Add parsing for authorized_keys options

Olli Jarva · Olli Jarva · commit e32866077df6 · 2016-04-12T23:05:47.000+03:00
Fixes ojarva#8
diff --git a/setup.py b/setup.py
@@ -9,7 +9,7 @@
 
 setup(
     name='sshpubkeys',
-    version='1.0.7',
+    version='1.1.0',
     description='SSH public key parser',
     long_description=long_description,
     url='https://github.com/ojarva/python-sshpubkeys',
diff --git a/sshpubkeys/__init__.py b/sshpubkeys/__init__.py
@@ -141,6 +141,18 @@ def _parse_long(cls, data):
 
     @classmethod
     def _split_key(cls, data):
+        # Terribly inefficient way to remove options, but hey, it works.
+        if not data.startswith("ssh-") and not data.startswith("ecdsa-"):
+            quote_open = False
+            for i in range(len(data)):
+                if data[i] == '"':  # only double quotes are allowed, no need to care about single quotes
+                    quote_open = not quote_open
+                if quote_open:
+                    continue
+                if data[i] == " ":
+                    # Data begins after the first space
+                    data = data[i + 1:]
+                    break
         key_parts = data.strip().split(None, 3)
         if len(key_parts) < 2:  # Key type and content are mandatory fields.
             raise InvalidKeyException("Unexpected key format: at least type and base64 encoded value is required")
@@ -152,7 +164,7 @@ def _decode_key(cls, pubkey_content):
         try:
             decoded_key = base64.b64decode(pubkey_content.encode("ascii"))
         except (TypeError, binascii.Error):
-            raise InvalidKeyException("Unable to decode the key")
+            raise MalformedDataException("Unable to decode the key")
         return decoded_key
 
     @classmethod
diff --git a/tests/invalid_keys.py b/tests/invalid_keys.py
@@ -17,6 +17,6 @@
 
     ["ecdsa-sha2-nistp255 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTUAAAAIbmlzdHAyNTUAAABBBE2gqbAChP2h3fTPx3Jy2KdOJUiBGEiqBUwoosfzllw+KrqmGiDEWlufSxdiSOFuLd4a8PSwhoWbdQRVFrZAvFE=", NotImplementedError, "invalid_nist_curve"],
     ["", InvalidKeyException, "empty_key"],
-    ["- -", MalformedDataException, "no_content"],
-    ["invalid-key-typeaaa AAAAE2ludmFsaWQta2V5LXR5cGVhYWEAAAAIbmlzdHAyNTUAAABBBE2gqbAChP2h3fTPx3Jy2KdOJUiBGEiqBUwoosfzllw+KrqmGiDEWlufSxdiSOFuLd4a8PSwhoWbdQRVFrZAvFE=", NotImplementedError, "not_implemented_key_type"],
+    ["- -", InvalidKeyException, "no_content"],
+    ["ssh-invalid-key-type AAAAFHNzaC1pbnZhbGlkLWtleS10eXBlAAAAgMEgAGDgAKEBAMAgoECggSCAQIEAoIAhASEhAKDAAOAAwGCBIKAAYGCgYKDhAEBAwICAoIDgIADAYKAAYGAAYAEgwGBBIGDhIOBg4CAAoQDAIEAgIEEggEDgQGCAIGAhAQDgoKAhIAAggSBA4CBggOEBIEDgoMDAwKBg4MDAYIDgAAAAIAAAAAAAAAAAAAAAAIAggEEggSBAIIBgAMDAQADAIQEgAAAAgJAQABBgICBQUABQcFAAcJBgUIAAIHAAkJBQEIAQMEAgIHBQEFCAUBBQUHAQMGBgQBCAEEAgICBQYDBwIJBAYFCQYDBwIAAQIHCQMEBwYCBAICAAEFBQAHAgAIBQAJBwgEBwYGCAEHBgkBAwEBAQcHAQMGCQMCBQIABAUJAgEIAgAAAAgIGAAYIDgoSBA4ABAgAEAIEEAoEAg4IDAgQCAwCDgQMAgQABgoGAAgMCgoOCA4QABAGBAQQDgoKABASBhAQDgoIBgIQEgAQEAQSBg4IEBICEggKBAAABgYKDAgGDgYAAgoGCAoODgYGEAwIBAoACgQADBAGDgASCgQMDgAABAISA", NotImplementedError, "not_implemented_key_type"],
 ]
diff --git a/tests/valid_keys.py b/tests/valid_keys.py
@@ -49,6 +49,12 @@
     ['ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAAXo4IUS1bJYWrydi8B+t68xzH97cpUcKEWgWqQvy6ebRw/Y/G5kHVOHD9vGBLX2j4dseB+71meNxeaTkQCDPmck4FFFe8LlfJgcJupAwVnEu/YSne55MHa9fO1hiZsg/oiZabS/DKoyOHLE7Usa/JQXJzGaRtLWAP1vWuCigfX/yfLA+CXxA6Fh6VVaEhlUAdOoVZ/aFBrwsG19Yp5sU23HSIHAmkFMApb5jvlQbjQrLzQr9qmiRgsylFPi5OHp2tvbQeRKA9XzKVjpof4tSd0JDq5XgUHtlRI9CsIrVxjUJS8WkdDWW/uNWFQhQ5CS332Jvet9xP6ZZpsYxS5KpQU= ojarva@ojar-laptop.local', 2043, 'af:82:da:e7:04:5d:a0:38:30:b4:5f:ae:e2:87:63:f2', 'valid_rsa_2043'],
     ['ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABADR9kolU4uiD26LMrbakQlNf4QWB2xrdY3nASf6CJdQYzTMjNmbt6sJ4A4pGnCupFrzL04EYDvbVmT4GEZm6CU4BsY61yosnpGSqqcVCdw5xW1k4bCSDPW75WHLCVmYyROhZ+yyo8uAcIy5UIyBZXF/PO7taJrrIi5RwdqIPwtCrJ3dJkcFWa3qZWJykLAFQD5A/lta/egS/u/nyCap2e16WGnvSluz9CyYtGFNS9axzOwHxLFEv2ocOsJjYgzV+Jfpiao94A4VzLKbUDHlfV57KS0tJaT8FKKsg34vN3bsD0zUftLUPpUFgJfMwje0C2rCJkCzwgya2vxLqj2fg0Q0= ojarva@ojar-laptop.local', 2046, '27:24:34:50:5b:39:2d:34:f9:60:d5:4e:7a:c7:11:51', 'valid_rsa_2046'],
 
