2014-03-16 09:24:13 +00:00
|
|
|
// Copyright 2014 The Gogs Authors. All rights reserved.
|
2019-06-16 07:50:46 +00:00
|
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
2014-03-16 09:24:13 +00:00
|
|
|
// Use of this source code is governed by a MIT-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
2021-12-10 08:14:24 +00:00
|
|
|
package asymkey
|
2014-02-17 15:57:23 +00:00
|
|
|
|
|
|
|
import (
|
2021-12-10 08:14:24 +00:00
|
|
|
"context"
|
2014-02-17 15:57:23 +00:00
|
|
|
"fmt"
|
2014-03-16 09:24:13 +00:00
|
|
|
"strings"
|
2014-02-17 15:57:23 +00:00
|
|
|
"time"
|
2014-03-02 20:25:09 +00:00
|
|
|
|
2022-01-02 13:12:35 +00:00
|
|
|
"code.gitea.io/gitea/models/auth"
|
2021-09-19 11:49:59 +00:00
|
|
|
"code.gitea.io/gitea/models/db"
|
2021-11-28 11:58:28 +00:00
|
|
|
"code.gitea.io/gitea/models/perm"
|
2021-11-24 09:49:20 +00:00
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
2016-11-10 16:24:48 +00:00
|
|
|
"code.gitea.io/gitea/modules/log"
|
2019-08-15 14:46:21 +00:00
|
|
|
"code.gitea.io/gitea/modules/timeutil"
|
2020-08-11 20:05:34 +00:00
|
|
|
"code.gitea.io/gitea/modules/util"
|
2014-02-17 15:57:23 +00:00
|
|
|
|
2021-11-17 12:34:35 +00:00
|
|
|
"golang.org/x/crypto/ssh"
|
2021-07-24 10:16:34 +00:00
|
|
|
"xorm.io/builder"
|
2014-03-17 18:03:58 +00:00
|
|
|
)
|
|
|
|
|
2016-11-26 00:36:03 +00:00
|
|
|
// KeyType specifies the key type
|
2015-08-06 14:48:11 +00:00
|
|
|
type KeyType int
|
|
|
|
|
|
|
|
const (
|
2016-11-26 00:36:03 +00:00
|
|
|
// KeyTypeUser specifies the user key
|
2016-11-07 16:53:22 +00:00
|
|
|
KeyTypeUser = iota + 1
|
2016-11-26 00:36:03 +00:00
|
|
|
// KeyTypeDeploy specifies the deploy key
|
2016-11-07 16:53:22 +00:00
|
|
|
KeyTypeDeploy
|
2020-10-11 00:38:09 +00:00
|
|
|
// KeyTypePrincipal specifies the authorized principal key
|
|
|
|
KeyTypePrincipal
|
2015-08-06 14:48:11 +00:00
|
|
|
)
|
|
|
|
|
2016-07-26 02:47:25 +00:00
|
|
|
// PublicKey represents a user or deploy SSH public key.
|
2014-02-17 15:57:23 +00:00
|
|
|
type PublicKey struct {
|
2021-11-28 11:58:28 +00:00
|
|
|
ID int64 `xorm:"pk autoincr"`
|
|
|
|
OwnerID int64 `xorm:"INDEX NOT NULL"`
|
|
|
|
Name string `xorm:"NOT NULL"`
|
|
|
|
Fingerprint string `xorm:"INDEX NOT NULL"`
|
2022-08-22 13:32:28 +00:00
|
|
|
Content string `xorm:"MEDIUMTEXT NOT NULL"`
|
2021-11-28 11:58:28 +00:00
|
|
|
Mode perm.AccessMode `xorm:"NOT NULL DEFAULT 2"`
|
|
|
|
Type KeyType `xorm:"NOT NULL DEFAULT 1"`
|
|
|
|
LoginSourceID int64 `xorm:"NOT NULL DEFAULT 0"`
|
2016-03-10 00:53:30 +00:00
|
|
|
|
2019-08-15 14:46:21 +00:00
|
|
|
CreatedUnix timeutil.TimeStamp `xorm:"created"`
|
|
|
|
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
|
|
|
|
HasRecentActivity bool `xorm:"-"`
|
|
|
|
HasUsed bool `xorm:"-"`
|
2021-12-19 05:37:18 +00:00
|
|
|
Verified bool `xorm:"NOT NULL DEFAULT false"`
|
2015-08-06 14:48:11 +00:00
|
|
|
}
|
|
|
|
|
2021-09-19 11:49:59 +00:00
|
|
|
func init() {
|
|
|
|
db.RegisterModel(new(PublicKey))
|
|
|
|
}
|
|
|
|
|
2017-10-01 16:52:35 +00:00
|
|
|
// AfterLoad is invoked from XORM after setting the values of all fields of this object.
