closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1768 Commits
2 Branches
178 MiB
Tree: 6bdb8ec4b9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6bdb8ec4b9'
${ noResults }
gitea/models/publickey.go

334 lines
8.5 KiB
Raw Normal View History

Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
Bug fix
10 years ago
add publickey & access
10 years ago
Finish issue design
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Bug fix
10 years ago
Add generate fingerprint of ssh key
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Update
10 years ago
Fix SSH key bug in windows
10 years ago
Basic process manager
10 years ago
Work #475 and #458
10 years ago
add publickey & access
10 years ago
Add postgres support, clean code, code review
10 years ago
Finish issue design
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Basic admin data table, models changes
10 years ago
Improve delete SSH key
10 years ago
Mirror fix on add ssh key
10 years ago
Basic admin data table, models changes
10 years ago
Add postgres support, clean code, code review
10 years ago
Basic admin data table, models changes
10 years ago
Add gogs fix location command
10 years ago
Improve delete SSH key
10 years ago
add publickey & access
10 years ago
Bug fix
10 years ago
Add postgres support, clean code, code review
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
add publickey
10 years ago
Add postgres support, clean code, code review
10 years ago
Bug fix
10 years ago
New UI merge in progress
10 years ago
add publickey
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Add postgres support, clean code, code review
10 years ago
Add gogs fix location command
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
New UI merge in progress
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
New UI merge in progress
10 years ago
add publickey & access
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
New UI merge in progress
10 years ago
support dsa key format
10 years ago
New UI merge in progress
10 years ago
More debug info
10 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
New UI merge in progress
10 years ago
Work on ssh key issue
10 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
Mirror fix on add ssh key
10 years ago
New UI merge in progress
10 years ago
Mirror fix on add ssh key
10 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
More debug info
10 years ago
New UI merge in progress
10 years ago
More debug info
10 years ago
New UI merge in progress
10 years ago
More debug info
10 years ago
New UI merge in progress
10 years ago
Finish issue design
10 years ago
Add gogs fix location command
10 years ago
Finish issue design
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
Fix mirror UI style and work on #475
10 years ago
Work #475 and #458
10 years ago
Fix mirror UI style and work on #475
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
Finish issue design
10 years ago
Add generate fingerprint of ssh key
10 years ago
Fix #165
10 years ago
Add check if public key name has been used
10 years ago
Add generate fingerprint of ssh key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Add generate fingerprint of ssh key
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Basic process manager
10 years ago
add publickey & access
10 years ago
Mirror fix on public key
10 years ago
Add generate fingerprint of ssh key
10 years ago
More debug info
10 years ago
Add generate fingerprint of ssh key
10 years ago
Fix #165
10 years ago
Add generate fingerprint of ssh key
10 years ago
Finish issue design
10 years ago
Fix #165
10 years ago
Add generate fingerprint of ssh key
10 years ago
add publickey & access
10 years ago
Finish new web hook pages
10 years ago
add personal access token panel #12
10 years ago
New UI merge in progress
10 years ago
add personal access token panel #12
10 years ago
New UI merge in progress
10 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Fix #252
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Bug fix
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Finish new web hook pages
10 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
Fix #165
10 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
Fix #165
10 years ago
Fix SSH key bug in windows
10 years ago
Add gogs fix location command
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models
  6. 

  7. import (
  8. 	"bufio"
  9. 	"errors"
  10. 	"fmt"
  11. 	"io"
  12. 	"io/ioutil"
  13. 	"os"
  14. 	"os/exec"
  15. 	"path"
  16. 	"path/filepath"
  17. 	"strings"
  18. 	"sync"
  19. 	"time"
  20. 

  21. 	"github.com/Unknwon/com"
  22. 

  23. 	"github.com/gogits/gogs/modules/log"
  24. 	"github.com/gogits/gogs/modules/process"
  25. 	"github.com/gogits/gogs/modules/setting"
  26. )
  27. 

  28. const (
  29. 	// "### autogenerated by gitgos, DO NOT EDIT\n"

  30. 	_TPL_PUBLICK_KEY = `command="%s serv key-%d",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
  31. )
  32. 

