Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
16293 commits 13 branches 13 tags 306 MiB
Commit graph

15 commits

Author SHA1 Message Date
Jo-Philipp Wich
0186d7eae0 luci-mod-system: fix potential stored XSS 
Make sure to escape the key contents in the delete confirmation dialog.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2023-01-13 21:18:09 +01:00
Eric McDonald
2b3c852aa3 luci-mod-system: allow ecdsa-sk and ed25519-sk key types 
Allow adding ecdsa-sk and ed25519-sk SSH keys in LuCI
These key types can be generated via the -t flag in ssh-keygen and are
supported in recent versions of dropbear. As ssh-keygen ignores the -b
flag when generating ecdsa-sk and ed25519-sk keys, the curve field in
the objects returned by the decode function is set to fixed strings for
both ecdsa-sk and ed25519-sk public key strings. This is in contrast to
ecdsa keys for which various curves can be provided (e.g., NIST P-256,
NIST P-384, and NIST P-521).

Signed-off-by: Eric McDonald <ericmcdonald@protonmail.com>
 2022-09-21 17:25:37 -04:00
Jo-Philipp Wich
944b55738e luci-mod-system: sshkeys.js: prevent XSS through pubkey comments 
Ensure to not display public key comments verbatim in order to prevent
injection of markup.

Reported-by: Eric McDonald <ericmcdonald@protonmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2022-09-21 14:47:41 +02:00
Jo-Philipp Wich
e0ff3ff933 luci-mod-system: mention ED25519 keys 
Also update translations source strings accordingly.

Fixes: #5649
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2022-01-19 12:10:03 +01:00
Rosen Penev
738f36a1c3 fix wrong ed25519 information 
ECDH is not used for the ed25519. The scheme is called EdDSA.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2021-09-20 12:11:00 -10:00
Jo-Philipp Wich
846b89c5bf luci-mod-system: fix parsing SSH pubkeys with options 
Also eliminate some duplicate code while we're at it.

Fixes: #4684
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-12-23 15:33:08 +01:00
Jo-Philipp Wich
74e8fb0c8e luci-mod-system: sshkeys.js: make readonly on insufficient ACLs 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-04-16 15:38:09 +02:00
Jo-Philipp Wich
3c4bc228a1 treewide: import utility classes explicitly 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-04-03 10:00:06 +02:00
Jo-Philipp Wich
a3ea891b7e luci-mod-system: sshkeys.js: do not incorrectly filter ecdsa keys on load 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-11-13 16:55:28 +01:00
Jo-Philipp Wich
54163c95e1 luci-mod-system: sshkeys.js: explicitely require ui.js 
While ui.js is implicitely autoloaded by other classes, we need to require
it directly in the view to avoid race conditions during rendering.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-11-03 18:03:01 +01:00
Jo-Philipp Wich
dffa9c57fe luci-mod-system: sshkeys.js: create authorized_keys as 0600 
Fixes: #3226
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-10-21 08:43:07 +02:00
Jo-Philipp Wich
55fb53e995 luci-mod-system: sshkeys.js: use common fs.js class 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-10-07 11:53:39 +02:00
Jo-Philipp Wich
355223ecdd luci-mod-system: fix rerendering of ssh key list after add/remove 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-09-27 12:53:47 +02:00
Jo-Philipp Wich
a31d1d10e0 luci-mod-system: reimplement SSH key mgmt as client side view 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-09-15 20:00:36 +02:00
Jo-Philipp Wich
84d50a6044 luci-mod-system: move password and sshkey JS code into external files 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2018-11-22 12:49:14 +01:00