closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1785 Commits
2 Branches
178 MiB
Tree: ce8d4cc80b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ce8d4cc80b'
${ noResults }
gitea/models/publickey.go

338 lines
8.6 KiB
Raw Normal View History

Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
Bug fix
10 years ago
add publickey & access
10 years ago
Finish issue design
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Bug fix
10 years ago
Add generate fingerprint of ssh key
10 years ago
add publickey & access
10 years ago
Fix delete SSH key in file
10 years ago
add publickey & access
10 years ago
Update
10 years ago
Fix SSH key bug in windows
10 years ago
Basic process manager
10 years ago
Work #475 and #458
10 years ago
add publickey & access
10 years ago
Add postgres support, clean code, code review
10 years ago
Finish issue design
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Basic admin data table, models changes
10 years ago
Improve delete SSH key
10 years ago
Mirror fix on add ssh key
10 years ago
Basic admin data table, models changes
10 years ago
Add postgres support, clean code, code review
10 years ago
Basic admin data table, models changes
10 years ago
Add gogs fix location command
10 years ago
Improve delete SSH key
10 years ago
add publickey & access
10 years ago
Bug fix
10 years ago
Add postgres support, clean code, code review
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Update
10 years ago
add run user
10 years ago
add publickey
10 years ago
Add postgres support, clean code, code review
10 years ago
Bug fix
10 years ago
New UI merge in progress
10 years ago
add publickey
10 years ago
New UI merge in progress
10 years ago
add run user
10 years ago
Add postgres support, clean code, code review
10 years ago
Add gogs fix location command
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
New UI merge in progress
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
New UI merge in progress
10 years ago
Fix #266
10 years ago
quick fix
10 years ago
New UI merge in progress
10 years ago
add publickey & access
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
New UI merge in progress
10 years ago
support dsa key format
10 years ago
New UI merge in progress
10 years ago
#634
10 years ago
New UI merge in progress
10 years ago
More debug info
10 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
New UI merge in progress
10 years ago
Work on ssh key issue
10 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
Mirror fix on add ssh key
10 years ago
New UI merge in progress
10 years ago
Mirror fix on add ssh key
10 years ago
New UI merge in progress
10 years ago
Work #475 and #458
10 years ago
More debug info
10 years ago
New UI merge in progress
10 years ago
More debug info
10 years ago
New UI merge in progress
10 years ago
More debug info
10 years ago
New UI merge in progress
10 years ago
Finish issue design
10 years ago
Add gogs fix location command
10 years ago
Finish issue design
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
Fix mirror UI style and work on #475
10 years ago
Work #475 and #458
10 years ago
Fix mirror UI style and work on #475
10 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
Finish issue design
10 years ago
Add generate fingerprint of ssh key
10 years ago
Fix #165
10 years ago
Add check if public key name has been used
10 years ago
Add generate fingerprint of ssh key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Add generate fingerprint of ssh key
10 years ago
Add postgres support, clean code, code review
10 years ago
add publickey & access
10 years ago
Basic process manager
10 years ago
add publickey & access
10 years ago
Mirror fix on public key
10 years ago
Add generate fingerprint of ssh key
10 years ago
More debug info
10 years ago
Add generate fingerprint of ssh key
10 years ago
Fix #266
10 years ago
Add generate fingerprint of ssh key
10 years ago
Fix #165
10 years ago
Add generate fingerprint of ssh key
10 years ago
Finish issue design
10 years ago
Fix #165
10 years ago
Add generate fingerprint of ssh key
10 years ago
add publickey & access
10 years ago
Finish new web hook pages
10 years ago
add personal access token panel #12
10 years ago
New UI merge in progress
10 years ago
add personal access token panel #12
10 years ago
New UI merge in progress
10 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Fix #252
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Improve delete SSH key
10 years ago
Bug fix
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Improve delete SSH key
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Fix delete SSH key in file
10 years ago
Finish new web hook pages
10 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
Fix #165
10 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
Fix SSH key bug in windows
10 years ago
Improve delete SSH key
10 years ago
Fix #165
10 years ago
Fix SSH key bug in windows
10 years ago
Add gogs fix location command
10 years ago
Finish issue design
10 years ago
Fix SSH key bug in windows
10 years ago
Finish issue design
10 years ago
Fix delete SSH key in file
10 years ago
Finish issue design
10 years ago
add publickey & access
10 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models
  6. 