  33. var (
  34. 	ErrKeyAlreadyExist = errors.New("Public key already exist")
  35. 	ErrKeyNotExist     = errors.New("Public key does not exist")
  36. 	ErrKeyUnableVerify = errors.New("Unable to verify public key")
  37. )
  38. 

  39. var sshOpLocker = sync.Mutex{}
  40. 

  41. var (
  42. 	SshPath string // SSH directory.

  43. 	appPath string // Execution(binary) path.

  44. )
  45. 

  46. // exePath returns the executable path.

  47. func exePath() (string, error) {
  48. 	file, err := exec.LookPath(os.Args[0])
  49. 	if err != nil {
  50. 		return "", err
  51. 	}
  52. 	return filepath.Abs(file)
  53. }
  54. 

  55. // homeDir returns the home directory of current user.

  56. func homeDir() string {
  57. 	home, err := com.HomeDir()
  58. 	if err != nil {
  59. 		log.Fatal(4, "Fail to get home directory: %v", err)
  60. 	}
  61. 	return home
  62. }
  63. 

  64. func init() {
  65. 	var err error
  66. 

  67. 	if appPath, err = exePath(); err != nil {
  68. 		log.Fatal(4, "fail to get app path: %v\n", err)
  69. 	}
  70. 	appPath = strings.Replace(appPath, "\\", "/", -1)
  71. 

  72. 	// Determine and create .ssh path.

  73. 	SshPath = filepath.Join(homeDir(), ".ssh")
  74. 	if err = os.MkdirAll(SshPath, 0700); err != nil {
  75. 		log.Fatal(4, "fail to create SshPath(%s): %v\n", SshPath, err)
  76. 	}
  77. }
  78. 

  79. // PublicKey represents a SSH key.

  80. type PublicKey struct {
  81. 	Id                int64
  82. 	OwnerId           int64  `xorm:"UNIQUE(s) INDEX NOT NULL"`
  83. 	Name              string `xorm:"UNIQUE(s) NOT NULL"`
  84. 	Fingerprint       string
  85. 	Content           string    `xorm:"TEXT NOT NULL"`
  86. 	Created           time.Time `xorm:"CREATED"`
  87. 	Updated           time.Time
  88. 	HasRecentActivity bool `xorm:"-"`
  89. 	HasUsed           bool `xorm:"-"`
  90. }
  91. 

  92. // GetAuthorizedString generates and returns formatted public key string for authorized_keys file.

  93. func (key *PublicKey) GetAuthorizedString() string {
  94. 	return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.Id, key.Content)
  95. }
  96. 

  97. var (
  98. 	MinimumKeySize = map[string]int{
  99. 		"(ED25519)": 256,
  100. 		"(ECDSA)":   256,
  101. 		"(NTRU)":    1087,
  102. 		"(MCE)":     1702,
  103. 		"(McE)":     1702,
  104. 		"(RSA)":     2048,
  105. 		"(DSA)":     1024,
  106. 	}
  107. )
  108. 

  109. // CheckPublicKeyString checks if the given public key string is recognized by SSH.

  110. func CheckPublicKeyString(content string) (bool, error) {
  111. 	if strings.ContainsAny(content, "\n\r") {
  112. 		return false, errors.New("only a single line with a single key please")
  113. 	}
  114. 

  115. 	// write the key to a file…

  116. 	tmpFile, err := ioutil.TempFile(os.TempDir(), "keytest")
  117. 	if err != nil {
  118. 		return false, err
  119. 	}
  120. 	tmpPath := tmpFile.Name()
  121. 	defer os.Remove(tmpPath)
  122. 	tmpFile.WriteString(content)
  123. 	tmpFile.Close()
  124. 

  125. 	// Check if ssh-keygen recognizes its contents.

  126. 	stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-l", "-f", tmpPath)
  127. 	if err != nil {
  128. 		return false, errors.New("ssh-keygen -l -f: " + stderr)
  129. 	} else if len(stdout) < 2 {
  130. 		return false, errors.New("ssh-keygen returned not enough output to evaluate the key: " + stdout)
  131. 	}
  132. 

