closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2995 Commits
2 Branches
178 MiB
Tree: 50058b3c6d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '50058b3c6d'
${ noResults }
gitea/models/publickey.go

676 lines
17 KiB
Raw Normal View History

Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
10 years ago
Bug fix
10 years ago
add publickey & access
10 years ago
Finish issue design
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Bug fix
10 years ago
Add generate fingerprint of ssh key
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Update
10 years ago
#334: Add Deployment Key Support
9 years ago
Fix SSH key bug in windows
10 years ago
Basic process manager
10 years ago
Work #475 and #458
10 years ago
add publickey & access
10 years ago
Add postgres support, clean code, code review
10 years ago
Fix #922
9 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Mirror fix on add ssh key
10 years ago
Basic admin data table, models changes
10 years ago
Add postgres support, clean code, code review
10 years ago
Basic admin data table, models changes
10 years ago
models: code fix on #818
9 years ago
Improve delete SSH key
10 years ago
add publickey & access
10 years ago
Bug fix
10 years ago
Add postgres support, clean code, code review
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
add publickey
10 years ago
Add postgres support, clean code, code review
10 years ago
Bug fix
10 years ago
New UI merge in progress
10 years ago
add publickey
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Add postgres support, clean code, code review
10 years ago
models: code fix on #818
9 years ago
Add postgres support, clean code, code review
10 years ago
add publickey
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
#334: Add Deployment Key Support
9 years ago
fix UNIQUE
9 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
Fix #652
10 years ago
Finish issue design
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
10 years ago
#334: Add Deployment Key Support
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
10 years ago
#1622 comment with whitespace
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
#634
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
#334: Add Deployment Key Support
9 years ago
Work #475 and #458
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
#334: Add Deployment Key Support
9 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
move minimum key sizes to config This moves the minimum key sizes into the config file, so that anyone can modify the restrictions.
9 years ago
#334: Add Deployment Key Support
9 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
#334: Add Deployment Key Support
9 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
Finish issue design
10 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
Finish issue design
10 years ago
models: code fix on #818
9 years ago
Finish issue design
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
models: code fix on #818
9 years ago
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
9 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
Fix mirror UI style and work on #475
10 years ago
Work #475 and #458
10 years ago
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
9 years ago
Fix mirror UI style and work on #475
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
Finish issue design
10 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
Add check if public key name has been used
10 years ago
#334: Add Deployment Key Support
9 years ago
Add check if public key name has been used
10 years ago
#334: Add Deployment Key Support
9 years ago
Add check if public key name has been used
10 years ago
#334: Add Deployment Key Support
9 years ago
Add generate fingerprint of ssh key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Add generate fingerprint of ssh key
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
Basic process manager
10 years ago
add publickey & access
10 years ago
Mirror fix on public key
10 years ago
Add generate fingerprint of ssh key
10 years ago
More debug info
10 years ago
Add generate fingerprint of ssh key
10 years ago
#334: Add Deployment Key Support
9 years ago
Add generate fingerprint of ssh key
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish new web hook pages
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish new web hook pages
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish new web hook pages
10 years ago
add personal access token panel #12
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Fix #252
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Bug fix
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Finish new web hook pages
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish new web hook pages
10 years ago
#1535 Removing deploy key does not remove key
9 years ago
race condition on keydelete
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
Fix SSH key bug in windows
10 years ago
#334: Add Deployment Key Support
9 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
#1535 Removing deploy key does not remove key
9 years ago
Fix SSH key bug in windows
10 years ago
models: code fix on #818
9 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
#334: Add Deployment Key Support
9 years ago
add confirmation to delete ssh key
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
add confirmation to delete ssh key
9 years ago
#334: Add Deployment Key Support
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
#1050: Bad permissions on authorized_keys after rewrite
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
#334: Add Deployment Key Support
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models
  6. 

  7. import (
  8. 	"bufio"
  9. 	"encoding/base64"
  10. 	"encoding/binary"
  11. 	"errors"
  12. 	"fmt"
  13. 	"io"
  14. 	"io/ioutil"
  15. 	"os"
  16. 	"os/exec"
  17. 	"path"
  18. 	"path/filepath"
  19. 	"strings"
  20. 	"sync"
  21. 	"time"
  22. 

  23. 	"github.com/Unknwon/com"
  24. 	"github.com/go-xorm/xorm"
  25. 

