shimun/ssh-cert-dist
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

added: shell-escape

Browse Source
This commit is contained in:
shimun 2023-02-22 15:29:56 +01:00
parent 50ba6c9934
commit c299a4e132
Signed by: shimun
GPG Key ID: E0420647856EA39E
3 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Cargo.lock generated
View File

@ -1503,6 +1503,12 @@ dependencies = [
"lazy_static",
]
[[package]]
name = "shell-escape"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45bb67a18fa91266cc7807181f62f9178a6873bfad7dc788c42e6430db40184f"
[[package]]
name = "signature"
version = "2.0.0"
@ -1606,6 +1612,7 @@ dependencies = [
"jwt-compact",
"rand",
"serde",
"shell-escape",
"ssh-cert-dist-common",
"ssh-key",
"tempfile",

1
server/Cargo.toml
View File

@ -32,6 +32,7 @@ tower-http = { version = "0.3.4", features = ["map-request-body", "trace"] }
tracing = { version = "0.1.37", features = ["release_max_level_debug"] }
tracing-subscriber = "0.3.16"
ssh-cert-dist-common = { path = "../common" }
shell-escape = "0.1.5"
[dev-dependencies]
tempfile = "3.3.0"

9
server/src/api.rs
View File

@ -9,6 +9,7 @@ use std::time::SystemTime;
use anyhow::Context;
use axum::body;
use axum::extract::{Query, State};
use shell_escape::escape;
use ssh_cert_dist_common::*;
use axum::{http::StatusCode, response::IntoResponse, Json, Router};
@ -285,14 +286,14 @@ impl From<&Certificate> for CertInfo {
format!("{opt}={val}")
}
})
.map(|arg| format!("-O {arg}"))
.map(|arg| format!("-O {}", escape(arg.into())))
.collect::<Vec<_>>()
.join(" ");
let opts = opts.trim();
let renew_command = format!(
"ssh-keygen -s ./ca_key {host_key} -I {} -n {} -V {validity_days}d {opts}",
cert.key_id(),
cert.valid_principals().join(",")
"ssh-keygen -s ./ca_key {host_key} -I {} -n {} -V {validity_days}d {opts} {}.pub",
escape(cert.key_id().into()),
escape(cert.valid_principals().join(",").into()), escape(cert.key_id().into())
);
CertInfo {
principals: cert.valid_principals().to_vec(),