closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3074 Commits
2 Branches
178 MiB
Tree: 1db3ae6601
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1db3ae6601'
${ noResults }
gitea/models/publickey.go

669 lines
17 KiB
Raw Normal View History

Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
10 years ago
Bug fix
10 years ago
add publickey & access
10 years ago
Finish issue design
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Add generate fingerprint of ssh key
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Update
10 years ago
#334: Add Deployment Key Support
9 years ago
Fix SSH key bug in windows
10 years ago
Basic process manager
10 years ago
Work #475 and #458
10 years ago
add publickey & access
10 years ago
Add postgres support, clean code, code review
10 years ago
Fix #922
9 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Mirror fix on add ssh key
10 years ago
Basic admin data table, models changes
10 years ago
Add postgres support, clean code, code review
10 years ago
Basic admin data table, models changes
10 years ago
fix 1540 and experimental SSH server support
9 years ago
Bug fix
10 years ago
Add postgres support, clean code, code review
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
add publickey
10 years ago
Add postgres support, clean code, code review
10 years ago
models: code fix on #818
9 years ago
fix 1540 and experimental SSH server support
9 years ago
models: code fix on #818
9 years ago
Add postgres support, clean code, code review
10 years ago
add publickey
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
#334: Add Deployment Key Support
9 years ago
fix UNIQUE
9 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
Fix #652
10 years ago
Finish issue design
10 years ago
fix 1540 and experimental SSH server support
9 years ago
add publickey & access
10 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
10 years ago
#334: Add Deployment Key Support
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
10 years ago
#1622 comment with whitespace
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
#634
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
work on #1880
9 years ago
New UI merge in progress
10 years ago
work on #1880
9 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
#334: Add Deployment Key Support
9 years ago
Work #475 and #458
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
#334: Add Deployment Key Support
9 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
work on #1880
9 years ago
move minimum key sizes to config This moves the minimum key sizes into the config file, so that anyone can modify the restrictions.
9 years ago
fix problem with #1879
9 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
#334: Add Deployment Key Support
9 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
Finish issue design
10 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
Finish issue design
10 years ago
models: code fix on #818
9 years ago
Finish issue design
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
models: code fix on #818
9 years ago
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
9 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
Fix mirror UI style and work on #475
10 years ago
Work #475 and #458
10 years ago
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
9 years ago
Fix mirror UI style and work on #475
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
Finish issue design
10 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
Add check if public key name has been used
10 years ago
#334: Add Deployment Key Support
9 years ago
Add check if public key name has been used
10 years ago
#334: Add Deployment Key Support
9 years ago
Add check if public key name has been used
10 years ago
#334: Add Deployment Key Support
9 years ago
Add generate fingerprint of ssh key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Add generate fingerprint of ssh key
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
work on #1880
9 years ago
add publickey & access
10 years ago
work on #1880
9 years ago
Add generate fingerprint of ssh key
10 years ago
More debug info
10 years ago
Add generate fingerprint of ssh key
10 years ago
#334: Add Deployment Key Support
9 years ago
Add generate fingerprint of ssh key
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish new web hook pages
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish new web hook pages
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish new web hook pages
10 years ago
fix 1540 and experimental SSH server support
9 years ago
add personal access token panel #12
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Fix #252
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Bug fix
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Finish new web hook pages
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish new web hook pages
10 years ago
#1535 Removing deploy key does not remove key
9 years ago
race condition on keydelete
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
Fix SSH key bug in windows
10 years ago
#334: Add Deployment Key Support
9 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
#1535 Removing deploy key does not remove key
9 years ago
Fix SSH key bug in windows
10 years ago
models: code fix on #818
9 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
#334: Add Deployment Key Support
9 years ago
add confirmation to delete ssh key
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
add confirmation to delete ssh key
9 years ago
#334: Add Deployment Key Support
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
#1050: Bad permissions on authorized_keys after rewrite
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
#334: Add Deployment Key Support
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models
  6. 

  7. import (
  8. 	"bufio"
  9. 	"encoding/base64"
  10. 	"encoding/binary"
  11. 	"errors"
  12. 	"fmt"
  13. 	"io"
  14. 	"io/ioutil"
  15. 	"os"
  16. 	"path"
  17. 	"path/filepath"
  18. 	"strings"
  19. 	"sync"
  20. 	"time"
  21. 