  26. 	"github.com/gogits/gogs/modules/log"
  27. 	"github.com/gogits/gogs/modules/process"
  28. 	"github.com/gogits/gogs/modules/setting"
  29. )
  30. 

  31. const (
  32. 	// "### autogenerated by gitgos, DO NOT EDIT\n"

  33. 	_TPL_PUBLICK_KEY = `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
  34. )
  35. 

  36. var (
  37. 	ErrKeyUnableVerify = errors.New("Unable to verify public key")
  38. )
  39. 

  40. var sshOpLocker = sync.Mutex{}
  41. 

  42. var (
  43. 	SSHPath string // SSH directory.

  44. 	appPath string // Execution(binary) path.

  45. )
  46. 

  47. // exePath returns the executable path.

  48. func exePath() (string, error) {
  49. 	file, err := exec.LookPath(os.Args[0])
  50. 	if err != nil {
  51. 		return "", err
  52. 	}
  53. 	return filepath.Abs(file)
  54. }
  55. 

  56. // homeDir returns the home directory of current user.

  57. func homeDir() string {
  58. 	home, err := com.HomeDir()
  59. 	if err != nil {
  60. 		log.Fatal(4, "Fail to get home directory: %v", err)
  61. 	}
  62. 	return home
  63. }
  64. 

  65. func init() {
  66. 	var err error
  67. 

  68. 	if appPath, err = exePath(); err != nil {
  69. 		log.Fatal(4, "fail to get app path: %v\n", err)
  70. 	}
  71. 	appPath = strings.Replace(appPath, "\\", "/", -1)
  72. 

  73. 	// Determine and create .ssh path.

  74. 	SSHPath = filepath.Join(homeDir(), ".ssh")
  75. 	if err = os.MkdirAll(SSHPath, 0700); err != nil {
  76. 		log.Fatal(4, "fail to create '%s': %v", SSHPath, err)
  77. 	}
  78. }
  79. 

  80. type KeyType int
  81. 

  82. const (
  83. 	KEY_TYPE_USER = iota + 1
  84. 	KEY_TYPE_DEPLOY
  85. )
  86. 

  87. // PublicKey represents a SSH or deploy key.

  88. type PublicKey struct {
  89. 	ID                int64      `xorm:"pk autoincr"`
  90. 	OwnerID           int64      `xorm:"INDEX NOT NULL"`
  91. 	Name              string     `xorm:"NOT NULL"`
  92. 	Fingerprint       string     `xorm:"NOT NULL"`
  93. 	Content           string     `xorm:"TEXT NOT NULL"`
  94. 	Mode              AccessMode `xorm:"NOT NULL DEFAULT 2"`
  95. 	Type              KeyType    `xorm:"NOT NULL DEFAULT 1"`
  96. 	Created           time.Time  `xorm:"CREATED"`
  97. 	Updated           time.Time  // Note: Updated must below Created for AfterSet.

  98. 	HasRecentActivity bool       `xorm:"-"`
  99. 	HasUsed           bool       `xorm:"-"`
  100. }
  101. 

  102. func (k *PublicKey) AfterSet(colName string, _ xorm.Cell) {
  103. 	switch colName {
  104. 	case "created":
  105. 		k.HasUsed = k.Updated.After(k.Created)
  106. 		k.HasRecentActivity = k.Updated.Add(7 * 24 * time.Hour).After(time.Now())
  107. 	}
  108. }
  109. 

  110. // OmitEmail returns content of public key but without e-mail address.

  111. func (k *PublicKey) OmitEmail() string {
  112. 	return strings.Join(strings.Split(k.Content, " ")[:2], " ")
  113. }
  114. 

  115. // GetAuthorizedString generates and returns formatted public key string for authorized_keys file.

  116. func (key *PublicKey) GetAuthorizedString() string {
  117. 	return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content)
  118. }
  119. 

  120. func extractTypeFromBase64Key(key string) (string, error) {
  121. 	b, err := base64.StdEncoding.DecodeString(key)
  122. 	if err != nil || len(b) < 4 {
  123. 		return "", errors.New("Invalid key format")
  124. 	}
  125. 

  126. 	keyLength := int(binary.BigEndian.Uint32(b))
  127. 

  128. 	if len(b) < 4+keyLength {
  129. 		return "", errors.New("Invalid key format")
  130. 	}
  131. 

