MieuxVoter
/
gitea-fork-majority-judgment
mirror of https://github.com/domi41/gitea.git
4
0
Fork 0
Code Issues 8 Releases Wiki Polls Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'mj-v1.14.3'
${ noResults }
gitea-fork-majority-judgment/models/ssh_key.go

1377 lines
38 KiB
Raw Permalink Normal View History Unescape

Fix delete SSH key in file
10 years ago
// Copyright 2014 The Gogs Authors. All rights reserved.
Use go method to calculate ssh key fingerprint (#7128) * Use go method to calculate key fingerprint * add gitea copyright * use native go method only for built-in server * refactor and add tests * add gitea copyright
5 years ago
// Copyright 2019 The Gitea Authors. All rights reserved.
Fix delete SSH key in file
10 years ago
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
add publickey & access
10 years ago
package models
import (
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
7 years ago
"bufio"
Make PKCS8, PEM and SSH2 keys work (#7600) * Make PEM and SSH2 keys work * add ssh2 testcases and PEM cases - and fix PEM * Add final test to parse the proposed key
5 years ago
"crypto/rsa"
"crypto/x509"
"encoding/asn1"
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
9 years ago
"encoding/base64"
"encoding/binary"
Make PKCS8, PEM and SSH2 keys work (#7600) * Make PEM and SSH2 keys work * add ssh2 testcases and PEM cases - and fix PEM * Add final test to parse the proposed key
5 years ago
"encoding/pem"
Bug fix
10 years ago
"errors"
add publickey & access
10 years ago
"fmt"
Mulitple Gitea Doctor improvements (#10943) * Add `gitea doctor --list` flag to list the checks that will be run, including those by default * Add `gitea doctor --run` to run specific checks * Add `gitea doctor --all` to run all checks * Add db version checker * Add non-default recalculate merge bases check/fixer to doctor * Add hook checker (Fix #9878) and ensure hooks are executable (Fix #6319) * Fix authorized_keys checker - slight change of functionality here because parsing the command is fragile and we should just check if the authorized_keys file is essentially the same as what gitea would produce. (This is still not perfect as order matters - we should probably just md5sum the two files.) * Add SCRIPT_TYPE check (Fix #10977) * Add `gitea doctor --fix` to attempt to fix what is possible to easily fix * Add `gitea doctor --log-file` to set the log-file, be it a file, stdout or to switch off completely. (Fixes previously undetected bug with certain xorm logging configurations - see @6543 comment.) Signed-off-by: Andrew Thornton <art27@cantab.net>
4 years ago
"io"
Add postgres support, clean code, code review
10 years ago
"io/ioutil"
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
"math/big"
add publickey & access
10 years ago
"os"
"path/filepath"
migrate from com.* to alternatives (#14103) * remove github.com/unknwon/com from models * dont use "com.ToStr()" * replace "com.ToStr" with "fmt.Sprint" where its easy to do * more refactor * fix test * just "proxy" Copy func for now * as per @lunny
3 years ago
"strconv"
Fix delete SSH key in file
10 years ago
"strings"
"sync"
add publickey & access
10 years ago
"time"
Update
10 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/process"
"code.gitea.io/gitea/modules/setting"
Display ui time with customize time location (#7792) * display ui time with customize time location * fix lint * rename UILocation to DefaultUILocation * move time related functions to modules/timeutil * fix tests * fix tests * fix build * fix swagger
5 years ago
"code.gitea.io/gitea/modules/timeutil"
Re-attempt to delete temporary upload if the file is locked by another process (#12447) Replace all calls to os.Remove/os.RemoveAll by retrying util.Remove/util.RemoveAll and remove circular dependencies from util. Fix #12339 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: silverwind <me@silverwind.io>
4 years ago
"code.gitea.io/gitea/modules/util"
feat(repo): support search repository by topic name (#4505) * feat(repo): support search repository by topic name
6 years ago
"golang.org/x/crypto/ssh"
Fix error log when loading issues caused by a xorm bug (#7271) * fix error log when loading issues caused by a xorm bug * upgrade packages * fix fmt * fix Consistency * fix tests
5 years ago
"xorm.io/builder"
Upgrade xorm to v0.8.0 (#8536)
5 years ago
"xorm.io/xorm"
add publickey & access
10 years ago
)
Add postgres support, clean code, code review
10 years ago
const (
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
7 years ago
tplCommentPrefix = `# gitea public key`
Completely quote AppPath and CustomConf paths (#12955) * Completely quote AppPath and CustomConf paths Properly handle spaces in AppPath and CustomConf within hooks and authorized_keys. Unfortunately here we don't seem to be able to get away with using go-shellquote as it appears that Windows doesn't play too well with singlequote quoting - therefore we will avoid singlequote quoting unless we absolutely cannot get away without it, e.g. \n or !. Fix #10813 Signed-off-by: Andrew Thornton <art27@cantab.net> * missing change Signed-off-by: Andrew Thornton <art27@cantab.net> * fix Test_CmdKeys Signed-off-by: Andrew Thornton <art27@cantab.net>
4 years ago
tplCommand = "%s --config=%s serv key-%d"
tplPublicKey = tplCommentPrefix + "\n" + `command=%s,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
authorizedPrincipalsFile = "authorized_principals"
Add postgres support, clean code, code review
10 years ago
)
models/ssh_key: code cleaning
8 years ago
var sshOpLocker sync.Mutex
add publickey
10 years ago
Lint models/ssh_key.go
8 years ago
// KeyType specifies the key type
#334: Add Deployment Key Support
9 years ago
type KeyType int
const (
Lint models/ssh_key.go
8 years ago
// KeyTypeUser specifies the user key
And others
8 years ago
KeyTypeUser = iota + 1
Lint models/ssh_key.go
8 years ago
// KeyTypeDeploy specifies the deploy key
And others
8 years ago
KeyTypeDeploy
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
// KeyTypePrincipal specifies the authorized principal key
KeyTypePrincipal
#334: Add Deployment Key Support
9 years ago
)
models/ssh_key: code cleaning
8 years ago
// PublicKey represents a user or deploy SSH public key.
add publickey & access
10 years ago
type PublicKey struct {
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify)
6 years ago
ID int64 `xorm:"pk autoincr"`
OwnerID int64 `xorm:"INDEX NOT NULL"`
Name string `xorm:"NOT NULL"`
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
Fingerprint string `xorm:"INDEX NOT NULL"`
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify)
6 years ago
Content string `xorm:"TEXT NOT NULL"`
Mode AccessMode `xorm:"NOT NULL DEFAULT 2"`
Type KeyType `xorm:"NOT NULL DEFAULT 1"`
LoginSourceID int64 `xorm:"NOT NULL DEFAULT 0"`
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
Display ui time with customize time location (#7792) * display ui time with customize time location * fix lint * rename UILocation to DefaultUILocation * move time related functions to modules/timeutil * fix tests * fix tests * fix build * fix swagger
5 years ago
CreatedUnix timeutil.TimeStamp `xorm:"created"`
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
HasRecentActivity bool `xorm:"-"`
HasUsed bool `xorm:"-"`
#334: Add Deployment Key Support
9 years ago
}
Use AfterLoad instead of AfterSet on Structs (#2628) * use AfterLoad instead of AfterSet on Structs * fix the comments on AfterLoad * fix the comments on action AfterLoad
7 years ago
// AfterLoad is invoked from XORM after setting the values of all fields of this object.
func (key *PublicKey) AfterLoad() {
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add
6 years ago
key.HasUsed = key.UpdatedUnix > key.CreatedUnix
Display ui time with customize time location (#7792) * display ui time with customize time location * fix lint * rename UILocation to DefaultUILocation * move time related functions to modules/timeutil * fix tests * fix tests * fix build * fix swagger
5 years ago
key.HasRecentActivity = key.UpdatedUnix.AddDuration(7*24*time.Hour) > timeutil.TimeStampNow()
add publickey & access
10 years ago
}
models/ssh_key: code cleaning
8 years ago
// OmitEmail returns content of public key without email address.
Lint models/ssh_key.go
8 years ago
func (key *PublicKey) OmitEmail() string {
return strings.Join(strings.Split(key.Content, " ")[:2], " ")
Fix #652
10 years ago
}
models/ssh_key: code cleaning
8 years ago
// AuthorizedString returns formatted public key string for authorized_keys file.
func (key *PublicKey) AuthorizedString() string {
Completely quote AppPath and CustomConf paths (#12955) * Completely quote AppPath and CustomConf paths Properly handle spaces in AppPath and CustomConf within hooks and authorized_keys. Unfortunately here we don't seem to be able to get away with using go-shellquote as it appears that Windows doesn't play too well with singlequote quoting - therefore we will avoid singlequote quoting unless we absolutely cannot get away without it, e.g. \n or !. Fix #10813 Signed-off-by: Andrew Thornton <art27@cantab.net> * missing change Signed-off-by: Andrew Thornton <art27@cantab.net> * fix Test_CmdKeys Signed-off-by: Andrew Thornton <art27@cantab.net>
4 years ago
return fmt.Sprintf(tplPublicKey, util.ShellEscape(fmt.Sprintf(tplCommand, util.ShellEscape(setting.AppPath), util.ShellEscape(setting.CustomConf), key.ID)), key.Content)
add publickey & access
10 years ago
}
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
9 years ago
func extractTypeFromBase64Key(key string) (string, error) {
b, err := base64.StdEncoding.DecodeString(key)
if err != nil || len(b) < 4 {
models/ssh_key: code cleaning
8 years ago
return "", fmt.Errorf("invalid key format: %v", err)
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
9 years ago
}
keyLength := int(binary.BigEndian.Uint32(b))
if len(b) < 4+keyLength {
models/ssh_key: code cleaning
8 years ago
return "", fmt.Errorf("invalid key format: not enough length %d", keyLength)
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
9 years ago
}
return string(b[4 : 4+keyLength]), nil
}
Make PKCS8, PEM and SSH2 keys work (#7600) * Make PEM and SSH2 keys work * add ssh2 testcases and PEM cases - and fix PEM * Add final test to parse the proposed key
5 years ago
const ssh2keyStart = "---- BEGIN SSH2 PUBLIC KEY ----"
models/ssh_key: code cleaning
8 years ago
// parseKeyString parses any key string in OpenSSH or SSH2 format to clean OpenSSH string (RFC4253).
