closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1886 Commits
2 Branches
178 MiB
Tree: afc659442d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'afc659442d'
${ noResults }
gitea/models/publickey.go

343 lines
8.8 KiB
Raw Normal View History

Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
Bug fix
10 years ago
add publickey & access
10 years ago
Finish issue design
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Bug fix
10 years ago
Add generate fingerprint of ssh key
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Update
10 years ago
Fix SSH key bug in windows
10 years ago
Basic process manager
10 years ago
Work #475 and #458
10 years ago
add publickey & access
10 years ago
Add postgres support, clean code, code review
10 years ago
Finish issue design
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Basic admin data table, models changes
10 years ago
Improve delete SSH key
10 years ago
Mirror fix on add ssh key
10 years ago
Basic admin data table, models changes
10 years ago
Add postgres support, clean code, code review
10 years ago
Basic admin data table, models changes
10 years ago
Add gogs fix location command
10 years ago
Improve delete SSH key
10 years ago
add publickey & access
10 years ago
Bug fix
10 years ago
Add postgres support, clean code, code review
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
add publickey
10 years ago
Add postgres support, clean code, code review
10 years ago
Bug fix
10 years ago
New UI merge in progress
10 years ago
add publickey
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Add postgres support, clean code, code review
10 years ago
Add gogs fix location command
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
New UI merge in progress
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
New UI merge in progress
10 years ago
Fix #266
10 years ago
quick fix
10 years ago
New UI merge in progress
10 years ago
add publickey & access
10 years ago
Fix #652
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
New UI merge in progress
10 years ago
support dsa key format
10 years ago
New UI merge in progress
10 years ago
#634
10 years ago
New UI merge in progress
10 years ago
More debug info
10 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
New UI merge in progress
10 years ago
Work on ssh key issue
10 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
Mirror fix on add ssh key
10 years ago
New UI merge in progress
10 years ago
Mirror fix on add ssh key
10 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
More debug info
10 years ago
New UI merge in progress
10 years ago
More debug info
10 years ago
New UI merge in progress
10 years ago
More debug info
10 years ago
New UI merge in progress
10 years ago
Finish issue design
10 years ago
Add gogs fix location command
10 years ago
Finish issue design
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
Fix mirror UI style and work on #475
10 years ago
Work #475 and #458
10 years ago
Fix mirror UI style and work on #475
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
Finish issue design
10 years ago
Add generate fingerprint of ssh key
10 years ago
Fix #165
10 years ago
Add check if public key name has been used
10 years ago
Add generate fingerprint of ssh key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Add generate fingerprint of ssh key
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Basic process manager
10 years ago
add publickey & access
10 years ago
Mirror fix on public key
10 years ago
Add generate fingerprint of ssh key
10 years ago
More debug info
10 years ago
Add generate fingerprint of ssh key
10 years ago
Fix #266
10 years ago
Add generate fingerprint of ssh key
10 years ago
Fix #165
10 years ago
Add generate fingerprint of ssh key
10 years ago
Finish issue design
10 years ago
Fix #165
10 years ago
Add generate fingerprint of ssh key
10 years ago
add publickey & access
10 years ago
Finish new web hook pages
10 years ago
add personal access token panel #12
10 years ago
New UI merge in progress
10 years ago
add personal access token panel #12
10 years ago
New UI merge in progress
10 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Fix #252
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Bug fix
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Finish new web hook pages
10 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
Fix #165
10 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
Fix #165
10 years ago
Fix SSH key bug in windows
10 years ago
Add gogs fix location command
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models
  6. 

  7. import (
  8. 	"bufio"
  9. 	"errors"
  10. 	"fmt"
  11. 	"io"
  12. 	"io/ioutil"
  13. 	"os"
  14. 	"os/exec"
  15. 	"path"
  16. 	"path/filepath"
  17. 	"strings"
  18. 	"sync"
  19. 	"time"
  20. 

  21. 	"github.com/Unknwon/com"
  22. 

  23. 	"github.com/gogits/gogs/modules/log"
  24. 	"github.com/gogits/gogs/modules/process"
  25. 	"github.com/gogits/gogs/modules/setting"
  26. )
  27. 

