diff options
| author | zeripath <art27@cantab.net> | 2020-12-18 17:44:18 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-18 17:44:18 +0000 |
| commit | e2b069e57784075124863a3926c7f1d89fa760a9 (patch) | |
| tree | 6ac8d23c1e0180ad5ce17830f50123c382ee9db7 /models/user.go | |
| parent | efa9a8a6e308489cf5b5e0174007d78390c5f0e6 (diff) | |
| download | gitea-e2b069e57784075124863a3926c7f1d89fa760a9.tar.gz gitea-e2b069e57784075124863a3926c7f1d89fa760a9.zip | |
Accept multiple SSH keys in single LDAP SSHPublicKey attribute (#13989)
* Accept multiple SSH keys in single LDAP SSHPublicKey attribute
Fix #13984
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'models/user.go')
| -rw-r--r-- | models/user.go | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/models/user.go b/models/user.go index e2b2593006..4bf9e196a0 100644 --- a/models/user.go +++ b/models/user.go @@ -1589,20 +1589,34 @@ func deleteKeysMarkedForDeletion(keys []string) (bool, error) { func addLdapSSHPublicKeys(usr *User, s *LoginSource, sshPublicKeys []string) bool { var sshKeysNeedUpdate bool for _, sshKey := range sshPublicKeys { - _, _, _, _, err := ssh.ParseAuthorizedKey([]byte(sshKey)) - if err == nil { - sshKeyName := fmt.Sprintf("%s-%s", s.Name, sshKey[0:40]) - if _, err := AddPublicKey(usr.ID, sshKeyName, sshKey, s.ID); err != nil { + var err error + found := false + keys := []byte(sshKey) + loop: + for len(keys) > 0 && err == nil { + var out ssh.PublicKey + // We ignore options as they are not relevant to Gitea + out, _, _, keys, err = ssh.ParseAuthorizedKey(keys) + if err != nil { + break loop + } + found = true + marshalled := string(ssh.MarshalAuthorizedKey(out)) + marshalled = marshalled[:len(marshalled)-1] + sshKeyName := fmt.Sprintf("%s-%s", s.Name, ssh.FingerprintSHA256(out)) + + if _, err := AddPublicKey(usr.ID, sshKeyName, marshalled, s.ID); err != nil { if IsErrKeyAlreadyExist(err) { - log.Trace("addLdapSSHPublicKeys[%s]: LDAP Public SSH Key %s already exists for user", s.Name, usr.Name) + log.Trace("addLdapSSHPublicKeys[%s]: LDAP Public SSH Key %s already exists for user", sshKeyName, usr.Name) } else { - log.Error("addLdapSSHPublicKeys[%s]: Error adding LDAP Public SSH Key for user %s: %v", s.Name, usr.Name, err) + log.Error("addLdapSSHPublicKeys[%s]: Error adding LDAP Public SSH Key for user %s: %v", sshKeyName, usr.Name, err) } } else { - log.Trace("addLdapSSHPublicKeys[%s]: Added LDAP Public SSH Key for user %s", s.Name, usr.Name) + log.Trace("addLdapSSHPublicKeys[%s]: Added LDAP Public SSH Key for user %s", sshKeyName, usr.Name) sshKeysNeedUpdate = true } - } else { + } + if !found && err != nil { log.Warn("addLdapSSHPublicKeys[%s]: Skipping invalid LDAP Public SSH Key for user %s: %v", s.Name, usr.Name, sshKey) } } |