  132. 	return string(b[4 : 4+keyLength]), nil
  133. }
  134. 

  135. // parseKeyString parses any key string in openssh or ssh2 format to clean openssh string (rfc4253)

  136. func parseKeyString(content string) (string, error) {
  137. 	// Transform all legal line endings to a single "\n"

  138. 	s := strings.Replace(strings.Replace(strings.TrimSpace(content), "\r\n", "\n", -1), "\r", "\n", -1)
  139. 

  140. 	lines := strings.Split(s, "\n")
  141. 

  142. 	var keyType, keyContent, keyComment string
  143. 

  144. 	if len(lines) == 1 {
  145. 		// Parse openssh format

  146. 		parts := strings.SplitN(lines[0], " ", 3)
  147. 		switch len(parts) {
  148. 		case 0:
  149. 			return "", errors.New("Empty key")
  150. 		case 1:
  151. 			keyContent = parts[0]
  152. 		case 2:
  153. 			keyType = parts[0]
  154. 			keyContent = parts[1]
  155. 		default:
  156. 			keyType = parts[0]
  157. 			keyContent = parts[1]
  158. 			keyComment = parts[2]
  159. 		}
  160. 

  161. 		// If keyType is not given, extract it from content. If given, validate it

  162. 		if len(keyType) == 0 {
  163. 			if t, err := extractTypeFromBase64Key(keyContent); err == nil {
  164. 				keyType = t
  165. 			} else {
  166. 				return "", err
  167. 			}
  168. 		} else {
  169. 			if t, err := extractTypeFromBase64Key(keyContent); err != nil || keyType != t {
  170. 				return "", err
  171. 			}
  172. 		}
  173. 	} else {
  174. 		// Parse SSH2 file format.

  175. 		continuationLine := false
  176. 

  177. 		for _, line := range lines {
  178. 			// Skip lines that:

  179. 			// 1) are a continuation of the previous line,

  180. 			// 2) contain ":" as that are comment lines

  181. 			// 3) contain "-" as that are begin and end tags

  182. 			if continuationLine || strings.ContainsAny(line, ":-") {
  183. 				continuationLine = strings.HasSuffix(line, "\\")
  184. 			} else {
  185. 				keyContent = keyContent + line
  186. 			}
  187. 		}
  188. 

  189. 		if t, err := extractTypeFromBase64Key(keyContent); err == nil {
  190. 			keyType = t
  191. 		} else {
  192. 			return "", err
  193. 		}
  194. 	}
  195. 	return keyType + " " + keyContent + " " + keyComment, nil
  196. }
  197. 

  198. // CheckPublicKeyString checks if the given public key string is recognized by SSH.

  199. func CheckPublicKeyString(content string) (_ string, err error) {
  200. 	content, err = parseKeyString(content)
  201. 	if err != nil {
  202. 		return "", err
  203. 	}
  204. 

  205. 	content = strings.TrimRight(content, "\n\r")
  206. 	if strings.ContainsAny(content, "\n\r") {
  207. 		return "", errors.New("only a single line with a single key please")
  208. 	}
  209. 

  210. 	// write the key to a file…

  211. 	tmpFile, err := ioutil.TempFile(os.TempDir(), "keytest")
  212. 	if err != nil {
  213. 		return "", err
  214. 	}
  215. 	tmpPath := tmpFile.Name()
  216. 	defer os.Remove(tmpPath)
  217. 	tmpFile.WriteString(content)
  218. 	tmpFile.Close()
  219. 

  220. 	// Check if ssh-keygen recognizes its contents.

  221. 	stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-l", "-f", tmpPath)
  222. 	if err != nil {
  223. 		return "", errors.New("ssh-keygen -l -f: " + stderr)
  224. 	} else if len(stdout) < 2 {
  225. 		return "", errors.New("ssh-keygen returned not enough output to evaluate the key: " + stdout)
  226. 	}
  227. 

  228. 	// The ssh-keygen in Windows does not print key type, so no need go further.

  229. 	if setting.IsWindows {
  230. 		return content, nil
  231. 	}
  232. 

  233. 	sshKeygenOutput := strings.Split(stdout, " ")
  234. 	if len(sshKeygenOutput) < 4 {
  235. 		return content, ErrKeyUnableVerify
  236. 	}
  237. 