#334: Add Deployment Key Support
9 years ago
func parseKeyString(content string) (string, error) {
Improve SSH key parser to handle newlines in keys (#7522) * Strip newlines from SSH keys before adding them Fixes: https://github.com/go-gitea/gitea/issues/7500 * add test for CheckPublicKeyString * add one more test * simplify test * further simplify * make fmt
5 years ago
// remove whitespace at start and end
Handle ssh key import better (#224) * Handle user ssh key input better ssh_key: when user submitted keys had a newline at the end, strings.Split would have created a slice with an empty last element, and the key type check would be incorrect. Perhaps a better way is to look for 'ssh-rsa' or 'ssh-dsa' at the beginning of the string, but this is simple. * ssh_key: correct indentation
8 years ago
content = strings.TrimSpace(content)
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
9 years ago
var keyType, keyContent, keyComment string
Fix SSH2 conditonal in key parsing code (#8806) Avoid out of bounds error by using strings.HasPrefix to check for starting SSH2 text rather than assuming user input has at least 31 characters. Add tests for bad input as well. Fixes #8800
5 years ago
if strings.HasPrefix(content, ssh2keyStart) {
Make PKCS8, PEM and SSH2 keys work (#7600) * Make PEM and SSH2 keys work * add ssh2 testcases and PEM cases - and fix PEM * Add final test to parse the proposed key
5 years ago
// Parse SSH2 file format.
// Transform all legal line endings to a single "\n".
content = strings.NewReplacer("\r\n", "\n", "\r", "\n").Replace(content)
lines := strings.Split(content, "\n")
continuationLine := false
for _, line := range lines {
// Skip lines that:
// 1) are a continuation of the previous line,
// 2) contain ":" as that are comment lines
// 3) contain "-" as that are begin and end tags
if continuationLine || strings.ContainsAny(line, ":-") {
continuationLine = strings.HasSuffix(line, "\\")
} else {
keyContent += line
}
}
t, err := extractTypeFromBase64Key(keyContent)
if err != nil {
return "", fmt.Errorf("extractTypeFromBase64Key: %v", err)
}
keyType = t
} else {
if strings.Contains(content, "-----BEGIN") {
// Convert PEM Keys to OpenSSH format
// Transform all legal line endings to a single "\n".
content = strings.NewReplacer("\r\n", "\n", "\r", "\n").Replace(content)
block, _ := pem.Decode([]byte(content))
if block == nil {
return "", fmt.Errorf("failed to parse PEM block containing the public key")
}
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
var pk rsa.PublicKey
_, err2 := asn1.Unmarshal(block.Bytes, &pk)
if err2 != nil {
return "", fmt.Errorf("failed to parse DER encoded public key as either PKIX or PEM RSA Key: %v %v", err, err2)
}
pub = &pk
}
sshKey, err := ssh.NewPublicKey(pub)
if err != nil {
return "", fmt.Errorf("unable to convert to ssh public key: %v", err)
}
content = string(ssh.MarshalAuthorizedKey(sshKey))
}
models/ssh_key: code cleaning
8 years ago
// Parse OpenSSH format.
Improve SSH key parser to handle newlines in keys (#7522) * Strip newlines from SSH keys before adding them Fixes: https://github.com/go-gitea/gitea/issues/7500 * add test for CheckPublicKeyString * add one more test * simplify test * further simplify * make fmt
5 years ago
// Remove all newlines
content = strings.NewReplacer("\r\n", "", "\n", "").Replace(content)
parts := strings.SplitN(content, " ", 3)
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
9 years ago
switch len(parts) {
case 0:
models/ssh_key: code cleaning
8 years ago
return "", errors.New("empty key")
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
9 years ago
case 1:
keyContent = parts[0]
case 2:
keyType = parts[0]
keyContent = parts[1]
default:
keyType = parts[0]
keyContent = parts[1]
keyComment = parts[2]
}
models/ssh_key: code cleaning
8 years ago
// If keyType is not given, extract it from content. If given, validate it.
t, err := extractTypeFromBase64Key(keyContent)
if err != nil {
return "", fmt.Errorf("extractTypeFromBase64Key: %v", err)
}
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
9 years ago
if len(keyType) == 0 {
models/ssh_key: code cleaning
8 years ago
keyType = t
} else if keyType != t {
return "", fmt.Errorf("key type and content does not match: %s - %s", keyType, t)
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
9 years ago
}
Make PKCS8, PEM and SSH2 keys work (#7600) * Make PEM and SSH2 keys work * add ssh2 testcases and PEM cases - and fix PEM * Add final test to parse the proposed key
5 years ago
}
// Finally we need to check whether we can actually read the proposed key:
_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(keyType + " " + keyContent + " " + keyComment))
if err != nil {
return "", fmt.Errorf("invalid ssh public key: %v", err)
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
9 years ago
}
return keyType + " " + keyContent + " " + keyComment, nil
}
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
// writeTmpKeyFile writes key content to a temporary file
// and returns the name of that file, along with any possible errors.
func writeTmpKeyFile(content string) (string, error) {
Replace Gogs with Gitea (#520)
7 years ago
tmpFile, err := ioutil.TempFile(setting.SSH.KeyTestPath, "gitea_keytest")
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
if err != nil {
return "", fmt.Errorf("TempFile: %v", err)
}
defer tmpFile.Close()
if _, err = tmpFile.WriteString(content); err != nil {
models/ssh_key: code cleaning
8 years ago
return "", fmt.Errorf("WriteString: %v", err)
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
}
return tmpFile.Name(), nil
}
// SSHKeyGenParsePublicKey extracts key type and length using ssh-keygen.
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
func SSHKeyGenParsePublicKey(key string) (string, int, error) {
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
tmpName, err := writeTmpKeyFile(key)
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
if err != nil {
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
return "", 0, fmt.Errorf("writeTmpKeyFile: %v", err)
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
}
Re-attempt to delete temporary upload if the file is locked by another process (#12447) Replace all calls to os.Remove/os.RemoveAll by retrying util.Remove/util.RemoveAll and remove circular dependencies from util. Fix #12339 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: silverwind <me@silverwind.io>
4 years ago
defer func() {
if err := util.Remove(tmpName); err != nil {
log.Warn("Unable to remove temporary key file: %s: Error: %v", tmpName, err)
}
}()
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
Refactor process package and introduce ProcessManager{} with tests (#75) * Add a process.Manager singleton with process.GetManager() * Use process.GetManager everywhere * Fix godoc comments for process module * Increment process counter id after locking the mutex
7 years ago
stdout, stderr, err := process.GetManager().Exec("SSHKeyGenParsePublicKey", setting.SSH.KeygenPath, "-lf", tmpName)
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
if err != nil {
models/ssh_key: code cleaning
8 years ago
return "", 0, fmt.Errorf("fail to parse public key: %s - %s", err, stderr)
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
}
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
if strings.Contains(stdout, "is not a public key file") {
return "", 0, ErrKeyUnableVerify{stdout}
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
}
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
fields := strings.Split(stdout, " ")
if len(fields) < 4 {
models/ssh_key: code cleaning
8 years ago
return "", 0, fmt.Errorf("invalid public key line: %s", stdout)
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
}
keyType := strings.Trim(fields[len(fields)-1], "()\r\n")
migrate from com.* to alternatives (#14103) * remove github.com/unknwon/com from models * dont use "com.ToStr()" * replace "com.ToStr" with "fmt.Sprint" where its easy to do * more refactor * fix test * just "proxy" Copy func for now * as per @lunny
3 years ago
length, err := strconv.ParseInt(fields[0], 10, 32)
if err != nil {
return "", 0, err
}
return strings.ToLower(keyType), int(length), nil
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
}
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
// SSHNativeParsePublicKey extracts the key type and length using the golang SSH library.
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
func SSHNativeParsePublicKey(keyLine string) (string, int, error) {
fields := strings.Fields(keyLine)
if len(fields) < 2 {
refactor: Remove unnecessary type conversions (#772)
7 years ago
return "", 0, fmt.Errorf("not enough fields in public key line: %s", keyLine)
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
}
raw, err := base64.StdEncoding.DecodeString(fields[1])
if err != nil {
return "", 0, err
}
pkey, err := ssh.ParsePublicKey(raw)
if err != nil {
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
if strings.Contains(err.Error(), "ssh: unknown key algorithm") {
return "", 0, ErrKeyUnableVerify{err.Error()}
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
}
models/ssh_key: code cleaning
8 years ago
return "", 0, fmt.Errorf("ParsePublicKey: %v", err)
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
}
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
// The ssh library can parse the key, so next we find out what key exactly we have.
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
switch pkey.Type() {
case ssh.KeyAlgoDSA:
rawPub := struct {
Name string
P, Q, G, Y *big.Int
}{}
if err := ssh.Unmarshal(pkey.Marshal(), &rawPub); err != nil {
return "", 0, err
}
// as per https://bugzilla.mindrot.org/show_bug.cgi?id=1647 we should never
// see dsa keys != 1024 bit, but as it seems to work, we will not check here
return "dsa", rawPub.P.BitLen(), nil // use P as per crypto/dsa/dsa.go (is L)
case ssh.KeyAlgoRSA:
rawPub := struct {
Name string
E *big.Int
N *big.Int
}{}
if err := ssh.Unmarshal(pkey.Marshal(), &rawPub); err != nil {
return "", 0, err
}
return "rsa", rawPub.N.BitLen(), nil // use N as per crypto/rsa/rsa.go (is bits)
case ssh.KeyAlgoECDSA256:
return "ecdsa", 256, nil
case ssh.KeyAlgoECDSA384:
return "ecdsa", 384, nil
case ssh.KeyAlgoECDSA521:
return "ecdsa", 521, nil
don't check minimum key size when disabled (#1754) * cleanup old comments for ed25519 These comments were added when x/crypto/ed25519 could not yet handle ed25519. It does now, so it should be removed. Also the key type is now replaced with the proper constant. * move the minimum key size config before the check This moves the actual config lookup before any check is done. This avoids problems with calling to ssh-keygen which doesn't support the expected output format and returning an error, when the check is disabled.
