diff --git a/signup/signup-handler.php b/signup/signup-handler.php
index 461bdae..e5a04c7 100644
--- a/signup/signup-handler.php
+++ b/signup/signup-handler.php
@@ -22,6 +22,30 @@ function add_ban_info($name, $email) {
file_put_contents("/var/signups_banned", $user_info.PHP_EOL, FILE_APPEND);
}
+function starts_with($string, $prefix)
+{
+ return substr($string, 0, strlen($prefix)) === $prefix;
+}
+
+function is_ssh_pubkey($string)
+{
+ // list from sshd(8)
+ $valid_pubkeys = [
+ 'sk-ecdsa-sha2-nistp256@openssh.com',
+ 'ecdsa-sha2-nistp256',
+ 'ecdsa-sha2-nistp384',
+ 'ecdsa-sha2-nistp521',
+ 'sk-ssh-ed25519@openssh.com',
+ 'ssh-ed25519',
+ 'ssh-dss',
+ 'ssh-rsa',
+ ];
+
+ foreach ($valid_pubkeys as $pub)
+ if (starts_with($string, $pub)) return true;
+ return false;
+}
+
function forbidden_name($name): bool
{
$badnames = [
@@ -151,10 +175,10 @@ if (isset($_REQUEST["username"]) && isset($_REQUEST["email"])) {
$message .= "
please explain why you're interested so we can make sure you're a real human being";
$sshkey = trim($_REQUEST["sshkey"]);
- if ($sshkey == "" || (mb_substr($sshkey, 0, 4) !== "ssh-" && mb_substr($sshkey, 0, 11) !== "ecdsa-sha2-"))
+ if ($sshkey == "" || !is_ssh_pubkey($sshkey))
$message .= 'ssh key required: please create one and submit the public key. '
- . 'see our ssh wiki or '
- . 'hop on irc and ask for help';
+ . 'see our ssh wiki or '
+ . 'hop on irc and ask for help';
else {
if ($name != "" && $email != "") {
if (forbidden_sshkey($sshkey)) {
@@ -179,24 +203,24 @@ $makeuser
if (mail('sudoers', 'new tilde.team signup', $msgbody)) {
echo '
- email sent! we\'ll get back to you soon (usually within a day) with login instructions!
back to tilde.team home
-
';
+ email sent! we\'ll get back to you soon (usually within a day) with login instructions! back to tilde.team home
+ ';
// temp. add to forbidden to prevent double signups (cleanup after user creation)
file_put_contents("/var/signups_current", $name.PHP_EOL, FILE_APPEND);
file_put_contents("/var/signups", $makeuser.PHP_EOL, FILE_APPEND);
} else {
echo '
- something went wrong... please send an email to
sudoers@tilde.team with details of what happened
-
';
+ something went wrong... please send an email to sudoers@tilde.team with details of what happened
+ ';
}
} else {
- ?>
+?>
notice:
=$message?>
-