  7. import (
  8. 	"bufio"
  9. 	"errors"
  10. 	"fmt"
  11. 	"io"
  12. 	"io/ioutil"
  13. 	"os"
  14. 	"os/exec"
  15. 	"path"
  16. 	"path/filepath"
  17. 	"strings"
  18. 	"sync"
  19. 	"time"
  20. 

  21. 	"github.com/Unknwon/com"
  22. 

  23. 	"github.com/gogits/gogs/modules/log"
  24. 	"github.com/gogits/gogs/modules/process"
  25. 	"github.com/gogits/gogs/modules/setting"
  26. )
  27. 

  28. const (
  29. 	// "### autogenerated by gitgos, DO NOT EDIT\n"

  30. 	_TPL_PUBLICK_KEY = `command="%s serv key-%d",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
  31. )
  32. 

  33. var (
  34. 	ErrKeyAlreadyExist = errors.New("Public key already exist")
  35. 	ErrKeyNotExist     = errors.New("Public key does not exist")
  36. 	ErrKeyUnableVerify = errors.New("Unable to verify public key")
  37. )
  38. 

  39. var sshOpLocker = sync.Mutex{}
  40. 

  41. var (
  42. 	SshPath string // SSH directory.

  43. 	appPath string // Execution(binary) path.

  44. )
  45. 

  46. // exePath returns the executable path.

  47. func exePath() (string, error) {
  48. 	file, err := exec.LookPath(os.Args[0])
  49. 	if err != nil {
  50. 		return "", err
  51. 	}
  52. 	return filepath.Abs(file)
  53. }
  54. 

  55. // homeDir returns the home directory of current user.

  56. func homeDir() string {
  57. 	home, err := com.HomeDir()
  58. 	if err != nil {
  59. 		log.Fatal(4, "Fail to get home directory: %v", err)
  60. 	}
  61. 	return home
  62. }
  63. 

  64. func init() {
  65. 	var err error
  66. 

  67. 	if appPath, err = exePath(); err != nil {
  68. 		log.Fatal(4, "fail to get app path: %v\n", err)
  69. 	}
  70. 	appPath = strings.Replace(appPath, "\\", "/", -1)
  71. 

  72. 	// Determine and create .ssh path.

  73. 	SshPath = filepath.Join(homeDir(), ".ssh")
  74. 	if err = os.MkdirAll(SshPath, 0700); err != nil {
  75. 		log.Fatal(4, "fail to create SshPath(%s): %v\n", SshPath, err)
  76. 	}
  77. }
  78. 

  79. // PublicKey represents a SSH key.

  80. type PublicKey struct {
  81. 	Id                int64
  82. 	OwnerId           int64     `xorm:"UNIQUE(s) INDEX NOT NULL"`
  83. 	Name              string    `xorm:"UNIQUE(s) NOT NULL"`
  84. 	Fingerprint       string    `xorm:"INDEX NOT NULL"`
  85. 	Content           string    `xorm:"TEXT NOT NULL"`
  86. 	Created           time.Time `xorm:"CREATED"`
  87. 	Updated           time.Time
  88. 	HasRecentActivity bool `xorm:"-"`
  89. 	HasUsed           bool `xorm:"-"`
  90. }
  91. 

  92. // GetAuthorizedString generates and returns formatted public key string for authorized_keys file.

  93. func (key *PublicKey) GetAuthorizedString() string {
  94. 	return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.Id, key.Content)
  95. }
  96. 

  97. var (
  98. 	MinimumKeySize = map[string]int{
  99. 		"(ED25519)": 256,
  100. 		"(ECDSA)":   256,
  101. 		"(NTRU)":    1087,
  102. 		"(MCE)":     1702,
  103. 		"(McE)":     1702,
  104. 		"(RSA)":     2048,
  105. 		"(DSA)":     1024,
  106. 	}
  107. )
  108. 

  109. // CheckPublicKeyString checks if the given public key string is recognized by SSH.

  110. func CheckPublicKeyString(content string) (bool, error) {
  111. 	content = strings.TrimRight(content, "\n\r")
  112. 	if strings.ContainsAny(content, "\n\r") {
  113. 		return false, errors.New("only a single line with a single key please")
  114. 	}
  115. 