7 years ago
case ssh.KeyAlgoED25519:
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
return "ed25519", 256, nil
Add support for ed25519_sk and ecdsa_sk SSH keys (#13462) * Add support for ed25519_sk and ecdsa_sk SSH keys These start with sk-ssh-ed25519@openssh.com and sk-ecdsa-sha2-nistp256@openssh.com. They are supported in recent versions of go x/crypto/ssh and OpenSSH 8.2 or higher. * skip ssh-keygen Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
3 years ago
case ssh.KeyAlgoSKECDSA256:
return "ecdsa-sk", 256, nil
case ssh.KeyAlgoSKED25519:
return "ed25519-sk", 256, nil
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
}
models/ssh_key: code cleaning
8 years ago
return "", 0, fmt.Errorf("unsupported key length detection for type: %s", pkey.Type())
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
}
New UI merge in progress
10 years ago
// CheckPublicKeyString checks if the given public key string is recognized by SSH.
models/ssh_key: code cleaning
8 years ago
// It returns the actual public key line on success.
#334: Add Deployment Key Support
9 years ago
func CheckPublicKeyString(content string) (_ string, err error) {
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
if setting.SSH.Disabled {
Disable add key button if SSH is disabled (#2873)
7 years ago
return "", ErrSSHDisabled{}
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
}
#334: Add Deployment Key Support
9 years ago
content, err = parseKeyString(content)
if err != nil {
return "", err
}
#634
10 years ago
content = strings.TrimRight(content, "\n\r")
New UI merge in progress
10 years ago
if strings.ContainsAny(content, "\n\r") {
#334: Add Deployment Key Support
9 years ago
return "", errors.New("only a single line with a single key please")
New UI merge in progress
10 years ago
}
Trim whitespace when adding SSH keys (fixes #2447)
8 years ago
// remove any unnecessary whitespace now
content = strings.TrimSpace(content)
don't check minimum key size when disabled (#1754) * cleanup old comments for ed25519 These comments were added when x/crypto/ed25519 could not yet handle ed25519. It does now, so it should be removed. Also the key type is now replaced with the proper constant. * move the minimum key size config before the check This moves the actual config lookup before any check is done. This avoids problems with calling to ssh-keygen which doesn't support the expected output format and returning an error, when the check is disabled.
7 years ago
if !setting.SSH.MinimumKeySizeCheck {
return content, nil
}
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
var (
models/ssh_key: code cleaning
8 years ago
fnName string
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
keyType string
length int
)
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
if setting.SSH.StartBuiltinServer {
models/ssh_key: code cleaning
8 years ago
fnName = "SSHNativeParsePublicKey"
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
keyType, length, err = SSHNativeParsePublicKey(content)
} else {
models/ssh_key: code cleaning
8 years ago
fnName = "SSHKeyGenParsePublicKey"
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
keyType, length, err = SSHKeyGenParsePublicKey(content)
New UI merge in progress
10 years ago
}
#2179 use Go sub-repo ssh to verify public key content
8 years ago
if err != nil {
models/ssh_key: code cleaning
8 years ago
return "", fmt.Errorf("%s: %v", fnName, err)
New UI merge in progress
10 years ago
}
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
log.Trace("Key info [native: %v]: %s-%d", setting.SSH.StartBuiltinServer, keyType, length)
New UI merge in progress
10 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
8 years ago
if minLen, found := setting.SSH.MinimumKeySizes[keyType]; found && length >= minLen {
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
return content, nil
} else if found && length < minLen {
models/ssh_key: code cleaning
8 years ago
return "", fmt.Errorf("key length is not enough: got %d, needs %d", length, minLen)
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
}
models/ssh_key: code cleaning
8 years ago
return "", fmt.Errorf("key type is not allowed: %s", keyType)
New UI merge in progress
10 years ago
}
models/ssh_key: code cleaning
8 years ago
// appendAuthorizedKeysToFile appends new SSH keys' content to authorized_keys file.
func appendAuthorizedKeysToFile(keys ...*PublicKey) error {
Add integrations tests from git cli (#3377) * test: integration add git cli tests Extracted form for easing review process and debug #3152 * test: integration add git cli big file commit * fix: Don't rewrite key if internal server
6 years ago
// Don't need to rewrite this file if builtin SSH server is enabled.
don't append key file if asked not to (#13368)
4 years ago
if setting.SSH.StartBuiltinServer || !setting.SSH.CreateAuthorizedKeysFile {
Add integrations tests from git cli (#3377) * test: integration add git cli tests Extracted form for easing review process and debug #3152 * test: integration add git cli big file commit * fix: Don't rewrite key if internal server
6 years ago
return nil
}
Finish issue design
10 years ago
sshOpLocker.Lock()
defer sshOpLocker.Unlock()
Fixes #8369: Create .ssh dir as necessary (#8486) * Ensure .ssh dir exists before rewriting public keys * Ensure .ssh dir exists before appending to authorized_keys * Log the error because it would be useful to know where it is trying to MkdirAll * Only try to create RootPath if it's not empty
5 years ago
if setting.SSH.RootPath != "" {
// First of ensure that the RootPath is present, and if not make it with 0700 permissions
// This of course doesn't guarantee that this is the right directory for authorized_keys
// but at least if it's supposed to be this directory and it doesn't exist and we're the
// right user it will at least be created properly.
chore(models): rewrite code format. (#14754) * chore: rewrite format. * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: Adjacent parameters with the same type should be grouped together * chore: update format.
3 years ago
err := os.MkdirAll(setting.SSH.RootPath, 0o700)
Fixes #8369: Create .ssh dir as necessary (#8486) * Ensure .ssh dir exists before rewriting public keys * Ensure .ssh dir exists before appending to authorized_keys * Log the error because it would be useful to know where it is trying to MkdirAll * Only try to create RootPath if it's not empty
5 years ago
if err != nil {
log.Error("Unable to MkdirAll(%s): %v", setting.SSH.RootPath, err)
return err
}
}
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
7 years ago
fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
chore(models): rewrite code format. (#14754) * chore: rewrite format. * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: Adjacent parameters with the same type should be grouped together * chore: update format.
3 years ago
f, err := os.OpenFile(fPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o600)
Finish issue design
10 years ago
if err != nil {
return err
}
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
defer f.Close()
models: code fix on #818
9 years ago
models/ssh_key: code cleaning
8 years ago
// Note: chmod command does not support in Windows.
Work #475 and #458
10 years ago
if !setting.IsWindows {
models/ssh_key: code cleaning
8 years ago
fi, err := f.Stat()
if err != nil {
return err
}
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
9 years ago
// .ssh directory should have mode 700, and authorized_keys file should have mode 600.
chore(models): rewrite code format. (#14754) * chore: rewrite format. * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: Adjacent parameters with the same type should be grouped together * chore: update format.
3 years ago
if fi.Mode().Perm() > 0o600 {
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
5 years ago
log.Error("authorized_keys file has unusual permission flags: %s - setting to -rw-------", fi.Mode().Perm().String())
chore(models): rewrite code format. (#14754) * chore: rewrite format. * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: Adjacent parameters with the same type should be grouped together * chore: update format.
3 years ago
if err = f.Chmod(0o600); err != nil {
Fix mirror UI style and work on #475
10 years ago
return err
}
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
10 years ago
}
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
10 years ago
}
add afunction to rewrite all public keys on admin request refs #763
9 years ago
for _, key := range keys {
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
if key.Type == KeyTypePrincipal {
continue
}
models/ssh_key: code cleaning
8 years ago
if _, err = f.WriteString(key.AuthorizedString()); err != nil {
add afunction to rewrite all public keys on admin request refs #763
9 years ago
return err
}
}
return nil
Finish issue design
10 years ago
}
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
7 years ago
// checkKeyFingerprint only checks if key fingerprint has been used as public key,
#1535 Removing deploy key does not remove key
9 years ago
// it is OK to use same key as deploy key for multiple repositories/users.
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
7 years ago
func checkKeyFingerprint(e Engine, fingerprint string) error {
has, err := e.Get(&PublicKey{
Fingerprint: fingerprint,
#1535 Removing deploy key does not remove key
9 years ago
})
Add check if public key name has been used
10 years ago
if err != nil {
return err
} else if has {
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
7 years ago
return ErrKeyAlreadyExist{0, fingerprint, ""}
Add check if public key name has been used
10 years ago
}
#334: Add Deployment Key Support
9 years ago
return nil
}
Add check if public key name has been used
10 years ago
Use go method to calculate ssh key fingerprint (#7128) * Use go method to calculate key fingerprint * add gitea copyright * use native go method only for built-in server * refactor and add tests * add gitea copyright
5 years ago
func calcFingerprintSSHKeygen(publicKeyContent string) (string, error) {
Add generate fingerprint of ssh key
10 years ago
// Calculate fingerprint.
use writeTmpKeyFile in calcFingerprint (#1828) this makes calcFingerprint use SSH.KeyTestpath instead of os temp dir.
7 years ago
tmpPath, err := writeTmpKeyFile(publicKeyContent)
if err != nil {
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
7 years ago
return "", err
add publickey & access
10 years ago
}
Re-attempt to delete temporary upload if the file is locked by another process (#12447) Replace all calls to os.Remove/os.RemoveAll by retrying util.Remove/util.RemoveAll and remove circular dependencies from util. Fix #12339 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: silverwind <me@silverwind.io>
4 years ago
defer func() {
if err := util.Remove(tmpPath); err != nil {
log.Warn("Unable to remove temporary key file: %s: Error: %v", tmpPath, err)
}
}()
Refactor process package and introduce ProcessManager{} with tests (#75) * Add a process.Manager singleton with process.GetManager() * Use process.GetManager everywhere * Fix godoc comments for process module * Increment process counter id after locking the mutex
7 years ago
stdout, stderr, err := process.GetManager().Exec("AddPublicKey", "ssh-keygen", "-lf", tmpPath)
add publickey & access
10 years ago
if err != nil {
Use ErrKeyUnableToVerify if fail to calc fingerprint in ssh-keygen (#10863) * Use ErrKeyUnableToVerify if fail to calc fingerprint in ssh-keygen Fix #3985 Signed-off-by: Andrew Thornton <art27@cantab.net> * Pass up the unable to verify
4 years ago
if strings.Contains(stderr, "is not a public key file") {
return "", ErrKeyUnableVerify{stderr}
}
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
7 years ago
return "", fmt.Errorf("'ssh-keygen -lf %s' failed with error '%s': %s", tmpPath, err, stderr)
Add generate fingerprint of ssh key
10 years ago
} else if len(stdout) < 2 {
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
7 years ago
return "", errors.New("not enough output for calculating fingerprint: " + stdout)
}
return strings.Split(stdout, " ")[1], nil
}
Use go method to calculate ssh key fingerprint (#7128) * Use go method to calculate key fingerprint * add gitea copyright * use native go method only for built-in server * refactor and add tests * add gitea copyright
5 years ago
func calcFingerprintNative(publicKeyContent string) (string, error) {
// Calculate fingerprint.
pk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(publicKeyContent))
if err != nil {
return "", err
}
return ssh.FingerprintSHA256(pk), nil
}
func calcFingerprint(publicKeyContent string) (string, error) {
chore(models): rewrite code format. (#14754) * chore: rewrite format. * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: Adjacent parameters with the same type should be grouped together * chore: update format.
