wangwei
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
5702 Commits
197 Branches
346 MB
788 Download
Tree: a257f88a09
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a257f88a09'
${ noResults }
aiforge/models/ssh_key.go

ssh_key.go 22 kB
Raw Normal View History

Fix delete SSH key in file
11 years ago
add publickey & access
11 years ago
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
8 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
Bug fix
11 years ago
add publickey & access
11 years ago
Add postgres support, clean code, code review
11 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
add publickey & access
11 years ago
Fix delete SSH key in file
11 years ago
add publickey & access
11 years ago
Update
11 years ago
#334: Add Deployment Key Support
10 years ago
#2179 use Go sub-repo ssh to verify public key content
10 years ago
Fix SSH key bug in windows
11 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
9 years ago
add publickey & access
11 years ago
Add postgres support, clean code, code review
11 years ago
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
8 years ago
Add postgres support, clean code, code review
11 years ago
models/ssh_key: code cleaning
9 years ago
add publickey
11 years ago
Lint models/ssh_key.go
9 years ago
#334: Add Deployment Key Support
10 years ago
Lint models/ssh_key.go
9 years ago
And others
9 years ago
Lint models/ssh_key.go
9 years ago
And others
9 years ago
#334: Add Deployment Key Support
10 years ago
models/ssh_key: code cleaning
9 years ago
add publickey & access
11 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Use created & updated instead BeforeInsert & BeforeUpdate (#2482) * use created & updated instead BeforeInsert & BeforeUpdate * fix vendor checksum * only show generated SQL when development mode * remove extra update column updated_unix * remove trace config
8 years ago
Use AfterLoad instead of AfterSet on Structs (#2628) * use AfterLoad instead of AfterSet on Structs * fix the comments on AfterLoad * fix the comments on action AfterLoad
8 years ago
Use created & updated instead BeforeInsert & BeforeUpdate (#2482) * use created & updated instead BeforeInsert & BeforeUpdate * fix vendor checksum * only show generated SQL when development mode * remove extra update column updated_unix * remove trace config
8 years ago
#334: Add Deployment Key Support
10 years ago
Use AfterLoad instead of AfterSet on Structs (#2628) * use AfterLoad instead of AfterSet on Structs * fix the comments on AfterLoad * fix the comments on action AfterLoad
8 years ago
add publickey & access
11 years ago
models/ssh_key: code cleaning
9 years ago
Lint models/ssh_key.go
9 years ago
Fix #652
11 years ago
models/ssh_key: code cleaning
9 years ago
And others
9 years ago
add publickey & access
11 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
#334: Add Deployment Key Support
10 years ago
models/ssh_key: code cleaning
9 years ago
Handle ssh key import better (#224) * Handle user ssh key input better ssh_key: when user submitted keys had a newline at the end, strings.Split would have created a slice with an empty last element, and the key type check would be incorrect. Perhaps a better way is to look for 'ssh-rsa' or 'ssh-dsa' at the beginning of the string, but this is simple. * ssh_key: correct indentation
9 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
#1622 comment with whitespace
10 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
models/ssh_key: code cleaning
9 years ago
Implement #798 Flexible ssh-key input It is now possible to input ssh keys in a number of formats: openssh, SSH2 or just the base64 encoded key.
11 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
Replace Gogs with Gitea (#520)
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
models/ssh_key: code cleaning
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Refactor process package and introduce ProcessManager{} with tests (#75) * Add a process.Manager singleton with process.GetManager() * Use process.GetManager everywhere * Fix godoc comments for process module * Increment process counter id after locking the mutex
8 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
refactor: Remove unnecessary type conversions (#772)
8 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
New UI merge in progress
11 years ago
models/ssh_key: code cleaning
9 years ago
#334: Add Deployment Key Support
10 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
#334: Add Deployment Key Support
10 years ago
#634
11 years ago
New UI merge in progress
11 years ago
#334: Add Deployment Key Support
10 years ago
New UI merge in progress
11 years ago
Trim whitespace when adding SSH keys (fixes #2447)
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
New UI merge in progress
11 years ago
#2179 use Go sub-repo ssh to verify public key content
10 years ago
models/ssh_key: code cleaning
9 years ago
New UI merge in progress
11 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
New UI merge in progress
11 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
models/ssh_key: code cleaning
9 years ago
New UI merge in progress
11 years ago
models/ssh_key: code cleaning
9 years ago
Finish issue design
11 years ago
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
8 years ago
Finish issue design
11 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
11 years ago
models: code fix on #818
10 years ago
models/ssh_key: code cleaning
9 years ago
Work #475 and #458
11 years ago
models/ssh_key: code cleaning
9 years ago
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
10 years ago
Fix mirror UI style and work on #475
11 years ago
Moved defer f.Close() up so there is no chance of returning without closing and handled an error on f.Chmod
11 years ago
Make sure, .ssh directory and authorized_keys file are kept at correct permissions
11 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
models/ssh_key: code cleaning
9 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
Finish issue design
11 years ago
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
8 years ago
#1535 Removing deploy key does not remove key
10 years ago
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
8 years ago
#1535 Removing deploy key does not remove key
10 years ago
Add check if public key name has been used
11 years ago
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
8 years ago
Add check if public key name has been used
11 years ago
#334: Add Deployment Key Support
10 years ago
Add check if public key name has been used
11 years ago
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
8 years ago
Add generate fingerprint of ssh key
11 years ago
use writeTmpKeyFile in calcFingerprint (#1828) this makes calcFingerprint use SSH.KeyTestpath instead of os temp dir.
8 years ago
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
8 years ago
add publickey & access
11 years ago
Delete Public SSH Key tmp file after calculating fingerprint (#1855) * Delete public key tmp file after calculating fingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Move line Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Remove defer statement Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Readd defer statement and move remove Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Delete space Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
8 years ago
Refactor process package and introduce ProcessManager{} with tests (#75) * Add a process.Manager singleton with process.GetManager() * Use process.GetManager everywhere * Fix godoc comments for process module * Increment process counter id after locking the mutex
8 years ago
add publickey & access
11 years ago
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
8 years ago
Add generate fingerprint of ssh key
11 years ago
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
8 years ago
Add generate fingerprint of ssh key
11 years ago
#334: Add Deployment Key Support
10 years ago
Add generate fingerprint of ssh key
11 years ago
#334: Add Deployment Key Support
10 years ago
#2147 fix rewrites authorized_keys when builtin SSH server is enabled
10 years ago
Post work for #2637 Improve test cases, config settings, also show SSH config settings on admin config panel.
9 years ago
#2147 fix rewrites authorized_keys when builtin SSH server is enabled
10 years ago
models/ssh_key: code cleaning
9 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
