wangwei
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
4917 Commits
197 Branches
346 MB
572 Download
Tree: 091f063706
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '091f063706'
${ noResults }
aiforge/models/ssh_key.go

ssh_key.go 22 kB
Raw Normal View History

Fix delete SSH key in file
11 years ago
add publickey & access
11 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
Bug fix
11 years ago
add publickey & access
11 years ago
Add postgres support, clean code, code review
11 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
add publickey & access
11 years ago
Add generate fingerprint of ssh key
11 years ago
add publickey & access
11 years ago
Fix delete SSH key in file
11 years ago
add publickey & access
11 years ago
Update
11 years ago
#334: Add Deployment Key Support
10 years ago
#2179 use Go sub-repo ssh to verify public key content
9 years ago
Fix SSH key bug in windows
11 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
9 years ago
add publickey & access
11 years ago
Add postgres support, clean code, code review
11 years ago
And others
9 years ago
Add postgres support, clean code, code review
11 years ago
models/ssh_key: code cleaning
9 years ago
add publickey
11 years ago
Lint models/ssh_key.go
9 years ago
#334: Add Deployment Key Support
10 years ago
Lint models/ssh_key.go
9 years ago
And others
9 years ago
Lint models/ssh_key.go
9 years ago
And others
9 years ago
#334: Add Deployment Key Support
10 years ago
models/ssh_key: code cleaning
9 years ago
add publickey & access
11 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/ssh_key.go
9 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/ssh_key.go
9 years ago
#334: Add Deployment Key Support
10 years ago
Lint models/ssh_key.go
9 years ago
#334: Add Deployment Key Support
10 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/ssh_key.go
9 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/ssh_key.go
9 years ago
#334: Add Deployment Key Support
10 years ago
add publickey & access
11 years ago
models/ssh_key: code cleaning
9 years ago
Lint models/ssh_key.go
9 years ago
Fix #652
11 years ago
models/ssh_key: code cleaning
9 years ago
And others
9 years ago
add publickey & access
11 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
#334: Add Deployment Key Support
10 years ago
models/ssh_key: code cleaning
9 years ago
Handle ssh key import better (#224) * Handle user ssh key input better ssh_key: when user submitted keys had a newline at the end, strings.Split would have created a slice with an empty last element, and the key type check would be incorrect. Perhaps a better way is to look for 'ssh-rsa' or 'ssh-dsa' at the beginning of the string, but this is simple. * ssh_key: correct indentation
9 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
#1622 comment with whitespace
10 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
Replace Gogs with Gitea (#520)
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
models/ssh_key: code cleaning
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Refactor process package and introduce ProcessManager{} with tests (#75) * Add a process.Manager singleton with process.GetManager() * Use process.GetManager everywhere * Fix godoc comments for process module * Increment process counter id after locking the mutex
8 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
refactor: Remove unnecessary type conversions (#772)
8 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
New UI merge in progress
11 years ago
models/ssh_key: code cleaning
9 years ago
#334: Add Deployment Key Support
10 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
#334: Add Deployment Key Support
10 years ago
#634
11 years ago
New UI merge in progress
11 years ago
#334: Add Deployment Key Support
10 years ago
New UI merge in progress
11 years ago
Trim whitespace when adding SSH keys (fixes #2447)
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
New UI merge in progress
11 years ago
#2179 use Go sub-repo ssh to verify public key content
9 years ago
models/ssh_key: code cleaning
9 years ago
New UI merge in progress
11 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
New UI merge in progress
11 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
New UI merge in progress
11 years ago
models/ssh_key: code cleaning
9 years ago
Finish issue design
11 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
Finish issue design
11 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
11 years ago
models: code fix on #818
10 years ago
models/ssh_key: code cleaning
9 years ago
Work #475 and #458
11 years ago
models/ssh_key: code cleaning
9 years ago
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
10 years ago
Fix mirror UI style and work on #475
11 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
11 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
11 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
models/ssh_key: code cleaning
9 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
Finish issue design
11 years ago
Fix typos in models/ (#576)
9 years ago
#1535 Removing deploy key does not remove key
10 years ago
#334: Add Deployment Key Support
10 years ago
#1535 Removing deploy key does not remove key
10 years ago
And others
9 years ago
#1535 Removing deploy key does not remove key
10 years ago
Add check if public key name has been used
11 years ago
#334: Add Deployment Key Support
10 years ago
Add check if public key name has been used
11 years ago
#334: Add Deployment Key Support
10 years ago
Add check if public key name has been used
11 years ago
#334: Add Deployment Key Support
10 years ago
Add generate fingerprint of ssh key
11 years ago
Finish issue design