+    # options copied from OpenBSD sshd.8 man page
+    ['from="*.sales.example.net,!pc.sales.example.net" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABADR9kolU4uiD26LMrbakQlNf4QWB2xrdY3nASf6CJdQYzTMjNmbt6sJ4A4pGnCupFrzL04EYDvbVmT4GEZm6CU4BsY61yosnpGSqqcVCdw5xW1k4bCSDPW75WHLCVmYyROhZ+yyo8uAcIy5UIyBZXF/PO7taJrrIi5RwdqIPwtCrJ3dJkcFWa3qZWJykLAFQD5A/lta/egS/u/nyCap2e16WGnvSluz9CyYtGFNS9axzOwHxLFEv2ocOsJjYgzV+Jfpiao94A4VzLKbUDHlfV57KS0tJaT8FKKsg34vN3bsD0zUftLUPpUFgJfMwje0C2rCJkCzwgya2vxLqj2fg0Q0= ojarva@ojar-laptop.local', 2046, '27:24:34:50:5b:39:2d:34:f9:60:d5:4e:7a:c7:11:51', 'valid_rsa_2046_with_options_1'],
+    ['command="dump /home",no-pty,no-port-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABADR9kolU4uiD26LMrbakQlNf4QWB2xrdY3nASf6CJdQYzTMjNmbt6sJ4A4pGnCupFrzL04EYDvbVmT4GEZm6CU4BsY61yosnpGSqqcVCdw5xW1k4bCSDPW75WHLCVmYyROhZ+yyo8uAcIy5UIyBZXF/PO7taJrrIi5RwdqIPwtCrJ3dJkcFWa3qZWJykLAFQD5A/lta/egS/u/nyCap2e16WGnvSluz9CyYtGFNS9axzOwHxLFEv2ocOsJjYgzV+Jfpiao94A4VzLKbUDHlfV57KS0tJaT8FKKsg34vN3bsD0zUftLUPpUFgJfMwje0C2rCJkCzwgya2vxLqj2fg0Q0= ojarva@ojar-laptop.local', 2046, '27:24:34:50:5b:39:2d:34:f9:60:d5:4e:7a:c7:11:51', 'valid_rsa_2046_with_options_2'],
+    ['restrict,pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABADR9kolU4uiD26LMrbakQlNf4QWB2xrdY3nASf6CJdQYzTMjNmbt6sJ4A4pGnCupFrzL04EYDvbVmT4GEZm6CU4BsY61yosnpGSqqcVCdw5xW1k4bCSDPW75WHLCVmYyROhZ+yyo8uAcIy5UIyBZXF/PO7taJrrIi5RwdqIPwtCrJ3dJkcFWa3qZWJykLAFQD5A/lta/egS/u/nyCap2e16WGnvSluz9CyYtGFNS9axzOwHxLFEv2ocOsJjYgzV+Jfpiao94A4VzLKbUDHlfV57KS0tJaT8FKKsg34vN3bsD0zUftLUPpUFgJfMwje0C2rCJkCzwgya2vxLqj2fg0Q0= ojarva@ojar-laptop.local', 2046, '27:24:34:50:5b:39:2d:34:f9:60:d5:4e:7a:c7:11:51', 'valid_rsa_2046_with_options_3'],
+    ['command="echo ssh-rsa asdf" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABADR9kolU4uiD26LMrbakQlNf4QWB2xrdY3nASf6CJdQYzTMjNmbt6sJ4A4pGnCupFrzL04EYDvbVmT4GEZm6CU4BsY61yosnpGSqqcVCdw5xW1k4bCSDPW75WHLCVmYyROhZ+yyo8uAcIy5UIyBZXF/PO7taJrrIi5RwdqIPwtCrJ3dJkcFWa3qZWJykLAFQD5A/lta/egS/u/nyCap2e16WGnvSluz9CyYtGFNS9axzOwHxLFEv2ocOsJjYgzV+Jfpiao94A4VzLKbUDHlfV57KS0tJaT8FKKsg34vN3bsD0zUftLUPpUFgJfMwje0C2rCJkCzwgya2vxLqj2fg0Q0= ojarva@ojar-laptop.local ssh-rsa key', 2046, '27:24:34:50:5b:39:2d:34:f9:60:d5:4e:7a:c7:11:51', 'valid_rsa_2046_with_options_4'],
+
     # ECDSA keys
     ["ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE2gqbAChP2h3fTPx3Jy2KdOJUiBGEiqBUwoosfzllw+KrqmGiDEWlufSxdiSOFuLd4a8PSwhoWbdQRVFrZAvFE= joku@vps91201", 256, "7a:16:d1:e9:9d:11:45:a7:7e:64:a0:f0:9b:f1:2e:f3", "ecdsa_sha2_nistp256_1"],
     ["ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBCCfGmR4U8uiCQ6atu74i19/R3We8vQzcKpvSw/T54lJhIZov3NNLJNnB+BvOV+HvgIwHHjzC95UwWm+YgEsQdZxT2eZOLvPQNw5lOZ4OKjbRmROxyDnF2BptAS/og+rZg== joku@vps91201", 384, "19:f6:7e:f9:da:68:88:4a:bf:1d:4b:07:8a:70:65:f7", "ecdsa_sha2_nistp384"],