allow native and ssh-keygen public key check This commit adds the possibibility to use either the native golang libraries or ssh-keygen to check public keys. The check is adjusted depending on the settings, so that only supported keys are let through. This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist algorythms or keys based on the key length. This works with the native and the ssh-keygen way. Because of #2179 it also includes a way to adjust the path to ssh-keygen and the working directory for ssh-keygen. With this, sysadmins should be able to adjust the settings in a way, that SELinux is okay with it. In the worst case, they can switch to the native implementation and only loose support for ed25519 keys at the moment. There are some other places which need adjustment to utilize the parameters and the native implementation, but this sets the ground work.
9 years ago
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
8 years ago
fix #976
10 years ago
add publickey & access
11 years ago
#334: Add Deployment Key Support
10 years ago
Rewrite XORM queries
9 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
#334: Add Deployment Key Support
10 years ago
Refactor session close as xorm already does everything needed internally (#2020)
8 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
#334: Add Deployment Key Support
10 years ago
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
8 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
add publickey & access
11 years ago
#334: Add Deployment Key Support
10 years ago
Finish new web hook pages
11 years ago
Rewrite XORM queries
9 years ago
Finish new web hook pages
11 years ago
#334: Add Deployment Key Support
10 years ago
Finish new web hook pages
11 years ago
fix 1540 and experimental SSH server support
10 years ago
Rewrite XORM queries
9 years ago
fix 1540 and experimental SSH server support
10 years ago
add personal access token panel #12
11 years ago
New UI merge in progress
11 years ago
Rewrite XORM queries
9 years ago
Finish issue design
11 years ago
refactor update ssh key use time (#1466)
8 years ago
Fix key usage time update if the key is used in parallel for multiple operations (#2185)
8 years ago
Reduce usage of allcols on update (#2596) * reduce usage of allcols on update * fix bug and tests
8 years ago
refactor update ssh key use time (#1466)
8 years ago
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
9 years ago
#334: Add Deployment Key Support
10 years ago
Fix SSH key bug in windows
11 years ago
Improve delete SSH key
11 years ago
use in instead string join (#155)
9 years ago
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
9 years ago
add publickey & access
11 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
add confirmation to delete ssh key
10 years ago
fix #976
10 years ago
Refactor User.Id to User.ID
9 years ago
add confirmation to delete ssh key
10 years ago
#334: Add Deployment Key Support
10 years ago
Refactor session close as xorm already does everything needed internally (#2020)
8 years ago
#334: Add Deployment Key Support
10 years ago
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
9 years ago
#334: Add Deployment Key Support
10 years ago
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
9 years ago
#334: Add Deployment Key Support
10 years ago
models: code fix on #818
10 years ago
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
9 years ago
Fix typos in models/ (#576)
9 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
models: code fix on #818
10 years ago
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
8 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
8 years ago
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
8 years ago
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
8 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
8 years ago
models: code fix on #818
10 years ago
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
8 years ago
models: code fix on #818
10 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
models: code fix on #818
10 years ago
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
8 years ago
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
8 years ago
models: code fix on #818
10 years ago
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
8 years ago
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
8 years ago
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
8 years ago
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
8 years ago
Setting to disable authorized_keys backup (#1856) * Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Update default value to comply with documentation Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Only close file once Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not modify calcFingerprint Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Fix casing Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change style from disable to enable Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
8 years ago
models: code fix on #818
10 years ago
Don't rewrite non-gitea public keys (#906) * don't rewrite non-gitea public keys * add comment for public key
8 years ago
Fix lint errors (#2547)
8 years ago
add afunction to rewrite all public keys on admin request refs #763
11 years ago
#334: Add Deployment Key Support
10 years ago
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Use created & updated instead BeforeInsert & BeforeUpdate (#2482) * use created & updated instead BeforeInsert & BeforeUpdate * fix vendor checksum * only show generated SQL when development mode * remove extra update column updated_unix * remove trace config
8 years ago
Use AfterLoad instead of AfterSet on Structs (#2628) * use AfterLoad instead of AfterSet on Structs * fix the comments on AfterLoad * fix the comments on action AfterLoad
8 years ago
Use created & updated instead BeforeInsert & BeforeUpdate (#2482) * use created & updated instead BeforeInsert & BeforeUpdate * fix vendor checksum * only show generated SQL when development mode * remove extra update column updated_unix * remove trace config
8 years ago
#334: Add Deployment Key Support
10 years ago
Use AfterLoad instead of AfterSet on Structs (#2628) * use AfterLoad instead of AfterSet on Structs * fix the comments on AfterLoad * fix the comments on action AfterLoad
8 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
Lint models/ssh_key.go
9 years ago
fix #878
10 years ago
Lint models/ssh_key.go
9 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
Rewrite XORM queries
9 years ago
#334: Add Deployment Key Support
10 years ago
Rewrite XORM queries
9 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
Rewrite XORM queries
9 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
8 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
8 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
Refactor session close as xorm already does everything needed internally (#2020)
8 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
Use fingerprint to check instead content for public key (#911) * use fingerprint to check instead content for public key * add fingerprint field for ErrKeyAlreadyExist
8 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
Replace deprecated Id method with ID (#2655)
8 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #878
10 years ago
#334: Add Deployment Key Support
10 years ago
Replace deprecated Id method with ID (#2655)
8 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
#334: Add Deployment Key Support
10 years ago
fix #976
10 years ago
APIs: admin users
10 years ago
Refactor and fix incorrect comment (#1247)
8 years ago
APIs: admin users
10 years ago
Refactor User.Id to User.ID
9 years ago
APIs: admin users
10 years ago
#334: Add Deployment Key Support
10 years ago
Refactor session close as xorm already does everything needed internally (#2020)
8 years ago
#334: Add Deployment Key Support
10 years ago
Replace deprecated Id method with ID (#2655)
8 years ago
models/ssh_key: code cleaning
9 years ago
#334: Add Deployment Key Support
10 years ago
Rewrite XORM queries
9 years ago
#334: Add Deployment Key Support
10 years ago
#3281 fix x.Iterate returns nothing inside session scope with SQLite3
9 years ago
#334: Add Deployment Key Support
10 years ago
Rewrite XORM queries
9 years ago
#334: Add Deployment Key Support
10 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"bufio"