11 years ago
Fix SSH key bug in windows
11 years ago
Catch os... errors
9 years ago
Cleanup log messaging This change corrects a few logging issues: * Standardized formatting errors with '%v'. * Standardized failure warning word usage. * Corrected an instance of using the standard log library when the gitea log library should be used instead.
8 years ago
Catch os... errors
9 years ago
#334: Add Deployment Key Support
10 years ago
add publickey & access
11 years ago
Refactor process package and introduce ProcessManager{} with tests (#75) * Add a process.Manager singleton with process.GetManager() * Use process.GetManager everywhere * Fix godoc comments for process module * Increment process counter id after locking the mutex
8 years ago
add publickey & access
11 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Add generate fingerprint of ssh key
11 years ago
More debug info
11 years ago
Add generate fingerprint of ssh key
11 years ago
#334: Add Deployment Key Support
10 years ago
Add generate fingerprint of ssh key
11 years ago
#334: Add Deployment Key Support
10 years ago
#2147 fix rewrites authorized_keys when builtin SSH server is enabled
10 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
#2147 fix rewrites authorized_keys when builtin SSH server is enabled
10 years ago
models/ssh_key: code cleaning
9 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
fix #976
10 years ago
add publickey & access
11 years ago
#334: Add Deployment Key Support
10 years ago
Rewrite XORM queries
9 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
#334: Add Deployment Key Support
10 years ago
ACCESS_MODE_* -> AccessMode*
9 years ago
And others
9 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
add publickey & access
11 years ago
#334: Add Deployment Key Support
10 years ago
Finish new web hook pages
11 years ago
Rewrite XORM queries
9 years ago
Finish new web hook pages
11 years ago
#334: Add Deployment Key Support
10 years ago
Finish new web hook pages
11 years ago
fix 1540 and experimental SSH server support
10 years ago
Rewrite XORM queries
9 years ago
fix 1540 and experimental SSH server support
10 years ago
add personal access token panel #12
11 years ago
New UI merge in progress
11 years ago
Rewrite XORM queries
9 years ago
Finish issue design
11 years ago
Finish new web hook pages
11 years ago
#334: Add Deployment Key Support
10 years ago
Finish new web hook pages
11 years ago
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
9 years ago
#334: Add Deployment Key Support
10 years ago
Fix SSH key bug in windows
11 years ago
Improve delete SSH key
11 years ago
use in instead string join (#155)
9 years ago
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
9 years ago
add publickey & access
11 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
add confirmation to delete ssh key
10 years ago
fix #976
10 years ago
Refactor User.Id to User.ID
9 years ago
add confirmation to delete ssh key
10 years ago
#334: Add Deployment Key Support
10 years ago
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
9 years ago
#334: Add Deployment Key Support
10 years ago
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
9 years ago
#334: Add Deployment Key Support
10 years ago
models: code fix on #818
10 years ago
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
9 years ago
Fix typos in models/ (#576)
9 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
models: code fix on #818
10 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
#1050: Bad permissions on authorized_keys after rewrite
10 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
models: code fix on #818
10 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
models: code fix on #818
10 years ago
models/ssh_key: code cleaning
9 years ago
models: code fix on #818
10 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
models: code fix on #818
10 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
models: code fix on #818
10 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
#334: Add Deployment Key Support
10 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/ssh_key.go
9 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/ssh_key.go
9 years ago
#334: Add Deployment Key Support
10 years ago
Lint models/ssh_key.go
9 years ago
#334: Add Deployment Key Support
10 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/ssh_key.go
9 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Lint models/ssh_key.go
9 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
Lint models/ssh_key.go
9 years ago
fix #878
10 years ago
Lint models/ssh_key.go
9 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
Rewrite XORM queries
9 years ago
#334: Add Deployment Key Support
10 years ago
Rewrite XORM queries
9 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
Rewrite XORM queries
9 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
ACCESS_MODE_* -> AccessMode*
9 years ago
And others
9 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
APIs: admin users
10 years ago
ACCESS_MODE_* -> AccessMode*
9 years ago
APIs: admin users
10 years ago
Refactor User.Id to User.ID
9 years ago
APIs: admin users
10 years ago
#334: Add Deployment Key Support
10 years ago
#1535 Removing deploy key does not remove key
10 years ago
models/ssh_key: code cleaning
9 years ago
#334: Add Deployment Key Support
10 years ago
Rewrite XORM queries
9 years ago
#334: Add Deployment Key Support
10 years ago
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
9 years ago
#334: Add Deployment Key Support
10 years ago
Rewrite XORM queries
9 years ago
#334: Add Deployment Key Support
10 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"encoding/base64"