  28. const (
  29. 	// "### autogenerated by gitgos, DO NOT EDIT\n"

  30. 	_TPL_PUBLICK_KEY = `command="%s serv key-%d",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
  31. )
  32. 

  33. var (
  34. 	ErrKeyAlreadyExist = errors.New("Public key already exist")
  35. 	ErrKeyNotExist     = errors.New("Public key does not exist")
  36. 	ErrKeyUnableVerify = errors.New("Unable to verify public key")
  37. )
  38. 

  39. var sshOpLocker = sync.Mutex{}
  40. 

  41. var (
  42. 	SshPath string // SSH directory.

  43. 	appPath string // Execution(binary) path.

  44. )
  45. 

  46. // exePath returns the executable path.

  47. func exePath() (string, error) {
  48. 	file, err := exec.LookPath(os.Args[0])
  49. 	if err != nil {
  50. 		return "", err
  51. 	}
  52. 	return filepath.Abs(file)
  53. }
  54. 

  55. // homeDir returns the home directory of current user.

  56. func homeDir() string {
  57. 	home, err := com.HomeDir()
  58. 	if err != nil {
  59. 		log.Fatal(4, "Fail to get home directory: %v", err)
  60. 	}
  61. 	return home
  62. }
  63. 

  64. func init() {
  65. 	var err error
  66. 

  67. 	if appPath, err = exePath(); err != nil {
  68. 		log.Fatal(4, "fail to get app path: %v\n", err)
  69. 	}
  70. 	appPath = strings.Replace(appPath, "\\", "/", -1)
  71. 

  72. 	// Determine and create .ssh path.

  73. 	SshPath = filepath.Join(homeDir(), ".ssh")
  74. 	if err = os.MkdirAll(SshPath, 0700); err != nil {
  75. 		log.Fatal(4, "fail to create SshPath(%s): %v\n", SshPath, err)
  76. 	}
  77. }
  78. 

  79. // PublicKey represents a SSH key.

  80. type PublicKey struct {
  81. 	Id                int64
  82. 	OwnerId           int64     `xorm:"UNIQUE(s) INDEX NOT NULL"`
  83. 	Name              string    `xorm:"UNIQUE(s) NOT NULL"`
  84. 	Fingerprint       string    `xorm:"INDEX NOT NULL"`
  85. 	Content           string    `xorm:"TEXT NOT NULL"`
  86. 	Created           time.Time `xorm:"CREATED"`
  87. 	Updated           time.Time
  88. 	HasRecentActivity bool `xorm:"-"`
  89. 	HasUsed           bool `xorm:"-"`
  90. }
  91. 

  92. // OmitEmail returns content of public key but without e-mail address.

  93. func (k *PublicKey) OmitEmail() string {
  94. 	return strings.Join(strings.Split(k.Content, " ")[:2], " ")
  95. }
  96. 

  97. // GetAuthorizedString generates and returns formatted public key string for authorized_keys file.

  98. func (key *PublicKey) GetAuthorizedString() string {
  99. 	return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.Id, key.Content)
  100. }
  101. 

  102. var (
  103. 	MinimumKeySize = map[string]int{
  104. 		"(ED25519)": 256,
  105. 		"(ECDSA)":   256,
  106. 		"(NTRU)":    1087,
  107. 		"(MCE)":     1702,
  108. 		"(McE)":     1702,
  109. 		"(RSA)":     2048,
  110. 		"(DSA)":     1024,
  111. 	}
  112. )
  113. 

  114. // CheckPublicKeyString checks if the given public key string is recognized by SSH.

  115. func CheckPublicKeyString(content string) (bool, error) {
  116. 	content = strings.TrimRight(content, "\n\r")
  117. 	if strings.ContainsAny(content, "\n\r") {
  118. 		return false, errors.New("only a single line with a single key please")
  119. 	}
  120. 

  121. 	// write the key to a file…

  122. 	tmpFile, err := ioutil.TempFile(os.TempDir(), "keytest")
  123. 	if err != nil {
  124. 		return false, err
  125. 	}
  126. 	tmpPath := tmpFile.Name()
  127. 	defer os.Remove(tmpPath)
  128. 	tmpFile.WriteString(content)
  129. 	tmpFile.Close()
  130. 

  131. 	// Check if ssh-keygen recognizes its contents.

