPES:
|
||||
# this line is just 'type key user@host'
|
||||
(type,key) = key_parts[0:2]
|
||||
comment = " ".join(key_parts[2:])
|
||||
options = None
|
||||
elif len(key_parts) == 2 and key_parts[0] in VALID_SSH2_KEY_TYPES:
|
||||
# assuming just a type/key with no comment
|
||||
(type,key) = key_parts
|
||||
comment = ""
|
||||
options = None
|
||||
else:
|
||||
# invalid key, maybe a comment?
|
||||
return None
|
||||
options = None # connection options
|
||||
key = None # encrypted key string
|
||||
key_type = None # type of ssh key
|
||||
type_index = None # index of keytype in key string|list
|
||||
|
||||
if options:
|
||||
key_parts = shlex.split(raw_key)
|
||||
for i in range(0, len(key_parts)):
|
||||
if key_parts[i] in VALID_SSH2_KEY_TYPES:
|
||||
type_index = i
|
||||
key_type = key_parts[i]
|
||||
break
|
||||
|
||||
# check for options
|
||||
if type_index is None:
|
||||
return None
|
||||
elif type_index == 1:
|
||||
# parse the options and store them
|
||||
options = key_parts[0]
|
||||
|
||||
# parse the options (if any)
|
||||
options = parseoptions(options)
|
||||
return (key, type, options, comment)
|
||||
|
||||
# get key after the type index
|
||||
key = key_parts[(type_index + 1)]
|
||||
|
||||
# set comment to everything after the key
|
||||
if len(key_parts) > (type_index + 1):
|
||||
comment = " ".join(key_parts[(type_index + 2):])
|
||||
|
||||
return (key, key_type, options, comment)
|
||||
|
||||
def readkeys(filename):
|
||||
|
||||
if not os.path.isfile(filename):
|
||||
return []
|
||||
return {}
|
||||
|
||||
keys = {}
|
||||
f = open(filename)
|
||||
|
@ -292,7 +293,6 @@ def enforce_state(module, params):
|
|||
manage_dir = params.get("manage_dir", True)
|
||||
state = params.get("state", "present")
|
||||
key_options = params.get("key_options", None)
|
||||
unique = params.get("unique",False)
|
||||
|
||||
key = key.split('\n')
|
||||
|
||||
|
@ -329,8 +329,9 @@ def enforce_state(module, params):
|
|||
|
||||
# handle idempotent state=present
|
||||
if state=="present":
|
||||
if unique and len(non_matching_keys) > 0:
|
||||
if len(non_matching_keys) > 0:
|
||||
for non_matching_key in non_matching_keys:
|
||||
if non_matching_key[0] in existing_keys:
|
||||
del existing_keys[non_matching_key[0]]
|
||||
do_write = True
|
||||
|
||||
|
|
Loading…
Reference in a new issue