  9. 	"encoding/binary"

  10. 	"errors"

  11. 	"fmt"

  12. 	"io/ioutil"

  13. 	"math/big"

  14. 	"os"

  15. 	"path"

  16. 	"path/filepath"

  17. 	"strings"

  18. 	"sync"

  19. 	"time"

  20. 

  21. 	"github.com/Unknwon/com"

  22. 	"github.com/go-xorm/xorm"

  23. 	"golang.org/x/crypto/ssh"

  24. 

  25. 	"code.gitea.io/gitea/modules/log"

  26. 	"code.gitea.io/gitea/modules/process"

  27. 	"code.gitea.io/gitea/modules/setting"

  28. )

  29. 

  30. const (

  31. 	tplPublicKey = `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"

  32. )

  33. 

  34. var sshOpLocker sync.Mutex

  35. 

  36. // KeyType specifies the key type

  37. type KeyType int

  38. 

  39. const (

  40. 	// KeyTypeUser specifies the user key

  41. 	KeyTypeUser = iota + 1

  42. 	// KeyTypeDeploy specifies the deploy key

  43. 	KeyTypeDeploy

  44. )

  45. 

  46. // PublicKey represents a user or deploy SSH public key.

  47. type PublicKey struct {

  48. 	ID          int64      `xorm:"pk autoincr"`

  49. 	OwnerID     int64      `xorm:"INDEX NOT NULL"`

  50. 	Name        string     `xorm:"NOT NULL"`

  51. 	Fingerprint string     `xorm:"NOT NULL"`

  52. 	Content     string     `xorm:"TEXT NOT NULL"`

  53. 	Mode        AccessMode `xorm:"NOT NULL DEFAULT 2"`

  54. 	Type        KeyType    `xorm:"NOT NULL DEFAULT 1"`

  55. 

  56. 	Created           time.Time `xorm:"-"`

  57. 	CreatedUnix       int64

  58. 	Updated           time.Time `xorm:"-"` // Note: Updated must below Created for AfterSet.

  59. 	UpdatedUnix       int64

  60. 	HasRecentActivity bool `xorm:"-"`

  61. 	HasUsed           bool `xorm:"-"`

  62. }

  63. 

  64. // BeforeInsert will be invoked by XORM before inserting a record

  65. func (key *PublicKey) BeforeInsert() {

  66. 	key.CreatedUnix = time.Now().Unix()

  67. }

  68. 

  69. // BeforeUpdate is invoked from XORM before updating this object.

  70. func (key *PublicKey) BeforeUpdate() {

  71. 	key.UpdatedUnix = time.Now().Unix()

  72. }

  73. 

  74. // AfterSet is invoked from XORM after setting the value of a field of this object.

  75. func (key *PublicKey) AfterSet(colName string, _ xorm.Cell) {

  76. 	switch colName {

  77. 	case "created_unix":

  78. 		key.Created = time.Unix(key.CreatedUnix, 0).Local()

  79. 	case "updated_unix":

  80. 		key.Updated = time.Unix(key.UpdatedUnix, 0).Local()

  81. 		key.HasUsed = key.Updated.After(key.Created)

  82. 		key.HasRecentActivity = key.Updated.Add(7 * 24 * time.Hour).After(time.Now())

  83. 	}

  84. }

  85. 

  86. // OmitEmail returns content of public key without email address.

  87. func (key *PublicKey) OmitEmail() string {

  88. 	return strings.Join(strings.Split(key.Content, " ")[:2], " ")

  89. }

  90. 

  91. // AuthorizedString returns formatted public key string for authorized_keys file.

  92. func (key *PublicKey) AuthorizedString() string {

  93. 	return fmt.Sprintf(tplPublicKey, setting.AppPath, key.ID, setting.CustomConf, key.Content)

  94. }

  95. 

  96. func extractTypeFromBase64Key(key string) (string, error) {

  97. 	b, err := base64.StdEncoding.DecodeString(key)

  98. 	if err != nil || len(b) < 4 {

  99. 		return "", fmt.Errorf("invalid key format: %v", err)

  100. 	}

  101. 

  102. 	keyLength := int(binary.BigEndian.Uint32(b))

  103. 	if len(b) < 4+keyLength {

  104. 		return "", fmt.Errorf("invalid key format: not enough length %d", keyLength)

  105. 	}

  106. 

  107. 	return string(b[4 : 4+keyLength]), nil

  108. }

  109. 

  110. // parseKeyString parses any key string in OpenSSH or SSH2 format to clean OpenSSH string (RFC4253).

  111. func parseKeyString(content string) (string, error) {

  112. 	// Transform all legal line endings to a single "\n".

  113. 	content = strings.NewReplacer("\r\n", "\n", "\r", "\n").Replace(content)

  114. 	// remove trailing newline (and beginning spaces too)

  115. 	content = strings.TrimSpace(content)

  116. 	lines := strings.Split(content, "\n")

  117. 

  118. 	var keyType, keyContent, keyComment string

  119. 

  120. 	if len(lines) == 1 {

  121. 		// Parse OpenSSH format.

  122. 		parts := strings.SplitN(lines[0], " ", 3)

  123. 		switch len(parts) {

  124. 		case 0:

  125. 			return "", errors.New("empty key")

  126. 		case 1:

  127. 			keyContent = parts[0]

  128. 		case 2:

  129. 			keyType = parts[0]

  130. 			keyContent = parts[1]

  131. 		default:

  132. 			keyType = parts[0]

  133. 			keyContent = parts[1]

  134. 			keyComment = parts[2]

  135. 		}

  136. 

  137. 		// If keyType is not given, extract it from content. If given, validate it.

  138. 		t, err := extractTypeFromBase64Key(keyContent)

  139. 		if err != nil {

  140. 			return "", fmt.Errorf("extractTypeFromBase64Key: %v", err)

  141. 		}

  142. 		if len(keyType) == 0 {

  143. 			keyType = t

  144. 		} else if keyType != t {

  145. 			return "", fmt.Errorf("key type and content does not match: %s - %s", keyType, t)

  146. 		}

  147. 	} else {

  148. 		// Parse SSH2 file format.

  149. 		continuationLine := false

  150. 

  151. 		for _, line := range lines {

  152. 			// Skip lines that:

  153. 			// 1) are a continuation of the previous line,

  154. 			// 2) contain ":" as that are comment lines

  155. 			// 3) contain "-" as that are begin and end tags

  156. 			if continuationLine || strings.ContainsAny(line, ":-") {

  157. 				continuationLine = strings.HasSuffix(line, "\\")

  158. 			} else {

  159. 				keyContent = keyContent + line

  160. 			}

  161. 		}

  162. 

