summaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2020-12-26 04:24:47 +0000
committerGitHub <noreply@github.com>2020-12-25 23:24:47 -0500
commitad1164f73ba277f11a20ea838a62d9b8c8a7cb45 (patch)
tree7854283c1a6a12621cf36b0c6397a12bfea436d8 /models
parenta19447aed128ecadfcd938d6a80cd4951af1f4ce (diff)
downloadgitea-ad1164f73ba277f11a20ea838a62d9b8c8a7cb45.tar.gz
gitea-ad1164f73ba277f11a20ea838a62d9b8c8a7cb45.zip
Disable SSH key deletion of externally managed Keys (#13985)
* Disable SSH key addition and deletion when externally managed When a user has a login source which has SSH key management key addition and deletion using the UI should be disabled. Fix #13983 Signed-off-by: Andrew Thornton <art27@cantab.net> * Make only externally managed keys disabled Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'models')
-rw-r--r--models/ssh_key.go76
1 files changed, 76 insertions, 0 deletions
diff --git a/models/ssh_key.go b/models/ssh_key.go
index b2e4326559..70512dccf5 100644
--- a/models/ssh_key.go
+++ b/models/ssh_key.go
@@ -665,6 +665,82 @@ func deletePublicKeys(e Engine, keyIDs ...int64) error {
return err
}
+// PublicKeysAreExternallyManaged returns whether the provided KeyID represents an externally managed Key
+func PublicKeysAreExternallyManaged(keys []*PublicKey) ([]bool, error) {
+ sources := make([]*LoginSource, 0, 5)
+ externals := make([]bool, len(keys))
+keyloop:
+ for i, key := range keys {
+ if key.LoginSourceID == 0 {
+ externals[i] = false
+ continue keyloop
+ }
+
+ var source *LoginSource
+
+ sourceloop:
+ for _, s := range sources {
+ if s.ID == key.LoginSourceID {
+ source = s
+ break sourceloop
+ }
+ }
+
+ if source == nil {
+ var err error
+ source, err = GetLoginSourceByID(key.LoginSourceID)
+ if err != nil {
+ if IsErrLoginSourceNotExist(err) {
+ externals[i] = false
+ sources[i] = &LoginSource{
+ ID: key.LoginSourceID,
+ }
+ continue keyloop
+ }
+ return nil, err
+ }
+ }
+
+ ldapSource := source.LDAP()
+ if ldapSource != nil &&
+ source.IsSyncEnabled &&
+ (source.Type == LoginLDAP || source.Type == LoginDLDAP) &&
+ len(strings.TrimSpace(ldapSource.AttributeSSHPublicKey)) > 0 {
+ // Disable setting SSH keys for this user
+ externals[i] = true
+ }
+ }
+
+ return externals, nil
+}
+
+// PublicKeyIsExternallyManaged returns whether the provided KeyID represents an externally managed Key
+func PublicKeyIsExternallyManaged(id int64) (bool, error) {
+ key, err := GetPublicKeyByID(id)
+ if err != nil {
+ return false, err
+ }
+ if key.LoginSourceID == 0 {
+ return false, nil
+ }
+ source, err := GetLoginSourceByID(key.LoginSourceID)
+ if err != nil {
+ if IsErrLoginSourceNotExist(err) {
+ return false, nil
+ }
+ return false, err
+ }
+ ldapSource := source.LDAP()
+ if ldapSource != nil &&
+ source.IsSyncEnabled &&
+ (source.Type == LoginLDAP || source.Type == LoginDLDAP) &&
+ len(strings.TrimSpace(ldapSource.AttributeSSHPublicKey)) > 0 {
+ // Disable setting SSH keys for this user
+ return true, nil
+ }
+ return false, nil
+}
+
// DeletePublicKey deletes SSH key information both in database and authorized_keys file.
func DeletePublicKey(doer *User, id int64) (err error) {
key, err := GetPublicKeyByID(id)