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,6 @@`
`17`	`17`
`18`	`18`	`["ecdsa-sha2-nistp255 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTUAAAAIbmlzdHAyNTUAAABBBE2gqbAChP2h3fTPx3Jy2KdOJUiBGEiqBUwoosfzllw+KrqmGiDEWlufSxdiSOFuLd4a8PSwhoWbdQRVFrZAvFE=", NotImplementedError, "invalid_nist_curve"],`
`19`	`19`	`["", InvalidKeyException, "empty_key"],`
`20`		`- ["- -", MalformedDataException, "no_content"],`
`21`		`- ["invalid-key-typeaaa AAAAE2ludmFsaWQta2V5LXR5cGVhYWEAAAAIbmlzdHAyNTUAAABBBE2gqbAChP2h3fTPx3Jy2KdOJUiBGEiqBUwoosfzllw+KrqmGiDEWlufSxdiSOFuLd4a8PSwhoWbdQRVFrZAvFE=", NotImplementedError, "not_implemented_key_type"],`
	`20`	`+ ["- -", InvalidKeyException, "no_content"],`
	`21`	+ ["ssh-invalid-key-type AAAAFHNzaC1pbnZhbGlkLWtleS10eXBlAAAAgMEgAGDgAKEBAMAgoECggSCAQIEAoIAhASEhAKDAAOAAwGCBIKAAYGCgYKDhAEBAwICAoIDgIADAYKAAYGAAYAEgwGBBIGDhIOBg4CAAoQDAIEAgIEEggEDgQGCAIGAhAQDgoKAhIAAggSBA4CBggOEBIEDgoMDAwKBg4MDAYIDgAAAAIAAAAAAAAAAAAAAAAIAggEEggSBAIIBgAMDAQADAIQEgAAAAgJAQABBgICBQUABQcFAAcJBgUIAAIHAAkJBQEIAQMEAgIHBQEFCAUBBQUHAQMGBgQBCAEEAgICBQYDBwIJBAYFCQYDBwIAAQIHCQMEBwYCBAICAAEFBQAHAgAIBQAJBwgEBwYGCAEHBgkBAwEBAQcHAQMGCQMCBQIABAUJAgEIAgAAAAgIGAAYIDgoSBA4ABAgAEAIEEAoEAg4IDAgQCAwCDgQMAgQABgoGAAgMCgoOCA4QABAGBAQQDgoKABASBhAQDgoIBgIQEgAQEAQSBg4IEBICEggKBAAABgYKDAgGDgYAAgoGCAoODgYGEAwIBAoACgQADBAGDgASCgQMDgAABAISA", NotImplementedError, "not_implemented_key_type"],
`22`	`22`	`]`