  163. 		t, err := extractTypeFromBase64Key(keyContent)

  164. 		if err != nil {

  165. 			return "", fmt.Errorf("extractTypeFromBase64Key: %v", err)

  166. 		}

  167. 		keyType = t

  168. 	}

  169. 	return keyType + " " + keyContent + " " + keyComment, nil

  170. }

  171. 

  172. // writeTmpKeyFile writes key content to a temporary file

  173. // and returns the name of that file, along with any possible errors.

  174. func writeTmpKeyFile(content string) (string, error) {

  175. 	tmpFile, err := ioutil.TempFile(setting.SSH.KeyTestPath, "gitea_keytest")

  176. 	if err != nil {

  177. 		return "", fmt.Errorf("TempFile: %v", err)

  178. 	}

  179. 	defer tmpFile.Close()

  180. 

  181. 	if _, err = tmpFile.WriteString(content); err != nil {

  182. 		return "", fmt.Errorf("WriteString: %v", err)

  183. 	}

  184. 	return tmpFile.Name(), nil

  185. }

  186. 

  187. // SSHKeyGenParsePublicKey extracts key type and length using ssh-keygen.

  188. func SSHKeyGenParsePublicKey(key string) (string, int, error) {

  189. 	// The ssh-keygen in Windows does not print key type, so no need go further.

  190. 	if setting.IsWindows {

  191. 		return "", 0, nil

  192. 	}

  193. 

  194. 	tmpName, err := writeTmpKeyFile(key)

  195. 	if err != nil {

  196. 		return "", 0, fmt.Errorf("writeTmpKeyFile: %v", err)

  197. 	}

  198. 	defer os.Remove(tmpName)

  199. 

  200. 	stdout, stderr, err := process.GetManager().Exec("SSHKeyGenParsePublicKey", setting.SSH.KeygenPath, "-lf", tmpName)

  201. 	if err != nil {

  202. 		return "", 0, fmt.Errorf("fail to parse public key: %s - %s", err, stderr)

  203. 	}

  204. 	if strings.Contains(stdout, "is not a public key file") {

  205. 		return "", 0, ErrKeyUnableVerify{stdout}

  206. 	}

  207. 

  208. 	fields := strings.Split(stdout, " ")

  209. 	if len(fields) < 4 {

  210. 		return "", 0, fmt.Errorf("invalid public key line: %s", stdout)

  211. 	}

  212. 

  213. 	keyType := strings.Trim(fields[len(fields)-1], "()\r\n")

  214. 	return strings.ToLower(keyType), com.StrTo(fields[0]).MustInt(), nil

  215. }

  216. 

  217. // SSHNativeParsePublicKey extracts the key type and length using the golang SSH library.

  218. // NOTE: ed25519 is not supported.

  219. func SSHNativeParsePublicKey(keyLine string) (string, int, error) {

  220. 	fields := strings.Fields(keyLine)

  221. 	if len(fields) < 2 {

  222. 		return "", 0, fmt.Errorf("not enough fields in public key line: %s", keyLine)

  223. 	}

  224. 

  225. 	raw, err := base64.StdEncoding.DecodeString(fields[1])

  226. 	if err != nil {

  227. 		return "", 0, err

  228. 	}

  229. 

  230. 	pkey, err := ssh.ParsePublicKey(raw)

  231. 	if err != nil {

  232. 		if strings.Contains(err.Error(), "ssh: unknown key algorithm") {

  233. 			return "", 0, ErrKeyUnableVerify{err.Error()}

  234. 		}

  235. 		return "", 0, fmt.Errorf("ParsePublicKey: %v", err)

  236. 	}

  237. 

  238. 	// The ssh library can parse the key, so next we find out what key exactly we have.

  239. 	switch pkey.Type() {

  240. 	case ssh.KeyAlgoDSA:

  241. 		rawPub := struct {

  242. 			Name       string

  243. 			P, Q, G, Y *big.Int

  244. 		}{}

  245. 		if err := ssh.Unmarshal(pkey.Marshal(), &rawPub); err != nil {

  246. 			return "", 0, err

  247. 		}

  248. 		// as per https://bugzilla.mindrot.org/show_bug.cgi?id=1647 we should never

  249. 		// see dsa keys != 1024 bit, but as it seems to work, we will not check here

  250. 		return "dsa", rawPub.P.BitLen(), nil // use P as per crypto/dsa/dsa.go (is L)

  251. 	case ssh.KeyAlgoRSA:

  252. 		rawPub := struct {

  253. 			Name string

  254. 			E    *big.Int

  255. 			N    *big.Int

  256. 		}{}

  257. 		if err := ssh.Unmarshal(pkey.Marshal(), &rawPub); err != nil {

  258. 			return "", 0, err

  259. 		}

  260. 		return "rsa", rawPub.N.BitLen(), nil // use N as per crypto/rsa/rsa.go (is bits)

  261. 	case ssh.KeyAlgoECDSA256:

  262. 		return "ecdsa", 256, nil

  263. 	case ssh.KeyAlgoECDSA384:

  264. 		return "ecdsa", 384, nil

  265. 	case ssh.KeyAlgoECDSA521:

  266. 		return "ecdsa", 521, nil

  267. 	case "ssh-ed25519": // TODO: replace with ssh constant when available

  268. 		return "ed25519", 256, nil

  269. 	}

  270. 	return "", 0, fmt.Errorf("unsupported key length detection for type: %s", pkey.Type())

  271. }

  272. 