  132. 	stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-l", "-f", tmpPath)
  133. 	if err != nil {
  134. 		return false, errors.New("ssh-keygen -l -f: " + stderr)
  135. 	} else if len(stdout) < 2 {
  136. 		return false, errors.New("ssh-keygen returned not enough output to evaluate the key: " + stdout)
  137. 	}
  138. 

  139. 	// The ssh-keygen in Windows does not print key type, so no need go further.

  140. 	if setting.IsWindows {
  141. 		return true, nil
  142. 	}
  143. 

  144. 	fmt.Println(stdout)
  145. 	sshKeygenOutput := strings.Split(stdout, " ")
  146. 	if len(sshKeygenOutput) < 4 {
  147. 		return false, ErrKeyUnableVerify
  148. 	}
  149. 

  150. 	// Check if key type and key size match.

  151. 	keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
  152. 	if keySize == 0 {
  153. 		return false, errors.New("cannot get key size of the given key")
  154. 	}
  155. 	keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
  156. 	if minimumKeySize := MinimumKeySize[keyType]; minimumKeySize == 0 {
  157. 		return false, errors.New("sorry, unrecognized public key type")
  158. 	} else if keySize < minimumKeySize {
  159. 		return false, fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
  160. 	}
  161. 

  162. 	return true, nil
  163. }
  164. 

  165. // saveAuthorizedKeyFile writes SSH key content to authorized_keys file.

  166. func saveAuthorizedKeyFile(key *PublicKey) error {
  167. 	sshOpLocker.Lock()
  168. 	defer sshOpLocker.Unlock()
  169. 

  170. 	fpath := filepath.Join(SshPath, "authorized_keys")
  171. 	f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  172. 	if err != nil {
  173. 		return err
  174. 	}
  175. 	defer f.Close()
  176. 	finfo, err := f.Stat()
  177. 	if err != nil {
  178. 		return err
  179. 	}
  180. 

  181. 	// FIXME: following command does not support in Windows.

  182. 	if !setting.IsWindows {
  183. 		if finfo.Mode().Perm() > 0600 {
  184. 			log.Error(4, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", finfo.Mode().Perm().String())
  185. 			if err = f.Chmod(0600); err != nil {
  186. 				return err
  187. 			}
  188. 		}
  189. 	}
  190. 

  191. 	_, err = f.WriteString(key.GetAuthorizedString())
  192. 	return err
  193. }
  194. 

  195. // AddPublicKey adds new public key to database and authorized_keys file.

  196. func AddPublicKey(key *PublicKey) (err error) {
  197. 	has, err := x.Get(key)
  198. 	if err != nil {
  199. 		return err
  200. 	} else if has {
  201. 		return ErrKeyAlreadyExist
  202. 	}
  203. 

  204. 	// Calculate fingerprint.

  205. 	tmpPath := strings.Replace(path.Join(os.TempDir(), fmt.Sprintf("%d", time.Now().Nanosecond()),
  206. 		"id_rsa.pub"), "\\", "/", -1)
  207. 	os.MkdirAll(path.Dir(tmpPath), os.ModePerm)
  208. 	if err = ioutil.WriteFile(tmpPath, []byte(key.Content), os.ModePerm); err != nil {
  209. 		return err
  210. 	}
  211. 	stdout, stderr, err := process.Exec("AddPublicKey", "ssh-keygen", "-l", "-f", tmpPath)
  212. 	if err != nil {
  213. 		return errors.New("ssh-keygen -l -f: " + stderr)
  214. 	} else if len(stdout) < 2 {
  215. 		return errors.New("not enough output for calculating fingerprint: " + stdout)
  216. 	}
  217. 	key.Fingerprint = strings.Split(stdout, " ")[1]
  218. 	if has, err := x.Get(&PublicKey{Fingerprint: key.Fingerprint}); err == nil && has {
  219. 		return ErrKeyAlreadyExist
  220. 	}
  221. 

  222. 	// Save SSH key.

  223. 	if _, err = x.Insert(key); err != nil {
  224. 		return err
  225. 	} else if err = saveAuthorizedKeyFile(key); err != nil {
  226. 		// Roll back.

