closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2880 Commits
2 Branches
178 MiB
Tree: b05c7b3faa
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b05c7b3faa'
${ noResults }
gitea/models/publickey.go

686 lines
17 KiB
Raw Normal View History

Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
10 years ago
Bug fix
10 years ago
add publickey & access
10 years ago
Finish issue design
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Bug fix
10 years ago
Add generate fingerprint of ssh key
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Update
10 years ago
#334: Add Deployment Key Support
9 years ago
Fix SSH key bug in windows
10 years ago
Basic process manager
10 years ago
Work #475 and #458
10 years ago
add publickey & access
10 years ago
Add postgres support, clean code, code review
10 years ago
Fix #922
9 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Mirror fix on add ssh key
10 years ago
Basic admin data table, models changes
10 years ago
Add postgres support, clean code, code review
10 years ago
Basic admin data table, models changes
10 years ago
models: code fix on #818
9 years ago
Improve delete SSH key
10 years ago
add publickey & access
10 years ago
Bug fix
10 years ago
Add postgres support, clean code, code review
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
add publickey
10 years ago
Add postgres support, clean code, code review
10 years ago
Bug fix
10 years ago
New UI merge in progress
10 years ago
add publickey
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Add postgres support, clean code, code review
10 years ago
models: code fix on #818
9 years ago
Add postgres support, clean code, code review
10 years ago
add publickey
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
#334: Add Deployment Key Support
9 years ago
fix UNIQUE
9 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
Fix #652
10 years ago
Finish issue design
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
Modify minimumKeySize of RSA to 1024 for old keys.
9 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
New UI merge in progress
10 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
10 years ago
#334: Add Deployment Key Support
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
10 years ago
#1622 comment with whitespace
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
#634
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
#334: Add Deployment Key Support
9 years ago
Work #475 and #458
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
#334: Add Deployment Key Support
9 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
#334: Add Deployment Key Support
9 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
#334: Add Deployment Key Support
9 years ago
#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK
9 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
New UI merge in progress
10 years ago
Finish issue design
10 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
Finish issue design
10 years ago
models: code fix on #818
9 years ago
Finish issue design
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
models: code fix on #818
9 years ago
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
9 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
Fix mirror UI style and work on #475
10 years ago
Work #475 and #458
10 years ago
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
9 years ago
Fix mirror UI style and work on #475
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
Finish issue design
10 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
Add check if public key name has been used
10 years ago
#334: Add Deployment Key Support
9 years ago
Add check if public key name has been used
10 years ago
#334: Add Deployment Key Support
9 years ago
Add check if public key name has been used
10 years ago
#334: Add Deployment Key Support
9 years ago
Add generate fingerprint of ssh key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Add generate fingerprint of ssh key
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
Basic process manager
10 years ago
add publickey & access
10 years ago
Mirror fix on public key
10 years ago
Add generate fingerprint of ssh key
10 years ago
More debug info
10 years ago
Add generate fingerprint of ssh key
10 years ago
#334: Add Deployment Key Support
9 years ago
Add generate fingerprint of ssh key
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
#334: Add Deployment Key Support
9 years ago
add publickey & access
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish new web hook pages
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish new web hook pages
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish new web hook pages
10 years ago
add personal access token panel #12
10 years ago
New UI merge in progress
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Fix #252
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Bug fix
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Finish new web hook pages
10 years ago
#334: Add Deployment Key Support
9 years ago
Finish new web hook pages
10 years ago
#1535 Removing deploy key does not remove key
9 years ago
race condition on keydelete
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
Fix SSH key bug in windows
10 years ago
#334: Add Deployment Key Support
9 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
#1535 Removing deploy key does not remove key
9 years ago
Fix SSH key bug in windows
10 years ago
models: code fix on #818
9 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
#334: Add Deployment Key Support
9 years ago
add confirmation to delete ssh key
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
add confirmation to delete ssh key
9 years ago
#334: Add Deployment Key Support
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
#1050: Bad permissions on authorized_keys after rewrite
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
models: code fix on #818
9 years ago
add afunction to rewrite all public keys on admin request refs #763
10 years ago
#334: Add Deployment Key Support
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
#1535 Removing deploy key does not remove key
9 years ago
#334: Add Deployment Key Support
9 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models
  6. 