  273. // CheckPublicKeyString checks if the given public key string is recognized by SSH.

  274. // It returns the actual public key line on success.

  275. func CheckPublicKeyString(content string) (_ string, err error) {

  276. 	if setting.SSH.Disabled {

  277. 		return "", errors.New("SSH is disabled")

  278. 	}

  279. 

  280. 	content, err = parseKeyString(content)

  281. 	if err != nil {

  282. 		return "", err

  283. 	}

  284. 

  285. 	content = strings.TrimRight(content, "\n\r")

  286. 	if strings.ContainsAny(content, "\n\r") {

  287. 		return "", errors.New("only a single line with a single key please")

  288. 	}

  289. 

  290. 	// remove any unnecessary whitespace now

  291. 	content = strings.TrimSpace(content)

  292. 

  293. 	var (

  294. 		fnName  string

  295. 		keyType string

  296. 		length  int

  297. 	)

  298. 	if setting.SSH.StartBuiltinServer {

  299. 		fnName = "SSHNativeParsePublicKey"

  300. 		keyType, length, err = SSHNativeParsePublicKey(content)

  301. 	} else {

  302. 		fnName = "SSHKeyGenParsePublicKey"

  303. 		keyType, length, err = SSHKeyGenParsePublicKey(content)

  304. 	}

  305. 	if err != nil {

  306. 		return "", fmt.Errorf("%s: %v", fnName, err)

  307. 	}

  308. 	log.Trace("Key info [native: %v]: %s-%d", setting.SSH.StartBuiltinServer, keyType, length)

  309. 

  310. 	if !setting.SSH.MinimumKeySizeCheck {

  311. 		return content, nil

  312. 	}

  313. 	if minLen, found := setting.SSH.MinimumKeySizes[keyType]; found && length >= minLen {

  314. 		return content, nil

  315. 	} else if found && length < minLen {

  316. 		return "", fmt.Errorf("key length is not enough: got %d, needs %d", length, minLen)

  317. 	}

  318. 	return "", fmt.Errorf("key type is not allowed: %s", keyType)

  319. }

  320. 

  321. // appendAuthorizedKeysToFile appends new SSH keys' content to authorized_keys file.

  322. func appendAuthorizedKeysToFile(keys ...*PublicKey) error {

  323. 	sshOpLocker.Lock()

  324. 	defer sshOpLocker.Unlock()

  325. 

  326. 	fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys")

  327. 	f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)

  328. 	if err != nil {

  329. 		return err

  330. 	}

  331. 	defer f.Close()

  332. 

  333. 	// Note: chmod command does not support in Windows.

  334. 	if !setting.IsWindows {

  335. 		fi, err := f.Stat()

  336. 		if err != nil {

  337. 			return err

  338. 		}

  339. 

  340. 		// .ssh directory should have mode 700, and authorized_keys file should have mode 600.

  341. 		if fi.Mode().Perm() > 0600 {

  342. 			log.Error(4, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", fi.Mode().Perm().String())

  343. 			if err = f.Chmod(0600); err != nil {

  344. 				return err

  345. 			}

  346. 		}

  347. 	}

  348. 

  349. 	for _, key := range keys {

  350. 		if _, err = f.WriteString(key.AuthorizedString()); err != nil {

  351. 			return err

  352. 		}

  353. 	}

  354. 	return nil

  355. }

  356. 

  357. // checkKeyContent only checks if key content has been used as public key,

  358. // it is OK to use same key as deploy key for multiple repositories/users.

  359. func checkKeyContent(content string) error {

  360. 	has, err := x.Get(&PublicKey{

  361. 		Content: content,

  362. 		Type:    KeyTypeUser,

  363. 	})

  364. 	if err != nil {

  365. 		return err

  366. 	} else if has {

  367. 		return ErrKeyAlreadyExist{0, content}

  368. 	}

  369. 	return nil

  370. }

  371. 

  372. func addKey(e Engine, key *PublicKey) (err error) {

  373. 	// Calculate fingerprint.

  374. 	tmpPath := strings.Replace(path.Join(os.TempDir(), fmt.Sprintf("%d", time.Now().Nanosecond()),

  375. 		"id_rsa.pub"), "\\", "/", -1)

  376. 	dir := path.Dir(tmpPath)

  377. 

  378. 	if err := os.MkdirAll(dir, os.ModePerm); err != nil {

  379. 		return fmt.Errorf("Failed to create dir %s: %v", dir, err)

  380. 	}

  381. 

  382. 	if err = ioutil.WriteFile(tmpPath, []byte(key.Content), 0644); err != nil {

  383. 		return err

  384. 	}

  385. 	stdout, stderr, err := process.GetManager().Exec("AddPublicKey", "ssh-keygen", "-lf", tmpPath)

  386. 	if err != nil {

  387. 		return fmt.Errorf("'ssh-keygen -lf %s' failed with error '%s': %s", tmpPath, err, stderr)

  388. 	} else if len(stdout) < 2 {

  389. 		return errors.New("not enough output for calculating fingerprint: " + stdout)

  390. 	}

  391. 	key.Fingerprint = strings.Split(stdout, " ")[1]

  392. 

