mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1360 Commits
17 Branches
Tree: 5fbf8531e6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5fbf8531e6'
${ noResults }
gitea/models/publickey.go

publickey.go 8.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"bufio"

  9. 	"errors"

  10. 	"fmt"

  11. 	"io"

  12. 	"io/ioutil"

  13. 	"os"

  14. 	"os/exec"

  15. 	"path"

  16. 	"path/filepath"

  17. 	"strings"

  18. 	"sync"

  19. 	"time"

  20. 

  21. 	"github.com/Unknwon/com"

  22. 

  23. 	"github.com/gogits/gogs/modules/log"

  24. 	"github.com/gogits/gogs/modules/process"

  25. )

  26. 

  27. const (

  28. 	// "### autogenerated by gitgos, DO NOT EDIT\n"

  29. 	_TPL_PUBLICK_KEY = `command="%s serv key-%d",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"

  30. )

  31. 

  32. var (

  33. 	ErrKeyAlreadyExist = errors.New("Public key already exist")

  34. 	ErrKeyNotExist     = errors.New("Public key does not exist")

  35. )

  36. 

  37. var sshOpLocker = sync.Mutex{}

  38. 

  39. var (

  40. 	SshPath string // SSH directory.

  41. 	appPath string // Execution(binary) path.

  42. )

  43. 

  44. // exePath returns the executable path.

  45. func exePath() (string, error) {

  46. 	file, err := exec.LookPath(os.Args[0])

  47. 	if err != nil {

  48. 		return "", err

  49. 	}

  50. 	return filepath.Abs(file)

  51. }

  52. 

  53. // homeDir returns the home directory of current user.

  54. func homeDir() string {

  55. 	home, err := com.HomeDir()

  56. 	if err != nil {

  57. 		log.Fatal(4, "Fail to get home directory: %v", err)

  58. 	}

  59. 	return home

  60. }

  61. 

  62. func init() {

  63. 	var err error

  64. 

  65. 	if appPath, err = exePath(); err != nil {

  66. 		log.Fatal(4, "fail to get app path: %v\n", err)

  67. 	}

  68. 	appPath = strings.Replace(appPath, "\\", "/", -1)

  69. 

  70. 	// Determine and create .ssh path.

  71. 	SshPath = filepath.Join(homeDir(), ".ssh")

  72. 	if err = os.MkdirAll(SshPath, 0700); err != nil {

  73. 		log.Fatal(4, "fail to create SshPath(%s): %v\n", SshPath, err)

  74. 	}

  75. }

  76. 

  77. // PublicKey represents a SSH key.

  78. type PublicKey struct {

  79. 	Id                int64

  80. 	OwnerId           int64  `xorm:"UNIQUE(s) INDEX NOT NULL"`

  81. 	Name              string `xorm:"UNIQUE(s) NOT NULL"`

  82. 	Fingerprint       string

  83. 	Content           string    `xorm:"TEXT NOT NULL"`

  84. 	Created           time.Time `xorm:"CREATED"`

  85. 	Updated           time.Time

  86. 	HasRecentActivity bool `xorm:"-"`

  87. 	HasUsed           bool `xorm:"-"`

  88. }

  89. 

  90. // GetAuthorizedString generates and returns formatted public key string for authorized_keys file.

  91. func (key *PublicKey) GetAuthorizedString() string {

  92. 	return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.Id, key.Content)

  93. }

  94. 

  95. var (

  96. 	MinimumKeySize = map[string]int{

  97. 		"(ED25519)": 256,

  98. 		"(ECDSA)":   256,

  99. 		"(NTRU)":    1087,

  100. 		"(MCE)":     1702,

  101. 		"(McE)":     1702,

  102. 		"(RSA)":     2048,

  103. 	}

  104. )

  105. 

  106. // CheckPublicKeyString checks if the given public key string is recognized by SSH.

  107. func CheckPublicKeyString(content string) (bool, error) {

  108. 	if strings.ContainsAny(content, "\n\r") {

  109. 		return false, errors.New("Only a single line with a single key please")

  110. 	}

  111. 