3 years ago
// Call the method based on configuration
Use go method to calculate ssh key fingerprint (#7128) * Use go method to calculate key fingerprint * add gitea copyright * use native go method only for built-in server * refactor and add tests * add gitea copyright
5 years ago
var (
fnName, fp string
err error
)
if setting.SSH.StartBuiltinServer {
fnName = "calcFingerprintNative"
fp, err = calcFingerprintNative(publicKeyContent)
} else {
fnName = "calcFingerprintSSHKeygen"
fp, err = calcFingerprintSSHKeygen(publicKeyContent)
}
if err != nil {
Use ErrKeyUnableToVerify if fail to calc fingerprint in ssh-keygen (#10863) * Use ErrKeyUnableToVerify if fail to calc fingerprint in ssh-keygen Fix #3985 Signed-off-by: Andrew Thornton <art27@cantab.net> * Pass up the unable to verify
4 years ago
if IsErrKeyUnableVerify(err) {
log.Info("%s", publicKeyContent)
return "", err
}
Use go method to calculate ssh key fingerprint (#7128) * Use go method to calculate key fingerprint * add gitea copyright * use native go method only for built-in server * refactor and add tests * add gitea copyright
5 years ago
return "", fmt.Errorf("%s: %v", fnName, err)
}
return fp, nil
}
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
7 years ago
func addKey(e Engine, key *PublicKey) (err error) {
Remove check for negative length (#5120)
6 years ago
if len(key.Fingerprint) == 0 {
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
7 years ago
key.Fingerprint, err = calcFingerprint(key.Content)
if err != nil {
return err
}
Add generate fingerprint of ssh key
10 years ago
}
// Save SSH key.
#334: Add Deployment Key Support
9 years ago
if _, err = e.Insert(key); err != nil {
Add generate fingerprint of ssh key
10 years ago
return err
#334: Add Deployment Key Support
9 years ago
}
#2147 fix rewrites authorized_keys when builtin SSH server is enabled
8 years ago
models/ssh_key: code cleaning
8 years ago
return appendAuthorizedKeysToFile(key)
#334: Add Deployment Key Support
9 years ago
}
// AddPublicKey adds new public key to database and authorized_keys file.
Add golangci (#6418)
5 years ago
func AddPublicKey(ownerID int64, name, content string, loginSourceID int64) (*PublicKey, error) {
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
8 years ago
log.Trace(content)
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
7 years ago
fingerprint, err := calcFingerprint(content)
if err != nil {
return nil, err
}
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
sess := x.NewSession()
defer sess.Close()
if err = sess.Begin(); err != nil {
return nil, err
}
if err := checkKeyFingerprint(sess, fingerprint); err != nil {
fix #976
9 years ago
return nil, err
add publickey & access
10 years ago
}
#334: Add Deployment Key Support
9 years ago
// Key name of same user cannot be duplicated.
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
has, err := sess.
Rewrite XORM queries
8 years ago
Where("owner_id = ? AND name = ?", ownerID, name).
Get(new(PublicKey))
#334: Add Deployment Key Support
9 years ago
if err != nil {
fix #976
9 years ago
return nil, err
#334: Add Deployment Key Support
9 years ago
} else if has {
fix #976
9 years ago
return nil, ErrKeyNameAlreadyUsed{ownerID, name}
#334: Add Deployment Key Support
9 years ago
}
key := &PublicKey{
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify)
6 years ago
OwnerID: ownerID,
Name: name,
Fingerprint: fingerprint,
Content: content,
Mode: AccessModeWrite,
Type: KeyTypeUser,
Add golangci (#6418)
5 years ago
LoginSourceID: loginSourceID,
#334: Add Deployment Key Support
9 years ago
}
if err = addKey(sess, key); err != nil {
fix #976
9 years ago
return nil, fmt.Errorf("addKey: %v", err)
#334: Add Deployment Key Support
9 years ago
}
fix #976
9 years ago
return key, sess.Commit()
add publickey & access
10 years ago
}
#334: Add Deployment Key Support
9 years ago
// GetPublicKeyByID returns public key by given ID.
func GetPublicKeyByID(keyID int64) (*PublicKey, error) {
Finish new web hook pages
10 years ago
key := new(PublicKey)
Rewrite XORM queries
8 years ago
has, err := x.
Upgrade xorm to v1.0.0 (#10646) * Upgrade xorm to v1.0.0 * small nit * Fix tests * Update xorm * Update xorm * fix go.sum * fix test * Fix bug when dump * Fix bug * update xorm to latest * Fix migration test * update xorm to latest * Fix import order * Use xorm tag
4 years ago
ID(keyID).
Rewrite XORM queries
8 years ago
Get(key)
Finish new web hook pages
10 years ago
if err != nil {
return nil, err
} else if !has {
#334: Add Deployment Key Support
9 years ago
return nil, ErrKeyNotExist{keyID}
Finish new web hook pages
10 years ago
}
return key, nil
}
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
5 years ago
func searchPublicKeyByContentWithEngine(e Engine, content string) (*PublicKey, error) {
fix 1540 and experimental SSH server support
9 years ago
key := new(PublicKey)
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
5 years ago
has, err := e.
Rewrite XORM queries
8 years ago
Where("content like ?", content+"%").
Get(key)
fix 1540 and experimental SSH server support
9 years ago
if err != nil {
return nil, err
} else if !has {
return nil, ErrKeyNotExist{}
}
return key, nil
}
Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
5 years ago
// SearchPublicKeyByContent searches content as prefix (leak e-mail part)
// and returns public key found.
func SearchPublicKeyByContent(content string) (*PublicKey, error) {
return searchPublicKeyByContentWithEngine(x, content)
}
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
func searchPublicKeyByContentExactWithEngine(e Engine, content string) (*PublicKey, error) {
key := new(PublicKey)
has, err := e.
Where("content = ?", content).
Get(key)
if err != nil {
return nil, err
} else if !has {
return nil, ErrKeyNotExist{}
}
return key, nil
}
// SearchPublicKeyByContentExact searches content
// and returns public key found.
func SearchPublicKeyByContentExact(content string) (*PublicKey, error) {
return searchPublicKeyByContentExactWithEngine(x, content)
}
Keys API changes (#4960) * Add private information to the deploy keys api This commit adds more information to the deploy keys to allow for back reference in to the main keys list. It also adds information about the repository that the key is referring to. Signed-off-by: Andrew Thornton <art27@cantab.net> * Add private information to the user keys API This adjusts the keys API to give out private information to user keys if the current user is the owner or an admin. Signed-off-by: Andrew Thornton <art27@cantab.net> * Add ability to search keys by fingerprint This commit adds the functionality to search ssh-keys by fingerprint of the ssh-key. Deploy keys per repository can also be searched. There is no current clear API point to allow search of all deploy keys by fingerprint or keyID. Signed-off-by: Andrew Thornton <art27@cantab.net> * Add integration test
6 years ago
// SearchPublicKey returns a list of public keys matching the provided arguments.
func SearchPublicKey(uid int64, fingerprint string) ([]*PublicKey, error) {
keys := make([]*PublicKey, 0, 5)
cond := builder.NewCond()
if uid != 0 {
cond = cond.And(builder.Eq{"owner_id": uid})
}
if fingerprint != "" {
cond = cond.And(builder.Eq{"fingerprint": fingerprint})
}
return keys, x.Where(cond).Find(&keys)
}
add personal access token panel #12
10 years ago
// ListPublicKeys returns a list of public keys belongs to given user.
API add/generalize pagination (#9452) * paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
4 years ago
func ListPublicKeys(uid int64, listOptions ListOptions) ([]*PublicKey, error) {
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
sess := x.Where("owner_id = ? AND type != ?", uid, KeyTypePrincipal)
API add/generalize pagination (#9452) * paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
4 years ago
if listOptions.Page != 0 {
sess = listOptions.setSessionPagination(sess)
keys := make([]*PublicKey, 0, listOptions.PageSize)
return keys, sess.Find(&keys)
}
New UI merge in progress
10 years ago
keys := make([]*PublicKey, 0, 5)
API add/generalize pagination (#9452) * paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
4 years ago
return keys, sess.Find(&keys)
Finish issue design
10 years ago
}
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify)
6 years ago
// ListPublicLdapSSHKeys returns a list of synchronized public ldap ssh keys belongs to given user and login source.
chore(models): rewrite code format. (#14754) * chore: rewrite format. * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: Adjacent parameters with the same type should be grouped together * chore: update format.
3 years ago
func ListPublicLdapSSHKeys(uid, loginSourceID int64) ([]*PublicKey, error) {
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify)
6 years ago
keys := make([]*PublicKey, 0, 5)
return keys, x.
Add golangci (#6418)
5 years ago
Where("owner_id = ? AND login_source_id = ?", uid, loginSourceID).
LDAP Public SSH Keys synchronization (#1844) * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify)
6 years ago
Find(&keys)
}
refactor update ssh key use time (#1466)
7 years ago
// UpdatePublicKeyUpdated updates public key use time.
func UpdatePublicKeyUpdated(id int64) error {
Fix key usage time update if the key is used in parallel for multiple operations (#2185)
7 years ago
// Check if key exists before update as affected rows count is unreliable
// and will return 0 affected rows if two updates are made at the same time
if cnt, err := x.ID(id).Count(&PublicKey{}); err != nil {
return err
} else if cnt != 1 {
return ErrKeyNotExist{id}
}
_, err := x.ID(id).Cols("updated_unix").Update(&PublicKey{
Display ui time with customize time location (#7792) * display ui time with customize time location * fix lint * rename UILocation to DefaultUILocation * move time related functions to modules/timeutil * fix tests * fix tests * fix build * fix swagger
5 years ago
UpdatedUnix: timeutil.TimeStampNow(),
refactor update ssh key use time (#1466)
7 years ago
})
if err != nil {
return err
}
return nil
}
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
8 years ago
// deletePublicKeys does the actual key deletion but does not update authorized_keys file.