  22. 	"github.com/Unknwon/com"
  23. 	"github.com/go-xorm/xorm"
  24. 

  25. 	"github.com/gogits/gogs/modules/log"
  26. 	"github.com/gogits/gogs/modules/process"
  27. 	"github.com/gogits/gogs/modules/setting"
  28. )
  29. 

  30. const (
  31. 	// "### autogenerated by gitgos, DO NOT EDIT\n"

  32. 	_TPL_PUBLICK_KEY = `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
  33. )
  34. 

  35. var (
  36. 	ErrKeyUnableVerify = errors.New("Unable to verify public key")
  37. )
  38. 

  39. var sshOpLocker = sync.Mutex{}
  40. var SSHPath string // SSH directory.

  41. 

  42. // homeDir returns the home directory of current user.

  43. func homeDir() string {
  44. 	home, err := com.HomeDir()
  45. 	if err != nil {
  46. 		log.Fatal(4, "Fail to get home directory: %v", err)
  47. 	}
  48. 	return home
  49. }
  50. 

  51. func init() {
  52. 	// Determine and create .ssh path.

  53. 	SSHPath = filepath.Join(homeDir(), ".ssh")
  54. 	if err := os.MkdirAll(SSHPath, 0700); err != nil {
  55. 		log.Fatal(4, "fail to create '%s': %v", SSHPath, err)
  56. 	}
  57. }
  58. 

  59. type KeyType int
  60. 

  61. const (
  62. 	KEY_TYPE_USER = iota + 1
  63. 	KEY_TYPE_DEPLOY
  64. )
  65. 

  66. // PublicKey represents a SSH or deploy key.

  67. type PublicKey struct {
  68. 	ID                int64      `xorm:"pk autoincr"`
  69. 	OwnerID           int64      `xorm:"INDEX NOT NULL"`
  70. 	Name              string     `xorm:"NOT NULL"`
  71. 	Fingerprint       string     `xorm:"NOT NULL"`
  72. 	Content           string     `xorm:"TEXT NOT NULL"`
  73. 	Mode              AccessMode `xorm:"NOT NULL DEFAULT 2"`
  74. 	Type              KeyType    `xorm:"NOT NULL DEFAULT 1"`
  75. 	Created           time.Time  `xorm:"CREATED"`
  76. 	Updated           time.Time  // Note: Updated must below Created for AfterSet.

  77. 	HasRecentActivity bool       `xorm:"-"`
  78. 	HasUsed           bool       `xorm:"-"`
  79. }
  80. 

  81. func (k *PublicKey) AfterSet(colName string, _ xorm.Cell) {
  82. 	switch colName {
  83. 	case "created":
  84. 		k.HasUsed = k.Updated.After(k.Created)
  85. 		k.HasRecentActivity = k.Updated.Add(7 * 24 * time.Hour).After(time.Now())
  86. 	}
  87. }
  88. 

  89. // OmitEmail returns content of public key but without e-mail address.

  90. func (k *PublicKey) OmitEmail() string {
  91. 	return strings.Join(strings.Split(k.Content, " ")[:2], " ")
  92. }
  93. 

  94. // GetAuthorizedString generates and returns formatted public key string for authorized_keys file.

  95. func (key *PublicKey) GetAuthorizedString() string {
  96. 	return fmt.Sprintf(_TPL_PUBLICK_KEY, setting.AppPath, key.ID, setting.CustomConf, key.Content)
  97. }
  98. 

  99. func extractTypeFromBase64Key(key string) (string, error) {
  100. 	b, err := base64.StdEncoding.DecodeString(key)
  101. 	if err != nil || len(b) < 4 {
  102. 		return "", errors.New("Invalid key format")
  103. 	}
  104. 

  105. 	keyLength := int(binary.BigEndian.Uint32(b))
  106. 

  107. 	if len(b) < 4+keyLength {
  108. 		return "", errors.New("Invalid key format")
  109. 	}
  110. 

  111. 	return string(b[4 : 4+keyLength]), nil
  112. }
  113. 

  114. // parseKeyString parses any key string in openssh or ssh2 format to clean openssh string (rfc4253)

  115. func parseKeyString(content string) (string, error) {
  116. 	// Transform all legal line endings to a single "\n"

  117. 	s := strings.Replace(strings.Replace(strings.TrimSpace(content), "\r\n", "\n", -1), "\r", "\n", -1)
  118. 