  112. 	// write the key to a file…

  113. 	tmpFile, err := ioutil.TempFile(os.TempDir(), "keytest")

  114. 	if err != nil {

  115. 		return false, err

  116. 	}

  117. 	tmpPath := tmpFile.Name()

  118. 	defer os.Remove(tmpPath)

  119. 	tmpFile.WriteString(content)

  120. 	tmpFile.Close()

  121. 

  122. 	// … see if ssh-keygen recognizes its contents

  123. 	stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-l", "-f", tmpPath)

  124. 	if err != nil {

  125. 		return false, errors.New("ssh-keygen -l -f: " + stderr)

  126. 	} else if len(stdout) < 2 {

  127. 		return false, errors.New("ssh-keygen returned not enough output to evaluate the key")

  128. 	}

  129. 	sshKeygenOutput := strings.Split(stdout, " ")

  130. 	if len(sshKeygenOutput) < 4 {

  131. 		return false, errors.New("Not enough fields returned by ssh-keygen -l -f")

  132. 	}

  133. 	keySize, err := com.StrTo(sshKeygenOutput[0]).Int()

  134. 	if err != nil {

  135. 		return false, errors.New("Cannot get key size of the given key")

  136. 	}

  137. 	keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])

  138. 

  139. 	if minimumKeySize := MinimumKeySize[keyType]; minimumKeySize == 0 {

  140. 		return false, errors.New("Sorry, unrecognized public key type")

  141. 	} else if keySize < minimumKeySize {

  142. 		return false, fmt.Errorf("The minimum accepted size of a public key %s is %d", keyType, minimumKeySize)

  143. 	}

  144. 

  145. 	return true, nil

  146. }

  147. 

  148. // saveAuthorizedKeyFile writes SSH key content to authorized_keys file.

  149. func saveAuthorizedKeyFile(key *PublicKey) error {

  150. 	sshOpLocker.Lock()

  151. 	defer sshOpLocker.Unlock()

  152. 

  153. 	fpath := filepath.Join(SshPath, "authorized_keys")

  154. 	f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)

  155. 	if err != nil {

  156. 		return err

  157. 	}

  158. 	defer f.Close()

  159. 	finfo, err := f.Stat()

  160. 	if err != nil {

  161. 		return err

  162. 	}

  163. 	if finfo.Mode().Perm() > 0600 {

  164. 		log.Error(4, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", finfo.Mode().Perm().String())

  165. 		if err = f.Chmod(0600); err != nil {

  166. 			return err

  167. 		}

  168. 	}

  169. 

  170. 	_, err = f.WriteString(key.GetAuthorizedString())

  171. 	return err

  172. }

  173. 

  174. // AddPublicKey adds new public key to database and authorized_keys file.

  175. func AddPublicKey(key *PublicKey) (err error) {

  176. 	has, err := x.Get(key)

  177. 	if err != nil {

  178. 		return err

  179. 	} else if has {

  180. 		return ErrKeyAlreadyExist

  181. 	}

  182. 

  183. 	// Calculate fingerprint.

  184. 	tmpPath := strings.Replace(path.Join(os.TempDir(), fmt.Sprintf("%d", time.Now().Nanosecond()),

  185. 		"id_rsa.pub"), "\\", "/", -1)

  186. 	os.MkdirAll(path.Dir(tmpPath), os.ModePerm)

  187. 	if err = ioutil.WriteFile(tmpPath, []byte(key.Content), os.ModePerm); err != nil {

  188. 		return err

  189. 	}

  190. 	stdout, stderr, err := process.Exec("AddPublicKey", "ssh-keygen", "-l", "-f", tmpPath)

  191. 	if err != nil {

  192. 		return errors.New("ssh-keygen -l -f: " + stderr)

  193. 	} else if len(stdout) < 2 {

  194. 		return errors.New("Not enough output for calculating fingerprint")

  195. 	}

  196. 	key.Fingerprint = strings.Split(stdout, " ")[1]

  197. 

  198. 	// Save SSH key.

  199. 	if _, err = x.Insert(key); err != nil {

  200. 		return err

  201. 	} else if err = saveAuthorizedKeyFile(key); err != nil {

  202. 		// Roll back.

  203. 		if _, err2 := x.Delete(key); err2 != nil {

  204. 			return err2

  205. 		}

  206. 		return err

  207. 	}

  208. 