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
func deletePublicKeys(e Engine, keyIDs ...int64) error {
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
8 years ago
if len(keyIDs) == 0 {
#334: Add Deployment Key Support
9 years ago
return nil
Fix SSH key bug in windows
10 years ago
}
Improve delete SSH key
10 years ago
use in instead string join (#155)
8 years ago
_, err := e.In("id", keyIDs).Delete(new(PublicKey))
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
8 years ago
return err
add publickey & access
10 years ago
}
add afunction to rewrite all public keys on admin request refs #763
9 years ago
Disable SSH key deletion of externally managed Keys (#13985) * Disable SSH key addition and deletion when externally managed When a user has a login source which has SSH key management key addition and deletion using the UI should be disabled. Fix #13983 Signed-off-by: Andrew Thornton <art27@cantab.net> * Make only externally managed keys disabled Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
3 years ago
// PublicKeysAreExternallyManaged returns whether the provided KeyID represents an externally managed Key
func PublicKeysAreExternallyManaged(keys []*PublicKey) ([]bool, error) {
sources := make([]*LoginSource, 0, 5)
externals := make([]bool, len(keys))
keyloop:
for i, key := range keys {
if key.LoginSourceID == 0 {
externals[i] = false
continue keyloop
}
var source *LoginSource
sourceloop:
for _, s := range sources {
if s.ID == key.LoginSourceID {
source = s
break sourceloop
}
}
if source == nil {
var err error
source, err = GetLoginSourceByID(key.LoginSourceID)
if err != nil {
if IsErrLoginSourceNotExist(err) {
externals[i] = false
sources[i] = &LoginSource{
ID: key.LoginSourceID,
}
continue keyloop
}
return nil, err
}
}
ldapSource := source.LDAP()
if ldapSource != nil &&
source.IsSyncEnabled &&
(source.Type == LoginLDAP || source.Type == LoginDLDAP) &&
len(strings.TrimSpace(ldapSource.AttributeSSHPublicKey)) > 0 {
// Disable setting SSH keys for this user
externals[i] = true
}
}
return externals, nil
}
// PublicKeyIsExternallyManaged returns whether the provided KeyID represents an externally managed Key
func PublicKeyIsExternallyManaged(id int64) (bool, error) {
key, err := GetPublicKeyByID(id)
if err != nil {
return false, err
}
if key.LoginSourceID == 0 {
return false, nil
}
source, err := GetLoginSourceByID(key.LoginSourceID)
if err != nil {
if IsErrLoginSourceNotExist(err) {
return false, nil
}
return false, err
}
ldapSource := source.LDAP()
if ldapSource != nil &&
source.IsSyncEnabled &&
(source.Type == LoginLDAP || source.Type == LoginDLDAP) &&
len(strings.TrimSpace(ldapSource.AttributeSSHPublicKey)) > 0 {
// Disable setting SSH keys for this user
return true, nil
}
return false, nil
}
#334: Add Deployment Key Support
9 years ago
// DeletePublicKey deletes SSH key information both in database and authorized_keys file.
fix #976
9 years ago
func DeletePublicKey(doer *User, id int64) (err error) {
key, err := GetPublicKeyByID(id)
add confirmation to delete ssh key
9 years ago
if err != nil {
Delete a user's public key via admin api (closes #3014) (#3059) * Delete a user's public key via admin api * Test admin ssh endpoint for creating a new ssh key * Adapt public ssh key test to also test the delete operation * Test that deleting a missing key will result in a 404 * Test that a normal user can't delete another user's ssh key * Make DeletePublicKey return err * Update swagger doc
6 years ago
return err
fix #976
9 years ago
}
// Check if user has access to delete this key.
Refactor User.Id to User.ID
8 years ago
if !doer.IsAdmin && doer.ID != key.OwnerID {
return ErrKeyAccessDenied{doer.ID, key.ID, "public"}
add confirmation to delete ssh key
9 years ago
}
#334: Add Deployment Key Support
9 years ago
sess := x.NewSession()
Refactor session close as xorm already does everything needed internally (#2020)
7 years ago
defer sess.Close()
#334: Add Deployment Key Support
9 years ago
if err = sess.Begin(); err != nil {
return err
}
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
8 years ago
if err = deletePublicKeys(sess, id); err != nil {
#334: Add Deployment Key Support
9 years ago
return err
}
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
8 years ago
if err = sess.Commit(); err != nil {
return err
}
fix forgot removed records when deleting user (#5429) * fix forgot removed records when deleting user * fix migration * fix rewritekey lock on sqlite * remove unused codes
5 years ago
sess.Close()
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
8 years ago
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
if key.Type == KeyTypePrincipal {
return RewriteAllPrincipalKeys()
}
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
8 years ago
return RewriteAllPublicKeys()
#334: Add Deployment Key Support
9 years ago
}
models: code fix on #818
9 years ago
// RewriteAllPublicKeys removes any authorized key and rewrite all keys from database again.
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
8 years ago
// Note: x.Iterate does not get latest data after insert/delete, so we have to call this function
Fix typos in models/ (#576)
7 years ago
// outside any session scope independently.
add afunction to rewrite all public keys on admin request refs #763
9 years ago
func RewriteAllPublicKeys() error {
fix forgot removed records when deleting user (#5429) * fix forgot removed records when deleting user * fix migration * fix rewritekey lock on sqlite * remove unused codes
5 years ago
return rewriteAllPublicKeys(x)
}
func rewriteAllPublicKeys(e Engine) error {
chore(models): rewrite code format. (#14754) * chore: rewrite format. * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: Adjacent parameters with the same type should be grouped together * chore: update format.
3 years ago
// Don't rewrite key if internal server
Create AuthorizedKeysCommand (#5236)
6 years ago
if setting.SSH.StartBuiltinServer || !setting.SSH.CreateAuthorizedKeysFile {
Add integrations tests from git cli (#3377) * test: integration add git cli tests Extracted form for easing review process and debug #3152 * test: integration add git cli big file commit * fix: Don't rewrite key if internal server
6 years ago
return nil
}
models: code fix on #818
9 years ago
sshOpLocker.Lock()
defer sshOpLocker.Unlock()
Fixes #8369: Create .ssh dir as necessary (#8486) * Ensure .ssh dir exists before rewriting public keys * Ensure .ssh dir exists before appending to authorized_keys * Log the error because it would be useful to know where it is trying to MkdirAll * Only try to create RootPath if it's not empty
5 years ago
if setting.SSH.RootPath != "" {
// First of ensure that the RootPath is present, and if not make it with 0700 permissions
// This of course doesn't guarantee that this is the right directory for authorized_keys
// but at least if it's supposed to be this directory and it doesn't exist and we're the
// right user it will at least be created properly.
chore(models): rewrite code format. (#14754) * chore: rewrite format. * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: Adjacent parameters with the same type should be grouped together * chore: update format.
3 years ago
err := os.MkdirAll(setting.SSH.RootPath, 0o700)
Fixes #8369: Create .ssh dir as necessary (#8486) * Ensure .ssh dir exists before rewriting public keys * Ensure .ssh dir exists before appending to authorized_keys * Log the error because it would be useful to know where it is trying to MkdirAll * Only try to create RootPath if it's not empty
5 years ago
if err != nil {
log.Error("Unable to MkdirAll(%s): %v", setting.SSH.RootPath, err)
return err
}
}
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
7 years ago
fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
tmpPath := fPath + ".tmp"
chore(models): rewrite code format. (#14754) * chore: rewrite format. * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: Adjacent parameters with the same type should be grouped together * chore: update format.