  7. import (
  8. 	"bufio"
  9. 	"encoding/base64"
  10. 	"encoding/binary"
  11. 	"errors"
  12. 	"fmt"
  13. 	"io"
  14. 	"io/ioutil"
  15. 	"os"
  16. 	"os/exec"
  17. 	"path"
  18. 	"path/filepath"
  19. 	"strings"
  20. 	"sync"
  21. 	"time"
  22. 

  23. 	"github.com/Unknwon/com"
  24. 	"github.com/go-xorm/xorm"
  25. 

  26. 	"github.com/gogits/gogs/modules/log"
  27. 	"github.com/gogits/gogs/modules/process"
  28. 	"github.com/gogits/gogs/modules/setting"
  29. )
  30. 

  31. const (
  32. 	// "### autogenerated by gitgos, DO NOT EDIT\n"

  33. 	_TPL_PUBLICK_KEY = `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
  34. )
  35. 

  36. var (
  37. 	ErrKeyUnableVerify = errors.New("Unable to verify public key")
  38. )
  39. 

  40. var sshOpLocker = sync.Mutex{}
  41. 

  42. var (
  43. 	SSHPath string // SSH directory.

  44. 	appPath string // Execution(binary) path.

  45. )
  46. 

  47. // exePath returns the executable path.

  48. func exePath() (string, error) {
  49. 	file, err := exec.LookPath(os.Args[0])
  50. 	if err != nil {
  51. 		return "", err
  52. 	}
  53. 	return filepath.Abs(file)
  54. }
  55. 

  56. // homeDir returns the home directory of current user.

  57. func homeDir() string {
  58. 	home, err := com.HomeDir()
  59. 	if err != nil {
  60. 		log.Fatal(4, "Fail to get home directory: %v", err)
  61. 	}
  62. 	return home
  63. }
  64. 

  65. func init() {
  66. 	var err error
  67. 

  68. 	if appPath, err = exePath(); err != nil {
  69. 		log.Fatal(4, "fail to get app path: %v\n", err)
  70. 	}
  71. 	appPath = strings.Replace(appPath, "\\", "/", -1)
  72. 

  73. 	// Determine and create .ssh path.

  74. 	SSHPath = filepath.Join(homeDir(), ".ssh")
  75. 	if err = os.MkdirAll(SSHPath, 0700); err != nil {
  76. 		log.Fatal(4, "fail to create '%s': %v", SSHPath, err)
  77. 	}
  78. }
  79. 

  80. type KeyType int
  81. 

  82. const (
  83. 	KEY_TYPE_USER = iota + 1
  84. 	KEY_TYPE_DEPLOY
  85. )
  86. 

  87. // PublicKey represents a SSH or deploy key.

  88. type PublicKey struct {
  89. 	ID                int64      `xorm:"pk autoincr"`
  90. 	OwnerID           int64      `xorm:"INDEX NOT NULL"`
  91. 	Name              string     `xorm:"NOT NULL"`
  92. 	Fingerprint       string     `xorm:"NOT NULL"`
  93. 	Content           string     `xorm:"TEXT NOT NULL"`
  94. 	Mode              AccessMode `xorm:"NOT NULL DEFAULT 2"`
  95. 	Type              KeyType    `xorm:"NOT NULL DEFAULT 1"`
  96. 	Created           time.Time  `xorm:"CREATED"`
  97. 	Updated           time.Time  // Note: Updated must below Created for AfterSet.

  98. 	HasRecentActivity bool       `xorm:"-"`
  99. 	HasUsed           bool       `xorm:"-"`
  100. }
  101. 

  102. func (k *PublicKey) AfterSet(colName string, _ xorm.Cell) {
  103. 	switch colName {
  104. 	case "created":
  105. 		k.HasUsed = k.Updated.After(k.Created)
  106. 		k.HasRecentActivity = k.Updated.Add(7 * 24 * time.Hour).After(time.Now())
  107. 	}
  108. }
  109. 

  110. // OmitEmail returns content of public key but without e-mail address.

  111. func (k *PublicKey) OmitEmail() string {
  112. 	return strings.Join(strings.Split(k.Content, " ")[:2], " ")
  113. }
  114. 

  115. // GetAuthorizedString generates and returns formatted public key string for authorized_keys file.

  116. func (key *PublicKey) GetAuthorizedString() string {
  117. 	return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content)
  118. }
  119. 