  227. 		if _, err2 := x.Delete(key); err2 != nil {
  228. 			return err2
  229. 		}
  230. 		return err
  231. 	}
  232. 

  233. 	return nil
  234. }
  235. 

  236. // GetPublicKeyById returns public key by given ID.

  237. func GetPublicKeyById(keyId int64) (*PublicKey, error) {
  238. 	key := new(PublicKey)
  239. 	has, err := x.Id(keyId).Get(key)
  240. 	if err != nil {
  241. 		return nil, err
  242. 	} else if !has {
  243. 		return nil, ErrKeyNotExist
  244. 	}
  245. 	return key, nil
  246. }
  247. 

  248. // ListPublicKeys returns a list of public keys belongs to given user.

  249. func ListPublicKeys(uid int64) ([]*PublicKey, error) {
  250. 	keys := make([]*PublicKey, 0, 5)
  251. 	err := x.Where("owner_id=?", uid).Find(&keys)
  252. 	if err != nil {
  253. 		return nil, err
  254. 	}
  255. 

  256. 	for _, key := range keys {
  257. 		key.HasUsed = key.Updated.After(key.Created)
  258. 		key.HasRecentActivity = key.Updated.Add(7 * 24 * time.Hour).After(time.Now())
  259. 	}
  260. 	return keys, nil
  261. }
  262. 

  263. // rewriteAuthorizedKeys finds and deletes corresponding line in authorized_keys file.

  264. func rewriteAuthorizedKeys(key *PublicKey, p, tmpP string) error {
  265. 	sshOpLocker.Lock()
  266. 	defer sshOpLocker.Unlock()
  267. 

  268. 	fr, err := os.Open(p)
  269. 	if err != nil {
  270. 		return err
  271. 	}
  272. 	defer fr.Close()
  273. 

  274. 	fw, err := os.OpenFile(tmpP, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  275. 	if err != nil {
  276. 		return err
  277. 	}
  278. 	defer fw.Close()
  279. 

  280. 	isFound := false
  281. 	keyword := fmt.Sprintf("key-%d", key.Id)
  282. 	buf := bufio.NewReader(fr)
  283. 	for {
  284. 		line, errRead := buf.ReadString('\n')
  285. 		line = strings.TrimSpace(line)
  286. 

  287. 		if errRead != nil {
  288. 			if errRead != io.EOF {
  289. 				return errRead
  290. 			}
  291. 

  292. 			// Reached end of file, if nothing to read then break,

  293. 			// otherwise handle the last line.

  294. 			if len(line) == 0 {
  295. 				break
  296. 			}
  297. 		}
  298. 

  299. 		// Found the line and copy rest of file.

  300. 		if !isFound && strings.Contains(line, keyword) && strings.Contains(line, key.Content) {
  301. 			isFound = true
  302. 			continue
  303. 		}
  304. 		// Still finding the line, copy the line that currently read.

  305. 		if _, err = fw.WriteString(line + "\n"); err != nil {
  306. 			return err
  307. 		}
  308. 

  309. 		if errRead == io.EOF {
  310. 			break
  311. 		}
  312. 	}
  313. 	return nil
  314. }
  315. 

  316. // UpdatePublicKey updates given public key.

  317. func UpdatePublicKey(key *PublicKey) error {
  318. 	_, err := x.Id(key.Id).AllCols().Update(key)
  319. 	return err
  320. }
  321. 

  322. // DeletePublicKey deletes SSH key information both in database and authorized_keys file.

  323. func DeletePublicKey(key *PublicKey) error {
  324. 	has, err := x.Get(key)
  325. 	if err != nil {
  326. 		return err
  327. 	} else if !has {
  328. 		return ErrKeyNotExist
  329. 	}
  330. 

  331. 	if _, err = x.Delete(key); err != nil {
  332. 		return err
  333. 	}
  334. 

  335. 	fpath := filepath.Join(SshPath, "authorized_keys")
  336. 	tmpPath := filepath.Join(SshPath, "authorized_keys.tmp")
  337. 	if err = rewriteAuthorizedKeys(key, fpath, tmpPath); err != nil {
  338. 		return err
  339. 	} else if err = os.Remove(fpath); err != nil {
  340. 		return err
  341. 	}
  342. 	return os.Rename(tmpPath, fpath)
  343. }