Fixing authorized_keys module to make the key part detection better

Fixes #4677 Fixes #4657 Fixes #4599

Fixing authorized_keys module to make the key part detection better
Fixes #4677 Fixes #4657 Fixes #4599
0e9184ee · James Cammarata · 9249cf57 · 0e9184ee
Commit 0e9184ee authored Oct 28, 2013 by James Cammarata
Show whitespace changes
Inline Side-by-side

Showing with 30 additions and 29 deletions

library/system/authorized_key
+30 -29

No files found.
--- a/library/system/authorized_key
+++ b/library/system/authorized_key
@@ -65,12 +65,6 @@ options:
    required: false
    default: null
    version_added: "1.4"
-  unique:
-    description:
-      - Ensure that there is only one key matching the specified key in the file
-    required: false
-    default: false
-    version_added: "1.4"
 description:
    - "Adds or removes authorized keys for particular user accounts"
 author: Brad Olson
@@ -210,34 +204,41 @@ def parsekey(raw_key):
        'ssh-rsa',
    ]

+    options    = None   # connection options
+    key        = None   # encrypted key string
+    key_type   = None   # type of ssh key
+    type_index = None   # index of keytype in key string|list
+
    key_parts = shlex.split(raw_key)
-    if len(key_parts) >= 4 and key_parts[1] in VALID_SSH2_KEY_TYPES:
-        # this line contains options
-        (options,type,key) = key_parts[0:3]
-        comment = " ".join(key_parts[3:])
-    elif len(key_parts) >= 3 and key_parts[0] in VALID_SSH2_KEY_TYPES:
-        # this line is just 'type key user@host'
-        (type,key) = key_parts[0:2]
-        comment = " ".join(key_parts[2:])
-        options = None
-    elif len(key_parts) == 2 and key_parts[0] in VALID_SSH2_KEY_TYPES:
-        # assuming just a type/key with no comment
-        (type,key) = key_parts
-        comment = ""
-        options = None
-    else:
-        # invalid key, maybe a comment?
+    for i in range(0, len(key_parts)):
+        if key_parts[i] in VALID_SSH2_KEY_TYPES:
+            type_index = i
+            key_type = key_parts[i]
+            break
+
+    # check for options
+    if type_index is None:
        return None
-
-    if options:
+    elif type_index == 1:
        # parse the options and store them
+        options = key_parts[0]
+
+    # parse the options (if any)
    options = parseoptions(options)
-    return (key, type, options, comment)
+
+    # get key after the type index
+    key = key_parts[(type_index + 1)]
+
+    # set comment to everything after the key
+    if len(key_parts) > (type_index + 1):
+        comment = " ".join(key_parts[(type_index + 2):])
+
+    return (key, key_type, options, comment)

 def readkeys(filename):

    if not os.path.isfile(filename):
-        return []
+        return {}

    keys = {}
    f = open(filename)
@@ -268,7 +269,7 @@ def writekeys(module, filename, keys):
                        if options[option_key]:
                            option_strings.append("%s=\"%s\"" % (option_key, options[option_key]))
                        else:
-                            option_strings.append("%s " % option_key)
+                            option_strings.append("%s" % option_key)

                    option_str = ",".join(option_strings)
                    option_str += " "
@@ -292,7 +293,6 @@ def enforce_state(module, params):
    manage_dir  = params.get("manage_dir", True)
    state       = params.get("state", "present")
    key_options = params.get("key_options", None)
-    unique      = params.get("unique",False)

    key = key.split('\n')

@@ -329,8 +329,9 @@ def enforce_state(module, params):

        # handle idempotent state=present
        if state=="present":
-            if unique and len(non_matching_keys) > 0:
+            if len(non_matching_keys) > 0:
                for non_matching_key in non_matching_keys:
+                    if non_matching_key[0] in existing_keys:
                        del existing_keys[non_matching_key[0]]
                        do_write = True