  393. 	// Save SSH key.

  394. 	if _, err = e.Insert(key); err != nil {

  395. 		return err

  396. 	}

  397. 

  398. 	// Don't need to rewrite this file if builtin SSH server is enabled.

  399. 	if setting.SSH.StartBuiltinServer {

  400. 		return nil

  401. 	}

  402. 	return appendAuthorizedKeysToFile(key)

  403. }

  404. 

  405. // AddPublicKey adds new public key to database and authorized_keys file.

  406. func AddPublicKey(ownerID int64, name, content string) (*PublicKey, error) {

  407. 	log.Trace(content)

  408. 	if err := checkKeyContent(content); err != nil {

  409. 		return nil, err

  410. 	}

  411. 

  412. 	// Key name of same user cannot be duplicated.

  413. 	has, err := x.

  414. 		Where("owner_id = ? AND name = ?", ownerID, name).

  415. 		Get(new(PublicKey))

  416. 	if err != nil {

  417. 		return nil, err

  418. 	} else if has {

  419. 		return nil, ErrKeyNameAlreadyUsed{ownerID, name}

  420. 	}

  421. 

  422. 	sess := x.NewSession()

  423. 	defer sessionRelease(sess)

  424. 	if err = sess.Begin(); err != nil {

  425. 		return nil, err

  426. 	}

  427. 

  428. 	key := &PublicKey{

  429. 		OwnerID: ownerID,

  430. 		Name:    name,

  431. 		Content: content,

  432. 		Mode:    AccessModeWrite,

  433. 		Type:    KeyTypeUser,

  434. 	}

  435. 	if err = addKey(sess, key); err != nil {

  436. 		return nil, fmt.Errorf("addKey: %v", err)

  437. 	}

  438. 

  439. 	return key, sess.Commit()

  440. }

  441. 

  442. // GetPublicKeyByID returns public key by given ID.

  443. func GetPublicKeyByID(keyID int64) (*PublicKey, error) {

  444. 	key := new(PublicKey)

  445. 	has, err := x.

  446. 		Id(keyID).

  447. 		Get(key)

  448. 	if err != nil {

  449. 		return nil, err

  450. 	} else if !has {

  451. 		return nil, ErrKeyNotExist{keyID}

  452. 	}

  453. 	return key, nil

  454. }

  455. 

  456. // SearchPublicKeyByContent searches content as prefix (leak e-mail part)

  457. // and returns public key found.

  458. func SearchPublicKeyByContent(content string) (*PublicKey, error) {

  459. 	key := new(PublicKey)

  460. 	has, err := x.

  461. 		Where("content like ?", content+"%").

  462. 		Get(key)

  463. 	if err != nil {

  464. 		return nil, err

  465. 	} else if !has {

  466. 		return nil, ErrKeyNotExist{}

  467. 	}

  468. 	return key, nil

  469. }

  470. 

  471. // ListPublicKeys returns a list of public keys belongs to given user.

  472. func ListPublicKeys(uid int64) ([]*PublicKey, error) {

  473. 	keys := make([]*PublicKey, 0, 5)

  474. 	return keys, x.

  475. 		Where("owner_id = ?", uid).

  476. 		Find(&keys)

  477. }

  478. 

  479. // UpdatePublicKey updates given public key.

  480. func UpdatePublicKey(key *PublicKey) error {

  481. 	_, err := x.Id(key.ID).AllCols().Update(key)

  482. 	return err

  483. }

  484. 

  485. // deletePublicKeys does the actual key deletion but does not update authorized_keys file.

  486. func deletePublicKeys(e *xorm.Session, keyIDs ...int64) error {

  487. 	if len(keyIDs) == 0 {

  488. 		return nil

  489. 	}

  490. 

  491. 	_, err := e.In("id", keyIDs).Delete(new(PublicKey))

  492. 	return err

  493. }

  494. 

  495. // DeletePublicKey deletes SSH key information both in database and authorized_keys file.

  496. func DeletePublicKey(doer *User, id int64) (err error) {

  497. 	key, err := GetPublicKeyByID(id)

  498. 	if err != nil {

  499. 		if IsErrKeyNotExist(err) {

  500. 			return nil

  501. 		}

  502. 		return fmt.Errorf("GetPublicKeyByID: %v", err)

  503. 	}

  504. 

  505. 	// Check if user has access to delete this key.

  506. 	if !doer.IsAdmin && doer.ID != key.OwnerID {

  507. 		return ErrKeyAccessDenied{doer.ID, key.ID, "public"}

  508. 	}

  509. 

  510. 	sess := x.NewSession()

  511. 	defer sessionRelease(sess)

  512. 	if err = sess.Begin(); err != nil {

  513. 		return err

  514. 	}

  515. 

  516. 	if err = deletePublicKeys(sess, id); err != nil {

  517. 		return err

  518. 	}

  519. 

  520. 	if err = sess.Commit(); err != nil {

  521. 		return err

  522. 	}

  523. 

  524. 	return RewriteAllPublicKeys()

  525. }

  526. 

  527. // RewriteAllPublicKeys removes any authorized key and rewrite all keys from database again.

