forked from team/site
allow all valid pubkey types, not just ssh-
This commit is contained in:
parent
329f648f74
commit
a77396b9a8
|
@ -22,6 +22,30 @@ function add_ban_info($name, $email) {
|
||||||
file_put_contents("/var/signups_banned", $user_info.PHP_EOL, FILE_APPEND);
|
file_put_contents("/var/signups_banned", $user_info.PHP_EOL, FILE_APPEND);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function starts_with($string, $prefix)
|
||||||
|
{
|
||||||
|
return substr($string, 0, strlen($prefix)) === $prefix;
|
||||||
|
}
|
||||||
|
|
||||||
|
function is_ssh_pubkey($string)
|
||||||
|
{
|
||||||
|
// list from sshd(8)
|
||||||
|
$valid_pubkeys = [
|
||||||
|
'sk-ecdsa-sha2-nistp256@openssh.com',
|
||||||
|
'ecdsa-sha2-nistp256',
|
||||||
|
'ecdsa-sha2-nistp384',
|
||||||
|
'ecdsa-sha2-nistp521',
|
||||||
|
'sk-ssh-ed25519@openssh.com',
|
||||||
|
'ssh-ed25519',
|
||||||
|
'ssh-dss',
|
||||||
|
'ssh-rsa',
|
||||||
|
];
|
||||||
|
|
||||||
|
foreach ($valid_pubkeys as $pub)
|
||||||
|
if (starts_with($string, $pub)) return true;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
function forbidden_name($name): bool
|
function forbidden_name($name): bool
|
||||||
{
|
{
|
||||||
$badnames = [
|
$badnames = [
|
||||||
|
@ -151,10 +175,10 @@ if (isset($_REQUEST["username"]) && isset($_REQUEST["email"])) {
|
||||||
$message .= "<li>please explain why you're interested so we can make sure you're a real human being</li>";
|
$message .= "<li>please explain why you're interested so we can make sure you're a real human being</li>";
|
||||||
|
|
||||||
$sshkey = trim($_REQUEST["sshkey"]);
|
$sshkey = trim($_REQUEST["sshkey"]);
|
||||||
if ($sshkey == "" || (mb_substr($sshkey, 0, 4) !== "ssh-" && mb_substr($sshkey, 0, 11) !== "ecdsa-sha2-"))
|
if ($sshkey == "" || !is_ssh_pubkey($sshkey))
|
||||||
$message .= '<li>ssh key required: please create one and submit the public key. '
|
$message .= '<li>ssh key required: please create one and submit the public key. '
|
||||||
. 'see our <a href="https://tilde.team/wiki/ssh">ssh wiki</a> or '
|
. 'see our <a href="https://tilde.team/wiki/ssh">ssh wiki</a> or '
|
||||||
. 'hop on <a href="https://tilde.chat/kiwi/#team">irc</a> and ask for help</li>';
|
. 'hop on <a href="https://tilde.chat/kiwi/#team">irc</a> and ask for help</li>';
|
||||||
else {
|
else {
|
||||||
if ($name != "" && $email != "") {
|
if ($name != "" && $email != "") {
|
||||||
if (forbidden_sshkey($sshkey)) {
|
if (forbidden_sshkey($sshkey)) {
|
||||||
|
@ -179,24 +203,24 @@ $makeuser
|
||||||
|
|
||||||
if (mail('sudoers', 'new tilde.team signup', $msgbody)) {
|
if (mail('sudoers', 'new tilde.team signup', $msgbody)) {
|
||||||
echo '<div class="alert alert-success" role="alert">
|
echo '<div class="alert alert-success" role="alert">
|
||||||
email sent! we\'ll get back to you soon (usually within a day) with login instructions! <a href="/">back to tilde.team home</a>
|
email sent! we\'ll get back to you soon (usually within a day) with login instructions! <a href="/">back to tilde.team home</a>
|
||||||
</div>';
|
</div>';
|
||||||
// temp. add to forbidden to prevent double signups (cleanup after user creation)
|
// temp. add to forbidden to prevent double signups (cleanup after user creation)
|
||||||
file_put_contents("/var/signups_current", $name.PHP_EOL, FILE_APPEND);
|
file_put_contents("/var/signups_current", $name.PHP_EOL, FILE_APPEND);
|
||||||
file_put_contents("/var/signups", $makeuser.PHP_EOL, FILE_APPEND);
|
file_put_contents("/var/signups", $makeuser.PHP_EOL, FILE_APPEND);
|
||||||
} else {
|
} else {
|
||||||
echo '<div class="alert alert-danger" role="alert">
|
echo '<div class="alert alert-danger" role="alert">
|
||||||
something went wrong... please send an email to <a href="mailto:sudoers@tilde.team">sudoers@tilde.team</a> with details of what happened
|
something went wrong... please send an email to <a href="mailto:sudoers@tilde.team">sudoers@tilde.team</a> with details of what happened
|
||||||
</div>';
|
</div>';
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
?>
|
?>
|
||||||
<div class="alert alert-warning" role="alert">
|
<div class="alert alert-warning" role="alert">
|
||||||
<strong>notice: </strong>
|
<strong>notice: </strong>
|
||||||
<?=$message?>
|
<?=$message?>
|
||||||
</div>
|
</div>
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
Loading…
Reference in New Issue