closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1674 Commits
2 Branches
178 MiB
Tree: 79262173a6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '79262173a6'
${ noResults }
gitea/models/publickey.go

332 lines
8.4 KiB
Raw Normal View History

Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
Bug fix
10 years ago
add publickey & access
10 years ago
Finish issue design
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Bug fix
10 years ago
Add generate fingerprint of ssh key
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Update
10 years ago
Fix SSH key bug in windows
10 years ago
Basic process manager
10 years ago
Work #475 and #458
10 years ago
add publickey & access
10 years ago
Add postgres support, clean code, code review
10 years ago
Finish issue design
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Basic admin data table, models changes
10 years ago
Improve delete SSH key
10 years ago
Basic admin data table, models changes
10 years ago
Add postgres support, clean code, code review
10 years ago
Basic admin data table, models changes
10 years ago
Add gogs fix location command
10 years ago
Improve delete SSH key
10 years ago
add publickey & access
10 years ago
Bug fix
10 years ago
Add postgres support, clean code, code review
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
add publickey
10 years ago
Add postgres support, clean code, code review
10 years ago
Bug fix
10 years ago
New UI merge in progress
10 years ago
add publickey
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Add postgres support, clean code, code review
10 years ago
Add gogs fix location command
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
New UI merge in progress
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
New UI merge in progress
10 years ago
add publickey & access
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
New UI merge in progress
10 years ago
support dsa key format
10 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
New UI merge in progress
10 years ago
Finish issue design
10 years ago
Add gogs fix location command
10 years ago
Finish issue design
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
Fix mirror UI style and work on #475
10 years ago
Work #475 and #458
10 years ago
Fix mirror UI style and work on #475
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
Finish issue design
10 years ago
Add generate fingerprint of ssh key
10 years ago
Fix #165
10 years ago
Add check if public key name has been used
10 years ago
Add generate fingerprint of ssh key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Add generate fingerprint of ssh key
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Basic process manager
10 years ago
add publickey & access
10 years ago
Mirror fix on public key
10 years ago
Add generate fingerprint of ssh key
10 years ago
Fix #165
10 years ago
Add generate fingerprint of ssh key
10 years ago
Finish issue design
10 years ago
Fix #165
10 years ago
Add generate fingerprint of ssh key
10 years ago
add publickey & access
10 years ago
Finish new web hook pages
10 years ago
Finish issue design
10 years ago
New UI merge in progress
10 years ago
Fix #165
10 years ago
New UI merge in progress
10 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Fix #252
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Bug fix
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Finish new web hook pages
10 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
Fix #165
10 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
Fix #165
10 years ago
Fix SSH key bug in windows
10 years ago
Add gogs fix location command
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models
  6. 

  7. import (
  8. 	"bufio"
  9. 	"errors"
  10. 	"fmt"
  11. 	"io"
  12. 	"io/ioutil"
  13. 	"os"
  14. 	"os/exec"
  15. 	"path"
  16. 	"path/filepath"
  17. 	"strings"
  18. 	"sync"
  19. 	"time"
  20. 

  21. 	"github.com/Unknwon/com"
  22. 

  23. 	"github.com/gogits/gogs/modules/log"
  24. 	"github.com/gogits/gogs/modules/process"
  25. 	"github.com/gogits/gogs/modules/setting"
  26. )
  27. 

  28. const (
  29. 	// "### autogenerated by gitgos, DO NOT EDIT\n"

  30. 	_TPL_PUBLICK_KEY = `command="%s serv key-%d",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
  31. )
  32. 

  33. var (
  34. 	ErrKeyAlreadyExist = errors.New("Public key already exist")
  35. 	ErrKeyNotExist     = errors.New("Public key does not exist")
  36. )
  37. 

  38. var sshOpLocker = sync.Mutex{}
  39. 

  40. var (
  41. 	SshPath string // SSH directory.