  133. 	// The ssh-keygen in Windows does not print key type, so no need go further.

  134. 	if setting.IsWindows {
  135. 		return true, nil
  136. 	}
  137. 

  138. 	fmt.Println(stdout)
  139. 	sshKeygenOutput := strings.Split(stdout, " ")
  140. 	if len(sshKeygenOutput) < 4 {
  141. 		return false, ErrKeyUnableVerify
  142. 	}
  143. 

  144. 	// Check if key type and key size match.

  145. 	keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
  146. 	if keySize == 0 {
  147. 		return false, errors.New("cannot get key size of the given key")
  148. 	}
  149. 	keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
  150. 	if minimumKeySize := MinimumKeySize[keyType]; minimumKeySize == 0 {
  151. 		return false, errors.New("sorry, unrecognized public key type")
  152. 	} else if keySize < minimumKeySize {
  153. 		return false, fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
  154. 	}
  155. 

  156. 	return true, nil
  157. }
  158. 

  159. // saveAuthorizedKeyFile writes SSH key content to authorized_keys file.

  160. func saveAuthorizedKeyFile(key *PublicKey) error {
  161. 	sshOpLocker.Lock()
  162. 	defer sshOpLocker.Unlock()
  163. 

  164. 	fpath := filepath.Join(SshPath, "authorized_keys")
  165. 	f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  166. 	if err != nil {
  167. 		return err
  168. 	}
  169. 	defer f.Close()
  170. 	finfo, err := f.Stat()
  171. 	if err != nil {
  172. 		return err
  173. 	}
  174. 

  175. 	// FIXME: following command does not support in Windows.

  176. 	if !setting.IsWindows {
  177. 		if finfo.Mode().Perm() > 0600 {
  178. 			log.Error(4, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", finfo.Mode().Perm().String())
  179. 			if err = f.Chmod(0600); err != nil {
  180. 				return err
  181. 			}
  182. 		}
  183. 	}
  184. 

  185. 	_, err = f.WriteString(key.GetAuthorizedString())
  186. 	return err
  187. }
  188. 

  189. // AddPublicKey adds new public key to database and authorized_keys file.

  190. func AddPublicKey(key *PublicKey) (err error) {
  191. 	has, err := x.Get(key)
  192. 	if err != nil {
  193. 		return err
  194. 	} else if has {
  195. 		return ErrKeyAlreadyExist
  196. 	}
  197. 

  198. 	// Calculate fingerprint.

  199. 	tmpPath := strings.Replace(path.Join(os.TempDir(), fmt.Sprintf("%d", time.Now().Nanosecond()),
  200. 		"id_rsa.pub"), "\\", "/", -1)
  201. 	os.MkdirAll(path.Dir(tmpPath), os.ModePerm)
  202. 	if err = ioutil.WriteFile(tmpPath, []byte(key.Content), os.ModePerm); err != nil {
  203. 		return err
  204. 	}
  205. 	stdout, stderr, err := process.Exec("AddPublicKey", "ssh-keygen", "-l", "-f", tmpPath)
  206. 	if err != nil {
  207. 		return errors.New("ssh-keygen -l -f: " + stderr)
  208. 	} else if len(stdout) < 2 {
  209. 		return errors.New("not enough output for calculating fingerprint: " + stdout)
  210. 	}
  211. 	key.Fingerprint = strings.Split(stdout, " ")[1]
  212. 

  213. 	// Save SSH key.

  214. 	if _, err = x.Insert(key); err != nil {
  215. 		return err
  216. 	} else if err = saveAuthorizedKeyFile(key); err != nil {
  217. 		// Roll back.

  218. 		if _, err2 := x.Delete(key); err2 != nil {
  219. 			return err2
  220. 		}
  221. 		return err
  222. 	}
  223. 

  224. 	return nil
  225. }
  226. 

  227. // GetPublicKeyById returns public key by given ID.

