mirrors
/
gitea
peilaus alkaen https://github.com/go-gitea/gitea.git
Tarkkaile 1
Äänestä 0
Fork 0
Koodi Ongelmat 0 Julkaisut 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9600 Commitit
17 Branchit
Puu: v1.21.5
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from 'v1.21.5'
${ noResults }
gitea/models/asymkey/ssh_key_authorized_principa...

ssh_key_authorized_principals.go 4.0KB
Raaka Pysyvä linkki Blame Historia

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package asymkey

  5. 

  6. import (

  7. 	"bufio"

  8. 	"context"

  9. 	"fmt"

  10. 	"io"

  11. 	"os"

  12. 	"path/filepath"

  13. 	"strings"

  14. 	"time"

  15. 

  16. 	"code.gitea.io/gitea/models/db"

  17. 	"code.gitea.io/gitea/modules/log"

  18. 	"code.gitea.io/gitea/modules/setting"

  19. 	"code.gitea.io/gitea/modules/util"

  20. )

  21. 

  22. //  _____          __  .__                 .__                  .___

  23. // /  _  \  __ ___/  |_|  |__   ___________|__|_______ ____   __| _/

  24. // /  /_\  \|  |  \   __\  |  \ /  _ \_  __ \  \___   // __ \ / __ |

  25. // /    |    \  |  /|  | |   Y  (  <_> )  | \/  |/    /\  ___// /_/ |

  26. // \____|__  /____/ |__| |___|  /\____/|__|  |__/_____ \\___  >____ |

  27. //         \/                 \/                      \/    \/     \/

  28. // __________       .__              .__             .__

  29. // \______   _______|__| ____   ____ |_____________  |  |   ______

  30. //  |     ___\_  __ |  |/    \_/ ___\|  \____ \__  \ |  |  /  ___/

  31. //  |    |    |  | \|  |   |  \  \___|  |  |_> / __ \|  |__\___ \

  32. //  |____|    |__|  |__|___|  /\___  |__|   __(____  |____/____  >

  33. //                          \/     \/   |__|       \/          \/

  34. //

  35. // This file contains functions for creating authorized_principals files

  36. //

  37. // There is a dependence on the database within RewriteAllPrincipalKeys & RegeneratePrincipalKeys

  38. // The sshOpLocker is used from ssh_key_authorized_keys.go

  39. 

  40. const authorizedPrincipalsFile = "authorized_principals"

  41. 

  42. // RewriteAllPrincipalKeys removes any authorized principal and rewrite all keys from database again.

  43. // Note: db.GetEngine(db.DefaultContext).Iterate does not get latest data after insert/delete, so we have to call this function

  44. // outside any session scope independently.

  45. func RewriteAllPrincipalKeys(ctx context.Context) error {

  46. 	// Don't rewrite key if internal server

  47. 	if setting.SSH.StartBuiltinServer || !setting.SSH.CreateAuthorizedPrincipalsFile {

  48. 		return nil

  49. 	}

  50. 

  51. 	sshOpLocker.Lock()

  52. 	defer sshOpLocker.Unlock()

  53. 

  54. 	if setting.SSH.RootPath != "" {

  55. 		// First of ensure that the RootPath is present, and if not make it with 0700 permissions

  56. 		// This of course doesn't guarantee that this is the right directory for authorized_keys

  57. 		// but at least if it's supposed to be this directory and it doesn't exist and we're the

  58. 		// right user it will at least be created properly.

  59. 		err := os.MkdirAll(setting.SSH.RootPath, 0o700)

  60. 		if err != nil {

  61. 			log.Error("Unable to MkdirAll(%s): %v", setting.SSH.RootPath, err)

  62. 			return err

  63. 		}

  64. 	}

  65. 

  66. 	fPath := filepath.Join(setting.SSH.RootPath, authorizedPrincipalsFile)

  67. 	tmpPath := fPath + ".tmp"

  68. 	t, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)

  69. 	if err != nil {

  70. 		return err

  71. 	}

  72. 	defer func() {

  73. 		t.Close()

  74. 		os.Remove(tmpPath)

  75. 	}()

  76. 

  77. 	if setting.SSH.AuthorizedPrincipalsBackup {

  78. 		isExist, err := util.IsExist(fPath)

  79. 		if err != nil {

  80. 			log.Error("Unable to check if %s exists. Error: %v", fPath, err)

  81. 			return err

  82. 		}

  83. 		if isExist {

  84. 			bakPath := fmt.Sprintf("%s_%d.gitea_bak", fPath, time.Now().Unix())

  85. 			if err = util.CopyFile(fPath, bakPath); err != nil {

  86. 				return err

  87. 			}

  88. 		}

  89. 	}

  90. 

  91. 	if err := regeneratePrincipalKeys(ctx, t); err != nil {

  92. 		return err

  93. 	}

  94. 

  95. 	t.Close()

  96. 	return util.Rename(tmpPath, fPath)

  97. }

  98. 

  99. func regeneratePrincipalKeys(ctx context.Context, t io.StringWriter) error {

  100. 	if err := db.GetEngine(ctx).Where("type = ?", KeyTypePrincipal).Iterate(new(PublicKey), func(idx int, bean any) (err error) {

  101. 		_, err = t.WriteString((bean.(*PublicKey)).AuthorizedString())

  102. 		return err

  103. 	}); err != nil {

  104. 		return err

  105. 	}

  106. 

  107. 	fPath := filepath.Join(setting.SSH.RootPath, authorizedPrincipalsFile)

  108. 	isExist, err := util.IsExist(fPath)

  109. 	if err != nil {

  110. 		log.Error("Unable to check if %s exists. Error: %v", fPath, err)

  111. 		return err

  112. 	}

  113. 	if isExist {

  114. 		f, err := os.Open(fPath)

  115. 		if err != nil {

  116. 			return err

  117. 		}

  118. 		scanner := bufio.NewScanner(f)

  119. 		for scanner.Scan() {

  120. 			line := scanner.Text()

  121. 			if strings.HasPrefix(line, tplCommentPrefix) {

  122. 				scanner.Scan()

  123. 				continue

  124. 			}

  125. 			_, err = t.WriteString(line + "\n")

  126. 			if err != nil {

  127. 				f.Close()

  128. 				return err

  129. 			}

  130. 		}

  131. 		f.Close()

  132. 	}

  133. 	return nil

  134. }