  9. 	"encoding/base64"

  10. 	"encoding/binary"

  11. 	"errors"

  12. 	"fmt"

  13. 	"io/ioutil"

  14. 	"math/big"

  15. 	"os"

  16. 	"path/filepath"

  17. 	"strings"

  18. 	"sync"

  19. 	"time"

  20. 

  21. 	"github.com/Unknwon/com"

  22. 	"github.com/go-xorm/xorm"

  23. 	"golang.org/x/crypto/ssh"

  24. 

  25. 	"code.gitea.io/gitea/modules/log"

  26. 	"code.gitea.io/gitea/modules/process"

  27. 	"code.gitea.io/gitea/modules/setting"

  28. )

  29. 

  30. const (

  31. 	tplCommentPrefix = `# gitea public key`

  32. 	tplPublicKey     = tplCommentPrefix + "\n" + `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"

  33. )

  34. 

  35. var sshOpLocker sync.Mutex

  36. 

  37. // KeyType specifies the key type

  38. type KeyType int

  39. 

  40. const (

  41. 	// KeyTypeUser specifies the user key

  42. 	KeyTypeUser = iota + 1

  43. 	// KeyTypeDeploy specifies the deploy key

  44. 	KeyTypeDeploy

  45. )

  46. 

  47. // PublicKey represents a user or deploy SSH public key.

  48. type PublicKey struct {

  49. 	ID          int64      `xorm:"pk autoincr"`

  50. 	OwnerID     int64      `xorm:"INDEX NOT NULL"`

  51. 	Name        string     `xorm:"NOT NULL"`

  52. 	Fingerprint string     `xorm:"NOT NULL"`

  53. 	Content     string     `xorm:"TEXT NOT NULL"`

  54. 	Mode        AccessMode `xorm:"NOT NULL DEFAULT 2"`

  55. 	Type        KeyType    `xorm:"NOT NULL DEFAULT 1"`

  56. 

  57. 	Created           time.Time `xorm:"-"`

  58. 	CreatedUnix       int64     `xorm:"created"`

  59. 	Updated           time.Time `xorm:"-"`

  60. 	UpdatedUnix       int64     `xorm:"updated"`

  61. 	HasRecentActivity bool      `xorm:"-"`

  62. 	HasUsed           bool      `xorm:"-"`

  63. }

  64. 

  65. // AfterLoad is invoked from XORM after setting the values of all fields of this object.

  66. func (key *PublicKey) AfterLoad() {

  67. 	key.Created = time.Unix(key.CreatedUnix, 0).Local()

  68. 	key.Updated = time.Unix(key.UpdatedUnix, 0).Local()

  69. 	key.HasUsed = key.Updated.After(key.Created)

  70. 	key.HasRecentActivity = key.Updated.Add(7 * 24 * time.Hour).After(time.Now())

  71. }

  72. 

  73. // OmitEmail returns content of public key without email address.

  74. func (key *PublicKey) OmitEmail() string {

  75. 	return strings.Join(strings.Split(key.Content, " ")[:2], " ")

  76. }

  77. 

  78. // AuthorizedString returns formatted public key string for authorized_keys file.

  79. func (key *PublicKey) AuthorizedString() string {

  80. 	return fmt.Sprintf(tplPublicKey, setting.AppPath, key.ID, setting.CustomConf, key.Content)

  81. }

  82. 

  83. func extractTypeFromBase64Key(key string) (string, error) {

  84. 	b, err := base64.StdEncoding.DecodeString(key)

  85. 	if err != nil || len(b) < 4 {

  86. 		return "", fmt.Errorf("invalid key format: %v", err)

  87. 	}

  88. 

  89. 	keyLength := int(binary.BigEndian.Uint32(b))

  90. 	if len(b) < 4+keyLength {

  91. 		return "", fmt.Errorf("invalid key format: not enough length %d", keyLength)

  92. 	}

  93. 

  94. 	return string(b[4 : 4+keyLength]), nil

  95. }

  96. 

  97. // parseKeyString parses any key string in OpenSSH or SSH2 format to clean OpenSSH string (RFC4253).

  98. func parseKeyString(content string) (string, error) {

  99. 	// Transform all legal line endings to a single "\n".

  100. 	content = strings.NewReplacer("\r\n", "\n", "\r", "\n").Replace(content)

  101. 	// remove trailing newline (and beginning spaces too)

  102. 	content = strings.TrimSpace(content)

  103. 	lines := strings.Split(content, "\n")

  104. 

  105. 	var keyType, keyContent, keyComment string

  106. 