  238. 	// Check if key type and key size match.

  239. 	if !setting.Service.DisableMinimumKeySizeCheck {
  240. 		keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
  241. 		if keySize == 0 {
  242. 			return "", errors.New("cannot get key size of the given key")
  243. 		}
  244. 		keyType := strings.Trim(sshKeygenOutput[len(sshKeygenOutput)-1], " ()")
  245. 		if minimumKeySize := setting.Service.MinimumKeySizes[keyType]; minimumKeySize == 0 {
  246. 			return "", errors.New("sorry, unrecognized public key type")
  247. 		} else if keySize < minimumKeySize {
  248. 			return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
  249. 		}
  250. 	}
  251. 

  252. 	return content, nil
  253. }
  254. 

  255. // saveAuthorizedKeyFile writes SSH key content to authorized_keys file.

  256. func saveAuthorizedKeyFile(keys ...*PublicKey) error {
  257. 	sshOpLocker.Lock()
  258. 	defer sshOpLocker.Unlock()
  259. 

  260. 	fpath := filepath.Join(SSHPath, "authorized_keys")
  261. 	f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  262. 	if err != nil {
  263. 		return err
  264. 	}
  265. 	defer f.Close()
  266. 

  267. 	fi, err := f.Stat()
  268. 	if err != nil {
  269. 		return err
  270. 	}
  271. 

  272. 	// FIXME: following command does not support in Windows.

  273. 	if !setting.IsWindows {
  274. 		// .ssh directory should have mode 700, and authorized_keys file should have mode 600.

  275. 		if fi.Mode().Perm() > 0600 {
  276. 			log.Error(4, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", fi.Mode().Perm().String())
  277. 			if err = f.Chmod(0600); err != nil {
  278. 				return err
  279. 			}
  280. 		}
  281. 	}
  282. 

  283. 	for _, key := range keys {
  284. 		if _, err = f.WriteString(key.GetAuthorizedString()); err != nil {
  285. 			return err
  286. 		}
  287. 	}
  288. 	return nil
  289. }
  290. 

  291. // checkKeyContent onlys checks if key content has been used as public key,

  292. // it is OK to use same key as deploy key for multiple repositories/users.

  293. func checkKeyContent(content string) error {
  294. 	has, err := x.Get(&PublicKey{
  295. 		Content: content,
  296. 		Type:    KEY_TYPE_USER,
  297. 	})
  298. 	if err != nil {
  299. 		return err
  300. 	} else if has {
  301. 		return ErrKeyAlreadyExist{0, content}
  302. 	}
  303. 	return nil
  304. }
  305. 

  306. func addKey(e Engine, key *PublicKey) (err error) {
  307. 	// Calculate fingerprint.

  308. 	tmpPath := strings.Replace(path.Join(os.TempDir(), fmt.Sprintf("%d", time.Now().Nanosecond()),
  309. 		"id_rsa.pub"), "\\", "/", -1)
  310. 	os.MkdirAll(path.Dir(tmpPath), os.ModePerm)
  311. 	if err = ioutil.WriteFile(tmpPath, []byte(key.Content), 0644); err != nil {
  312. 		return err
  313. 	}
  314. 	stdout, stderr, err := process.Exec("AddPublicKey", "ssh-keygen", "-l", "-f", tmpPath)
  315. 	if err != nil {
  316. 		return errors.New("ssh-keygen -l -f: " + stderr)
  317. 	} else if len(stdout) < 2 {
  318. 		return errors.New("not enough output for calculating fingerprint: " + stdout)
  319. 	}
  320. 	key.Fingerprint = strings.Split(stdout, " ")[1]
  321. 

  322. 	// Save SSH key.

  323. 	if _, err = e.Insert(key); err != nil {
  324. 		return err
  325. 	}
  326. 	return saveAuthorizedKeyFile(key)
  327. }
  328. 

  329. // AddPublicKey adds new public key to database and authorized_keys file.

  330. func AddPublicKey(ownerID int64, name, content string) (err error) {
  331. 	if err = checkKeyContent(content); err != nil {
  332. 		return err
  333. 	}
  334. 

  335. 	// Key name of same user cannot be duplicated.

  336. 	has, err := x.Where("owner_id=? AND name=?", ownerID, name).Get(new(PublicKey))
  337. 	if err != nil {
  338. 		return err
  339. 	} else if has {
  340. 		return ErrKeyNameAlreadyUsed{ownerID, name}
  341. 	}
  342. 