  120. var minimumKeySizes = map[string]int{
  121. 	"(ED25519)": 256,
  122. 	"(ECDSA)":   256,
  123. 	"(NTRU)":    1087,
  124. 	"(MCE)":     1702,
  125. 	"(McE)":     1702,
  126. 	"(RSA)":     1024,
  127. 	"(DSA)":     1024,
  128. }
  129. 

  130. func extractTypeFromBase64Key(key string) (string, error) {
  131. 	b, err := base64.StdEncoding.DecodeString(key)
  132. 	if err != nil || len(b) < 4 {
  133. 		return "", errors.New("Invalid key format")
  134. 	}
  135. 

  136. 	keyLength := int(binary.BigEndian.Uint32(b))
  137. 

  138. 	if len(b) < 4+keyLength {
  139. 		return "", errors.New("Invalid key format")
  140. 	}
  141. 

  142. 	return string(b[4 : 4+keyLength]), nil
  143. }
  144. 

  145. // parseKeyString parses any key string in openssh or ssh2 format to clean openssh string (rfc4253)

  146. func parseKeyString(content string) (string, error) {
  147. 	// Transform all legal line endings to a single "\n"

  148. 	s := strings.Replace(strings.Replace(strings.TrimSpace(content), "\r\n", "\n", -1), "\r", "\n", -1)
  149. 

  150. 	lines := strings.Split(s, "\n")
  151. 

  152. 	var keyType, keyContent, keyComment string
  153. 

  154. 	if len(lines) == 1 {
  155. 		// Parse openssh format

  156. 		parts := strings.SplitN(lines[0], " ", 3)
  157. 		switch len(parts) {
  158. 		case 0:
  159. 			return "", errors.New("Empty key")
  160. 		case 1:
  161. 			keyContent = parts[0]
  162. 		case 2:
  163. 			keyType = parts[0]
  164. 			keyContent = parts[1]
  165. 		default:
  166. 			keyType = parts[0]
  167. 			keyContent = parts[1]
  168. 			keyComment = parts[2]
  169. 		}
  170. 

  171. 		// If keyType is not given, extract it from content. If given, validate it

  172. 		if len(keyType) == 0 {
  173. 			if t, err := extractTypeFromBase64Key(keyContent); err == nil {
  174. 				keyType = t
  175. 			} else {
  176. 				return "", err
  177. 			}
  178. 		} else {
  179. 			if t, err := extractTypeFromBase64Key(keyContent); err != nil || keyType != t {
  180. 				return "", err
  181. 			}
  182. 		}
  183. 	} else {
  184. 		// Parse SSH2 file format.

  185. 		continuationLine := false
  186. 

  187. 		for _, line := range lines {
  188. 			// Skip lines that:

  189. 			// 1) are a continuation of the previous line,

  190. 			// 2) contain ":" as that are comment lines

  191. 			// 3) contain "-" as that are begin and end tags

  192. 			if continuationLine || strings.ContainsAny(line, ":-") {
  193. 				continuationLine = strings.HasSuffix(line, "\\")
  194. 			} else {
  195. 				keyContent = keyContent + line
  196. 			}
  197. 		}
  198. 

  199. 		if t, err := extractTypeFromBase64Key(keyContent); err == nil {
  200. 			keyType = t
  201. 		} else {
  202. 			return "", err
  203. 		}
  204. 	}
  205. 	return keyType + " " + keyContent + " " + keyComment, nil
  206. }
  207. 

  208. // CheckPublicKeyString checks if the given public key string is recognized by SSH.

  209. func CheckPublicKeyString(content string) (_ string, err error) {
  210. 	content, err = parseKeyString(content)
  211. 	if err != nil {
  212. 		return "", err
  213. 	}
  214. 

  215. 	content = strings.TrimRight(content, "\n\r")
  216. 	if strings.ContainsAny(content, "\n\r") {
  217. 		return "", errors.New("only a single line with a single key please")
  218. 	}
  219. 

  220. 	// write the key to a file…

  221. 	tmpFile, err := ioutil.TempFile(os.TempDir(), "keytest")
  222. 	if err != nil {
  223. 		return "", err
  224. 	}
  225. 	tmpPath := tmpFile.Name()
  226. 	defer os.Remove(tmpPath)
  227. 	tmpFile.WriteString(content)
  228. 	tmpFile.Close()
  229. 

  230. 	// Check if ssh-keygen recognizes its contents.

  231. 	stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-l", "-f", tmpPath)
  232. 	if err != nil {
  233. 		return "", errors.New("ssh-keygen -l -f: " + stderr)
  234. 	} else if len(stdout) < 2 {
  235. 		return "", errors.New("ssh-keygen returned not enough output to evaluate the key: " + stdout)
  236. 	}
  237. 