  528. // Note: x.Iterate does not get latest data after insert/delete, so we have to call this function

  529. // outside any session scope independently.

  530. func RewriteAllPublicKeys() error {

  531. 	sshOpLocker.Lock()

  532. 	defer sshOpLocker.Unlock()

  533. 

  534. 	fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys")

  535. 	tmpPath := fpath + ".tmp"

  536. 	f, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)

  537. 	if err != nil {

  538. 		return err

  539. 	}

  540. 	defer os.Remove(tmpPath)

  541. 

  542. 	err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {

  543. 		_, err = f.WriteString((bean.(*PublicKey)).AuthorizedString())

  544. 		return err

  545. 	})

  546. 	f.Close()

  547. 	if err != nil {

  548. 		return err

  549. 	}

  550. 

  551. 	if com.IsExist(fpath) {

  552. 		if err = os.Remove(fpath); err != nil {

  553. 			return err

  554. 		}

  555. 	}

  556. 	if err = os.Rename(tmpPath, fpath); err != nil {

  557. 		return err

  558. 	}

  559. 

  560. 	return nil

  561. }

  562. 

  563. // ________                .__                 ____  __.

  564. // \______ \   ____ ______ |  |   ____ ___.__.|    |/ _|____ ___.__.

  565. //  |    |  \_/ __ \\____ \|  |  /  _ <   |  ||      <_/ __ <   |  |

  566. //  |    `   \  ___/|  |_> >  |_(  <_> )___  ||    |  \  ___/\___  |

  567. // /_______  /\___  >   __/|____/\____// ____||____|__ \___  > ____|

  568. //         \/     \/|__|               \/             \/   \/\/

  569. 

  570. // DeployKey represents deploy key information and its relation with repository.

  571. type DeployKey struct {

  572. 	ID          int64 `xorm:"pk autoincr"`

  573. 	KeyID       int64 `xorm:"UNIQUE(s) INDEX"`

  574. 	RepoID      int64 `xorm:"UNIQUE(s) INDEX"`

  575. 	Name        string

  576. 	Fingerprint string

  577. 	Content     string `xorm:"-"`

  578. 

  579. 	Created           time.Time `xorm:"-"`

  580. 	CreatedUnix       int64

  581. 	Updated           time.Time `xorm:"-"` // Note: Updated must below Created for AfterSet.

  582. 	UpdatedUnix       int64

  583. 	HasRecentActivity bool `xorm:"-"`

  584. 	HasUsed           bool `xorm:"-"`

  585. }

  586. 

  587. // BeforeInsert will be invoked by XORM before inserting a record

  588. func (key *DeployKey) BeforeInsert() {

  589. 	key.CreatedUnix = time.Now().Unix()

  590. }

  591. 

  592. // BeforeUpdate is invoked from XORM before updating this object.

  593. func (key *DeployKey) BeforeUpdate() {

  594. 	key.UpdatedUnix = time.Now().Unix()

  595. }

  596. 

  597. // AfterSet is invoked from XORM after setting the value of a field of this object.

  598. func (key *DeployKey) AfterSet(colName string, _ xorm.Cell) {

  599. 	switch colName {

  600. 	case "created_unix":

  601. 		key.Created = time.Unix(key.CreatedUnix, 0).Local()

  602. 	case "updated_unix":

  603. 		key.Updated = time.Unix(key.UpdatedUnix, 0).Local()

  604. 		key.HasUsed = key.Updated.After(key.Created)

  605. 		key.HasRecentActivity = key.Updated.Add(7 * 24 * time.Hour).After(time.Now())

  606. 	}

  607. }

  608. 

  609. // GetContent gets associated public key content.

  610. func (key *DeployKey) GetContent() error {

  611. 	pkey, err := GetPublicKeyByID(key.KeyID)

  612. 	if err != nil {

  613. 		return err

  614. 	}

  615. 	key.Content = pkey.Content

  616. 	return nil

  617. }

  618. 

  619. func checkDeployKey(e Engine, keyID, repoID int64, name string) error {

  620. 	// Note: We want error detail, not just true or false here.

  621. 	has, err := e.

  622. 		Where("key_id = ? AND repo_id = ?", keyID, repoID).

  623. 		Get(new(DeployKey))

  624. 	if err != nil {

  625. 		return err

  626. 	} else if has {

  627. 		return ErrDeployKeyAlreadyExist{keyID, repoID}

  628. 	}

  629. 

  630. 	has, err = e.

  631. 		Where("repo_id = ? AND name = ?", repoID, name).

  632. 		Get(new(DeployKey))

  633. 	if err != nil {

  634. 		return err

  635. 	} else if has {

  636. 		return ErrDeployKeyNameAlreadyUsed{repoID, name}

  637. 	}

  638. 

  639. 	return nil

  640. }

  641. 

  642. // addDeployKey adds new key-repo relation.

  643. func addDeployKey(e *xorm.Session, keyID, repoID int64, name, fingerprint string) (*DeployKey, error) {

  644. 	if err := checkDeployKey(e, keyID, repoID, name); err != nil {

  645. 		return nil, err

  646. 	}

  647. 

  648. 	key := &DeployKey{

  649. 		KeyID:       keyID,

  650. 		RepoID:      repoID,

  651. 		Name:        name,

  652. 		Fingerprint: fingerprint,

  653. 	}

  654. 	_, err := e.Insert(key)

  655. 	return key, err

  656. }

  657. 