  119. 	lines := strings.Split(s, "\n")
  120. 

  121. 	var keyType, keyContent, keyComment string
  122. 

  123. 	if len(lines) == 1 {
  124. 		// Parse openssh format

  125. 		parts := strings.SplitN(lines[0], " ", 3)
  126. 		switch len(parts) {
  127. 		case 0:
  128. 			return "", errors.New("Empty key")
  129. 		case 1:
  130. 			keyContent = parts[0]
  131. 		case 2:
  132. 			keyType = parts[0]
  133. 			keyContent = parts[1]
  134. 		default:
  135. 			keyType = parts[0]
  136. 			keyContent = parts[1]
  137. 			keyComment = parts[2]
  138. 		}
  139. 

  140. 		// If keyType is not given, extract it from content. If given, validate it

  141. 		if len(keyType) == 0 {
  142. 			if t, err := extractTypeFromBase64Key(keyContent); err == nil {
  143. 				keyType = t
  144. 			} else {
  145. 				return "", err
  146. 			}
  147. 		} else {
  148. 			if t, err := extractTypeFromBase64Key(keyContent); err != nil || keyType != t {
  149. 				return "", err
  150. 			}
  151. 		}
  152. 	} else {
  153. 		// Parse SSH2 file format.

  154. 		continuationLine := false
  155. 

  156. 		for _, line := range lines {
  157. 			// Skip lines that:

  158. 			// 1) are a continuation of the previous line,

  159. 			// 2) contain ":" as that are comment lines

  160. 			// 3) contain "-" as that are begin and end tags

  161. 			if continuationLine || strings.ContainsAny(line, ":-") {
  162. 				continuationLine = strings.HasSuffix(line, "\\")
  163. 			} else {
  164. 				keyContent = keyContent + line
  165. 			}
  166. 		}
  167. 

  168. 		if t, err := extractTypeFromBase64Key(keyContent); err == nil {
  169. 			keyType = t
  170. 		} else {
  171. 			return "", err
  172. 		}
  173. 	}
  174. 	return keyType + " " + keyContent + " " + keyComment, nil
  175. }
  176. 

  177. // CheckPublicKeyString checks if the given public key string is recognized by SSH.

  178. func CheckPublicKeyString(content string) (_ string, err error) {
  179. 	content, err = parseKeyString(content)
  180. 	if err != nil {
  181. 		return "", err
  182. 	}
  183. 

  184. 	content = strings.TrimRight(content, "\n\r")
  185. 	if strings.ContainsAny(content, "\n\r") {
  186. 		return "", errors.New("only a single line with a single key please")
  187. 	}
  188. 

  189. 	// write the key to a file…

  190. 	tmpFile, err := ioutil.TempFile(os.TempDir(), "keytest")
  191. 	if err != nil {
  192. 		return "", err
  193. 	}
  194. 	tmpPath := tmpFile.Name()
  195. 	defer os.Remove(tmpPath)
  196. 	tmpFile.WriteString(content)
  197. 	tmpFile.Close()
  198. 

  199. 	// Check if ssh-keygen recognizes its contents.

  200. 	stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-lf", tmpPath)
  201. 	if err != nil {
  202. 		return "", errors.New("ssh-keygen -lf: " + stderr)
  203. 	} else if len(stdout) < 2 {
  204. 		return "", errors.New("ssh-keygen returned not enough output to evaluate the key: " + stdout)
  205. 	}
  206. 

  207. 	// The ssh-keygen in Windows does not print key type, so no need go further.

  208. 	if setting.IsWindows {
  209. 		return content, nil
  210. 	}
  211. 

  212. 	sshKeygenOutput := strings.Split(stdout, " ")
  213. 	if len(sshKeygenOutput) < 4 {
  214. 		return content, ErrKeyUnableVerify
  215. 	}
  216. 

  217. 	// Check if key type and key size match.

  218. 	if !setting.Service.DisableMinimumKeySizeCheck {
  219. 		keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
  220. 		if keySize == 0 {
  221. 			return "", errors.New("cannot get key size of the given key")
  222. 		}
  223. 