  238. 	// The ssh-keygen in Windows does not print key type, so no need go further.

  239. 	if setting.IsWindows {
  240. 		return content, nil
  241. 	}
  242. 

  243. 	sshKeygenOutput := strings.Split(stdout, " ")
  244. 	if len(sshKeygenOutput) < 4 {
  245. 		return content, ErrKeyUnableVerify
  246. 	}
  247. 

  248. 	// Check if key type and key size match.

  249. 	if !setting.Service.DisableMinimumKeySizeCheck {
  250. 		keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
  251. 		if keySize == 0 {
  252. 			return "", errors.New("cannot get key size of the given key")
  253. 		}
  254. 		keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
  255. 		if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 {
  256. 			return "", errors.New("sorry, unrecognized public key type")
  257. 		} else if keySize < minimumKeySize {
  258. 			return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
  259. 		}
  260. 	}
  261. 

  262. 	return content, nil
  263. }
  264. 

  265. // saveAuthorizedKeyFile writes SSH key content to authorized_keys file.

  266. func saveAuthorizedKeyFile(keys ...*PublicKey) error {
  267. 	sshOpLocker.Lock()
  268. 	defer sshOpLocker.Unlock()
  269. 

  270. 	fpath := filepath.Join(SSHPath, "authorized_keys")
  271. 	f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  272. 	if err != nil {
  273. 		return err
  274. 	}
  275. 	defer f.Close()
  276. 

  277. 	fi, err := f.Stat()
  278. 	if err != nil {
  279. 		return err
  280. 	}
  281. 

  282. 	// FIXME: following command does not support in Windows.

  283. 	if !setting.IsWindows {
  284. 		// .ssh directory should have mode 700, and authorized_keys file should have mode 600.

  285. 		if fi.Mode().Perm() > 0600 {
  286. 			log.Error(4, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", fi.Mode().Perm().String())
  287. 			if err = f.Chmod(0600); err != nil {
  288. 				return err
  289. 			}
  290. 		}
  291. 	}
  292. 

  293. 	for _, key := range keys {
  294. 		if _, err = f.WriteString(key.GetAuthorizedString()); err != nil {
  295. 			return err
  296. 		}
  297. 	}
  298. 	return nil
  299. }
  300. 

  301. // checkKeyContent onlys checks if key content has been used as public key,

  302. // it is OK to use same key as deploy key for multiple repositories/users.

  303. func checkKeyContent(content string) error {
  304. 	has, err := x.Get(&PublicKey{
  305. 		Content: content,
  306. 		Type:    KEY_TYPE_USER,
  307. 	})
  308. 	if err != nil {
  309. 		return err
  310. 	} else if has {
  311. 		return ErrKeyAlreadyExist{0, content}
  312. 	}
  313. 	return nil
  314. }
  315. 

  316. func addKey(e Engine, key *PublicKey) (err error) {
  317. 	// Calculate fingerprint.

  318. 	tmpPath := strings.Replace(path.Join(os.TempDir(), fmt.Sprintf("%d", time.Now().Nanosecond()),
  319. 		"id_rsa.pub"), "\\", "/", -1)
  320. 	os.MkdirAll(path.Dir(tmpPath), os.ModePerm)
  321. 	if err = ioutil.WriteFile(tmpPath, []byte(key.Content), 0644); err != nil {
  322. 		return err
  323. 	}
  324. 	stdout, stderr, err := process.Exec("AddPublicKey", "ssh-keygen", "-l", "-f", tmpPath)
  325. 	if err != nil {
  326. 		return errors.New("ssh-keygen -l -f: " + stderr)
  327. 	} else if len(stdout) < 2 {
  328. 		return errors.New("not enough output for calculating fingerprint: " + stdout)
  329. 	}
  330. 	key.Fingerprint = strings.Split(stdout, " ")[1]
  331. 

  332. 	// Save SSH key.

  333. 	if _, err = e.Insert(key); err != nil {
  334. 		return err
  335. 	}
  336. 	return saveAuthorizedKeyFile(key)
  337. }
  338. 

  339. // AddPublicKey adds new public key to database and authorized_keys file.

  340. func AddPublicKey(ownerID int64, name, content string) (err error) {
  341. 	if err = checkKeyContent(content); err != nil {
  342. 		return err
  343. 	}
  344. 