3 years ago
t, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
add afunction to rewrite all public keys on admin request refs #763
9 years ago
if err != nil {
return err
}
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
7 years ago
defer func() {
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
7 years ago
t.Close()
Re-attempt to delete temporary upload if the file is locked by another process (#12447) Replace all calls to os.Remove/os.RemoveAll by retrying util.Remove/util.RemoveAll and remove circular dependencies from util. Fix #12339 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: silverwind <me@silverwind.io>
4 years ago
if err := util.Remove(tmpPath); err != nil {
log.Warn("Unable to remove temporary authorized keys file: %s: Error: %v", tmpPath, err)
}
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
7 years ago
}()
add afunction to rewrite all public keys on admin request refs #763
9 years ago
Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) * Ensure errors from IsDir propagate * Handle errors when checking IsFile * Handle and propagate errors from IsExist * Update modules/templates/static.go * Update modules/templates/static.go * Return after ctx.ServerError * Apply suggestions from code review * Fix tests The previous merge managed to break repo_form.go Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
3 years ago
if setting.SSH.AuthorizedKeysBackup {
isExist, err := util.IsExist(fPath)
if err != nil {
log.Error("Unable to check if %s exists. Error: %v", fPath, err)
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
7 years ago
return err
}
Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) * Ensure errors from IsDir propagate * Handle errors when checking IsFile * Handle and propagate errors from IsExist * Update modules/templates/static.go * Update modules/templates/static.go * Return after ctx.ServerError * Apply suggestions from code review * Fix tests The previous merge managed to break repo_form.go Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
3 years ago
if isExist {
bakPath := fmt.Sprintf("%s_%d.gitea_bak", fPath, time.Now().Unix())
migrate from com.* to alternatives (#14103) * remove github.com/unknwon/com from models * dont use "com.ToStr()" * replace "com.ToStr" with "fmt.Sprint" where its easy to do * more refactor * fix test * just "proxy" Copy func for now * as per @lunny
3 years ago
if err = util.CopyFile(fPath, bakPath); err != nil {
Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) * Ensure errors from IsDir propagate * Handle errors when checking IsFile * Handle and propagate errors from IsExist * Update modules/templates/static.go * Update modules/templates/static.go * Return after ctx.ServerError * Apply suggestions from code review * Fix tests The previous merge managed to break repo_form.go Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
3 years ago
return err
}
}
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
7 years ago
}
Mulitple Gitea Doctor improvements (#10943) * Add `gitea doctor --list` flag to list the checks that will be run, including those by default * Add `gitea doctor --run` to run specific checks * Add `gitea doctor --all` to run all checks * Add db version checker * Add non-default recalculate merge bases check/fixer to doctor * Add hook checker (Fix #9878) and ensure hooks are executable (Fix #6319) * Fix authorized_keys checker - slight change of functionality here because parsing the command is fragile and we should just check if the authorized_keys file is essentially the same as what gitea would produce. (This is still not perfect as order matters - we should probably just md5sum the two files.) * Add SCRIPT_TYPE check (Fix #10977) * Add `gitea doctor --fix` to attempt to fix what is possible to easily fix * Add `gitea doctor --log-file` to set the log-file, be it a file, stdout or to switch off completely. (Fixes previously undetected bug with certain xorm logging configurations - see @6543 comment.) Signed-off-by: Andrew Thornton <art27@cantab.net>
4 years ago
if err := regeneratePublicKeys(e, t); err != nil {
return err
}
t.Close()
return os.Rename(tmpPath, fPath)
}
// RegeneratePublicKeys regenerates the authorized_keys file
func RegeneratePublicKeys(t io.StringWriter) error {
return regeneratePublicKeys(x, t)
}
func regeneratePublicKeys(e Engine, t io.StringWriter) error {
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
if err := e.Where("type != ?", KeyTypePrincipal).Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
7 years ago
_, err = t.WriteString((bean.(*PublicKey)).AuthorizedString())
models: code fix on #818
9 years ago
return err
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
}); err != nil {
models: code fix on #818
9 years ago
return err
add afunction to rewrite all public keys on admin request refs #763
9 years ago
}
models: code fix on #818
9 years ago
Mulitple Gitea Doctor improvements (#10943) * Add `gitea doctor --list` flag to list the checks that will be run, including those by default * Add `gitea doctor --run` to run specific checks * Add `gitea doctor --all` to run all checks * Add db version checker * Add non-default recalculate merge bases check/fixer to doctor * Add hook checker (Fix #9878) and ensure hooks are executable (Fix #6319) * Fix authorized_keys checker - slight change of functionality here because parsing the command is fragile and we should just check if the authorized_keys file is essentially the same as what gitea would produce. (This is still not perfect as order matters - we should probably just md5sum the two files.) * Add SCRIPT_TYPE check (Fix #10977) * Add `gitea doctor --fix` to attempt to fix what is possible to easily fix * Add `gitea doctor --log-file` to set the log-file, be it a file, stdout or to switch off completely. (Fixes previously undetected bug with certain xorm logging configurations - see @6543 comment.) Signed-off-by: Andrew Thornton <art27@cantab.net>
4 years ago
fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) * Ensure errors from IsDir propagate * Handle errors when checking IsFile * Handle and propagate errors from IsExist * Update modules/templates/static.go * Update modules/templates/static.go * Return after ctx.ServerError * Apply suggestions from code review * Fix tests The previous merge managed to break repo_form.go Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
3 years ago
isExist, err := util.IsExist(fPath)
if err != nil {
log.Error("Unable to check if %s exists. Error: %v", fPath, err)
return err
}
if isExist {
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
7 years ago
f, err := os.Open(fPath)
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
7 years ago
if err != nil {
models: code fix on #818
9 years ago
return err
}
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
7 years ago
scanner := bufio.NewScanner(f)
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
7 years ago
for scanner.Scan() {
line := scanner.Text()
if strings.HasPrefix(line, tplCommentPrefix) {
scanner.Scan()
continue
}
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
7 years ago
_, err = t.WriteString(line + "\n")
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
7 years ago
if err != nil {
fix rename failed when rewrite public keys (#7761)
5 years ago
f.Close()
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
7 years ago
return err
}
}
fix rename failed when rewrite public keys (#7761)
5 years ago
f.Close()
models: code fix on #818
9 years ago
}
Mulitple Gitea Doctor improvements (#10943) * Add `gitea doctor --list` flag to list the checks that will be run, including those by default * Add `gitea doctor --run` to run specific checks * Add `gitea doctor --all` to run all checks * Add db version checker * Add non-default recalculate merge bases check/fixer to doctor * Add hook checker (Fix #9878) and ensure hooks are executable (Fix #6319) * Fix authorized_keys checker - slight change of functionality here because parsing the command is fragile and we should just check if the authorized_keys file is essentially the same as what gitea would produce. (This is still not perfect as order matters - we should probably just md5sum the two files.) * Add SCRIPT_TYPE check (Fix #10977) * Add `gitea doctor --fix` to attempt to fix what is possible to easily fix * Add `gitea doctor --log-file` to set the log-file, be it a file, stdout or to switch off completely. (Fixes previously undetected bug with certain xorm logging configurations - see @6543 comment.) Signed-off-by: Andrew Thornton <art27@cantab.net>
4 years ago
return nil
add afunction to rewrite all public keys on admin request refs #763
9 years ago
}
#334: Add Deployment Key Support
9 years ago
// ________ .__ ____ __.
// \______ \ ____ ______ | | ____ ___.__.| |/ _|____ ___.__.
// | | \_/ __ \\____ \| | / _ < | || <_/ __ < | |
// | ` \ ___/| |_> > |_( <_> )___ || | \ ___/\___ |
// /_______ /\___ > __/|____/\____// ____||____|__ \___ > ____|
// \/ \/|__| \/ \/ \/\/
// DeployKey represents deploy key information and its relation with repository.
type DeployKey struct {
#2302 Replace time.Time with Unix Timestamp (int64)
8 years ago
ID int64 `xorm:"pk autoincr"`
KeyID int64 `xorm:"UNIQUE(s) INDEX"`
RepoID int64 `xorm:"UNIQUE(s) INDEX"`
Name string
Fingerprint string
Content string `xorm:"-"`
Writable deploy keys (closes #671) (#3225) * Add is_writable checkbox to deploy keys interface * Add writable key option to deploy key form * Add support for writable ssh keys in the interface * Rename IsWritable to ReadOnly * Test: create read-only and read-write deploy keys via api * Add DeployKey access mode migration * Update gitea sdk via govendor * Fix deploykey migration * Add unittests for writable deploy keys * Move template text to locale * Remove implicit column update * Remove duplicate locales * Replace ReadOnly field with IsReadOnly method * Fix deploy_keys related integration test * Rename v54 migration with v55 * Fix migration hell
6 years ago
Mode AccessMode `xorm:"NOT NULL DEFAULT 1"`
Display ui time with customize time location (#7792) * display ui time with customize time location * fix lint * rename UILocation to DefaultUILocation * move time related functions to modules/timeutil * fix tests * fix tests * fix build * fix swagger
5 years ago
CreatedUnix timeutil.TimeStamp `xorm:"created"`
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
HasRecentActivity bool `xorm:"-"`
HasUsed bool `xorm:"-"`
#334: Add Deployment Key Support
9 years ago
}
Use AfterLoad instead of AfterSet on Structs (#2628) * use AfterLoad instead of AfterSet on Structs * fix the comments on AfterLoad * fix the comments on action AfterLoad
7 years ago
// AfterLoad is invoked from XORM after setting the values of all fields of this object.
func (key *DeployKey) AfterLoad() {
Improvements for supporting UI Location (#3146) * improvements for supporting UI Location * improved the comment
6 years ago
key.HasUsed = key.UpdatedUnix > key.CreatedUnix
Display ui time with customize time location (#7792) * display ui time with customize time location * fix lint * rename UILocation to DefaultUILocation * move time related functions to modules/timeutil * fix tests * fix tests * fix build * fix swagger
5 years ago
key.HasRecentActivity = key.UpdatedUnix.AddDuration(7*24*time.Hour) > timeutil.TimeStampNow()
#334: Add Deployment Key Support
9 years ago
}
fix #878
9 years ago
// GetContent gets associated public key content.
Lint models/ssh_key.go
8 years ago
func (key *DeployKey) GetContent() error {
pkey, err := GetPublicKeyByID(key.KeyID)
fix #878
9 years ago
if err != nil {
return err
}
Lint models/ssh_key.go
8 years ago
key.Content = pkey.Content
fix #878
9 years ago
return nil
}
Writable deploy keys (closes #671) (#3225) * Add is_writable checkbox to deploy keys interface * Add writable key option to deploy key form * Add support for writable ssh keys in the interface * Rename IsWritable to ReadOnly * Test: create read-only and read-write deploy keys via api * Add DeployKey access mode migration * Update gitea sdk via govendor * Fix deploykey migration * Add unittests for writable deploy keys * Move template text to locale * Remove implicit column update * Remove duplicate locales * Replace ReadOnly field with IsReadOnly method * Fix deploy_keys related integration test * Rename v54 migration with v55 * Fix migration hell
6 years ago
// IsReadOnly checks if the key can only be used for read operations
func (key *DeployKey) IsReadOnly() bool {
return key.Mode == AccessModeRead
}
#334: Add Deployment Key Support
9 years ago
func checkDeployKey(e Engine, keyID, repoID int64, name string) error {
// Note: We want error detail, not just true or false here.
Rewrite XORM queries
8 years ago
has, err := e.
Where("key_id = ? AND repo_id = ?", keyID, repoID).
Get(new(DeployKey))
#334: Add Deployment Key Support
9 years ago
if err != nil {
return err
} else if has {
return ErrDeployKeyAlreadyExist{keyID, repoID}
}
Rewrite XORM queries
8 years ago
has, err = e.
Where("repo_id = ? AND name = ?", repoID, name).
Get(new(DeployKey))
#334: Add Deployment Key Support
9 years ago
if err != nil {
return err
} else if has {
return ErrDeployKeyNameAlreadyUsed{repoID, name}
}
return nil
}
// addDeployKey adds new key-repo relation.