  116. 	// write the key to a file…

  117. 	tmpFile, err := ioutil.TempFile(os.TempDir(), "keytest")
  118. 	if err != nil {
  119. 		return false, err
  120. 	}
  121. 	tmpPath := tmpFile.Name()
  122. 	defer os.Remove(tmpPath)
  123. 	tmpFile.WriteString(content)
  124. 	tmpFile.Close()
  125. 

  126. 	// Check if ssh-keygen recognizes its contents.

  127. 	stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-l", "-f", tmpPath)
  128. 	if err != nil {
  129. 		return false, errors.New("ssh-keygen -l -f: " + stderr)
  130. 	} else if len(stdout) < 2 {
  131. 		return false, errors.New("ssh-keygen returned not enough output to evaluate the key: " + stdout)
  132. 	}
  133. 

  134. 	// The ssh-keygen in Windows does not print key type, so no need go further.

  135. 	if setting.IsWindows {
  136. 		return true, nil
  137. 	}
  138. 

  139. 	fmt.Println(stdout)
  140. 	sshKeygenOutput := strings.Split(stdout, " ")
  141. 	if len(sshKeygenOutput) < 4 {
  142. 		return false, ErrKeyUnableVerify
  143. 	}
  144. 

  145. 	// Check if key type and key size match.

  146. 	keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
  147. 	if keySize == 0 {
  148. 		return false, errors.New("cannot get key size of the given key")
  149. 	}
  150. 	keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
  151. 	if minimumKeySize := MinimumKeySize[keyType]; minimumKeySize == 0 {
  152. 		return false, errors.New("sorry, unrecognized public key type")
  153. 	} else if keySize < minimumKeySize {
  154. 		return false, fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
  155. 	}
  156. 

  157. 	return true, nil
  158. }
  159. 

  160. // saveAuthorizedKeyFile writes SSH key content to authorized_keys file.

  161. func saveAuthorizedKeyFile(key *PublicKey) error {
  162. 	sshOpLocker.Lock()
  163. 	defer sshOpLocker.Unlock()
  164. 

  165. 	fpath := filepath.Join(SshPath, "authorized_keys")
  166. 	f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  167. 	if err != nil {
  168. 		return err
  169. 	}
  170. 	defer f.Close()
  171. 	finfo, err := f.Stat()
  172. 	if err != nil {
  173. 		return err
  174. 	}
  175. 

  176. 	// FIXME: following command does not support in Windows.

  177. 	if !setting.IsWindows {
  178. 		if finfo.Mode().Perm() > 0600 {
  179. 			log.Error(4, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", finfo.Mode().Perm().String())
  180. 			if err = f.Chmod(0600); err != nil {
  181. 				return err
  182. 			}
  183. 		}
  184. 	}
  185. 

  186. 	_, err = f.WriteString(key.GetAuthorizedString())
  187. 	return err
  188. }
  189. 

  190. // AddPublicKey adds new public key to database and authorized_keys file.

  191. func AddPublicKey(key *PublicKey) (err error) {
  192. 	has, err := x.Get(key)
  193. 	if err != nil {
  194. 		return err
  195. 	} else if has {
  196. 		return ErrKeyAlreadyExist
  197. 	}
  198. 

  199. 	// Calculate fingerprint.

  200. 	tmpPath := strings.Replace(path.Join(os.TempDir(), fmt.Sprintf("%d", time.Now().Nanosecond()),
  201. 		"id_rsa.pub"), "\\", "/", -1)
  202. 	os.MkdirAll(path.Dir(tmpPath), os.ModePerm)
  203. 	if err = ioutil.WriteFile(tmpPath, []byte(key.Content), os.ModePerm); err != nil {
  204. 		return err
  205. 	}
  206. 	stdout, stderr, err := process.Exec("AddPublicKey", "ssh-keygen", "-l", "-f", tmpPath)
  207. 	if err != nil {
  208. 		return errors.New("ssh-keygen -l -f: " + stderr)
  209. 	} else if len(stdout) < 2 {
  210. 		return errors.New("not enough output for calculating fingerprint: " + stdout)
  211. 	}
  212. 	key.Fingerprint = strings.Split(stdout, " ")[1]
  213. 	if has, err := x.Get(&PublicKey{Fingerprint: key.Fingerprint}); err == nil && has {
  214. 		return ErrKeyAlreadyExist
  215. 	}
  216. 

  217. 	// Save SSH key.

  218. 	if _, err = x.Insert(key); err != nil {
  219. 		return err
  220. 	} else if err = saveAuthorizedKeyFile(key); err != nil {
  221. 		// Roll back.