  107. 	if len(lines) == 1 {

  108. 		// Parse OpenSSH format.

  109. 		parts := strings.SplitN(lines[0], " ", 3)

  110. 		switch len(parts) {

  111. 		case 0:

  112. 			return "", errors.New("empty key")

  113. 		case 1:

  114. 			keyContent = parts[0]

  115. 		case 2:

  116. 			keyType = parts[0]

  117. 			keyContent = parts[1]

  118. 		default:

  119. 			keyType = parts[0]

  120. 			keyContent = parts[1]

  121. 			keyComment = parts[2]

  122. 		}

  123. 

  124. 		// If keyType is not given, extract it from content. If given, validate it.

  125. 		t, err := extractTypeFromBase64Key(keyContent)

  126. 		if err != nil {

  127. 			return "", fmt.Errorf("extractTypeFromBase64Key: %v", err)

  128. 		}

  129. 		if len(keyType) == 0 {

  130. 			keyType = t

  131. 		} else if keyType != t {

  132. 			return "", fmt.Errorf("key type and content does not match: %s - %s", keyType, t)

  133. 		}

  134. 	} else {

  135. 		// Parse SSH2 file format.

  136. 		continuationLine := false

  137. 

  138. 		for _, line := range lines {

  139. 			// Skip lines that:

  140. 			// 1) are a continuation of the previous line,

  141. 			// 2) contain ":" as that are comment lines

  142. 			// 3) contain "-" as that are begin and end tags

  143. 			if continuationLine || strings.ContainsAny(line, ":-") {

  144. 				continuationLine = strings.HasSuffix(line, "\\")

  145. 			} else {

  146. 				keyContent = keyContent + line

  147. 			}

  148. 		}

  149. 

  150. 		t, err := extractTypeFromBase64Key(keyContent)

  151. 		if err != nil {

  152. 			return "", fmt.Errorf("extractTypeFromBase64Key: %v", err)

  153. 		}

  154. 		keyType = t

  155. 	}

  156. 	return keyType + " " + keyContent + " " + keyComment, nil

  157. }

  158. 

  159. // writeTmpKeyFile writes key content to a temporary file

  160. // and returns the name of that file, along with any possible errors.

  161. func writeTmpKeyFile(content string) (string, error) {

  162. 	tmpFile, err := ioutil.TempFile(setting.SSH.KeyTestPath, "gitea_keytest")

  163. 	if err != nil {

  164. 		return "", fmt.Errorf("TempFile: %v", err)

  165. 	}

  166. 	defer tmpFile.Close()

  167. 

  168. 	if _, err = tmpFile.WriteString(content); err != nil {

  169. 		return "", fmt.Errorf("WriteString: %v", err)

  170. 	}

  171. 	return tmpFile.Name(), nil

  172. }

  173. 

  174. // SSHKeyGenParsePublicKey extracts key type and length using ssh-keygen.

  175. func SSHKeyGenParsePublicKey(key string) (string, int, error) {

  176. 	// The ssh-keygen in Windows does not print key type, so no need go further.

  177. 	if setting.IsWindows {

  178. 		return "", 0, nil

  179. 	}

  180. 

  181. 	tmpName, err := writeTmpKeyFile(key)

  182. 	if err != nil {

  183. 		return "", 0, fmt.Errorf("writeTmpKeyFile: %v", err)

  184. 	}

  185. 	defer os.Remove(tmpName)

  186. 

  187. 	stdout, stderr, err := process.GetManager().Exec("SSHKeyGenParsePublicKey", setting.SSH.KeygenPath, "-lf", tmpName)

  188. 	if err != nil {

  189. 		return "", 0, fmt.Errorf("fail to parse public key: %s - %s", err, stderr)

  190. 	}

  191. 	if strings.Contains(stdout, "is not a public key file") {

  192. 		return "", 0, ErrKeyUnableVerify{stdout}

  193. 	}

  194. 

  195. 	fields := strings.Split(stdout, " ")

  196. 	if len(fields) < 4 {

  197. 		return "", 0, fmt.Errorf("invalid public key line: %s", stdout)

  198. 	}

  199. 

  200. 	keyType := strings.Trim(fields[len(fields)-1], "()\r\n")

  201. 	return strings.ToLower(keyType), com.StrTo(fields[0]).MustInt(), nil

  202. }

  203. 

  204. // SSHNativeParsePublicKey extracts the key type and length using the golang SSH library.

  205. // NOTE: ed25519 is not supported.

  206. func SSHNativeParsePublicKey(keyLine string) (string, int, error) {

  207. 	fields := strings.Fields(keyLine)

  208. 	if len(fields) < 2 {

  209. 		return "", 0, fmt.Errorf("not enough fields in public key line: %s", keyLine)

  210. 	}

  211. 

  212. 	raw, err := base64.StdEncoding.DecodeString(fields[1])

  213. 	if err != nil {

  214. 		return "", 0, err

  215. 	}

  216. 

  217. 	pkey, err := ssh.ParsePublicKey(raw)

  218. 	if err != nil {

  219. 		if strings.Contains(err.Error(), "ssh: unknown key algorithm") {

  220. 			return "", 0, ErrKeyUnableVerify{err.Error()}

  221. 		}

  222. 		return "", 0, fmt.Errorf("ParsePublicKey: %v", err)

  223. 	}

  224. 

  225. 	// The ssh library can parse the key, so next we find out what key exactly we have.