|
|
|
|
func (key *PublicKey) AfterLoad() {
|
2017-12-11 04:37:04 +00:00
|
|
|
key.HasUsed = key.UpdatedUnix > key.CreatedUnix
|
2019-08-15 14:46:21 +00:00
|
|
|
key.HasRecentActivity = key.UpdatedUnix.AddDuration(7*24*time.Hour) > timeutil.TimeStampNow()
|
2014-02-17 15:57:23 +00:00
|
|
|
}
|
|
|
|
|
2016-07-26 02:47:25 +00:00
|
|
|
// OmitEmail returns content of public key without email address.
|
2016-11-26 00:36:03 +00:00
|
|
|
func (key *PublicKey) OmitEmail() string {
|
|
|
|
return strings.Join(strings.Split(key.Content, " ")[:2], " ")
|
2014-11-23 07:33:47 +00:00
|
|
|
}
|
|
|
|
|
2016-07-26 02:47:25 +00:00
|
|
|
// AuthorizedString returns formatted public key string for authorized_keys file.
|
2021-07-24 10:16:34 +00:00
|
|
|
//
|
|
|
|
// TODO: Consider dropping this function
|
2016-07-26 02:47:25 +00:00
|
|
|
func (key *PublicKey) AuthorizedString() string {
|
2021-07-24 10:16:34 +00:00
|
|
|
return AuthorizedStringForKey(key)
|
2019-06-16 07:50:46 +00:00
|
|
|
}
|
|
|
|
|
2022-05-20 14:08:52 +00:00
|
|
|
func addKey(ctx context.Context, key *PublicKey) (err error) {
|
2018-10-20 21:25:14 +00:00
|
|
|
if len(key.Fingerprint) == 0 {
|
2022-06-04 19:18:50 +00:00
|
|
|
key.Fingerprint, err = CalcFingerprint(key.Content)
|
2017-02-14 06:12:52 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2014-03-16 10:16:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Save SSH key.
|
2022-05-20 14:08:52 +00:00
|
|
|
if err = db.Insert(ctx, key); err != nil {
|
2014-03-16 10:16:03 +00:00
|
|
|
return err
|
2015-08-06 14:48:11 +00:00
|
|
|
}
|
2015-12-11 10:02:33 +00:00
|
|
|
|
2016-07-26 02:47:25 +00:00
|
|
|
return appendAuthorizedKeysToFile(key)
|
2015-08-06 14:48:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// AddPublicKey adds new public key to database and authorized_keys file.
|
2022-01-02 13:12:35 +00:00
|
|
|
func AddPublicKey(ownerID int64, name, content string, authSourceID int64) (*PublicKey, error) {
|
2016-02-16 22:01:56 +00:00
|
|
|
log.Trace(content)
|
2017-02-14 06:12:52 +00:00
|
|
|
|
2022-06-04 19:18:50 +00:00
|
|
|
fingerprint, err := CalcFingerprint(content)
|
2017-02-14 06:12:52 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2021-11-21 15:41:00 +00:00
|
|
|
ctx, committer, err := db.TxContext()
|
|
|
|
if err != nil {
|
2019-02-03 23:56:53 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
2021-11-21 15:41:00 +00:00
|
|
|
defer committer.Close()
|
2019-02-03 23:56:53 +00:00
|
|
|
|
2022-05-20 14:08:52 +00:00
|
|
|
if err := checkKeyFingerprint(ctx, fingerprint); err != nil {
|
2015-12-03 05:24:37 +00:00
|
|
|
return nil, err
|
2014-02-17 15:57:23 +00:00
|
|
|
}
|
|
|
|
|
2015-08-06 14:48:11 +00:00
|
|
|
// Key name of same user cannot be duplicated.
|
2022-05-20 14:08:52 +00:00
|
|
|
has, err := db.GetEngine(ctx).
|
2016-11-10 15:16:32 +00:00
|
|
|
Where("owner_id = ? AND name = ?", ownerID, name).