  343. 	sess := x.NewSession()
  344. 	defer sessionRelease(sess)
  345. 	if err = sess.Begin(); err != nil {
  346. 		return err
  347. 	}
  348. 

  349. 	key := &PublicKey{
  350. 		OwnerID: ownerID,
  351. 		Name:    name,
  352. 		Content: content,
  353. 		Mode:    ACCESS_MODE_WRITE,
  354. 		Type:    KEY_TYPE_USER,
  355. 	}
  356. 	if err = addKey(sess, key); err != nil {
  357. 		return fmt.Errorf("addKey: %v", err)
  358. 	}
  359. 

  360. 	return sess.Commit()
  361. }
  362. 

  363. // GetPublicKeyByID returns public key by given ID.

  364. func GetPublicKeyByID(keyID int64) (*PublicKey, error) {
  365. 	key := new(PublicKey)
  366. 	has, err := x.Id(keyID).Get(key)
  367. 	if err != nil {
  368. 		return nil, err
  369. 	} else if !has {
  370. 		return nil, ErrKeyNotExist{keyID}
  371. 	}
  372. 	return key, nil
  373. }
  374. 

  375. // ListPublicKeys returns a list of public keys belongs to given user.

  376. func ListPublicKeys(uid int64) ([]*PublicKey, error) {
  377. 	keys := make([]*PublicKey, 0, 5)
  378. 	return keys, x.Where("owner_id=?", uid).Find(&keys)
  379. }
  380. 

  381. // rewriteAuthorizedKeys finds and deletes corresponding line in authorized_keys file.

  382. func rewriteAuthorizedKeys(key *PublicKey, p, tmpP string) error {
  383. 	fr, err := os.Open(p)
  384. 	if err != nil {
  385. 		return err
  386. 	}
  387. 	defer fr.Close()
  388. 

  389. 	fw, err := os.OpenFile(tmpP, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  390. 	if err != nil {
  391. 		return err
  392. 	}
  393. 	defer fw.Close()
  394. 

  395. 	isFound := false
  396. 	keyword := fmt.Sprintf("key-%d", key.ID)
  397. 	buf := bufio.NewReader(fr)
  398. 	for {
  399. 		line, errRead := buf.ReadString('\n')
  400. 		line = strings.TrimSpace(line)
  401. 

  402. 		if errRead != nil {
  403. 			if errRead != io.EOF {
  404. 				return errRead
  405. 			}
  406. 

  407. 			// Reached end of file, if nothing to read then break,

  408. 			// otherwise handle the last line.

  409. 			if len(line) == 0 {
  410. 				break
  411. 			}
  412. 		}
  413. 

  414. 		// Found the line and copy rest of file.

  415. 		if !isFound && strings.Contains(line, keyword) && strings.Contains(line, key.Content) {
  416. 			isFound = true
  417. 			continue
  418. 		}
  419. 		// Still finding the line, copy the line that currently read.

  420. 		if _, err = fw.WriteString(line + "\n"); err != nil {
  421. 			return err
  422. 		}
  423. 

  424. 		if errRead == io.EOF {
  425. 			break
  426. 		}
  427. 	}
  428. 	return nil
  429. }
  430. 

  431. // UpdatePublicKey updates given public key.

  432. func UpdatePublicKey(key *PublicKey) error {
  433. 	_, err := x.Id(key.ID).AllCols().Update(key)
  434. 	return err
  435. }
  436. 

  437. func deletePublicKey(e *xorm.Session, keyID int64) error {
  438. 	sshOpLocker.Lock()
  439. 	defer sshOpLocker.Unlock()
  440. 

  441. 	key := &PublicKey{ID: keyID}
  442. 	has, err := e.Get(key)
  443. 	if err != nil {
  444. 		return err
  445. 	} else if !has {
  446. 		return nil
  447. 	}
  448. 

  449. 	if _, err = e.Id(key.ID).Delete(new(PublicKey)); err != nil {
  450. 		return err
  451. 	}
  452. 