  226. 	switch pkey.Type() {

  227. 	case ssh.KeyAlgoDSA:

  228. 		rawPub := struct {

  229. 			Name       string

  230. 			P, Q, G, Y *big.Int

  231. 		}{}

  232. 		if err := ssh.Unmarshal(pkey.Marshal(), &rawPub); err != nil {

  233. 			return "", 0, err

  234. 		}

  235. 		// as per https://bugzilla.mindrot.org/show_bug.cgi?id=1647 we should never

  236. 		// see dsa keys != 1024 bit, but as it seems to work, we will not check here

  237. 		return "dsa", rawPub.P.BitLen(), nil // use P as per crypto/dsa/dsa.go (is L)

  238. 	case ssh.KeyAlgoRSA:

  239. 		rawPub := struct {

  240. 			Name string

  241. 			E    *big.Int

  242. 			N    *big.Int

  243. 		}{}

  244. 		if err := ssh.Unmarshal(pkey.Marshal(), &rawPub); err != nil {

  245. 			return "", 0, err

  246. 		}

  247. 		return "rsa", rawPub.N.BitLen(), nil // use N as per crypto/rsa/rsa.go (is bits)

  248. 	case ssh.KeyAlgoECDSA256:

  249. 		return "ecdsa", 256, nil

  250. 	case ssh.KeyAlgoECDSA384:

  251. 		return "ecdsa", 384, nil

  252. 	case ssh.KeyAlgoECDSA521:

  253. 		return "ecdsa", 521, nil

  254. 	case "ssh-ed25519": // TODO: replace with ssh constant when available

  255. 		return "ed25519", 256, nil

  256. 	}

  257. 	return "", 0, fmt.Errorf("unsupported key length detection for type: %s", pkey.Type())

  258. }

  259. 

  260. // CheckPublicKeyString checks if the given public key string is recognized by SSH.

  261. // It returns the actual public key line on success.

  262. func CheckPublicKeyString(content string) (_ string, err error) {

  263. 	if setting.SSH.Disabled {

  264. 		return "", errors.New("SSH is disabled")

  265. 	}

  266. 

  267. 	content, err = parseKeyString(content)

  268. 	if err != nil {

  269. 		return "", err

  270. 	}

  271. 

  272. 	content = strings.TrimRight(content, "\n\r")

  273. 	if strings.ContainsAny(content, "\n\r") {

  274. 		return "", errors.New("only a single line with a single key please")

  275. 	}

  276. 

  277. 	// remove any unnecessary whitespace now

  278. 	content = strings.TrimSpace(content)

  279. 

  280. 	var (

  281. 		fnName  string

  282. 		keyType string

  283. 		length  int

  284. 	)

  285. 	if setting.SSH.StartBuiltinServer {

  286. 		fnName = "SSHNativeParsePublicKey"

  287. 		keyType, length, err = SSHNativeParsePublicKey(content)

  288. 	} else {

  289. 		fnName = "SSHKeyGenParsePublicKey"

  290. 		keyType, length, err = SSHKeyGenParsePublicKey(content)

  291. 	}

  292. 	if err != nil {

  293. 		return "", fmt.Errorf("%s: %v", fnName, err)

  294. 	}

  295. 	log.Trace("Key info [native: %v]: %s-%d", setting.SSH.StartBuiltinServer, keyType, length)

  296. 

  297. 	if !setting.SSH.MinimumKeySizeCheck {

  298. 		return content, nil

  299. 	}

  300. 	if minLen, found := setting.SSH.MinimumKeySizes[keyType]; found && length >= minLen {

  301. 		return content, nil

  302. 	} else if found && length < minLen {

  303. 		return "", fmt.Errorf("key length is not enough: got %d, needs %d", length, minLen)

  304. 	}

  305. 	return "", fmt.Errorf("key type is not allowed: %s", keyType)

  306. }

  307. 

  308. // appendAuthorizedKeysToFile appends new SSH keys' content to authorized_keys file.

  309. func appendAuthorizedKeysToFile(keys ...*PublicKey) error {

  310. 	sshOpLocker.Lock()

  311. 	defer sshOpLocker.Unlock()

  312. 

  313. 	fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys")

  314. 	f, err := os.OpenFile(fPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)

  315. 	if err != nil {

  316. 		return err

  317. 	}

  318. 	defer f.Close()

  319. 

  320. 	// Note: chmod command does not support in Windows.

  321. 	if !setting.IsWindows {

  322. 		fi, err := f.Stat()

  323. 		if err != nil {

  324. 			return err

  325. 		}

  326. 

  327. 		// .ssh directory should have mode 700, and authorized_keys file should have mode 600.

  328. 		if fi.Mode().Perm() > 0600 {

  329. 			log.Error(4, "authorized_keys file has unusual permission flags: %s - setting to -rw-------", fi.Mode().Perm().String())

  330. 			if err = f.Chmod(0600); err != nil {

  331. 				return err

  332. 			}

  333. 		}

  334. 	}

  335. 

  336. 	for _, key := range keys {

  337. 		if _, err = f.WriteString(key.AuthorizedString()); err != nil {

  338. 			return err

  339. 		}

  340. 	}

  341. 	return nil

  342. }

  343. 

  344. // checkKeyFingerprint only checks if key fingerprint has been used as public key,

  345. // it is OK to use same key as deploy key for multiple repositories/users.

  346. func checkKeyFingerprint(e Engine, fingerprint string) error {

  347. 	has, err := e.Get(&PublicKey{

  348. 		Fingerprint: fingerprint,

  349. 		Type:        KeyTypeUser,

  350. 	})

  351. 	if err != nil {

  352. 		return err

  353. 	} else if has {

  354. 		return ErrKeyAlreadyExist{0, fingerprint, ""}

  355. 	}

  356. 	return nil

  357. }

  358. 

  359. func calcFingerprint(publicKeyContent string) (string, error) {

  360. 	// Calculate fingerprint.

