Add all keytypes support (#1)

dimension-sh · Oct 1, 2020 · ac7833b · ac7833b
1 parent 56e82bc
commit ac7833b
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -4,9 +4,9 @@
 
 ## Configuration
 
-`mkuser` uses the OS defined configuration for the `useradd` command. On a Redhat derrived system this will be in `/etc/login.defs`. No configuration for the user is held by any `mkuser` file.
+`mkuser` uses the OS defined configuration for the `useradd` command. On a Redhat derived system this will be in `/etc/login.defs`. No configuration for the user is held by any `mkuser` file.
 
-The email template must be located at `/etc/mkuser/welcome_email.tmpl` and it uses Python's string Template format. Further details on the synax can be found within the [Python documentation](https://docs.python.org/3/library/string.html#template-strings).
+The email template must be located at `/etc/mkuser/welcome_email.tmpl` and it uses Python's string Template format. Further details on the syntax can be found within the [Python documentation](https://docs.python.org/3/library/string.html#template-strings).
 
 ## Usage
 

diff --git a/mkuser b/mkuser
@@ -18,23 +18,32 @@ import yaml
 
 
 __author__ = 'Andrew Williams <[email protected]>'
-__version__ = '1.1.0'
+__version__ = '1.1.1'
+
+VALID_SSH_KEYTYPES = [
+    '[email protected]',
+    'ecdsa-sha2-nistp256',
+    'ecdsa-sha2-nistp384',
+    'ecdsa-sha2-nistp521',
+    '[email protected]',
+    'ssh-ed25519',
+    'ssh-rsa',
+]
 
 
 def validate_sshkey(keystring):
     """ Validates that SSH pubkey string is valid """
     # do we have 3 fields?
     fields = len(keystring.split(' '))
-    if fields < 2 or fields > 3:
+    if fields < 2:
         return 'Incorrect number of fields (%d)' % fields
-
-    if fields == 2:
-        keytype, pubkey = keystring.split(' ')
-    if fields == 3:
-        keytype, pubkey, _ = keystring.split(' ')
+    else:
+        fsplit = keystring.split(' ')
+        keytype = fsplit[0]
+        pubkey = fsplit[1]
 
     # Check it is a valid type
-    if not keytype in ['ssh-rsa', 'ssh-ed25519']:
+    if not keytype in VALID_SSH_KEYTYPES:
         return 'Invalid keytype'
 
     # Decode the key data from Base64
@@ -52,7 +61,6 @@ def validate_sshkey(keystring):
     # Keytype is encoded and must match
     if not data[4:4+str_len].decode('ascii') == keytype:
         return 'Embedded keytype does not match declared keytype (%s vs %s)' % (data[4:4+str_len].decode('ascii'), keytype)
-
     return True
 
 
@@ -181,5 +189,6 @@ def main():
     for address in (args.email, user.pw_name):
         send_welcome_mail(address, mail_data)
 
+
 if __name__ == '__main__':
-    main()
+    main()