From 6af0e8af2ab4b9151df5dbce8b4899e6f1093852 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 5 Mar 2020 17:34:38 +0100
Subject: login: T2050: extend verify() on public-keys

* A type must be present for any one public-key element
* A key must be present for any one public-key element
---
 src/conf_mode/system-login.py | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src')

diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index a7fb8ee8f..959e86e5b 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -196,6 +196,14 @@ def verify(login):
     if cur_user in login['del_users']:
         raise ConfigError('Attempting to delete current user: {}'.format(cur_user))
 
+    for user in login['add_users']:
+        for key in user['public_keys']:
+            if not key['type']:
+                raise ConfigError('SSH public key type missing for "{}"!'.format(key['name']))
+
+            if not key['key']:
+                raise ConfigError('SSH public key for id "{}" missing!'.format(key['name']))
+
     # At lease one RADIUS server must not be disabled
     if len(login['radius_server']) > 0:
         fail = True
-- 
cgit v1.2.3