  361. 	tmpPath, err := writeTmpKeyFile(publicKeyContent)

  362. 	if err != nil {

  363. 		return "", err

  364. 	}

  365. 	defer os.Remove(tmpPath)

  366. 	stdout, stderr, err := process.GetManager().Exec("AddPublicKey", "ssh-keygen", "-lf", tmpPath)

  367. 	if err != nil {

  368. 		return "", fmt.Errorf("'ssh-keygen -lf %s' failed with error '%s': %s", tmpPath, err, stderr)

  369. 	} else if len(stdout) < 2 {

  370. 		return "", errors.New("not enough output for calculating fingerprint: " + stdout)

  371. 	}

  372. 	return strings.Split(stdout, " ")[1], nil

  373. }

  374. 

  375. func addKey(e Engine, key *PublicKey) (err error) {

  376. 	if len(key.Fingerprint) <= 0 {

  377. 		key.Fingerprint, err = calcFingerprint(key.Content)

  378. 		if err != nil {

  379. 			return err

  380. 		}

  381. 	}

  382. 

  383. 	// Save SSH key.

  384. 	if _, err = e.Insert(key); err != nil {

  385. 		return err

  386. 	}

  387. 

  388. 	// Don't need to rewrite this file if builtin SSH server is enabled.

  389. 	if setting.SSH.StartBuiltinServer {

  390. 		return nil

  391. 	}

  392. 	return appendAuthorizedKeysToFile(key)

  393. }

  394. 

  395. // AddPublicKey adds new public key to database and authorized_keys file.

  396. func AddPublicKey(ownerID int64, name, content string) (*PublicKey, error) {

  397. 	log.Trace(content)

  398. 

  399. 	fingerprint, err := calcFingerprint(content)

  400. 	if err != nil {

  401. 		return nil, err

  402. 	}

  403. 

  404. 	if err := checkKeyFingerprint(x, fingerprint); err != nil {

  405. 		return nil, err

  406. 	}

  407. 

  408. 	// Key name of same user cannot be duplicated.

  409. 	has, err := x.

  410. 		Where("owner_id = ? AND name = ?", ownerID, name).

  411. 		Get(new(PublicKey))

  412. 	if err != nil {

  413. 		return nil, err

  414. 	} else if has {

  415. 		return nil, ErrKeyNameAlreadyUsed{ownerID, name}

  416. 	}

  417. 

  418. 	sess := x.NewSession()

  419. 	defer sess.Close()

  420. 	if err = sess.Begin(); err != nil {

  421. 		return nil, err

  422. 	}

  423. 

  424. 	key := &PublicKey{

  425. 		OwnerID:     ownerID,

  426. 		Name:        name,

  427. 		Fingerprint: fingerprint,

  428. 		Content:     content,

  429. 		Mode:        AccessModeWrite,

  430. 		Type:        KeyTypeUser,

  431. 	}

  432. 	if err = addKey(sess, key); err != nil {

  433. 		return nil, fmt.Errorf("addKey: %v", err)

  434. 	}

  435. 

  436. 	return key, sess.Commit()

  437. }

  438. 

  439. // GetPublicKeyByID returns public key by given ID.

  440. func GetPublicKeyByID(keyID int64) (*PublicKey, error) {

  441. 	key := new(PublicKey)

  442. 	has, err := x.

  443. 		Id(keyID).

  444. 		Get(key)

  445. 	if err != nil {

  446. 		return nil, err

  447. 	} else if !has {

  448. 		return nil, ErrKeyNotExist{keyID}

  449. 	}

  450. 	return key, nil

  451. }

  452. 

  453. // SearchPublicKeyByContent searches content as prefix (leak e-mail part)

  454. // and returns public key found.

  455. func SearchPublicKeyByContent(content string) (*PublicKey, error) {

  456. 	key := new(PublicKey)

  457. 	has, err := x.

  458. 		Where("content like ?", content+"%").

  459. 		Get(key)

  460. 	if err != nil {

  461. 		return nil, err

  462. 	} else if !has {

  463. 		return nil, ErrKeyNotExist{}

  464. 	}

  465. 	return key, nil

  466. }

  467. 

  468. // ListPublicKeys returns a list of public keys belongs to given user.

  469. func ListPublicKeys(uid int64) ([]*PublicKey, error) {

  470. 	keys := make([]*PublicKey, 0, 5)

  471. 	return keys, x.

  472. 		Where("owner_id = ?", uid).

  473. 		Find(&keys)

  474. }

  475. 

  476. // UpdatePublicKeyUpdated updates public key use time.

  477. func UpdatePublicKeyUpdated(id int64) error {

  478. 	// Check if key exists before update as affected rows count is unreliable

  479. 	//    and will return 0 affected rows if two updates are made at the same time

  480. 	if cnt, err := x.ID(id).Count(&PublicKey{}); err != nil {

  481. 		return err

  482. 	} else if cnt != 1 {

  483. 		return ErrKeyNotExist{id}

  484. 	}

  485. 

  486. 	_, err := x.ID(id).Cols("updated_unix").Update(&PublicKey{

  487. 		UpdatedUnix: time.Now().Unix(),

  488. 	})

  489. 	if err != nil {

  490. 		return err

  491. 	}

  492. 	return nil

  493. }

  494. 

  495. // deletePublicKeys does the actual key deletion but does not update authorized_keys file.

  496. func deletePublicKeys(e *xorm.Session, keyIDs ...int64) error {

  497. 	if len(keyIDs) == 0 {

  498. 		return nil

  499. 	}

  500. 

  501. 	_, err := e.In("id", keyIDs).Delete(new(PublicKey))

  502. 	return err

  503. }

  504. 

  505. // DeletePublicKey deletes SSH key information both in database and authorized_keys file.

  506. func DeletePublicKey(doer *User, id int64) (err error) {

  507. 	key, err := GetPublicKeyByID(id)

  508. 	if err != nil {

  509. 		if IsErrKeyNotExist(err) {

  510. 			return nil

  511. 		}

  512. 		return fmt.Errorf("GetPublicKeyByID: %v", err)

  513. 	}

  514. 

  515. 	// Check if user has access to delete this key.