  209. 	return nil

  210. }

  211. 

  212. // GetPublicKeyById returns public key by given ID.

  213. func GetPublicKeyById(keyId int64) (*PublicKey, error) {

  214. 	key := new(PublicKey)

  215. 	has, err := x.Id(keyId).Get(key)

  216. 	if err != nil {

  217. 		return nil, err

  218. 	} else if !has {

  219. 		return nil, ErrKeyNotExist

  220. 	}

  221. 	return key, nil

  222. }

  223. 

  224. // ListPublicKey returns a list of all public keys that user has.

  225. func ListPublicKey(uid int64) ([]*PublicKey, error) {

  226. 	keys := make([]*PublicKey, 0, 5)

  227. 	err := x.Find(&keys, &PublicKey{OwnerId: uid})

  228. 	if err != nil {

  229. 		return nil, err

  230. 	}

  231. 

  232. 	for _, key := range keys {

  233. 		key.HasUsed = key.Updated.After(key.Created)

  234. 		key.HasRecentActivity = key.Updated.Add(7 * 24 * time.Hour).After(time.Now())

  235. 	}

  236. 	return keys, nil

  237. }

  238. 

  239. // rewriteAuthorizedKeys finds and deletes corresponding line in authorized_keys file.

  240. func rewriteAuthorizedKeys(key *PublicKey, p, tmpP string) error {

  241. 	sshOpLocker.Lock()

  242. 	defer sshOpLocker.Unlock()

  243. 

  244. 	fr, err := os.Open(p)

  245. 	if err != nil {

  246. 		return err

  247. 	}

  248. 	defer fr.Close()

  249. 

  250. 	fw, err := os.OpenFile(tmpP, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)

  251. 	if err != nil {

  252. 		return err

  253. 	}

  254. 	defer fw.Close()

  255. 

  256. 	isFound := false

  257. 	keyword := fmt.Sprintf("key-%d", key.Id)

  258. 	buf := bufio.NewReader(fr)

  259. 	for {

  260. 		line, errRead := buf.ReadString('\n')

  261. 		line = strings.TrimSpace(line)

  262. 

  263. 		if errRead != nil {

  264. 			if errRead != io.EOF {

  265. 				return errRead

  266. 			}

  267. 

  268. 			// Reached end of file, if nothing to read then break,

  269. 			// otherwise handle the last line.

  270. 			if len(line) == 0 {

  271. 				break

  272. 			}

  273. 		}

  274. 

  275. 		// Found the line and copy rest of file.

  276. 		if !isFound && strings.Contains(line, keyword) && strings.Contains(line, key.Content) {

  277. 			isFound = true

  278. 			continue

  279. 		}

  280. 		// Still finding the line, copy the line that currently read.

  281. 		if _, err = fw.WriteString(line + "\n"); err != nil {

  282. 			return err

  283. 		}

  284. 

  285. 		if errRead == io.EOF {

  286. 			break

  287. 		}

  288. 	}

  289. 	return nil

  290. }

  291. 

  292. // UpdatePublicKey updates given public key.

  293. func UpdatePublicKey(key *PublicKey) error {

  294. 	_, err := x.Id(key.Id).AllCols().Update(key)

  295. 	return err

  296. }

  297. 

  298. // DeletePublicKey deletes SSH key information both in database and authorized_keys file.

  299. func DeletePublicKey(key *PublicKey) error {

  300. 	has, err := x.Get(key)

  301. 	if err != nil {

  302. 		return err

  303. 	} else if !has {

  304. 		return ErrKeyNotExist

  305. 	}

  306. 

  307. 	if _, err = x.Delete(key); err != nil {

  308. 		return err

  309. 	}

  310. 

  311. 	fpath := filepath.Join(SshPath, "authorized_keys")

  312. 	tmpPath := filepath.Join(SshPath, "authorized_keys.tmp")

  313. 	if err = rewriteAuthorizedKeys(key, fpath, tmpPath); err != nil {

  314. 		return err

  315. 	} else if err = os.Remove(fpath); err != nil {

  316. 		return err

  317. 	}

  318. 	return os.Rename(tmpPath, fpath)

  319. }