shimun/ssh-cert-dist
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

added: shell-escape

Browse Source
This commit is contained in:
shimun 2023-02-22 15:29:56 +01:00
parent 50ba6c9934
commit c299a4e132
Signed by: shimun
GPG Key ID: E0420647856EA39E
3 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Cargo.lock generated
View File

@ -1503,6 +1503,12 @@ dependencies = [
"lazy_static", "lazy_static",
] ]
[[package]]
name = "shell-escape"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45bb67a18fa91266cc7807181f62f9178a6873bfad7dc788c42e6430db40184f"
[[package]] [[package]]
name = "signature" name = "signature"
version = "2.0.0" version = "2.0.0"
@ -1606,6 +1612,7 @@ dependencies = [
"jwt-compact", "jwt-compact",
"rand", "rand",
"serde", "serde",
"shell-escape",
"ssh-cert-dist-common", "ssh-cert-dist-common",
"ssh-key", "ssh-key",
"tempfile", "tempfile",

1
server/Cargo.toml
View File

@ -32,6 +32,7 @@ tower-http = { version = "0.3.4", features = ["map-request-body", "trace"] }
tracing = { version = "0.1.37", features = ["release_max_level_debug"] } tracing = { version = "0.1.37", features = ["release_max_level_debug"] }
tracing-subscriber = "0.3.16" tracing-subscriber = "0.3.16"
ssh-cert-dist-common = { path = "../common" } ssh-cert-dist-common = { path = "../common" }
shell-escape = "0.1.5"
[dev-dependencies] [dev-dependencies]
tempfile = "3.3.0" tempfile = "3.3.0"

9
server/src/api.rs
View File

@ -9,6 +9,7 @@ use std::time::SystemTime;
use anyhow::Context; use anyhow::Context;
use axum::body; use axum::body;
use axum::extract::{Query, State}; use axum::extract::{Query, State};
use shell_escape::escape;
use ssh_cert_dist_common::*; use ssh_cert_dist_common::*;
use axum::{http::StatusCode, response::IntoResponse, Json, Router}; use axum::{http::StatusCode, response::IntoResponse, Json, Router};
@ -285,14 +286,14 @@ impl From<&Certificate> for CertInfo {
format!("{opt}={val}") format!("{opt}={val}")
} }
}) })
.map(|arg| format!("-O {arg}")) .map(|arg| format!("-O {}", escape(arg.into())))
.collect::<Vec<_>>() .collect::<Vec<_>>()
.join(" "); .join(" ");
let opts = opts.trim(); let opts = opts.trim();
let renew_command = format!( let renew_command = format!(
"ssh-keygen -s ./ca_key {host_key} -I {} -n {} -V {validity_days}d {opts}", "ssh-keygen -s ./ca_key {host_key} -I {} -n {} -V {validity_days}d {opts} {}.pub",
cert.key_id(), escape(cert.key_id().into()),
cert.valid_principals().join(",") escape(cert.valid_principals().join(",").into()), escape(cert.key_id().into())
); );
CertInfo { CertInfo {
principals: cert.valid_principals().to_vec(), principals: cert.valid_principals().to_vec(),