  516. 	if !doer.IsAdmin && doer.ID != key.OwnerID {

  517. 		return ErrKeyAccessDenied{doer.ID, key.ID, "public"}

  518. 	}

  519. 

  520. 	sess := x.NewSession()

  521. 	defer sess.Close()

  522. 	if err = sess.Begin(); err != nil {

  523. 		return err

  524. 	}

  525. 

  526. 	if err = deletePublicKeys(sess, id); err != nil {

  527. 		return err

  528. 	}

  529. 

  530. 	if err = sess.Commit(); err != nil {

  531. 		return err

  532. 	}

  533. 

  534. 	return RewriteAllPublicKeys()

  535. }

  536. 

  537. // RewriteAllPublicKeys removes any authorized key and rewrite all keys from database again.

  538. // Note: x.Iterate does not get latest data after insert/delete, so we have to call this function

  539. // outside any session scope independently.

  540. func RewriteAllPublicKeys() error {

  541. 	sshOpLocker.Lock()

  542. 	defer sshOpLocker.Unlock()

  543. 

  544. 	fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys")

  545. 	tmpPath := fPath + ".tmp"

  546. 	t, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)

  547. 	if err != nil {

  548. 		return err

  549. 	}

  550. 	defer func() {

  551. 		t.Close()

  552. 		os.Remove(tmpPath)

  553. 	}()

  554. 

  555. 	if setting.SSH.AuthorizedKeysBackup && com.IsExist(fPath) {

  556. 		bakPath := fmt.Sprintf("%s_%d.gitea_bak", fPath, time.Now().Unix())

  557. 		if err = com.Copy(fPath, bakPath); err != nil {

  558. 			return err

  559. 		}

  560. 	}

  561. 

  562. 	err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {

  563. 		_, err = t.WriteString((bean.(*PublicKey)).AuthorizedString())

  564. 		return err

  565. 	})

  566. 	if err != nil {

  567. 		return err

  568. 	}

  569. 

  570. 	if com.IsExist(fPath) {

  571. 		f, err := os.Open(fPath)

  572. 		if err != nil {

  573. 			return err

  574. 		}

  575. 		scanner := bufio.NewScanner(f)

  576. 		for scanner.Scan() {

  577. 			line := scanner.Text()

  578. 			if strings.HasPrefix(line, tplCommentPrefix) {

  579. 				scanner.Scan()

  580. 				continue

  581. 			}

  582. 			_, err = t.WriteString(line + "\n")

  583. 			if err != nil {

  584. 				return err

  585. 			}

  586. 		}

  587. 		defer f.Close()

  588. 	}

  589. 

  590. 	return os.Rename(tmpPath, fPath)

  591. }

  592. 

  593. // ________                .__                 ____  __.

  594. // \______ \   ____ ______ |  |   ____ ___.__.|    |/ _|____ ___.__.

  595. //  |    |  \_/ __ \\____ \|  |  /  _ <   |  ||      <_/ __ <   |  |

  596. //  |    `   \  ___/|  |_> >  |_(  <_> )___  ||    |  \  ___/\___  |

  597. // /_______  /\___  >   __/|____/\____// ____||____|__ \___  > ____|

  598. //         \/     \/|__|               \/             \/   \/\/

  599. 

  600. // DeployKey represents deploy key information and its relation with repository.

  601. type DeployKey struct {

  602. 	ID          int64 `xorm:"pk autoincr"`

  603. 	KeyID       int64 `xorm:"UNIQUE(s) INDEX"`

  604. 	RepoID      int64 `xorm:"UNIQUE(s) INDEX"`

  605. 	Name        string

  606. 	Fingerprint string

  607. 	Content     string `xorm:"-"`

  608. 

  609. 	Created           time.Time `xorm:"-"`

  610. 	CreatedUnix       int64     `xorm:"created"`

  611. 	Updated           time.Time `xorm:"-"`

  612. 	UpdatedUnix       int64     `xorm:"updated"`

  613. 	HasRecentActivity bool      `xorm:"-"`

  614. 	HasUsed           bool      `xorm:"-"`

  615. }

  616. 

  617. // AfterLoad is invoked from XORM after setting the values of all fields of this object.

  618. func (key *DeployKey) AfterLoad() {

  619. 	key.Created = time.Unix(key.CreatedUnix, 0).Local()

  620. 	key.Updated = time.Unix(key.UpdatedUnix, 0).Local()

  621. 	key.HasUsed = key.Updated.After(key.Created)

  622. 	key.HasRecentActivity = key.Updated.Add(7 * 24 * time.Hour).After(time.Now())

  623. }

  624. 

  625. // GetContent gets associated public key content.

  626. func (key *DeployKey) GetContent() error {

  627. 	pkey, err := GetPublicKeyByID(key.KeyID)

  628. 	if err != nil {

  629. 		return err

  630. 	}

  631. 	key.Content = pkey.Content

  632. 	return nil

  633. }

  634. 

  635. func checkDeployKey(e Engine, keyID, repoID int64, name string) error {

  636. 	// Note: We want error detail, not just true or false here.

  637. 	has, err := e.

  638. 		Where("key_id = ? AND repo_id = ?", keyID, repoID).

  639. 		Get(new(DeployKey))

  640. 	if err != nil {

  641. 		return err

  642. 	} else if has {

  643. 		return ErrDeployKeyAlreadyExist{keyID, repoID}

  644. 	}

  645. 

  646. 	has, err = e.

  647. 		Where("repo_id = ? AND name = ?", repoID, name).

  648. 		Get(new(DeployKey))

  649. 	if err != nil {

  650. 		return err

  651. 	} else if has {

  652. 		return ErrDeployKeyNameAlreadyUsed{repoID, name}

  653. 	}

  654. 

  655. 	return nil

  656. }

  657. 

  658. // addDeployKey adds new key-repo relation.