  345. 	// Key name of same user cannot be duplicated.

  346. 	has, err := x.Where("owner_id=? AND name=?", ownerID, name).Get(new(PublicKey))
  347. 	if err != nil {
  348. 		return err
  349. 	} else if has {
  350. 		return ErrKeyNameAlreadyUsed{ownerID, name}
  351. 	}
  352. 

  353. 	sess := x.NewSession()
  354. 	defer sessionRelease(sess)
  355. 	if err = sess.Begin(); err != nil {
  356. 		return err
  357. 	}
  358. 

  359. 	key := &PublicKey{
  360. 		OwnerID: ownerID,
  361. 		Name:    name,
  362. 		Content: content,
  363. 		Mode:    ACCESS_MODE_WRITE,
  364. 		Type:    KEY_TYPE_USER,
  365. 	}
  366. 	if err = addKey(sess, key); err != nil {
  367. 		return fmt.Errorf("addKey: %v", err)
  368. 	}
  369. 

  370. 	return sess.Commit()
  371. }
  372. 

  373. // GetPublicKeyByID returns public key by given ID.

  374. func GetPublicKeyByID(keyID int64) (*PublicKey, error) {
  375. 	key := new(PublicKey)
  376. 	has, err := x.Id(keyID).Get(key)
  377. 	if err != nil {
  378. 		return nil, err
  379. 	} else if !has {
  380. 		return nil, ErrKeyNotExist{keyID}
  381. 	}
  382. 	return key, nil
  383. }
  384. 

  385. // ListPublicKeys returns a list of public keys belongs to given user.

  386. func ListPublicKeys(uid int64) ([]*PublicKey, error) {
  387. 	keys := make([]*PublicKey, 0, 5)
  388. 	return keys, x.Where("owner_id=?", uid).Find(&keys)
  389. }
  390. 

  391. // rewriteAuthorizedKeys finds and deletes corresponding line in authorized_keys file.

  392. func rewriteAuthorizedKeys(key *PublicKey, p, tmpP string) error {
  393. 	fr, err := os.Open(p)
  394. 	if err != nil {
  395. 		return err
  396. 	}
  397. 	defer fr.Close()
  398. 

  399. 	fw, err := os.OpenFile(tmpP, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  400. 	if err != nil {
  401. 		return err
  402. 	}
  403. 	defer fw.Close()
  404. 

  405. 	isFound := false
  406. 	keyword := fmt.Sprintf("key-%d", key.ID)
  407. 	buf := bufio.NewReader(fr)
  408. 	for {
  409. 		line, errRead := buf.ReadString('\n')
  410. 		line = strings.TrimSpace(line)
  411. 

  412. 		if errRead != nil {
  413. 			if errRead != io.EOF {
  414. 				return errRead
  415. 			}
  416. 

  417. 			// Reached end of file, if nothing to read then break,

  418. 			// otherwise handle the last line.

  419. 			if len(line) == 0 {
  420. 				break
  421. 			}
  422. 		}
  423. 

  424. 		// Found the line and copy rest of file.

  425. 		if !isFound && strings.Contains(line, keyword) && strings.Contains(line, key.Content) {
  426. 			isFound = true
  427. 			continue
  428. 		}
  429. 		// Still finding the line, copy the line that currently read.

  430. 		if _, err = fw.WriteString(line + "\n"); err != nil {
  431. 			return err
  432. 		}
  433. 

  434. 		if errRead == io.EOF {
  435. 			break
  436. 		}
  437. 	}
  438. 	return nil
  439. }
  440. 

  441. // UpdatePublicKey updates given public key.

  442. func UpdatePublicKey(key *PublicKey) error {
  443. 	_, err := x.Id(key.ID).AllCols().Update(key)
  444. 	return err
  445. }
  446. 

  447. func deletePublicKey(e *xorm.Session, keyID int64) error {
  448. 	sshOpLocker.Lock()
  449. 	defer sshOpLocker.Unlock()
  450. 

  451. 	key := &PublicKey{ID: keyID}
  452. 	has, err := e.Get(key)
  453. 	if err != nil {
  454. 		return err
  455. 	} else if !has {
  456. 		return nil
  457. 	}
  458. 

  459. 	if _, err = e.Id(key.ID).Delete(new(PublicKey)); err != nil {
  460. 		return err
  461. 	}
  462. 