  224. 		keyType := strings.Trim(sshKeygenOutput[len(sshKeygenOutput)-1], " ()\n")
  225. 		if minimumKeySize := setting.Service.MinimumKeySizes[keyType]; minimumKeySize == 0 {
  226. 			return "", fmt.Errorf("unrecognized public key type: %s", keyType)
  227. 		} else if keySize < minimumKeySize {
  228. 			return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
  229. 		}
  230. 	}
  231. 

  232. 	return content, nil
  233. }
  234. 

  235. // saveAuthorizedKeyFile writes SSH key content to authorized_keys file.

  236. func saveAuthorizedKeyFile(keys ...*PublicKey) error {
  237. 	sshOpLocker.Lock()
  238. 	defer sshOpLocker.Unlock()
  239. 

  240. 	fpath := filepath.Join(SSHPath, "authorized_keys")
  241. 	f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  242. 	if err != nil {
  243. 		return err
  244. 	}
  245. 	defer f.Close()
  246. 

  247. 	fi, err := f.Stat()
  248. 	if err != nil {
  249. 		return err
  250. 	}
  251. 

  252. 	// FIXME: following command does not support in Windows.

  253. 	if !setting.IsWindows {
  254. 		// .ssh directory should have mode 700, and authorized_keys file should have mode 600.

  255. 		if fi.Mode().Perm() > 0600 {
  256. 			log.Error(4, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", fi.Mode().Perm().String())
  257. 			if err = f.Chmod(0600); err != nil {
  258. 				return err
  259. 			}
  260. 		}
  261. 	}
  262. 

  263. 	for _, key := range keys {
  264. 		if _, err = f.WriteString(key.GetAuthorizedString()); err != nil {
  265. 			return err
  266. 		}
  267. 	}
  268. 	return nil
  269. }
  270. 

  271. // checkKeyContent onlys checks if key content has been used as public key,

  272. // it is OK to use same key as deploy key for multiple repositories/users.

  273. func checkKeyContent(content string) error {
  274. 	has, err := x.Get(&PublicKey{
  275. 		Content: content,
  276. 		Type:    KEY_TYPE_USER,
  277. 	})
  278. 	if err != nil {
  279. 		return err
  280. 	} else if has {
  281. 		return ErrKeyAlreadyExist{0, content}
  282. 	}
  283. 	return nil
  284. }
  285. 

  286. func addKey(e Engine, key *PublicKey) (err error) {
  287. 	// Calculate fingerprint.

  288. 	tmpPath := strings.Replace(path.Join(os.TempDir(), fmt.Sprintf("%d", time.Now().Nanosecond()),
  289. 		"id_rsa.pub"), "\\", "/", -1)
  290. 	os.MkdirAll(path.Dir(tmpPath), os.ModePerm)
  291. 	if err = ioutil.WriteFile(tmpPath, []byte(key.Content), 0644); err != nil {
  292. 		return err
  293. 	}
  294. 	stdout, stderr, err := process.Exec("AddPublicKey", "ssh-keygen", "-lf", tmpPath)
  295. 	if err != nil {
  296. 		return errors.New("ssh-keygen -lf: " + stderr)
  297. 	} else if len(stdout) < 2 {
  298. 		return errors.New("not enough output for calculating fingerprint: " + stdout)
  299. 	}
  300. 	key.Fingerprint = strings.Split(stdout, " ")[1]
  301. 

  302. 	// Save SSH key.

  303. 	if _, err = e.Insert(key); err != nil {
  304. 		return err
  305. 	}
  306. 	return saveAuthorizedKeyFile(key)
  307. }
  308. 

  309. // AddPublicKey adds new public key to database and authorized_keys file.

  310. func AddPublicKey(ownerID int64, name, content string) (err error) {
  311. 	if err = checkKeyContent(content); err != nil {
  312. 		return err
  313. 	}
  314. 

  315. 	// Key name of same user cannot be duplicated.

  316. 	has, err := x.Where("owner_id=? AND name=?", ownerID, name).Get(new(PublicKey))
  317. 	if err != nil {
  318. 		return err
  319. 	} else if has {
  320. 		return ErrKeyNameAlreadyUsed{ownerID, name}
  321. 	}
  322. 

  323. 	sess := x.NewSession()
  324. 	defer sessionRelease(sess)
  325. 	if err = sess.Begin(); err != nil {
  326. 		return err
  327. 	}
  328. 