  659. func addDeployKey(e *xorm.Session, keyID, repoID int64, name, fingerprint string) (*DeployKey, error) {

  660. 	if err := checkDeployKey(e, keyID, repoID, name); err != nil {

  661. 		return nil, err

  662. 	}

  663. 

  664. 	key := &DeployKey{

  665. 		KeyID:       keyID,

  666. 		RepoID:      repoID,

  667. 		Name:        name,

  668. 		Fingerprint: fingerprint,

  669. 	}

  670. 	_, err := e.Insert(key)

  671. 	return key, err

  672. }

  673. 

  674. // HasDeployKey returns true if public key is a deploy key of given repository.

  675. func HasDeployKey(keyID, repoID int64) bool {

  676. 	has, _ := x.

  677. 		Where("key_id = ? AND repo_id = ?", keyID, repoID).

  678. 		Get(new(DeployKey))

  679. 	return has

  680. }

  681. 

  682. // AddDeployKey add new deploy key to database and authorized_keys file.

  683. func AddDeployKey(repoID int64, name, content string) (*DeployKey, error) {

  684. 	fingerprint, err := calcFingerprint(content)

  685. 	if err != nil {

  686. 		return nil, err

  687. 	}

  688. 

  689. 	pkey := &PublicKey{

  690. 		Fingerprint: fingerprint,

  691. 		Mode:        AccessModeRead,

  692. 		Type:        KeyTypeDeploy,

  693. 	}

  694. 	has, err := x.Get(pkey)

  695. 	if err != nil {

  696. 		return nil, err

  697. 	}

  698. 

  699. 	sess := x.NewSession()

  700. 	defer sess.Close()

  701. 	if err = sess.Begin(); err != nil {

  702. 		return nil, err

  703. 	}

  704. 

  705. 	// First time use this deploy key.

  706. 	if !has {

  707. 		pkey.Content = content

  708. 		pkey.Name = name

  709. 		if err = addKey(sess, pkey); err != nil {

  710. 			return nil, fmt.Errorf("addKey: %v", err)

  711. 		}

  712. 	}

  713. 

  714. 	key, err := addDeployKey(sess, pkey.ID, repoID, name, pkey.Fingerprint)

  715. 	if err != nil {

  716. 		return nil, fmt.Errorf("addDeployKey: %v", err)

  717. 	}

  718. 

  719. 	return key, sess.Commit()

  720. }

  721. 

  722. // GetDeployKeyByID returns deploy key by given ID.

  723. func GetDeployKeyByID(id int64) (*DeployKey, error) {

  724. 	key := new(DeployKey)

  725. 	has, err := x.ID(id).Get(key)

  726. 	if err != nil {

  727. 		return nil, err

  728. 	} else if !has {

  729. 		return nil, ErrDeployKeyNotExist{id, 0, 0}

  730. 	}

  731. 	return key, nil

  732. }

  733. 

  734. // GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.

  735. func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error) {

  736. 	key := &DeployKey{

  737. 		KeyID:  keyID,

  738. 		RepoID: repoID,

  739. 	}

  740. 	has, err := x.Get(key)

  741. 	if err != nil {

  742. 		return nil, err

  743. 	} else if !has {

  744. 		return nil, ErrDeployKeyNotExist{0, keyID, repoID}

  745. 	}

  746. 	return key, nil

  747. }

  748. 

  749. // UpdateDeployKey updates deploy key information.

  750. func UpdateDeployKey(key *DeployKey) error {

  751. 	_, err := x.ID(key.ID).AllCols().Update(key)

  752. 	return err

  753. }

  754. 

  755. // DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.

  756. func DeleteDeployKey(doer *User, id int64) error {

  757. 	key, err := GetDeployKeyByID(id)

  758. 	if err != nil {

  759. 		if IsErrDeployKeyNotExist(err) {

  760. 			return nil

  761. 		}

  762. 		return fmt.Errorf("GetDeployKeyByID: %v", err)

  763. 	}

  764. 

  765. 	// Check if user has access to delete this key.

  766. 	if !doer.IsAdmin {

  767. 		repo, err := GetRepositoryByID(key.RepoID)

  768. 		if err != nil {

  769. 			return fmt.Errorf("GetRepositoryByID: %v", err)

  770. 		}

  771. 		yes, err := HasAccess(doer.ID, repo, AccessModeAdmin)

  772. 		if err != nil {

  773. 			return fmt.Errorf("HasAccess: %v", err)

  774. 		} else if !yes {

  775. 			return ErrKeyAccessDenied{doer.ID, key.ID, "deploy"}

  776. 		}

  777. 	}

  778. 

  779. 	sess := x.NewSession()

  780. 	defer sess.Close()

  781. 	if err = sess.Begin(); err != nil {

  782. 		return err

  783. 	}

  784. 

  785. 	if _, err = sess.ID(key.ID).Delete(new(DeployKey)); err != nil {

  786. 		return fmt.Errorf("delete deploy key [%d]: %v", key.ID, err)

  787. 	}

  788. 

  789. 	// Check if this is the last reference to same key content.

  790. 	has, err := sess.

  791. 		Where("key_id = ?", key.KeyID).

  792. 		Get(new(DeployKey))

  793. 	if err != nil {

  794. 		return err

  795. 	} else if !has {

  796. 		if err = deletePublicKeys(sess, key.KeyID); err != nil {

  797. 			return err

  798. 		}

  799. 	}

  800. 

  801. 	return sess.Commit()

  802. }

  803. 

  804. // ListDeployKeys returns all deploy keys by given repository ID.

  805. func ListDeployKeys(repoID int64) ([]*DeployKey, error) {

  806. 	keys := make([]*DeployKey, 0, 5)

  807. 	return keys, x.

  808. 		Where("repo_id = ?", repoID).

  809. 		Find(&keys)

  810. }

No Description