|
|
|
|
Get(new(PublicKey))
|
2015-08-06 14:48:11 +00:00
|
|
|
if err != nil {
|
2015-12-03 05:24:37 +00:00
|
|
|
return nil, err
|
2015-08-06 14:48:11 +00:00
|
|
|
} else if has {
|
2015-12-03 05:24:37 +00:00
|
|
|
return nil, ErrKeyNameAlreadyUsed{ownerID, name}
|
2015-08-06 14:48:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
key := &PublicKey{
|
2018-05-24 04:59:02 +00:00
|
|
|
OwnerID: ownerID,
|
|
|
|
Name: name,
|
|
|
|
Fingerprint: fingerprint,
|
|
|
|
Content: content,
|
2021-11-28 11:58:28 +00:00
|
|
|
Mode: perm.AccessModeWrite,
|
2018-05-24 04:59:02 +00:00
|
|
|
Type: KeyTypeUser,
|
2022-01-02 13:12:35 +00:00
|
|
|
LoginSourceID: authSourceID,
|
2015-08-06 14:48:11 +00:00
|
|
|
}
|
2022-05-20 14:08:52 +00:00
|
|
|
if err = addKey(ctx, key); err != nil {
|
2022-10-24 19:29:17 +00:00
|
|
|
return nil, fmt.Errorf("addKey: %w", err)
|
2015-08-06 14:48:11 +00:00
|
|
|
}
|
|
|
|
|
2021-11-21 15:41:00 +00:00
|
|
|
return key, committer.Commit()
|
2014-02-17 15:57:23 +00:00
|
|
|
}
|
|
|
|
|
2015-08-06 14:48:11 +00:00
|
|
|
// GetPublicKeyByID returns public key by given ID.
|
|
|
|
func GetPublicKeyByID(keyID int64) (*PublicKey, error) {
|
2014-08-09 22:40:10 +00:00
|
|
|
key := new(PublicKey)
|
2021-09-23 15:45:36 +00:00
|
|
|
has, err := db.GetEngine(db.DefaultContext).
|
2020-03-22 15:12:55 +00:00
|
|
|
ID(keyID).
|
2016-11-10 15:16:32 +00:00
|
|
|
Get(key)
|
2014-08-09 22:40:10 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
} else if !has {
|
2015-08-06 14:48:11 +00:00
|
|
|
return nil, ErrKeyNotExist{keyID}
|
2014-08-09 22:40:10 +00:00
|
|
|
}
|
|
|
|
return key, nil
|
|
|
|
}
|
|
|
|
|
2022-05-20 14:08:52 +00:00
|
|
|
// SearchPublicKeyByContent searches content as prefix (leak e-mail part)
|
|
|
|
// and returns public key found.
|
|
|
|
func SearchPublicKeyByContent(ctx context.Context, content string) (*PublicKey, error) {
|
2015-11-08 21:59:56 +00:00
|
|
|
key := new(PublicKey)
|
2022-05-20 14:08:52 +00:00
|
|
|
has, err := db.GetEngine(ctx).
|
2016-11-10 15:16:32 +00:00
|
|
|
Where("content like ?", content+"%").
|
|
|
|
Get(key)
|
2015-11-08 21:59:56 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
} else if !has {
|
|
|
|
return nil, ErrKeyNotExist{}
|
|
|
|
}
|
|
|
|
return key, nil
|
|
|
|
}
|
|
|
|
|
2022-05-20 14:08:52 +00:00
|
|
|
// SearchPublicKeyByContentExact searches content
|
2018-12-27 17:28:48 +00:00
|
|
|
// and returns public key found.
|
2022-05-20 14:08:52 +00:00
|
|
|
func SearchPublicKeyByContentExact(ctx context.Context, content string) (*PublicKey, error) {
|
2020-10-11 00:38:09 +00:00
|
|
|
key := new(PublicKey)
|
2022-05-20 14:08:52 +00:00
|
|
|
has, err := db.GetEngine(ctx).
|
2020-10-11 00:38:09 +00:00
|
|
|
Where("content = ?", content).
|
|
|
|
Get(key)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
} else if !has {
|
|
|
|
return nil, ErrKeyNotExist{}
|
|
|
|
}
|
|
|
|
return key, nil
|
|
|
|
}
|
|
|
|
|
2018-11-01 03:40:49 +00:00
|
|
|
// SearchPublicKey returns a list of public keys matching the provided arguments.