  228. func GetPublicKeyById(keyId int64) (*PublicKey, error) {
  229. 	key := new(PublicKey)
  230. 	has, err := x.Id(keyId).Get(key)
  231. 	if err != nil {
  232. 		return nil, err
  233. 	} else if !has {
  234. 		return nil, ErrKeyNotExist
  235. 	}
  236. 	return key, nil
  237. }
  238. 

  239. // ListPublicKeys returns a list of public keys belongs to given user.

  240. func ListPublicKeys(uid int64) ([]*PublicKey, error) {
  241. 	keys := make([]*PublicKey, 0, 5)
  242. 	err := x.Where("owner_id=?", uid).Find(&keys)
  243. 	if err != nil {
  244. 		return nil, err
  245. 	}
  246. 

  247. 	for _, key := range keys {
  248. 		key.HasUsed = key.Updated.After(key.Created)
  249. 		key.HasRecentActivity = key.Updated.Add(7 * 24 * time.Hour).After(time.Now())
  250. 	}
  251. 	return keys, nil
  252. }
  253. 

  254. // rewriteAuthorizedKeys finds and deletes corresponding line in authorized_keys file.

  255. func rewriteAuthorizedKeys(key *PublicKey, p, tmpP string) error {
  256. 	sshOpLocker.Lock()
  257. 	defer sshOpLocker.Unlock()
  258. 

  259. 	fr, err := os.Open(p)
  260. 	if err != nil {
  261. 		return err
  262. 	}
  263. 	defer fr.Close()
  264. 

  265. 	fw, err := os.OpenFile(tmpP, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  266. 	if err != nil {
  267. 		return err
  268. 	}
  269. 	defer fw.Close()
  270. 

  271. 	isFound := false
  272. 	keyword := fmt.Sprintf("key-%d", key.Id)
  273. 	buf := bufio.NewReader(fr)
  274. 	for {
  275. 		line, errRead := buf.ReadString('\n')
  276. 		line = strings.TrimSpace(line)
  277. 

  278. 		if errRead != nil {
  279. 			if errRead != io.EOF {
  280. 				return errRead
  281. 			}
  282. 

  283. 			// Reached end of file, if nothing to read then break,

  284. 			// otherwise handle the last line.

  285. 			if len(line) == 0 {
  286. 				break
  287. 			}
  288. 		}
  289. 

  290. 		// Found the line and copy rest of file.

  291. 		if !isFound && strings.Contains(line, keyword) && strings.Contains(line, key.Content) {
  292. 			isFound = true
  293. 			continue
  294. 		}
  295. 		// Still finding the line, copy the line that currently read.

  296. 		if _, err = fw.WriteString(line + "\n"); err != nil {
  297. 			return err
  298. 		}
  299. 

  300. 		if errRead == io.EOF {
  301. 			break
  302. 		}
  303. 	}
  304. 	return nil
  305. }
  306. 

  307. // UpdatePublicKey updates given public key.

  308. func UpdatePublicKey(key *PublicKey) error {
  309. 	_, err := x.Id(key.Id).AllCols().Update(key)
  310. 	return err
  311. }
  312. 

  313. // DeletePublicKey deletes SSH key information both in database and authorized_keys file.

  314. func DeletePublicKey(key *PublicKey) error {
  315. 	has, err := x.Get(key)
  316. 	if err != nil {
  317. 		return err
  318. 	} else if !has {
  319. 		return ErrKeyNotExist
  320. 	}
  321. 

  322. 	if _, err = x.Delete(key); err != nil {
  323. 		return err
  324. 	}
  325. 

  326. 	fpath := filepath.Join(SshPath, "authorized_keys")
  327. 	tmpPath := filepath.Join(SshPath, "authorized_keys.tmp")
  328. 	if err = rewriteAuthorizedKeys(key, fpath, tmpPath); err != nil {
  329. 		return err
  330. 	} else if err = os.Remove(fpath); err != nil {
  331. 		return err
  332. 	}
  333. 	return os.Rename(tmpPath, fpath)
  334. }