Writable deploy keys (closes #671) (#3225) * Add is_writable checkbox to deploy keys interface * Add writable key option to deploy key form * Add support for writable ssh keys in the interface * Rename IsWritable to ReadOnly * Test: create read-only and read-write deploy keys via api * Add DeployKey access mode migration * Update gitea sdk via govendor * Fix deploykey migration * Add unittests for writable deploy keys * Move template text to locale * Remove implicit column update * Remove duplicate locales * Replace ReadOnly field with IsReadOnly method * Fix deploy_keys related integration test * Rename v54 migration with v55 * Fix migration hell
6 years ago
func addDeployKey(e *xorm.Session, keyID, repoID int64, name, fingerprint string, mode AccessMode) (*DeployKey, error) {
fix #878
9 years ago
if err := checkDeployKey(e, keyID, repoID, name); err != nil {
return nil, err
#334: Add Deployment Key Support
9 years ago
}
fix #878
9 years ago
key := &DeployKey{
#334: Add Deployment Key Support
9 years ago
KeyID: keyID,
RepoID: repoID,
Name: name,
Fingerprint: fingerprint,
Writable deploy keys (closes #671) (#3225) * Add is_writable checkbox to deploy keys interface * Add writable key option to deploy key form * Add support for writable ssh keys in the interface * Rename IsWritable to ReadOnly * Test: create read-only and read-write deploy keys via api * Add DeployKey access mode migration * Update gitea sdk via govendor * Fix deploykey migration * Add unittests for writable deploy keys * Move template text to locale * Remove implicit column update * Remove duplicate locales * Replace ReadOnly field with IsReadOnly method * Fix deploy_keys related integration test * Rename v54 migration with v55 * Fix migration hell
6 years ago
Mode: mode,
fix #878
9 years ago
}
_, err := e.Insert(key)
return key, err
#334: Add Deployment Key Support
9 years ago
}
// HasDeployKey returns true if public key is a deploy key of given repository.
func HasDeployKey(keyID, repoID int64) bool {
Rewrite XORM queries
8 years ago
has, _ := x.
Where("key_id = ? AND repo_id = ?", keyID, repoID).
Get(new(DeployKey))
#334: Add Deployment Key Support
9 years ago
return has
}
// AddDeployKey add new deploy key to database and authorized_keys file.
Writable deploy keys (closes #671) (#3225) * Add is_writable checkbox to deploy keys interface * Add writable key option to deploy key form * Add support for writable ssh keys in the interface * Rename IsWritable to ReadOnly * Test: create read-only and read-write deploy keys via api * Add DeployKey access mode migration * Update gitea sdk via govendor * Fix deploykey migration * Add unittests for writable deploy keys * Move template text to locale * Remove implicit column update * Remove duplicate locales * Replace ReadOnly field with IsReadOnly method * Fix deploy_keys related integration test * Rename v54 migration with v55 * Fix migration hell
6 years ago
func AddDeployKey(repoID int64, name, content string, readOnly bool) (*DeployKey, error) {
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
7 years ago
fingerprint, err := calcFingerprint(content)
if err != nil {
fix #878
9 years ago
return nil, err
#334: Add Deployment Key Support
9 years ago
}
Writable deploy keys (closes #671) (#3225) * Add is_writable checkbox to deploy keys interface * Add writable key option to deploy key form * Add support for writable ssh keys in the interface * Rename IsWritable to ReadOnly * Test: create read-only and read-write deploy keys via api * Add DeployKey access mode migration * Update gitea sdk via govendor * Fix deploykey migration * Add unittests for writable deploy keys * Move template text to locale * Remove implicit column update * Remove duplicate locales * Replace ReadOnly field with IsReadOnly method * Fix deploy_keys related integration test * Rename v54 migration with v55 * Fix migration hell
6 years ago
accessMode := AccessModeRead
if !readOnly {
accessMode = AccessModeWrite
}
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
sess := x.NewSession()
defer sess.Close()
if err = sess.Begin(); err != nil {
return nil, err
}
fix #878
9 years ago
pkey := &PublicKey{
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
7 years ago
Fingerprint: fingerprint,
#334: Add Deployment Key Support
9 years ago
}
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
has, err := sess.Get(pkey)
#334: Add Deployment Key Support
9 years ago
if err != nil {
fix #878
9 years ago
return nil, err
#334: Add Deployment Key Support
9 years ago
}
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
if has {
if pkey.Type != KeyTypeDeploy {
return nil, ErrKeyAlreadyExist{0, fingerprint, ""}
}
} else {
// First time use this deploy key.
pkey.Mode = accessMode
pkey.Type = KeyTypeDeploy
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
7 years ago
pkey.Content = content
pkey.Name = name
fix #878
9 years ago
if err = addKey(sess, pkey); err != nil {
return nil, fmt.Errorf("addKey: %v", err)
#334: Add Deployment Key Support
9 years ago
}
}
Writable deploy keys (closes #671) (#3225) * Add is_writable checkbox to deploy keys interface * Add writable key option to deploy key form * Add support for writable ssh keys in the interface * Rename IsWritable to ReadOnly * Test: create read-only and read-write deploy keys via api * Add DeployKey access mode migration * Update gitea sdk via govendor * Fix deploykey migration * Add unittests for writable deploy keys * Move template text to locale * Remove implicit column update * Remove duplicate locales * Replace ReadOnly field with IsReadOnly method * Fix deploy_keys related integration test * Rename v54 migration with v55 * Fix migration hell
6 years ago
key, err := addDeployKey(sess, pkey.ID, repoID, name, pkey.Fingerprint, accessMode)
fix #878
9 years ago
if err != nil {
make sure to catch the right error so it is displayed as an error on the ui not a 500 (#4945)
6 years ago
return nil, err
#334: Add Deployment Key Support
9 years ago
}
fix #878
9 years ago
return key, sess.Commit()
}
// GetDeployKeyByID returns deploy key by given ID.
func GetDeployKeyByID(id int64) (*DeployKey, error) {
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
return getDeployKeyByID(x, id)
}
func getDeployKeyByID(e Engine, id int64) (*DeployKey, error) {
fix #878
9 years ago
key := new(DeployKey)
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
has, err := e.ID(id).Get(key)
fix #878
9 years ago
if err != nil {
return nil, err
} else if !has {
return nil, ErrDeployKeyNotExist{id, 0, 0}
}
return key, nil
#334: Add Deployment Key Support
9 years ago
}
// GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.
func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error) {
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
return getDeployKeyByRepo(x, keyID, repoID)
}
func getDeployKeyByRepo(e Engine, keyID, repoID int64) (*DeployKey, error) {
#334: Add Deployment Key Support
9 years ago
key := &DeployKey{
KeyID: keyID,
RepoID: repoID,
}
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
has, err := e.Get(key)
fix #878
9 years ago
if err != nil {
return nil, err
} else if !has {
return nil, ErrDeployKeyNotExist{0, keyID, repoID}
}
return key, nil
#334: Add Deployment Key Support
9 years ago
}
Improvements for supporting UI Location (#3146) * improvements for supporting UI Location * improved the comment
6 years ago
// UpdateDeployKeyCols updates deploy key information in the specified columns.
func UpdateDeployKeyCols(key *DeployKey, cols ...string) error {
_, err := x.ID(key.ID).Cols(cols...).Update(key)
return err
}
#334: Add Deployment Key Support
9 years ago
// UpdateDeployKey updates deploy key information.
func UpdateDeployKey(key *DeployKey) error {
Replace deprecated Id method with ID (#2655)
7 years ago
_, err := x.ID(key.ID).AllCols().Update(key)
#334: Add Deployment Key Support
9 years ago
return err
}
// DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.
fix #976
9 years ago
func DeleteDeployKey(doer *User, id int64) error {
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
sess := x.NewSession()
defer sess.Close()
if err := sess.Begin(); err != nil {
return err
}
if err := deleteDeployKey(sess, doer, id); err != nil {
return err
}
return sess.Commit()
}
func deleteDeployKey(sess Engine, doer *User, id int64) error {
key, err := getDeployKeyByID(sess, id)
#334: Add Deployment Key Support
9 years ago
if err != nil {
fix #976
9 years ago
if IsErrDeployKeyNotExist(err) {
return nil
}
return fmt.Errorf("GetDeployKeyByID: %v", err)
}
// Check if user has access to delete this key.
APIs: admin users
8 years ago
if !doer.IsAdmin {
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
repo, err := getRepositoryByID(sess, key.RepoID)
APIs: admin users
8 years ago
if err != nil {
return fmt.Errorf("GetRepositoryByID: %v", err)
}
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
has, err := isUserRepoAdmin(sess, repo, doer)
APIs: admin users
8 years ago
if err != nil {
Restrict permission check on repositories and fix some problems (#5314) * fix units permission problems * fix some bugs and merge LoadUnits to repoAssignment * refactor permission struct and add some copyright heads * remove unused codes * fix routes units check * improve permission check * add unit tests for permission * fix typo * fix tests * fix some routes * fix api permission check * improve permission check * fix some permission check * fix tests * fix tests * improve some permission check * fix some permission check * refactor AccessLevel * fix bug * fix tests * fix tests * fix tests * fix AccessLevel * rename CanAccess * fix tests * fix comment * fix bug * add missing unit for test repos * fix bug * rename some functions * fix routes check
5 years ago
return fmt.Errorf("GetUserRepoPermission: %v", err)
} else if !has {
Refactor User.Id to User.ID
8 years ago
return ErrKeyAccessDenied{doer.ID, key.ID, "deploy"}
APIs: admin users
8 years ago
}
#334: Add Deployment Key Support
9 years ago
}
Replace deprecated Id method with ID (#2655)
7 years ago
if _, err = sess.ID(key.ID).Delete(new(DeployKey)); err != nil {
models/ssh_key: code cleaning
8 years ago
return fmt.Errorf("delete deploy key [%d]: %v", key.ID, err)
#334: Add Deployment Key Support
9 years ago
}
// Check if this is the last reference to same key content.
Rewrite XORM queries
8 years ago
has, err := sess.
Where("key_id = ?", key.KeyID).
Get(new(DeployKey))
#334: Add Deployment Key Support
9 years ago
if err != nil {
return err
} else if !has {
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
8 years ago
if err = deletePublicKeys(sess, key.KeyID); err != nil {
#334: Add Deployment Key Support
9 years ago
return err
}
fix public will not be reused as public key after deleting as deploy key (#5671)
5 years ago
// after deleted the public keys, should rewrite the public keys file
if err = rewriteAllPublicKeys(sess); err != nil {
return err
}
#334: Add Deployment Key Support
9 years ago
}
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
return nil
#334: Add Deployment Key Support
9 years ago
}
// ListDeployKeys returns all deploy keys by given repository ID.