  463. 	fpath := filepath.Join(SSHPath, "authorized_keys")
  464. 	tmpPath := filepath.Join(SSHPath, "authorized_keys.tmp")
  465. 	if err = rewriteAuthorizedKeys(key, fpath, tmpPath); err != nil {
  466. 		return err
  467. 	} else if err = os.Remove(fpath); err != nil {
  468. 		return err
  469. 	}
  470. 	return os.Rename(tmpPath, fpath)
  471. }
  472. 

  473. // DeletePublicKey deletes SSH key information both in database and authorized_keys file.

  474. func DeletePublicKey(id int64) (err error) {
  475. 	has, err := x.Id(id).Get(new(PublicKey))
  476. 	if err != nil {
  477. 		return err
  478. 	} else if !has {
  479. 		return nil
  480. 	}
  481. 

  482. 	sess := x.NewSession()
  483. 	defer sessionRelease(sess)
  484. 	if err = sess.Begin(); err != nil {
  485. 		return err
  486. 	}
  487. 

  488. 	if err = deletePublicKey(sess, id); err != nil {
  489. 		return err
  490. 	}
  491. 

  492. 	return sess.Commit()
  493. }
  494. 

  495. // RewriteAllPublicKeys removes any authorized key and rewrite all keys from database again.

  496. func RewriteAllPublicKeys() error {
  497. 	sshOpLocker.Lock()
  498. 	defer sshOpLocker.Unlock()
  499. 

  500. 	tmpPath := filepath.Join(SSHPath, "authorized_keys.tmp")
  501. 	f, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
  502. 	if err != nil {
  503. 		return err
  504. 	}
  505. 	defer os.Remove(tmpPath)
  506. 

  507. 	err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
  508. 		_, err = f.WriteString((bean.(*PublicKey)).GetAuthorizedString())
  509. 		return err
  510. 	})
  511. 	f.Close()
  512. 	if err != nil {
  513. 		return err
  514. 	}
  515. 

  516. 	fpath := filepath.Join(SSHPath, "authorized_keys")
  517. 	if com.IsExist(fpath) {
  518. 		if err = os.Remove(fpath); err != nil {
  519. 			return err
  520. 		}
  521. 	}
  522. 	if err = os.Rename(tmpPath, fpath); err != nil {
  523. 		return err
  524. 	}
  525. 

  526. 	return nil
  527. }
  528. 

  529. // ________                .__                 ____  __.

  530. // \______ \   ____ ______ |  |   ____ ___.__.|    |/ _|____ ___.__.

  531. //  |    |  \_/ __ \\____ \|  |  /  _ <   |  ||      <_/ __ <   |  |

  532. //  |    `   \  ___/|  |_> >  |_(  <_> )___  ||    |  \  ___/\___  |

  533. // /_______  /\___  >   __/|____/\____// ____||____|__ \___  > ____|

  534. //         \/     \/|__|               \/             \/   \/\/

  535. 

  536. // DeployKey represents deploy key information and its relation with repository.

  537. type DeployKey struct {
  538. 	ID                int64 `xorm:"pk autoincr"`
  539. 	KeyID             int64 `xorm:"UNIQUE(s) INDEX"`
  540. 	RepoID            int64 `xorm:"UNIQUE(s) INDEX"`
  541. 	Name              string
  542. 	Fingerprint       string
  543. 	Created           time.Time `xorm:"CREATED"`
  544. 	Updated           time.Time // Note: Updated must below Created for AfterSet.

  545. 	HasRecentActivity bool      `xorm:"-"`
  546. 	HasUsed           bool      `xorm:"-"`
  547. }
  548. 

  549. func (k *DeployKey) AfterSet(colName string, _ xorm.Cell) {
  550. 	switch colName {
  551. 	case "created":
  552. 		k.HasUsed = k.Updated.After(k.Created)
  553. 		k.HasRecentActivity = k.Updated.Add(7 * 24 * time.Hour).After(time.Now())
  554. 	}
  555. }
  556. 

  557. func checkDeployKey(e Engine, keyID, repoID int64, name string) error {
  558. 	// Note: We want error detail, not just true or false here.

  559. 	has, err := e.Where("key_id=? AND repo_id=?", keyID, repoID).Get(new(DeployKey))
  560. 	if err != nil {
  561. 		return err
  562. 	} else if has {
  563. 		return ErrDeployKeyAlreadyExist{keyID, repoID}
  564. 	}
  565. 