  329. 	key := &PublicKey{
  330. 		OwnerID: ownerID,
  331. 		Name:    name,
  332. 		Content: content,
  333. 		Mode:    ACCESS_MODE_WRITE,
  334. 		Type:    KEY_TYPE_USER,
  335. 	}
  336. 	if err = addKey(sess, key); err != nil {
  337. 		return fmt.Errorf("addKey: %v", err)
  338. 	}
  339. 

  340. 	return sess.Commit()
  341. }
  342. 

  343. // GetPublicKeyByID returns public key by given ID.

  344. func GetPublicKeyByID(keyID int64) (*PublicKey, error) {
  345. 	key := new(PublicKey)
  346. 	has, err := x.Id(keyID).Get(key)
  347. 	if err != nil {
  348. 		return nil, err
  349. 	} else if !has {
  350. 		return nil, ErrKeyNotExist{keyID}
  351. 	}
  352. 	return key, nil
  353. }
  354. 

  355. // SearchPublicKeyByContent searches content as prefix (leak e-mail part)

  356. // and returns public key found.

  357. func SearchPublicKeyByContent(content string) (*PublicKey, error) {
  358. 	key := new(PublicKey)
  359. 	has, err := x.Where("content like ?", content+"%").Get(key)
  360. 	if err != nil {
  361. 		return nil, err
  362. 	} else if !has {
  363. 		return nil, ErrKeyNotExist{}
  364. 	}
  365. 	return key, nil
  366. }
  367. 

  368. // ListPublicKeys returns a list of public keys belongs to given user.

  369. func ListPublicKeys(uid int64) ([]*PublicKey, error) {
  370. 	keys := make([]*PublicKey, 0, 5)
  371. 	return keys, x.Where("owner_id=?", uid).Find(&keys)
  372. }
  373. 

  374. // rewriteAuthorizedKeys finds and deletes corresponding line in authorized_keys file.

  375. func rewriteAuthorizedKeys(key *PublicKey, p, tmpP string) error {
  376. 	fr, err := os.Open(p)
  377. 	if err != nil {
  378. 		return err
  379. 	}
  380. 	defer fr.Close()
  381. 

  382. 	fw, err := os.OpenFile(tmpP, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  383. 	if err != nil {
  384. 		return err
  385. 	}
  386. 	defer fw.Close()
  387. 

  388. 	isFound := false
  389. 	keyword := fmt.Sprintf("key-%d", key.ID)
  390. 	buf := bufio.NewReader(fr)
  391. 	for {
  392. 		line, errRead := buf.ReadString('\n')
  393. 		line = strings.TrimSpace(line)
  394. 

  395. 		if errRead != nil {
  396. 			if errRead != io.EOF {
  397. 				return errRead
  398. 			}
  399. 

  400. 			// Reached end of file, if nothing to read then break,

  401. 			// otherwise handle the last line.

  402. 			if len(line) == 0 {
  403. 				break
  404. 			}
  405. 		}
  406. 

  407. 		// Found the line and copy rest of file.

  408. 		if !isFound && strings.Contains(line, keyword) && strings.Contains(line, key.Content) {
  409. 			isFound = true
  410. 			continue
  411. 		}
  412. 		// Still finding the line, copy the line that currently read.

  413. 		if _, err = fw.WriteString(line + "\n"); err != nil {
  414. 			return err
  415. 		}
  416. 

  417. 		if errRead == io.EOF {
  418. 			break
  419. 		}
  420. 	}
  421. 	return nil
  422. }
  423. 

  424. // UpdatePublicKey updates given public key.

  425. func UpdatePublicKey(key *PublicKey) error {
  426. 	_, err := x.Id(key.ID).AllCols().Update(key)
  427. 	return err
  428. }
  429. 

  430. func deletePublicKey(e *xorm.Session, keyID int64) error {
  431. 	sshOpLocker.Lock()
  432. 	defer sshOpLocker.Unlock()
  433. 

  434. 	key := &PublicKey{ID: keyID}
  435. 	has, err := e.Get(key)
  436. 	if err != nil {
  437. 		return err
  438. 	} else if !has {
  439. 		return nil
  440. 	}
  441. 

  442. 	if _, err = e.Id(key.ID).Delete(new(PublicKey)); err != nil {
  443. 		return err
  444. 	}
  445. 