  453. 	fpath := filepath.Join(SSHPath, "authorized_keys")
  454. 	tmpPath := filepath.Join(SSHPath, "authorized_keys.tmp")
  455. 	if err = rewriteAuthorizedKeys(key, fpath, tmpPath); err != nil {
  456. 		return err
  457. 	} else if err = os.Remove(fpath); err != nil {
  458. 		return err
  459. 	}
  460. 	return os.Rename(tmpPath, fpath)
  461. }
  462. 

  463. // DeletePublicKey deletes SSH key information both in database and authorized_keys file.

  464. func DeletePublicKey(id int64) (err error) {
  465. 	has, err := x.Id(id).Get(new(PublicKey))
  466. 	if err != nil {
  467. 		return err
  468. 	} else if !has {
  469. 		return nil
  470. 	}
  471. 

  472. 	sess := x.NewSession()
  473. 	defer sessionRelease(sess)
  474. 	if err = sess.Begin(); err != nil {
  475. 		return err
  476. 	}
  477. 

  478. 	if err = deletePublicKey(sess, id); err != nil {
  479. 		return err
  480. 	}
  481. 

  482. 	return sess.Commit()
  483. }
  484. 

  485. // RewriteAllPublicKeys removes any authorized key and rewrite all keys from database again.

  486. func RewriteAllPublicKeys() error {
  487. 	sshOpLocker.Lock()
  488. 	defer sshOpLocker.Unlock()
  489. 

  490. 	tmpPath := filepath.Join(SSHPath, "authorized_keys.tmp")
  491. 	f, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
  492. 	if err != nil {
  493. 		return err
  494. 	}
  495. 	defer os.Remove(tmpPath)
  496. 

  497. 	err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
  498. 		_, err = f.WriteString((bean.(*PublicKey)).GetAuthorizedString())
  499. 		return err
  500. 	})
  501. 	f.Close()
  502. 	if err != nil {
  503. 		return err
  504. 	}
  505. 

  506. 	fpath := filepath.Join(SSHPath, "authorized_keys")
  507. 	if com.IsExist(fpath) {
  508. 		if err = os.Remove(fpath); err != nil {
  509. 			return err
  510. 		}
  511. 	}
  512. 	if err = os.Rename(tmpPath, fpath); err != nil {
  513. 		return err
  514. 	}
  515. 

  516. 	return nil
  517. }
  518. 

  519. // ________                .__                 ____  __.

  520. // \______ \   ____ ______ |  |   ____ ___.__.|    |/ _|____ ___.__.

  521. //  |    |  \_/ __ \\____ \|  |  /  _ <   |  ||      <_/ __ <   |  |

  522. //  |    `   \  ___/|  |_> >  |_(  <_> )___  ||    |  \  ___/\___  |

  523. // /_______  /\___  >   __/|____/\____// ____||____|__ \___  > ____|

  524. //         \/     \/|__|               \/             \/   \/\/

  525. 

  526. // DeployKey represents deploy key information and its relation with repository.

  527. type DeployKey struct {
  528. 	ID                int64 `xorm:"pk autoincr"`
  529. 	KeyID             int64 `xorm:"UNIQUE(s) INDEX"`
  530. 	RepoID            int64 `xorm:"UNIQUE(s) INDEX"`
  531. 	Name              string
  532. 	Fingerprint       string
  533. 	Created           time.Time `xorm:"CREATED"`
  534. 	Updated           time.Time // Note: Updated must below Created for AfterSet.

  535. 	HasRecentActivity bool      `xorm:"-"`
  536. 	HasUsed           bool      `xorm:"-"`
  537. }
  538. 

  539. func (k *DeployKey) AfterSet(colName string, _ xorm.Cell) {
  540. 	switch colName {
  541. 	case "created":
  542. 		k.HasUsed = k.Updated.After(k.Created)
  543. 		k.HasRecentActivity = k.Updated.Add(7 * 24 * time.Hour).After(time.Now())
  544. 	}
  545. }
  546. 

  547. func checkDeployKey(e Engine, keyID, repoID int64, name string) error {
  548. 	// Note: We want error detail, not just true or false here.

  549. 	has, err := e.Where("key_id=? AND repo_id=?", keyID, repoID).Get(new(DeployKey))
  550. 	if err != nil {
  551. 		return err
  552. 	} else if has {
  553. 		return ErrDeployKeyAlreadyExist{keyID, repoID}
  554. 	}
  555. 