  566. 	has, err = e.Where("repo_id=? AND name=?", repoID, name).Get(new(DeployKey))
  567. 	if err != nil {
  568. 		return err
  569. 	} else if has {
  570. 		return ErrDeployKeyNameAlreadyUsed{repoID, name}
  571. 	}
  572. 

  573. 	return nil
  574. }
  575. 

  576. // addDeployKey adds new key-repo relation.

  577. func addDeployKey(e *xorm.Session, keyID, repoID int64, name, fingerprint string) (err error) {
  578. 	if err = checkDeployKey(e, keyID, repoID, name); err != nil {
  579. 		return err
  580. 	}
  581. 

  582. 	_, err = e.Insert(&DeployKey{
  583. 		KeyID:       keyID,
  584. 		RepoID:      repoID,
  585. 		Name:        name,
  586. 		Fingerprint: fingerprint,
  587. 	})
  588. 	return err
  589. }
  590. 

  591. // HasDeployKey returns true if public key is a deploy key of given repository.

  592. func HasDeployKey(keyID, repoID int64) bool {
  593. 	has, _ := x.Where("key_id=? AND repo_id=?", keyID, repoID).Get(new(DeployKey))
  594. 	return has
  595. }
  596. 

  597. // AddDeployKey add new deploy key to database and authorized_keys file.

  598. func AddDeployKey(repoID int64, name, content string) (err error) {
  599. 	if err = checkKeyContent(content); err != nil {
  600. 		return err
  601. 	}
  602. 

  603. 	key := &PublicKey{
  604. 		Content: content,
  605. 		Mode:    ACCESS_MODE_READ,
  606. 		Type:    KEY_TYPE_DEPLOY,
  607. 	}
  608. 	has, err := x.Get(key)
  609. 	if err != nil {
  610. 		return err
  611. 	}
  612. 

  613. 	sess := x.NewSession()
  614. 	defer sessionRelease(sess)
  615. 	if err = sess.Begin(); err != nil {
  616. 		return err
  617. 	}
  618. 

  619. 	// First time use this deploy key.

  620. 	if !has {
  621. 		if err = addKey(sess, key); err != nil {
  622. 			return nil
  623. 		}
  624. 	}
  625. 

  626. 	if err = addDeployKey(sess, key.ID, repoID, name, key.Fingerprint); err != nil {
  627. 		return err
  628. 	}
  629. 

  630. 	return sess.Commit()
  631. }
  632. 

  633. // GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.

  634. func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error) {
  635. 	key := &DeployKey{
  636. 		KeyID:  keyID,
  637. 		RepoID: repoID,
  638. 	}
  639. 	_, err := x.Get(key)
  640. 	return key, err
  641. }
  642. 

  643. // UpdateDeployKey updates deploy key information.

  644. func UpdateDeployKey(key *DeployKey) error {
  645. 	_, err := x.Id(key.ID).AllCols().Update(key)
  646. 	return err
  647. }
  648. 

  649. // DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.

  650. func DeleteDeployKey(id int64) error {
  651. 	key := &DeployKey{ID: id}
  652. 	has, err := x.Id(key.ID).Get(key)
  653. 	if err != nil {
  654. 		return err
  655. 	} else if !has {
  656. 		return nil
  657. 	}
  658. 

  659. 	sess := x.NewSession()
  660. 	defer sessionRelease(sess)
  661. 	if err = sess.Begin(); err != nil {
  662. 		return err
  663. 	}
  664. 

  665. 	if _, err = sess.Id(key.ID).Delete(new(DeployKey)); err != nil {
  666. 		return fmt.Errorf("delete deploy key[%d]: %v", key.ID, err)
  667. 	}
  668. 

  669. 	// Check if this is the last reference to same key content.

  670. 	has, err = sess.Where("key_id=?", key.KeyID).Get(new(DeployKey))
  671. 	if err != nil {
  672. 		return err
  673. 	} else if !has {
  674. 		if err = deletePublicKey(sess, key.KeyID); err != nil {
  675. 			return err
  676. 		}
  677. 	}
  678. 

  679. 	return sess.Commit()
  680. }
  681. 

  682. // ListDeployKeys returns all deploy keys by given repository ID.

  683. func ListDeployKeys(repoID int64) ([]*DeployKey, error) {
  684. 	keys := make([]*DeployKey, 0, 5)
  685. 	return keys, x.Where("repo_id=?", repoID).Find(&keys)
  686. }