From 9883c368417e1c89af64a2717b99aee44c848187 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Wed, 23 Feb 2022 16:41:40 +0100
Subject: [PATCH] SshResourceForm: Don't accept `file://...` as private key

---
 .../forms/Config/Resource/SshResourceForm.php       | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/application/forms/Config/Resource/SshResourceForm.php b/application/forms/Config/Resource/SshResourceForm.php
index 0d635665c..f80e6ee5f 100644
--- a/application/forms/Config/Resource/SshResourceForm.php
+++ b/application/forms/Config/Resource/SshResourceForm.php
@@ -52,9 +52,13 @@ class SshResourceForm extends Form
 
         if ($this->getRequest()->getActionName() != 'editresource') {
             $callbackValidator = new Zend_Validate_Callback(function ($value) {
-                if (openssl_pkey_get_private($value) === false) {
+                if (
+                    substr(ltrim($value), 0, 7) === 'file://'
+                    || openssl_pkey_get_private($value) === false
+                ) {
                     return false;
                 }
+
                 return true;
             });
             $callbackValidator->setMessage(
@@ -126,20 +130,19 @@ class SshResourceForm extends Form
         $configDir = Icinga::app()->getConfigDir();
         $user = $form->getElement('user')->getValue();
 
-        $filePath = $configDir . '/ssh/' . $user;
-
+        $filePath = join(DIRECTORY_SEPARATOR, [$configDir, 'ssh', sha1($user)]);
         if (! file_exists($filePath)) {
             $file = File::create($filePath, 0600);
         } else {
             $form->error(
-                sprintf($form->translate('The private key for the user "%s" is already exists.'), $user)
+                sprintf($form->translate('The private key for the user "%s" already exists.'), $user)
             );
             return false;
         }
 
         $file->fwrite($form->getElement('private_key')->getValue());
 
-        $form->getElement('private_key')->setValue($configDir . '/ssh/' . $user);
+        $form->getElement('private_key')->setValue($filePath);
 
         return true;
     }