  42. 	appPath string // Execution(binary) path.

  43. )
  44. 

  45. // exePath returns the executable path.

  46. func exePath() (string, error) {
  47. 	file, err := exec.LookPath(os.Args[0])
  48. 	if err != nil {
  49. 		return "", err
  50. 	}
  51. 	return filepath.Abs(file)
  52. }
  53. 

  54. // homeDir returns the home directory of current user.

  55. func homeDir() string {
  56. 	home, err := com.HomeDir()
  57. 	if err != nil {
  58. 		log.Fatal(4, "Fail to get home directory: %v", err)
  59. 	}
  60. 	return home
  61. }
  62. 

  63. func init() {
  64. 	var err error
  65. 

  66. 	if appPath, err = exePath(); err != nil {
  67. 		log.Fatal(4, "fail to get app path: %v\n", err)
  68. 	}
  69. 	appPath = strings.Replace(appPath, "\\", "/", -1)
  70. 

  71. 	// Determine and create .ssh path.

  72. 	SshPath = filepath.Join(homeDir(), ".ssh")
  73. 	if err = os.MkdirAll(SshPath, 0700); err != nil {
  74. 		log.Fatal(4, "fail to create SshPath(%s): %v\n", SshPath, err)
  75. 	}
  76. }
  77. 

  78. // PublicKey represents a SSH key.

  79. type PublicKey struct {
  80. 	Id                int64
  81. 	OwnerId           int64  `xorm:"UNIQUE(s) INDEX NOT NULL"`
  82. 	Name              string `xorm:"UNIQUE(s) NOT NULL"`
  83. 	Fingerprint       string
  84. 	Content           string    `xorm:"TEXT NOT NULL"`
  85. 	Created           time.Time `xorm:"CREATED"`
  86. 	Updated           time.Time
  87. 	HasRecentActivity bool `xorm:"-"`
  88. 	HasUsed           bool `xorm:"-"`
  89. }
  90. 

  91. // GetAuthorizedString generates and returns formatted public key string for authorized_keys file.

  92. func (key *PublicKey) GetAuthorizedString() string {
  93. 	return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.Id, key.Content)
  94. }
  95. 

  96. var (
  97. 	MinimumKeySize = map[string]int{
  98. 		"(ED25519)": 256,
  99. 		"(ECDSA)":   256,
  100. 		"(NTRU)":    1087,
  101. 		"(MCE)":     1702,
  102. 		"(McE)":     1702,
  103. 		"(RSA)":     2048,
  104. 		"(DSA)":     1024,
  105. 	}
  106. )
  107. 

  108. // CheckPublicKeyString checks if the given public key string is recognized by SSH.

  109. func CheckPublicKeyString(content string) (bool, error) {
  110. 	if strings.ContainsAny(content, "\n\r") {
  111. 		return false, errors.New("Only a single line with a single key please")
  112. 	}
  113. 

  114. 	// write the key to a file…

  115. 	tmpFile, err := ioutil.TempFile(os.TempDir(), "keytest")
  116. 	if err != nil {
  117. 		return false, err
  118. 	}
  119. 	tmpPath := tmpFile.Name()
  120. 	defer os.Remove(tmpPath)
  121. 	tmpFile.WriteString(content)
  122. 	tmpFile.Close()
  123. 

  124. 	// Check if ssh-keygen recognizes its contents.

  125. 	stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-l", "-f", tmpPath)
  126. 	if err != nil {
  127. 		return false, errors.New("ssh-keygen -l -f: " + stderr)
  128. 	} else if len(stdout) < 2 {
  129. 		return false, errors.New("ssh-keygen returned not enough output to evaluate the key")
  130. 	}
  131. 

  132. 	// The ssh-keygen in Windows does not print key type, so no need go further.

  133. 	if setting.IsWindows {
  134. 		return true, nil
  135. 	}
  136. 