|
|
|
|
func SearchPublicKey(uid int64, fingerprint string) ([]*PublicKey, error) {
|
|
|
|
keys := make([]*PublicKey, 0, 5)
|
|
|
|
cond := builder.NewCond()
|
|
|
|
if uid != 0 {
|
|
|
|
cond = cond.And(builder.Eq{"owner_id": uid})
|
|
|
|
}
|
|
|
|
if fingerprint != "" {
|
|
|
|
cond = cond.And(builder.Eq{"fingerprint": fingerprint})
|
|
|
|
}
|
2021-09-23 15:45:36 +00:00
|
|
|
return keys, db.GetEngine(db.DefaultContext).Where(cond).Find(&keys)
|
2018-11-01 03:40:49 +00:00
|
|
|
}
|
|
|
|
|
2014-11-12 11:48:50 +00:00
|
|
|
// ListPublicKeys returns a list of public keys belongs to given user.
|
2021-09-24 11:32:56 +00:00
|
|
|
func ListPublicKeys(uid int64, listOptions db.ListOptions) ([]*PublicKey, error) {
|
2021-09-23 15:45:36 +00:00
|
|
|
sess := db.GetEngine(db.DefaultContext).Where("owner_id = ? AND type != ?", uid, KeyTypePrincipal)
|
2020-01-24 19:00:29 +00:00
|
|
|
if listOptions.Page != 0 {
|
2021-09-24 11:32:56 +00:00
|
|
|
sess = db.SetSessionPagination(sess, &listOptions)
|
2020-01-24 19:00:29 +00:00
|
|
|
|
|
|
|
keys := make([]*PublicKey, 0, listOptions.PageSize)
|
|
|
|
return keys, sess.Find(&keys)
|
|
|
|
}
|
|
|
|
|
2014-07-26 04:24:27 +00:00
|
|
|
keys := make([]*PublicKey, 0, 5)
|
2020-01-24 19:00:29 +00:00
|
|
|
return keys, sess.Find(&keys)
|
2014-05-07 16:09:30 +00:00
|
|
|
}
|
|
|
|
|
2021-08-12 12:43:08 +00:00
|
|
|
// CountPublicKeys count public keys a user has
|
|
|
|
func CountPublicKeys(userID int64) (int64, error) {
|
2021-09-23 15:45:36 +00:00
|
|
|
sess := db.GetEngine(db.DefaultContext).Where("owner_id = ? AND type != ?", userID, KeyTypePrincipal)
|
2021-08-12 12:43:08 +00:00
|
|
|
return sess.Count(&PublicKey{})
|
|
|
|
}
|
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
// ListPublicKeysBySource returns a list of synchronized public keys for a given user and login source.
|
2022-01-02 13:12:35 +00:00
|
|
|
func ListPublicKeysBySource(uid, authSourceID int64) ([]*PublicKey, error) {
|
2018-05-24 04:59:02 +00:00
|
|
|
keys := make([]*PublicKey, 0, 5)
|
2021-09-23 15:45:36 +00:00
|
|
|
return keys, db.GetEngine(db.DefaultContext).
|
2022-01-02 13:12:35 +00:00
|
|
|
Where("owner_id = ? AND login_source_id = ?", uid, authSourceID).
|
2018-05-24 04:59:02 +00:00
|
|
|
Find(&keys)
|
|
|
|
}
|
|
|
|
|
2017-04-08 00:40:38 +00:00
|
|
|
// UpdatePublicKeyUpdated updates public key use time.
|
|
|
|
func UpdatePublicKeyUpdated(id int64) error {
|
2017-07-20 03:15:10 +00:00
|
|
|
// Check if key exists before update as affected rows count is unreliable
|
|
|
|
// and will return 0 affected rows if two updates are made at the same time
|
2021-09-23 15:45:36 +00:00
|
|
|
if cnt, err := db.GetEngine(db.DefaultContext).ID(id).Count(&PublicKey{}); err != nil {
|
2017-07-20 03:15:10 +00:00
|
|
|
return err
|
|
|
|
} else if cnt != 1 {
|
|
|
|
return ErrKeyNotExist{id}
|
|
|
|
}
|
|
|
|
|
2021-09-23 15:45:36 +00:00
|
|
|
_, err := db.GetEngine(db.DefaultContext).ID(id).Cols("updated_unix").Update(&PublicKey{
|
2019-08-15 14:46:21 +00:00
|
|
|
UpdatedUnix: timeutil.TimeStampNow(),
|
2017-04-08 00:40:38 +00:00
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-12-10 08:14:24 +00:00
|
|
|
// DeletePublicKeys does the actual key deletion but does not update authorized_keys file.
