From 75e792477014305d64ae8dc7afa406307f24fc25 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sun, 26 Jul 2015 07:58:42 +0000
Subject: [PATCH] check uploaded keys (RFE 124)

---
 lam/lib/modules/ldapPublicKey.inc | 35 +++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/lam/lib/modules/ldapPublicKey.inc b/lam/lib/modules/ldapPublicKey.inc
index c7dd69fe..4f365cf0 100644
--- a/lam/lib/modules/ldapPublicKey.inc
+++ b/lam/lib/modules/ldapPublicKey.inc
@@ -107,6 +107,7 @@ class ldapPublicKey extends baseModule {
 	**/
 	function load_Messages() {
 		$this->messages['file'][0] = array('ERROR', _('No file selected.'));
+		$this->messages['file'][1] = array('ERROR', _('The uploaded file seems to be no valid public key.'));
 	}
 
 	/**
@@ -145,12 +146,24 @@ class ldapPublicKey extends baseModule {
 				$handle = fopen($_FILES['sshPublicKeyFile']['tmp_name'], "r");
 				$data = fread($handle, 10000000);
 				fclose($handle);
-				$data = str_replace("\r\n", "\n", $data);
-				$data = str_replace("\r", "\n", $data);
-				$lines = explode("\n", $data);
-				foreach ($lines as $line) {
-					if (!empty($line) && !(strpos($line, '#') === 0)) {
-						$this->attributes['sshPublicKey'][] = $line;
+				$isOk = true;
+				if (is_executable('/usr/bin/ssh-keygen')) {
+					$out = array();
+					$retVal = 0;
+					exec('/usr/bin/ssh-keygen -l -f ' . escapeshellarg($_FILES['sshPublicKeyFile']['tmp_name']), $out, $retVal);
+					if ($retVal !== 0) {
+						$messages[] = $this->messages['file'][1];
+						$isOk = false;
+					}
+				}
+				if ($isOk) {
+					$data = str_replace("\r\n", "\n", $data);
+					$data = str_replace("\r", "\n", $data);
+					$lines = explode("\n", $data);
+					foreach ($lines as $line) {
+						if (!empty($line) && !(strpos($line, '#') === 0)) {
+							$this->attributes['sshPublicKey'][] = $line;
+						}
 					}
 				}
 			}
@@ -497,6 +510,16 @@ class ldapPublicKey extends baseModule {
 			$handle = fopen($_FILES['qqfile']['tmp_name'], "r");
 			$data = fread($handle, 100000000);
 			fclose($handle);
+			if (is_executable('/usr/bin/ssh-keygen')) {
+				$out = array();
+				$retVal = 0;
+				exec('/usr/bin/ssh-keygen -l -f ' . escapeshellarg($_FILES['qqfile']['tmp_name']), $out, $retVal);
+				if ($retVal !== 0) {
+					$result = array('error' => $this->messages['file'][1][1]);
+					echo json_encode($result);
+					return;
+				}
+			}
 			$data = str_replace("\r\n", "\n", $data);
 			$data = str_replace("\r", "\n", $data);
 			$lines = explode("\n", $data);