  137. 	sshKeygenOutput := strings.Split(stdout, " ")
  138. 	if len(sshKeygenOutput) < 4 {
  139. 		return false, errors.New("Not enough fields returned by ssh-keygen -l -f")
  140. 	}
  141. 

  142. 	// Check if key type and key size match.

  143. 	keySize, err := com.StrTo(sshKeygenOutput[0]).Int()
  144. 	if err != nil {
  145. 		return false, errors.New("Cannot get key size of the given key")
  146. 	}
  147. 	keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
  148. 	if minimumKeySize := MinimumKeySize[keyType]; minimumKeySize == 0 {
  149. 		return false, errors.New("Sorry, unrecognized public key type")
  150. 	} else if keySize < minimumKeySize {
  151. 		return false, fmt.Errorf("The minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
  152. 	}
  153. 

  154. 	return true, nil
  155. }
  156. 

  157. // saveAuthorizedKeyFile writes SSH key content to authorized_keys file.

  158. func saveAuthorizedKeyFile(key *PublicKey) error {
  159. 	sshOpLocker.Lock()
  160. 	defer sshOpLocker.Unlock()
  161. 

  162. 	fpath := filepath.Join(SshPath, "authorized_keys")
  163. 	f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  164. 	if err != nil {
  165. 		return err
  166. 	}
  167. 	defer f.Close()
  168. 	finfo, err := f.Stat()
  169. 	if err != nil {
  170. 		return err
  171. 	}
  172. 

  173. 	// FIXME: following command does not support in Windows.

  174. 	if !setting.IsWindows {
  175. 		if finfo.Mode().Perm() > 0600 {
  176. 			log.Error(4, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", finfo.Mode().Perm().String())
  177. 			if err = f.Chmod(0600); err != nil {
  178. 				return err
  179. 			}
  180. 		}
  181. 	}
  182. 

  183. 	_, err = f.WriteString(key.GetAuthorizedString())
  184. 	return err
  185. }
  186. 

  187. // AddPublicKey adds new public key to database and authorized_keys file.

  188. func AddPublicKey(key *PublicKey) (err error) {
  189. 	has, err := x.Get(key)
  190. 	if err != nil {
  191. 		return err
  192. 	} else if has {
  193. 		return ErrKeyAlreadyExist
  194. 	}
  195. 

  196. 	// Calculate fingerprint.

  197. 	tmpPath := strings.Replace(path.Join(os.TempDir(), fmt.Sprintf("%d", time.Now().Nanosecond()),
  198. 		"id_rsa.pub"), "\\", "/", -1)
  199. 	os.MkdirAll(path.Dir(tmpPath), os.ModePerm)
  200. 	if err = ioutil.WriteFile(tmpPath, []byte(key.Content), os.ModePerm); err != nil {
  201. 		return err
  202. 	}
  203. 	stdout, stderr, err := process.Exec("AddPublicKey", "ssh-keygen", "-l", "-f", tmpPath)
  204. 	if err != nil {
  205. 		return errors.New("ssh-keygen -l -f: " + stderr)
  206. 	} else if len(stdout) < 2 {
  207. 		return errors.New("Not enough output for calculating fingerprint")
  208. 	}
  209. 	key.Fingerprint = strings.Split(stdout, " ")[1]
  210. 

  211. 	// Save SSH key.

  212. 	if _, err = x.Insert(key); err != nil {
  213. 		return err
  214. 	} else if err = saveAuthorizedKeyFile(key); err != nil {
  215. 		// Roll back.

  216. 		if _, err2 := x.Delete(key); err2 != nil {
  217. 			return err2
  218. 		}
  219. 		return err
  220. 	}
  221. 

  222. 	return nil
  223. }
  224. 

  225. // GetPublicKeyById returns public key by given ID.