|
|
|
|
func DeletePublicKeys(ctx context.Context, keyIDs ...int64) error {
|
2016-07-26 09:26:48 +00:00
|
|
|
if len(keyIDs) == 0 {
|
2015-08-06 14:48:11 +00:00
|
|
|
return nil
|
2014-03-22 18:27:03 +00:00
|
|
|
}
|
2014-05-06 20:28:52 +00:00
|
|
|
|
2021-12-10 08:14:24 +00:00
|
|
|
_, err := db.GetEngine(ctx).In("id", keyIDs).Delete(new(PublicKey))
|
2016-07-26 09:26:48 +00:00
|
|
|
return err
|
2014-02-17 15:57:23 +00:00
|
|
|
}
|
2014-12-31 18:07:51 +00:00
|
|
|
|
2020-12-26 04:24:47 +00:00
|
|
|
// PublicKeysAreExternallyManaged returns whether the provided KeyID represents an externally managed Key
|
|
|
|
func PublicKeysAreExternallyManaged(keys []*PublicKey) ([]bool, error) {
|
2022-01-02 13:12:35 +00:00
|
|
|
sources := make([]*auth.Source, 0, 5)
|
2020-12-26 04:24:47 +00:00
|
|
|
externals := make([]bool, len(keys))
|
|
|
|
keyloop:
|
|
|
|
for i, key := range keys {
|
|
|
|
if key.LoginSourceID == 0 {
|
|
|
|
externals[i] = false
|
|
|
|
continue keyloop
|
|
|
|
}
|
|
|
|
|
2022-01-02 13:12:35 +00:00
|
|
|
var source *auth.Source
|
2020-12-26 04:24:47 +00:00
|
|
|
|
|
|
|
sourceloop:
|
|
|
|
for _, s := range sources {
|
|
|
|
if s.ID == key.LoginSourceID {
|
|
|
|
source = s
|
|
|
|
break sourceloop
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if source == nil {
|
|
|
|
var err error
|
2022-01-02 13:12:35 +00:00
|
|
|
source, err = auth.GetSourceByID(key.LoginSourceID)
|
2020-12-26 04:24:47 +00:00
|
|
|
if err != nil {
|
2022-01-02 13:12:35 +00:00
|
|
|
if auth.IsErrSourceNotExist(err) {
|
2020-12-26 04:24:47 +00:00
|
|
|
externals[i] = false
|
2022-01-02 13:12:35 +00:00
|
|
|
sources[i] = &auth.Source{
|
2020-12-26 04:24:47 +00:00
|
|
|
ID: key.LoginSourceID,
|
|
|
|
}
|
|
|
|
continue keyloop
|
|
|
|
}
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-01-02 13:12:35 +00:00
|
|
|
if sshKeyProvider, ok := source.Cfg.(auth.SSHKeyProvider); ok && sshKeyProvider.ProvidesSSHKeys() {
|
2020-12-26 04:24:47 +00:00
|
|
|
// Disable setting SSH keys for this user
|
|
|
|
externals[i] = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return externals, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// PublicKeyIsExternallyManaged returns whether the provided KeyID represents an externally managed Key
|
|
|
|
func PublicKeyIsExternallyManaged(id int64) (bool, error) {
|
|
|
|
key, err := GetPublicKeyByID(id)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
if key.LoginSourceID == 0 {
|
|
|
|
return false, nil
|
|
|
|
}
|
2022-01-02 13:12:35 +00:00
|
|
|
source, err := auth.GetSourceByID(key.LoginSourceID)
|
2020-12-26 04:24:47 +00:00
|
|
|
if err != nil {
|
2022-01-02 13:12:35 +00:00
|
|
|
if auth.IsErrSourceNotExist(err) {
|
2020-12-26 04:24:47 +00:00
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
return false, err
|
|
|
|
}
|
2022-01-02 13:12:35 +00:00
|
|
|
if sshKeyProvider, ok := source.Cfg.(auth.SSHKeyProvider); ok && sshKeyProvider.ProvidesSSHKeys() {
|
2020-12-26 04:24:47 +00:00
|
|
|
// Disable setting SSH keys for this user
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
// deleteKeysMarkedForDeletion returns true if ssh keys needs update
|
|
|
|
func deleteKeysMarkedForDeletion(keys []string) (bool, error) {
|
|
|
|
// Start session
|
2021-11-21 15:41:00 +00:00
|
|
|
ctx, committer, err := db.TxContext()
|
|
|
|
if err != nil {