  446. 	fpath := filepath.Join(SSHPath, "authorized_keys")
  447. 	tmpPath := filepath.Join(SSHPath, "authorized_keys.tmp")
  448. 	if err = rewriteAuthorizedKeys(key, fpath, tmpPath); err != nil {
  449. 		return err
  450. 	} else if err = os.Remove(fpath); err != nil {
  451. 		return err
  452. 	}
  453. 	return os.Rename(tmpPath, fpath)
  454. }
  455. 

  456. // DeletePublicKey deletes SSH key information both in database and authorized_keys file.

  457. func DeletePublicKey(id int64) (err error) {
  458. 	has, err := x.Id(id).Get(new(PublicKey))
  459. 	if err != nil {
  460. 		return err
  461. 	} else if !has {
  462. 		return nil
  463. 	}
  464. 

  465. 	sess := x.NewSession()
  466. 	defer sessionRelease(sess)
  467. 	if err = sess.Begin(); err != nil {
  468. 		return err
  469. 	}
  470. 

  471. 	if err = deletePublicKey(sess, id); err != nil {
  472. 		return err
  473. 	}
  474. 

  475. 	return sess.Commit()
  476. }
  477. 

  478. // RewriteAllPublicKeys removes any authorized key and rewrite all keys from database again.

  479. func RewriteAllPublicKeys() error {
  480. 	sshOpLocker.Lock()
  481. 	defer sshOpLocker.Unlock()
  482. 

  483. 	tmpPath := filepath.Join(SSHPath, "authorized_keys.tmp")
  484. 	f, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
  485. 	if err != nil {
  486. 		return err
  487. 	}
  488. 	defer os.Remove(tmpPath)
  489. 

  490. 	err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
  491. 		_, err = f.WriteString((bean.(*PublicKey)).GetAuthorizedString())
  492. 		return err
  493. 	})
  494. 	f.Close()
  495. 	if err != nil {
  496. 		return err
  497. 	}
  498. 

  499. 	fpath := filepath.Join(SSHPath, "authorized_keys")
  500. 	if com.IsExist(fpath) {
  501. 		if err = os.Remove(fpath); err != nil {
  502. 			return err
  503. 		}
  504. 	}
  505. 	if err = os.Rename(tmpPath, fpath); err != nil {
  506. 		return err
  507. 	}
  508. 

  509. 	return nil
  510. }
  511. 

  512. // ________                .__                 ____  __.

  513. // \______ \   ____ ______ |  |   ____ ___.__.|    |/ _|____ ___.__.

  514. //  |    |  \_/ __ \\____ \|  |  /  _ <   |  ||      <_/ __ <   |  |

  515. //  |    `   \  ___/|  |_> >  |_(  <_> )___  ||    |  \  ___/\___  |

  516. // /_______  /\___  >   __/|____/\____// ____||____|__ \___  > ____|

  517. //         \/     \/|__|               \/             \/   \/\/

  518. 

  519. // DeployKey represents deploy key information and its relation with repository.

  520. type DeployKey struct {
  521. 	ID                int64 `xorm:"pk autoincr"`
  522. 	KeyID             int64 `xorm:"UNIQUE(s) INDEX"`
  523. 	RepoID            int64 `xorm:"UNIQUE(s) INDEX"`
  524. 	Name              string
  525. 	Fingerprint       string
  526. 	Created           time.Time `xorm:"CREATED"`
  527. 	Updated           time.Time // Note: Updated must below Created for AfterSet.

  528. 	HasRecentActivity bool      `xorm:"-"`
  529. 	HasUsed           bool      `xorm:"-"`
  530. }
  531. 

  532. func (k *DeployKey) AfterSet(colName string, _ xorm.Cell) {
  533. 	switch colName {
  534. 	case "created":
  535. 		k.HasUsed = k.Updated.After(k.Created)
  536. 		k.HasRecentActivity = k.Updated.Add(7 * 24 * time.Hour).After(time.Now())
  537. 	}
  538. }
  539. 

  540. func checkDeployKey(e Engine, keyID, repoID int64, name string) error {
  541. 	// Note: We want error detail, not just true or false here.

  542. 	has, err := e.Where("key_id=? AND repo_id=?", keyID, repoID).Get(new(DeployKey))
  543. 	if err != nil {
  544. 		return err
  545. 	} else if has {
  546. 		return ErrDeployKeyAlreadyExist{keyID, repoID}
  547. 	}
  548. 