  658. // HasDeployKey returns true if public key is a deploy key of given repository.

  659. func HasDeployKey(keyID, repoID int64) bool {

  660. 	has, _ := x.

  661. 		Where("key_id = ? AND repo_id = ?", keyID, repoID).

  662. 		Get(new(DeployKey))

  663. 	return has

  664. }

  665. 

  666. // AddDeployKey add new deploy key to database and authorized_keys file.

  667. func AddDeployKey(repoID int64, name, content string) (*DeployKey, error) {

  668. 	if err := checkKeyContent(content); err != nil {

  669. 		return nil, err

  670. 	}

  671. 

  672. 	pkey := &PublicKey{

  673. 		Content: content,

  674. 		Mode:    AccessModeRead,

  675. 		Type:    KeyTypeDeploy,

  676. 	}

  677. 	has, err := x.Get(pkey)

  678. 	if err != nil {

  679. 		return nil, err

  680. 	}

  681. 

  682. 	sess := x.NewSession()

  683. 	defer sessionRelease(sess)

  684. 	if err = sess.Begin(); err != nil {

  685. 		return nil, err

  686. 	}

  687. 

  688. 	// First time use this deploy key.

  689. 	if !has {

  690. 		if err = addKey(sess, pkey); err != nil {

  691. 			return nil, fmt.Errorf("addKey: %v", err)

  692. 		}

  693. 	}

  694. 

  695. 	key, err := addDeployKey(sess, pkey.ID, repoID, name, pkey.Fingerprint)

  696. 	if err != nil {

  697. 		return nil, fmt.Errorf("addDeployKey: %v", err)

  698. 	}

  699. 

  700. 	return key, sess.Commit()

  701. }

  702. 

  703. // GetDeployKeyByID returns deploy key by given ID.

  704. func GetDeployKeyByID(id int64) (*DeployKey, error) {

  705. 	key := new(DeployKey)

  706. 	has, err := x.Id(id).Get(key)

  707. 	if err != nil {

  708. 		return nil, err

  709. 	} else if !has {

  710. 		return nil, ErrDeployKeyNotExist{id, 0, 0}

  711. 	}

  712. 	return key, nil

  713. }

  714. 

  715. // GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.

  716. func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error) {

  717. 	key := &DeployKey{

  718. 		KeyID:  keyID,

  719. 		RepoID: repoID,

  720. 	}

  721. 	has, err := x.Get(key)

  722. 	if err != nil {

  723. 		return nil, err

  724. 	} else if !has {

  725. 		return nil, ErrDeployKeyNotExist{0, keyID, repoID}

  726. 	}

  727. 	return key, nil

  728. }

  729. 

  730. // UpdateDeployKey updates deploy key information.

  731. func UpdateDeployKey(key *DeployKey) error {

  732. 	_, err := x.Id(key.ID).AllCols().Update(key)

  733. 	return err

  734. }

  735. 

  736. // DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.

  737. func DeleteDeployKey(doer *User, id int64) error {

  738. 	key, err := GetDeployKeyByID(id)

  739. 	if err != nil {

  740. 		if IsErrDeployKeyNotExist(err) {

  741. 			return nil

  742. 		}

  743. 		return fmt.Errorf("GetDeployKeyByID: %v", err)

  744. 	}

  745. 

  746. 	// Check if user has access to delete this key.

  747. 	if !doer.IsAdmin {

  748. 		repo, err := GetRepositoryByID(key.RepoID)

  749. 		if err != nil {

  750. 			return fmt.Errorf("GetRepositoryByID: %v", err)

  751. 		}

  752. 		yes, err := HasAccess(doer, repo, AccessModeAdmin)

  753. 		if err != nil {

  754. 			return fmt.Errorf("HasAccess: %v", err)

  755. 		} else if !yes {

  756. 			return ErrKeyAccessDenied{doer.ID, key.ID, "deploy"}

  757. 		}

  758. 	}

  759. 

  760. 	sess := x.NewSession()

  761. 	defer sessionRelease(sess)

  762. 	if err = sess.Begin(); err != nil {

  763. 		return err

  764. 	}

  765. 

  766. 	if _, err = sess.Id(key.ID).Delete(new(DeployKey)); err != nil {

  767. 		return fmt.Errorf("delete deploy key [%d]: %v", key.ID, err)

  768. 	}

  769. 

  770. 	// Check if this is the last reference to same key content.

  771. 	has, err := sess.

  772. 		Where("key_id = ?", key.KeyID).

  773. 		Get(new(DeployKey))

  774. 	if err != nil {

  775. 		return err

  776. 	} else if !has {

  777. 		if err = deletePublicKeys(sess, key.KeyID); err != nil {

  778. 			return err

  779. 		}

  780. 	}

  781. 

  782. 	return sess.Commit()

  783. }

  784. 

  785. // ListDeployKeys returns all deploy keys by given repository ID.

  786. func ListDeployKeys(repoID int64) ([]*DeployKey, error) {

  787. 	keys := make([]*DeployKey, 0, 5)

  788. 	return keys, x.

  789. 		Where("repo_id = ?", repoID).

  790. 		Find(&keys)

  791. }

No Description