  222. 		if _, err2 := x.Delete(key); err2 != nil {
  223. 			return err2
  224. 		}
  225. 		return err
  226. 	}
  227. 

  228. 	return nil
  229. }
  230. 

  231. // GetPublicKeyById returns public key by given ID.

  232. func GetPublicKeyById(keyId int64) (*PublicKey, error) {
  233. 	key := new(PublicKey)
  234. 	has, err := x.Id(keyId).Get(key)
  235. 	if err != nil {
  236. 		return nil, err
  237. 	} else if !has {
  238. 		return nil, ErrKeyNotExist
  239. 	}
  240. 	return key, nil
  241. }
  242. 

  243. // ListPublicKeys returns a list of public keys belongs to given user.

  244. func ListPublicKeys(uid int64) ([]*PublicKey, error) {
  245. 	keys := make([]*PublicKey, 0, 5)
  246. 	err := x.Where("owner_id=?", uid).Find(&keys)
  247. 	if err != nil {
  248. 		return nil, err
  249. 	}
  250. 

  251. 	for _, key := range keys {
  252. 		key.HasUsed = key.Updated.After(key.Created)
  253. 		key.HasRecentActivity = key.Updated.Add(7 * 24 * time.Hour).After(time.Now())
  254. 	}
  255. 	return keys, nil
  256. }
  257. 

  258. // rewriteAuthorizedKeys finds and deletes corresponding line in authorized_keys file.

  259. func rewriteAuthorizedKeys(key *PublicKey, p, tmpP string) error {
  260. 	sshOpLocker.Lock()
  261. 	defer sshOpLocker.Unlock()
  262. 

  263. 	fr, err := os.Open(p)
  264. 	if err != nil {
  265. 		return err
  266. 	}
  267. 	defer fr.Close()
  268. 

  269. 	fw, err := os.OpenFile(tmpP, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
  270. 	if err != nil {
  271. 		return err
  272. 	}
  273. 	defer fw.Close()
  274. 

  275. 	isFound := false
  276. 	keyword := fmt.Sprintf("key-%d", key.Id)
  277. 	buf := bufio.NewReader(fr)
  278. 	for {
  279. 		line, errRead := buf.ReadString('\n')
  280. 		line = strings.TrimSpace(line)
  281. 

  282. 		if errRead != nil {
  283. 			if errRead != io.EOF {
  284. 				return errRead
  285. 			}
  286. 

  287. 			// Reached end of file, if nothing to read then break,

  288. 			// otherwise handle the last line.

  289. 			if len(line) == 0 {
  290. 				break
  291. 			}
  292. 		}
  293. 

  294. 		// Found the line and copy rest of file.

  295. 		if !isFound && strings.Contains(line, keyword) && strings.Contains(line, key.Content) {
  296. 			isFound = true
  297. 			continue
  298. 		}
  299. 		// Still finding the line, copy the line that currently read.

  300. 		if _, err = fw.WriteString(line + "\n"); err != nil {
  301. 			return err
  302. 		}
  303. 

  304. 		if errRead == io.EOF {
  305. 			break
  306. 		}
  307. 	}
  308. 	return nil
  309. }
  310. 

  311. // UpdatePublicKey updates given public key.

  312. func UpdatePublicKey(key *PublicKey) error {
  313. 	_, err := x.Id(key.Id).AllCols().Update(key)
  314. 	return err
  315. }
  316. 

  317. // DeletePublicKey deletes SSH key information both in database and authorized_keys file.

  318. func DeletePublicKey(key *PublicKey) error {
  319. 	has, err := x.Get(key)
  320. 	if err != nil {
  321. 		return err
  322. 	} else if !has {
  323. 		return ErrKeyNotExist
  324. 	}
  325. 

  326. 	if _, err = x.Delete(key); err != nil {
  327. 		return err
  328. 	}
  329. 

  330. 	fpath := filepath.Join(SshPath, "authorized_keys")
  331. 	tmpPath := filepath.Join(SshPath, "authorized_keys.tmp")
  332. 	if err = rewriteAuthorizedKeys(key, fpath, tmpPath); err != nil {
  333. 		return err
  334. 	} else if err = os.Remove(fpath); err != nil {
  335. 		return err
  336. 	}
  337. 	return os.Rename(tmpPath, fpath)
  338. }