API add/generalize pagination (#9452) * paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
4 years ago
func ListDeployKeys(repoID int64, listOptions ListOptions) ([]*DeployKey, error) {
return listDeployKeys(x, repoID, listOptions)
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
}
API add/generalize pagination (#9452) * paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
4 years ago
func listDeployKeys(e Engine, repoID int64, listOptions ListOptions) ([]*DeployKey, error) {
sess := e.Where("repo_id = ?", repoID)
if listOptions.Page != 0 {
sess = listOptions.setSessionPagination(sess)
keys := make([]*DeployKey, 0, listOptions.PageSize)
return keys, sess.Find(&keys)
}
#334: Add Deployment Key Support
9 years ago
keys := make([]*DeployKey, 0, 5)
API add/generalize pagination (#9452) * paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
4 years ago
return keys, sess.Find(&keys)
#334: Add Deployment Key Support
9 years ago
}
Keys API changes (#4960) * Add private information to the deploy keys api This commit adds more information to the deploy keys to allow for back reference in to the main keys list. It also adds information about the repository that the key is referring to. Signed-off-by: Andrew Thornton <art27@cantab.net> * Add private information to the user keys API This adjusts the keys API to give out private information to user keys if the current user is the owner or an admin. Signed-off-by: Andrew Thornton <art27@cantab.net> * Add ability to search keys by fingerprint This commit adds the functionality to search ssh-keys by fingerprint of the ssh-key. Deploy keys per repository can also be searched. There is no current clear API point to allow search of all deploy keys by fingerprint or keyID. Signed-off-by: Andrew Thornton <art27@cantab.net> * Add integration test
6 years ago
// SearchDeployKeys returns a list of deploy keys matching the provided arguments.
chore(models): rewrite code format. (#14754) * chore: rewrite format. * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: Adjacent parameters with the same type should be grouped together * chore: update format.
3 years ago
func SearchDeployKeys(repoID, keyID int64, fingerprint string) ([]*DeployKey, error) {
Keys API changes (#4960) * Add private information to the deploy keys api This commit adds more information to the deploy keys to allow for back reference in to the main keys list. It also adds information about the repository that the key is referring to. Signed-off-by: Andrew Thornton <art27@cantab.net> * Add private information to the user keys API This adjusts the keys API to give out private information to user keys if the current user is the owner or an admin. Signed-off-by: Andrew Thornton <art27@cantab.net> * Add ability to search keys by fingerprint This commit adds the functionality to search ssh-keys by fingerprint of the ssh-key. Deploy keys per repository can also be searched. There is no current clear API point to allow search of all deploy keys by fingerprint or keyID. Signed-off-by: Andrew Thornton <art27@cantab.net> * Add integration test
6 years ago
keys := make([]*DeployKey, 0, 5)
cond := builder.NewCond()
if repoID != 0 {
cond = cond.And(builder.Eq{"repo_id": repoID})
}
if keyID != 0 {
cond = cond.And(builder.Eq{"key_id": keyID})
}
if fingerprint != "" {
cond = cond.And(builder.Eq{"fingerprint": fingerprint})
}
return keys, x.Where(cond).Find(&keys)
}
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
// __________ .__ .__ .__
// \______ _______|__| ____ ____ |_____________ | | ______
// | ___\_ __ | |/ \_/ ___\| \____ \__ \ | | / ___/
// | | | | \| | | \ \___| | |_> / __ \| |__\___ \
// |____| |__| |__|___| /\___ |__| __(____ |____/____ >
// \/ \/ |__| \/ \/
// AddPrincipalKey adds new principal to database and authorized_principals file.
func AddPrincipalKey(ownerID int64, content string, loginSourceID int64) (*PublicKey, error) {
sess := x.NewSession()
defer sess.Close()
if err := sess.Begin(); err != nil {
return nil, err
}
// Principals cannot be duplicated.
has, err := sess.
Where("content = ? AND type = ?", content, KeyTypePrincipal).
Get(new(PublicKey))
if err != nil {
return nil, err
} else if has {
return nil, ErrKeyAlreadyExist{0, "", content}
}
key := &PublicKey{
OwnerID: ownerID,
Name: content,
Content: content,
Mode: AccessModeWrite,
Type: KeyTypePrincipal,
LoginSourceID: loginSourceID,
}
if err = addPrincipalKey(sess, key); err != nil {
return nil, fmt.Errorf("addKey: %v", err)
}
if err = sess.Commit(); err != nil {
return nil, err
}
sess.Close()
return key, RewriteAllPrincipalKeys()
}
func addPrincipalKey(e Engine, key *PublicKey) (err error) {
// Save Key representing a principal.
if _, err = e.Insert(key); err != nil {
return err
}
return nil
}
// CheckPrincipalKeyString strips spaces and returns an error if the given principal contains newlines
func CheckPrincipalKeyString(user *User, content string) (_ string, err error) {
if setting.SSH.Disabled {
return "", ErrSSHDisabled{}
}
content = strings.TrimSpace(content)
if strings.ContainsAny(content, "\r\n") {
return "", errors.New("only a single line with a single principal please")
}
// check all the allowed principals, email, username or anything
// if any matches, return ok
for _, v := range setting.SSH.AuthorizedPrincipalsAllow {
switch v {
case "anything":
return content, nil
case "email":
emails, err := GetEmailAddresses(user.ID)
if err != nil {
return "", err
}
for _, email := range emails {
if !email.IsActivated {
continue
}
if content == email.Email {
return content, nil
}
}
case "username":
if content == user.Name {
return content, nil
}
}
}
return "", fmt.Errorf("didn't match allowed principals: %s", setting.SSH.AuthorizedPrincipalsAllow)
}
// RewriteAllPrincipalKeys removes any authorized principal and rewrite all keys from database again.
// Note: x.Iterate does not get latest data after insert/delete, so we have to call this function
// outside any session scope independently.
func RewriteAllPrincipalKeys() error {
return rewriteAllPrincipalKeys(x)
}
func rewriteAllPrincipalKeys(e Engine) error {
// Don't rewrite key if internal server
if setting.SSH.StartBuiltinServer || !setting.SSH.CreateAuthorizedPrincipalsFile {
return nil
}
sshOpLocker.Lock()
defer sshOpLocker.Unlock()
if setting.SSH.RootPath != "" {
// First of ensure that the RootPath is present, and if not make it with 0700 permissions
// This of course doesn't guarantee that this is the right directory for authorized_keys
// but at least if it's supposed to be this directory and it doesn't exist and we're the
// right user it will at least be created properly.
chore(models): rewrite code format. (#14754) * chore: rewrite format. * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: Adjacent parameters with the same type should be grouped together * chore: update format.
3 years ago
err := os.MkdirAll(setting.SSH.RootPath, 0o700)
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
if err != nil {
log.Error("Unable to MkdirAll(%s): %v", setting.SSH.RootPath, err)
return err
}
}
fPath := filepath.Join(setting.SSH.RootPath, authorizedPrincipalsFile)
tmpPath := fPath + ".tmp"
chore(models): rewrite code format. (#14754) * chore: rewrite format. * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: update format Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * chore: Adjacent parameters with the same type should be grouped together * chore: update format.
3 years ago
t, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
if err != nil {
return err
}
defer func() {
t.Close()
os.Remove(tmpPath)
}()
Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) * Ensure errors from IsDir propagate * Handle errors when checking IsFile * Handle and propagate errors from IsExist * Update modules/templates/static.go * Update modules/templates/static.go * Return after ctx.ServerError * Apply suggestions from code review * Fix tests The previous merge managed to break repo_form.go Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
3 years ago
if setting.SSH.AuthorizedPrincipalsBackup {
isExist, err := util.IsExist(fPath)
if err != nil {
log.Error("Unable to check if %s exists. Error: %v", fPath, err)
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
return err
}
Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) * Ensure errors from IsDir propagate * Handle errors when checking IsFile * Handle and propagate errors from IsExist * Update modules/templates/static.go * Update modules/templates/static.go * Return after ctx.ServerError * Apply suggestions from code review * Fix tests The previous merge managed to break repo_form.go Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
3 years ago
if isExist {
bakPath := fmt.Sprintf("%s_%d.gitea_bak", fPath, time.Now().Unix())
migrate from com.* to alternatives (#14103) * remove github.com/unknwon/com from models * dont use "com.ToStr()" * replace "com.ToStr" with "fmt.Sprint" where its easy to do * more refactor * fix test * just "proxy" Copy func for now * as per @lunny
3 years ago
if err = util.CopyFile(fPath, bakPath); err != nil {
Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) * Ensure errors from IsDir propagate * Handle errors when checking IsFile * Handle and propagate errors from IsExist * Update modules/templates/static.go * Update modules/templates/static.go * Return after ctx.ServerError * Apply suggestions from code review * Fix tests The previous merge managed to break repo_form.go Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
3 years ago
return err
}
}
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
}
if err := regeneratePrincipalKeys(e, t); err != nil {
return err
}
t.Close()
return os.Rename(tmpPath, fPath)
}
// ListPrincipalKeys returns a list of principals belongs to given user.
func ListPrincipalKeys(uid int64, listOptions ListOptions) ([]*PublicKey, error) {
sess := x.Where("owner_id = ? AND type = ?", uid, KeyTypePrincipal)
if listOptions.Page != 0 {
sess = listOptions.setSessionPagination(sess)
keys := make([]*PublicKey, 0, listOptions.PageSize)
return keys, sess.Find(&keys)
}
keys := make([]*PublicKey, 0, 5)
return keys, sess.Find(&keys)
}
// RegeneratePrincipalKeys regenerates the authorized_principals file
func RegeneratePrincipalKeys(t io.StringWriter) error {
return regeneratePrincipalKeys(x, t)
}
func regeneratePrincipalKeys(e Engine, t io.StringWriter) error {
if err := e.Where("type = ?", KeyTypePrincipal).Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
_, err = t.WriteString((bean.(*PublicKey)).AuthorizedString())
return err
}); err != nil {
return err
}
fPath := filepath.Join(setting.SSH.RootPath, authorizedPrincipalsFile)
Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) * Ensure errors from IsDir propagate * Handle errors when checking IsFile * Handle and propagate errors from IsExist * Update modules/templates/static.go * Update modules/templates/static.go * Return after ctx.ServerError * Apply suggestions from code review * Fix tests The previous merge managed to break repo_form.go Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
3 years ago
isExist, err := util.IsExist(fPath)
if err != nil {
log.Error("Unable to check if %s exists. Error: %v", fPath, err)
return err
}
if isExist {
Add ssh certificate support (#12281) * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4 years ago
f, err := os.Open(fPath)
if err != nil {
return err
}
scanner := bufio.NewScanner(f)
for scanner.Scan() {
line := scanner.Text()
if strings.HasPrefix(line, tplCommentPrefix) {
scanner.Scan()
continue
}
_, err = t.WriteString(line + "\n")
if err != nil {
f.Close()
return err
}
}
f.Close()
}
return nil
}