|
2021-07-24 10:16:34 +00:00
|
|
|
return false, err
|
2015-12-03 05:24:37 +00:00
|
|
|
}
|
2021-11-21 15:41:00 +00:00
|
|
|
defer committer.Close()
|
2015-12-03 05:24:37 +00:00
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
// Delete keys marked for deletion
|
|
|
|
var sshKeysNeedUpdate bool
|
|
|
|
for _, KeyToDelete := range keys {
|
2022-05-20 14:08:52 +00:00
|
|
|
key, err := SearchPublicKeyByContent(ctx, KeyToDelete)
|
2015-12-05 22:13:13 +00:00
|
|
|
if err != nil {
|
2021-07-24 10:16:34 +00:00
|
|
|
log.Error("SearchPublicKeyByContent: %v", err)
|
|
|
|
continue
|
2015-08-06 14:48:11 +00:00
|
|
|
}
|
2021-12-10 08:14:24 +00:00
|
|
|
if err = DeletePublicKeys(ctx, key.ID); err != nil {
|
2021-07-24 10:16:34 +00:00
|
|
|
log.Error("deletePublicKeys: %v", err)
|
|
|
|
continue
|
2019-01-09 18:10:46 +00:00
|
|
|
}
|
2021-07-24 10:16:34 +00:00
|
|
|
sshKeysNeedUpdate = true
|
2015-08-06 14:48:11 +00:00
|
|
|
}
|
|
|
|
|
2021-11-21 15:41:00 +00:00
|
|
|
if err := committer.Commit(); err != nil {
|
2021-07-24 10:16:34 +00:00
|
|
|
return false, err
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
return sshKeysNeedUpdate, nil
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
// AddPublicKeysBySource add a users public keys. Returns true if there are changes.
|
2022-01-02 13:12:35 +00:00
|
|
|
func AddPublicKeysBySource(usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool {
|
2021-07-24 10:16:34 +00:00
|
|
|
var sshKeysNeedUpdate bool
|
|
|
|
for _, sshKey := range sshPublicKeys {
|
|
|
|
var err error
|
|
|
|
found := false
|
|
|
|
keys := []byte(sshKey)
|
|
|
|
loop:
|
|
|
|
for len(keys) > 0 && err == nil {
|
|
|
|
var out ssh.PublicKey
|
|
|
|
// We ignore options as they are not relevant to Gitea
|
|
|
|
out, _, _, keys, err = ssh.ParseAuthorizedKey(keys)
|
2020-10-11 00:38:09 +00:00
|
|
|
if err != nil {
|
2021-07-24 10:16:34 +00:00
|
|
|
break loop
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
2021-07-24 10:16:34 +00:00
|
|
|
found = true
|
|
|
|
marshalled := string(ssh.MarshalAuthorizedKey(out))
|
|
|
|
marshalled = marshalled[:len(marshalled)-1]
|
|
|
|
sshKeyName := fmt.Sprintf("%s-%s", s.Name, ssh.FingerprintSHA256(out))
|
|
|
|
|
|
|
|
if _, err := AddPublicKey(usr.ID, sshKeyName, marshalled, s.ID); err != nil {
|
|
|
|
if IsErrKeyAlreadyExist(err) {
|
|
|
|
log.Trace("AddPublicKeysBySource[%s]: Public SSH Key %s already exists for user", sshKeyName, usr.Name)
|
|
|
|
} else {
|
|
|
|
log.Error("AddPublicKeysBySource[%s]: Error adding Public SSH Key for user %s: %v", sshKeyName, usr.Name, err)
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
2021-07-24 10:16:34 +00:00
|
|
|
} else {
|
|
|
|
log.Trace("AddPublicKeysBySource[%s]: Added Public SSH Key for user %s", sshKeyName, usr.Name)
|
|
|
|
sshKeysNeedUpdate = true
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
2021-07-24 10:16:34 +00:00
|
|
|
}
|
|
|
|
if !found && err != nil {
|
|
|
|
log.Warn("AddPublicKeysBySource[%s]: Skipping invalid Public SSH Key for user %s: %v", s.Name, usr.Name, sshKey)
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
|
|
|
}
|
2021-07-24 10:16:34 +00:00
|
|
|
return sshKeysNeedUpdate
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
// SynchronizePublicKeys updates a users public keys. Returns true if there are changes.