  226. func GetPublicKeyById(keyId int64) (*PublicKey, error) {
  227. 	key := new(PublicKey)
  228. 	has, err := x.Id(keyId).Get(key)
  229. 	if err != nil {
  230. 		return nil, err
  231. 	} else if !has {
  232. 		return nil, ErrKeyNotExist
  233. 	}
  234. 	return key, nil
  235. }
  236. 

  237. // ListPublicKey returns a list of all public keys that user has.

  238. func ListPublicKey(uid int64) ([]*PublicKey, error) {
  239. 	keys := make([]*PublicKey, 0, 5)
  240. 	err := x.Find(&keys, &PublicKey{OwnerId: uid})
  241. 	if err != nil {
  242. 		return nil, err
  243. 	}
  244. 

  245. 	for _, key := range keys {
  246. 		key.HasUsed = key.Updated.After(key.Created)
  247. 		key.HasRecentActivity = key.Updated.Add(7 * 24 * time.Hour).After(time.Now())
  248. 	}
  249. 	return keys, nil
  250. }
  251. 

  252. // rewriteAuthorizedKeys finds and deletes corresponding line in authorized_keys file.

  253. func rewriteAuthorizedKeys(key *PublicKey, p, tmpP string) error {
  254. 	sshOpLocker.Lock()
  255. 	defer sshOpLocker.Unlock()
  256. 

  257. 	fr, err := os.Open(p)
  258. 	if err != nil {
  259. 		return err
  260. 	}
  261. 	defer fr.Close()
  262. 

  263. 	fw, err := os.OpenFile(tmpP, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  264. 	if err != nil {
  265. 		return err
  266. 	}
  267. 	defer fw.Close()
  268. 

  269. 	isFound := false
  270. 	keyword := fmt.Sprintf("key-%d", key.Id)
  271. 	buf := bufio.NewReader(fr)
  272. 	for {
  273. 		line, errRead := buf.ReadString('\n')
  274. 		line = strings.TrimSpace(line)
  275. 

  276. 		if errRead != nil {
  277. 			if errRead != io.EOF {
  278. 				return errRead
  279. 			}
  280. 

  281. 			// Reached end of file, if nothing to read then break,

  282. 			// otherwise handle the last line.

  283. 			if len(line) == 0 {
  284. 				break
  285. 			}
  286. 		}
  287. 

  288. 		// Found the line and copy rest of file.

  289. 		if !isFound && strings.Contains(line, keyword) && strings.Contains(line, key.Content) {
  290. 			isFound = true
  291. 			continue
  292. 		}
  293. 		// Still finding the line, copy the line that currently read.

  294. 		if _, err = fw.WriteString(line + "\n"); err != nil {
  295. 			return err
  296. 		}
  297. 

  298. 		if errRead == io.EOF {
  299. 			break
  300. 		}
  301. 	}
  302. 	return nil
  303. }
  304. 

  305. // UpdatePublicKey updates given public key.

  306. func UpdatePublicKey(key *PublicKey) error {
  307. 	_, err := x.Id(key.Id).AllCols().Update(key)
  308. 	return err
  309. }
  310. 

  311. // DeletePublicKey deletes SSH key information both in database and authorized_keys file.

  312. func DeletePublicKey(key *PublicKey) error {
  313. 	has, err := x.Get(key)
  314. 	if err != nil {
  315. 		return err
  316. 	} else if !has {
  317. 		return ErrKeyNotExist
  318. 	}
  319. 

  320. 	if _, err = x.Delete(key); err != nil {
  321. 		return err
  322. 	}
  323. 

  324. 	fpath := filepath.Join(SshPath, "authorized_keys")
  325. 	tmpPath := filepath.Join(SshPath, "authorized_keys.tmp")
  326. 	if err = rewriteAuthorizedKeys(key, fpath, tmpPath); err != nil {
  327. 		return err
  328. 	} else if err = os.Remove(fpath); err != nil {
  329. 		return err
  330. 	}
  331. 	return os.Rename(tmpPath, fpath)
  332. }