From 09c998f104459749081b319fef61ec6882b15ae9 Mon Sep 17 00:00:00 2001
From: James Cammarata <jimi@sngx.net>
Date: Wed, 2 Apr 2014 14:25:24 -0500
Subject: [PATCH] Fixing some parsing issues in authorized_key module

Also adds an integration test for authorized_key for future validation.

Fixes #6700
---
 system/authorized_key | 44 +++++++++++++++----------------------------
 1 file changed, 15 insertions(+), 29 deletions(-)

diff --git a/system/authorized_key b/system/authorized_key
index ac81c39d896..cebbcc3ca16 100644
--- a/system/authorized_key
+++ b/system/authorized_key
@@ -199,33 +199,19 @@ def parseoptions(module, options):
     '''
     options_dict = keydict() #ordered dict
     if options:
-        token_exp = [
-            # matches separator
-            (r',+', False),
-            # matches option with value, e.g. from="x,y"
-            (r'([a-z0-9-]+)="((?:[^"\\]|\\.)*)"', True),
-            # matches single option, e.g. no-agent-forwarding 
-            (r'[a-z0-9-]+', True)
-        ]
-
-        pos = 0
-        while pos < len(options):
-            match = None
-            for pattern, is_valid_option in token_exp:
-                regex = re.compile(pattern, re.IGNORECASE)
-                match = regex.match(options, pos)
-                if match:
-                    text = match.group(0)
-                    if is_valid_option:
-                        if len(match.groups()) == 2:
-                            options_dict[match.group(1)] = match.group(2)
-                        else:
-                            options_dict[text] = None
-                    break
-            if not match:
-                module.fail_json(msg="invalid option string: %s" % options)
-            else:
-                pos = match.end(0)
+        try:
+            # the following regex will split on commas while
+            # ignoring those commas that fall within quotes
+            regex = re.compile(r'''((?:[^,"']|"[^"]*"|'[^']*')+)''')
+            parts = regex.split(options)[1:-1]
+            for part in parts:
+                if "=" in part:
+                    (key, value) = part.split("=", 1)
+                    options_dict[key] = value
+                elif part != ",":
+                    options_dict[part] = None
+        except:
+            module.fail_json(msg="invalid option string: %s" % options)
 
     return options_dict
 
@@ -254,7 +240,7 @@ def parsekey(module, raw_key):
 
     # split key safely
     lex = shlex.shlex(raw_key)
-    lex.quotes = ["'", '"']
+    lex.quotes = []
     lex.commenters = '' #keep comment hashes
     lex.whitespace_split = True
     key_parts = list(lex)
@@ -315,7 +301,7 @@ def writekeys(module, filename, keys):
                     option_strings = []
                     for option_key in options.keys():
                         if options[option_key]:
-                            option_strings.append("%s=\"%s\"" % (option_key, options[option_key]))
+                            option_strings.append("%s=%s" % (option_key, options[option_key]))
                         else:
                             option_strings.append("%s" % option_key)