  549. 	has, err = e.Where("repo_id=? AND name=?", repoID, name).Get(new(DeployKey))
  550. 	if err != nil {
  551. 		return err
  552. 	} else if has {
  553. 		return ErrDeployKeyNameAlreadyUsed{repoID, name}
  554. 	}
  555. 

  556. 	return nil
  557. }
  558. 

  559. // addDeployKey adds new key-repo relation.

  560. func addDeployKey(e *xorm.Session, keyID, repoID int64, name, fingerprint string) (err error) {
  561. 	if err = checkDeployKey(e, keyID, repoID, name); err != nil {
  562. 		return err
  563. 	}
  564. 

  565. 	_, err = e.Insert(&DeployKey{
  566. 		KeyID:       keyID,
  567. 		RepoID:      repoID,
  568. 		Name:        name,
  569. 		Fingerprint: fingerprint,
  570. 	})
  571. 	return err
  572. }
  573. 

  574. // HasDeployKey returns true if public key is a deploy key of given repository.

  575. func HasDeployKey(keyID, repoID int64) bool {
  576. 	has, _ := x.Where("key_id=? AND repo_id=?", keyID, repoID).Get(new(DeployKey))
  577. 	return has
  578. }
  579. 

  580. // AddDeployKey add new deploy key to database and authorized_keys file.

  581. func AddDeployKey(repoID int64, name, content string) (err error) {
  582. 	if err = checkKeyContent(content); err != nil {
  583. 		return err
  584. 	}
  585. 

  586. 	key := &PublicKey{
  587. 		Content: content,
  588. 		Mode:    ACCESS_MODE_READ,
  589. 		Type:    KEY_TYPE_DEPLOY,
  590. 	}
  591. 	has, err := x.Get(key)
  592. 	if err != nil {
  593. 		return err
  594. 	}
  595. 

  596. 	sess := x.NewSession()
  597. 	defer sessionRelease(sess)
  598. 	if err = sess.Begin(); err != nil {
  599. 		return err
  600. 	}
  601. 

  602. 	// First time use this deploy key.

  603. 	if !has {
  604. 		if err = addKey(sess, key); err != nil {
  605. 			return nil
  606. 		}
  607. 	}
  608. 

  609. 	if err = addDeployKey(sess, key.ID, repoID, name, key.Fingerprint); err != nil {
  610. 		return err
  611. 	}
  612. 

  613. 	return sess.Commit()
  614. }
  615. 

  616. // GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.

  617. func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error) {
  618. 	key := &DeployKey{
  619. 		KeyID:  keyID,
  620. 		RepoID: repoID,
  621. 	}
  622. 	_, err := x.Get(key)
  623. 	return key, err
  624. }
  625. 

  626. // UpdateDeployKey updates deploy key information.

  627. func UpdateDeployKey(key *DeployKey) error {
  628. 	_, err := x.Id(key.ID).AllCols().Update(key)
  629. 	return err
  630. }
  631. 

  632. // DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.

  633. func DeleteDeployKey(id int64) error {
  634. 	key := &DeployKey{ID: id}
  635. 	has, err := x.Id(key.ID).Get(key)
  636. 	if err != nil {
  637. 		return err
  638. 	} else if !has {
  639. 		return nil
  640. 	}
  641. 

  642. 	sess := x.NewSession()
  643. 	defer sessionRelease(sess)
  644. 	if err = sess.Begin(); err != nil {
  645. 		return err
  646. 	}
  647. 

  648. 	if _, err = sess.Id(key.ID).Delete(new(DeployKey)); err != nil {
  649. 		return fmt.Errorf("delete deploy key[%d]: %v", key.ID, err)
  650. 	}
  651. 

  652. 	// Check if this is the last reference to same key content.

  653. 	has, err = sess.Where("key_id=?", key.KeyID).Get(new(DeployKey))
  654. 	if err != nil {
  655. 		return err
  656. 	} else if !has {
  657. 		if err = deletePublicKey(sess, key.KeyID); err != nil {
  658. 			return err
  659. 		}
  660. 	}
  661. 

  662. 	return sess.Commit()
  663. }
  664. 

  665. // ListDeployKeys returns all deploy keys by given repository ID.

  666. func ListDeployKeys(repoID int64) ([]*DeployKey, error) {
  667. 	keys := make([]*DeployKey, 0, 5)
  668. 	return keys, x.Where("repo_id=?", repoID).Find(&keys)
  669. }