|
2022-01-02 13:12:35 +00:00
|
|
|
func SynchronizePublicKeys(usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool {
|
2021-07-24 10:16:34 +00:00
|
|
|
var sshKeysNeedUpdate bool
|
2020-10-11 00:38:09 +00:00
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
log.Trace("synchronizePublicKeys[%s]: Handling Public SSH Key synchronization for user %s", s.Name, usr.Name)
|
2020-10-11 00:38:09 +00:00
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
// Get Public Keys from DB with current LDAP source
|
|
|
|
var giteaKeys []string
|
|
|
|
keys, err := ListPublicKeysBySource(usr.ID, s.ID)
|
|
|
|
if err != nil {
|
|
|
|
log.Error("synchronizePublicKeys[%s]: Error listing Public SSH Keys for user %s: %v", s.Name, usr.Name, err)
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
for _, v := range keys {
|
|
|
|
giteaKeys = append(giteaKeys, v.OmitEmail())
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
// Process the provided keys to remove duplicates and name part
|
|
|
|
var providedKeys []string
|
|
|
|
for _, v := range sshPublicKeys {
|
|
|
|
sshKeySplit := strings.Split(v, " ")
|
|
|
|
if len(sshKeySplit) > 1 {
|
|
|
|
key := strings.Join(sshKeySplit[:2], " ")
|
|
|
|
if !util.ExistsInSlice(key, providedKeys) {
|
|
|
|
providedKeys = append(providedKeys, key)
|
2020-11-28 02:42:08 +00:00
|
|
|
}
|
|
|
|
}
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
// Check if Public Key sync is needed
|
|
|
|
if util.IsEqualSlice(giteaKeys, providedKeys) {
|
|
|
|
log.Trace("synchronizePublicKeys[%s]: Public Keys are already in sync for %s (Source:%v/DB:%v)", s.Name, usr.Name, len(providedKeys), len(giteaKeys))
|
|
|
|
return false
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
2021-07-24 10:16:34 +00:00
|
|
|
log.Trace("synchronizePublicKeys[%s]: Public Key needs update for user %s (Source:%v/DB:%v)", s.Name, usr.Name, len(providedKeys), len(giteaKeys))
|
2020-10-11 00:38:09 +00:00
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
// Add new Public SSH Keys that doesn't already exist in DB
|
|
|
|
var newKeys []string
|
|
|
|
for _, key := range providedKeys {
|
|
|
|
if !util.ExistsInSlice(key, giteaKeys) {
|
|
|
|
newKeys = append(newKeys, key)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if AddPublicKeysBySource(usr, s, newKeys) {
|
|
|
|
sshKeysNeedUpdate = true
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
// Mark keys from DB that no longer exist in the source for deletion
|
|
|
|
var giteaKeysToDelete []string
|
|
|
|
for _, giteaKey := range giteaKeys {
|
|
|
|
if !util.ExistsInSlice(giteaKey, providedKeys) {
|
|
|
|
log.Trace("synchronizePublicKeys[%s]: Marking Public SSH Key for deletion for user %s: %v", s.Name, usr.Name, giteaKey)
|
|
|
|
giteaKeysToDelete = append(giteaKeysToDelete, giteaKey)
|
|
|
|
}
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-07-24 10:16:34 +00:00
|
|
|
// Delete keys from DB that no longer exist in the source
|
|
|
|
needUpd, err := deleteKeysMarkedForDeletion(giteaKeysToDelete)
|
2020-11-28 02:42:08 +00:00
|
|
|
if err != nil {
|
2021-07-24 10:16:34 +00:00
|
|
|
log.Error("synchronizePublicKeys[%s]: Error deleting Public Keys marked for deletion for user %s: %v", s.Name, usr.Name, err)
|
2020-11-28 02:42:08 +00:00
|
|
|
}
|
2021-07-24 10:16:34 +00:00
|
|
|
if needUpd {
|
|
|
|
sshKeysNeedUpdate = true
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|
2021-07-24 10:16:34 +00:00
|
|
|
|
|
|
|
return sshKeysNeedUpdate
|
2020-10-11 00:38:09 +00:00
|
|
|
}
|