  556. 	has, err = e.Where("repo_id=? AND name=?", repoID, name).Get(new(DeployKey))
  557. 	if err != nil {
  558. 		return err
  559. 	} else if has {
  560. 		return ErrDeployKeyNameAlreadyUsed{repoID, name}
  561. 	}
  562. 

  563. 	return nil
  564. }
  565. 

  566. // addDeployKey adds new key-repo relation.

  567. func addDeployKey(e *xorm.Session, keyID, repoID int64, name, fingerprint string) (err error) {
  568. 	if err = checkDeployKey(e, keyID, repoID, name); err != nil {
  569. 		return err
  570. 	}
  571. 

  572. 	_, err = e.Insert(&DeployKey{
  573. 		KeyID:       keyID,
  574. 		RepoID:      repoID,
  575. 		Name:        name,
  576. 		Fingerprint: fingerprint,
  577. 	})
  578. 	return err
  579. }
  580. 

  581. // HasDeployKey returns true if public key is a deploy key of given repository.

  582. func HasDeployKey(keyID, repoID int64) bool {
  583. 	has, _ := x.Where("key_id=? AND repo_id=?", keyID, repoID).Get(new(DeployKey))
  584. 	return has
  585. }
  586. 

  587. // AddDeployKey add new deploy key to database and authorized_keys file.

  588. func AddDeployKey(repoID int64, name, content string) (err error) {
  589. 	if err = checkKeyContent(content); err != nil {
  590. 		return err
  591. 	}
  592. 

  593. 	key := &PublicKey{
  594. 		Content: content,
  595. 		Mode:    ACCESS_MODE_READ,
  596. 		Type:    KEY_TYPE_DEPLOY,
  597. 	}
  598. 	has, err := x.Get(key)
  599. 	if err != nil {
  600. 		return err
  601. 	}
  602. 

  603. 	sess := x.NewSession()
  604. 	defer sessionRelease(sess)
  605. 	if err = sess.Begin(); err != nil {
  606. 		return err
  607. 	}
  608. 

  609. 	// First time use this deploy key.

  610. 	if !has {
  611. 		if err = addKey(sess, key); err != nil {
  612. 			return nil
  613. 		}
  614. 	}
  615. 

  616. 	if err = addDeployKey(sess, key.ID, repoID, name, key.Fingerprint); err != nil {
  617. 		return err
  618. 	}
  619. 

  620. 	return sess.Commit()
  621. }
  622. 

  623. // GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.

  624. func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error) {
  625. 	key := &DeployKey{
  626. 		KeyID:  keyID,
  627. 		RepoID: repoID,
  628. 	}
  629. 	_, err := x.Get(key)
  630. 	return key, err
  631. }
  632. 

  633. // UpdateDeployKey updates deploy key information.

  634. func UpdateDeployKey(key *DeployKey) error {
  635. 	_, err := x.Id(key.ID).AllCols().Update(key)
  636. 	return err
  637. }
  638. 

  639. // DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.

  640. func DeleteDeployKey(id int64) error {
  641. 	key := &DeployKey{ID: id}
  642. 	has, err := x.Id(key.ID).Get(key)
  643. 	if err != nil {
  644. 		return err
  645. 	} else if !has {
  646. 		return nil
  647. 	}
  648. 

  649. 	sess := x.NewSession()
  650. 	defer sessionRelease(sess)
  651. 	if err = sess.Begin(); err != nil {
  652. 		return err
  653. 	}
  654. 

  655. 	if _, err = sess.Id(key.ID).Delete(new(DeployKey)); err != nil {
  656. 		return fmt.Errorf("delete deploy key[%d]: %v", key.ID, err)
  657. 	}
  658. 

  659. 	// Check if this is the last reference to same key content.

  660. 	has, err = sess.Where("key_id=?", key.KeyID).Get(new(DeployKey))
  661. 	if err != nil {
  662. 		return err
  663. 	} else if !has {
  664. 		if err = deletePublicKey(sess, key.KeyID); err != nil {
  665. 			return err
  666. 		}
  667. 	}
  668. 

  669. 	return sess.Commit()
  670. }
  671. 

  672. // ListDeployKeys returns all deploy keys by given repository ID.

  673. func ListDeployKeys(repoID int64) ([]*DeployKey, error) {
  674. 	keys := make([]*DeployKey, 0, 5)
  675. 	return keys, x.Where("repo_id=?", repoID).Find(&keys)
  676. }