Match = SSHFingerprint.match(output)
g = Match.groups()
- if int(g[0]) < 1024:
+ if int(g[0]) < 2048 and (typekey != "ed25519"):
try:
# Body
- Subst["__ERROR__"] = "SSH keysize %s is below limit 1024" % (g[0])
+ Subst["__ERROR__"] = "SSH keysize %s is below limit 2048" % (g[0])
ErrReply = TemplateSubst(Subst,open(TemplatesDir+"admin-info","r").read())
Child = os.popen("/usr/sbin/sendmail -t","w")
sys.exit(EX_TEMPFAIL)
# And now break and stop processing input, which sends a reply to the user.
- raise UDFormatError, "SSH keys must have at least 1024 bits, processing halted, NOTHING MODIFIED AT ALL"
+ raise UDFormatError, "SSH keys must have at least 2048 bits, processing halted, NOTHING MODIFIED AT ALL"
elif g[1] in badkeys:
try:
# Body
# Handle a ConfirmSudoPassword request
def DoConfirmSudopassword(Str, SudoPasswd):
- Match = re.compile('^confirm sudopassword ('+UUID_FORMAT+') ([a-z0-9.,*]+) ([0-9a-f]{40})$').match(Str)
+ Match = re.compile('^confirm sudopassword ('+UUID_FORMAT+') ([a-z0-9.,*-]+) ([0-9a-f]{40})$').match(Str)
if Match == None:
return None
newldap = []
for entry in inldap:
- Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
+ Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*-]+) ([^ ]+)$').match(entry)
if Match == None:
raise UDFormatError, "Could not parse existing sudopasswd entry"
uuid = Match.group(1)