2014-03-16 17:24:13 +08:00
|
|
|
// Copyright 2014 The Gogs Authors. All rights reserved.
|
2019-06-16 15:50:46 +08:00
|
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
2022-11-28 02:20:29 +08:00
|
|
|
// SPDX-License-Identifier: MIT
|
2014-03-16 17:24:13 +08:00
|
|
|
|
2021-12-10 16:14:24 +08:00
|
|
|
package asymkey
|
2014-02-17 23:57:23 +08:00
|
|
|
|
|
|
|
import (
|
2021-12-10 16:14:24 +08:00
|
|
|
"context"
|
2014-02-17 23:57:23 +08:00
|
|
|
"fmt"
|
2014-03-16 17:24:13 +08:00
|
|
|
"strings"
|
2014-02-17 23:57:23 +08:00
|
|
|
"time"
|
2014-03-03 04:25:09 +08:00
|
|
|
|
2022-01-02 21:12:35 +08:00
|
|
|
"code.gitea.io/gitea/models/auth"
|
2021-09-19 19:49:59 +08:00
|
|
|
"code.gitea.io/gitea/models/db"
|
2021-11-28 19:58:28 +08:00
|
|
|
"code.gitea.io/gitea/models/perm"
|
2021-11-24 17:49:20 +08:00
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
2016-11-11 00:24:48 +08:00
|
|
|
"code.gitea.io/gitea/modules/log"
|
2019-08-15 22:46:21 +08:00
|
|
|
"code.gitea.io/gitea/modules/timeutil"
|
2020-08-12 04:05:34 +08:00
|
|
|
"code.gitea.io/gitea/modules/util"
|
2014-02-17 23:57:23 +08:00
|
|
|
|
2021-11-17 20:34:35 +08:00
|
|
|
"golang.org/x/crypto/ssh"
|
2021-07-24 18:16:34 +08:00
|
|
|
"xorm.io/builder"
|
2014-03-18 02:03:58 +08:00
|
|
|
)
|
|
|
|
|
2016-11-26 08:36:03 +08:00
|
|
|
// KeyType specifies the key type
|
2015-08-06 22:48:11 +08:00
|
|
|
type KeyType int
|
|
|
|
|
|
|
|
const (
|
2016-11-26 08:36:03 +08:00
|
|
|
// KeyTypeUser specifies the user key
|
2016-11-08 00:53:22 +08:00
|
|
|
KeyTypeUser = iota + 1
|
2016-11-26 08:36:03 +08:00
|
|
|
// KeyTypeDeploy specifies the deploy key
|
2016-11-08 00:53:22 +08:00
|
|
|
KeyTypeDeploy
|
2020-10-11 08:38:09 +08:00
|
|
|
// KeyTypePrincipal specifies the authorized principal key
|
|
|
|
KeyTypePrincipal
|
2015-08-06 22:48:11 +08:00
|
|
|
)
|
|
|
|
|
2016-07-26 10:47:25 +08:00
|
|
|
// PublicKey represents a user or deploy SSH public key.
|
2014-02-17 23:57:23 +08:00
|
|
|
type PublicKey struct {
|
2021-11-28 19:58:28 +08:00
|
|
|
ID int64 `xorm:"pk autoincr"`
|
|
|
|
OwnerID int64 `xorm:"INDEX NOT NULL"`
|
|
|
|
Name string `xorm:"NOT NULL"`
|
|
|
|
Fingerprint string `xorm:"INDEX NOT NULL"`
|
2022-08-22 21:32:28 +08:00
|
|
|
Content string `xorm:"MEDIUMTEXT NOT NULL"`
|
2021-11-28 19:58:28 +08:00
|
|
|
Mode perm.AccessMode `xorm:"NOT NULL DEFAULT 2"`
|
|
|
|
Type KeyType `xorm:"NOT NULL DEFAULT 1"`
|
|
|
|
LoginSourceID int64 `xorm:"NOT NULL DEFAULT 0"`
|
2016-03-10 08:53:30 +08:00
|
|
|
|
2019-08-15 22:46:21 +08:00
|
|
|
CreatedUnix timeutil.TimeStamp `xorm:"created"`
|
|
|
|
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
|
|
|
|
HasRecentActivity bool `xorm:"-"`
|
|
|
|
HasUsed bool `xorm:"-"`
|
2021-12-19 13:37:18 +08:00
|
|
|
Verified bool `xorm:"NOT NULL DEFAULT false"`
|
2015-08-06 22:48:11 +08:00
|
|
|
}
|
|
|
|
|
2021-09-19 19:49:59 +08:00
|
|
|
func init() {
|
|
|
|
db.RegisterModel(new(PublicKey))
|
|
|
|
}
|
|
|
|
|
2017-10-02 00:52:35 +08:00
|
|
|
// AfterLoad is invoked from XORM after setting the values of all fields of this object.
|
|
|
|
func (key *PublicKey) AfterLoad() {
|
2017-12-11 12:37:04 +08:00
|
|
|
key.HasUsed = key.UpdatedUnix > key.CreatedUnix
|
2019-08-15 22:46:21 +08:00
|
|
|
key.HasRecentActivity = key.UpdatedUnix.AddDuration(7*24*time.Hour) > timeutil.TimeStampNow()
|
2014-02-17 23:57:23 +08:00
|
|
|
}
|
|
|
|
|
2016-07-26 10:47:25 +08:00
|
|
|
// OmitEmail returns content of public key without email address.
|
2016-11-26 08:36:03 +08:00
|
|
|
func (key *PublicKey) OmitEmail() string {
|
|
|
|
return strings.Join(strings.Split(key.Content, " ")[:2], " ")
|
2014-11-23 15:33:47 +08:00
|
|
|
}
|
|
|
|
|
2016-07-26 10:47:25 +08:00
|
|
|
// AuthorizedString returns formatted public key string for authorized_keys file.
|
2021-07-24 18:16:34 +08:00
|
|
|
//
|
|
|
|
// TODO: Consider dropping this function
|
2016-07-26 10:47:25 +08:00
|
|
|
func (key *PublicKey) AuthorizedString() string {
|
2021-07-24 18:16:34 +08:00
|
|
|
return AuthorizedStringForKey(key)
|
2019-06-16 15:50:46 +08:00
|
|
|
}
|
|
|
|
|
2022-05-20 22:08:52 +08:00
|
|
|
func addKey(ctx context.Context, key *PublicKey) (err error) {
|
2018-10-21 05:25:14 +08:00
|
|
|
if len(key.Fingerprint) == 0 {
|
2022-06-05 03:18:50 +08:00
|
|
|
key.Fingerprint, err = CalcFingerprint(key.Content)
|
2017-02-14 14:12:52 +08:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2014-03-16 18:16:03 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// Save SSH key.
|
2022-05-20 22:08:52 +08:00
|
|
|
if err = db.Insert(ctx, key); err != nil {
|
2014-03-16 18:16:03 +08:00
|
|
|
return err
|
2015-08-06 22:48:11 +08:00
|
|
|
}
|
2015-12-11 18:02:33 +08:00
|
|
|
|
2016-07-26 10:47:25 +08:00
|
|
|
return appendAuthorizedKeysToFile(key)
|
2015-08-06 22:48:11 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// AddPublicKey adds new public key to database and authorized_keys file.
|
2023-10-11 12:24:07 +08:00
|
|
|
func AddPublicKey(ctx context.Context, ownerID int64, name, content string, authSourceID int64) (*PublicKey, error) {
|
2016-02-17 06:01:56 +08:00
|
|
|
log.Trace(content)
|
2017-02-14 14:12:52 +08:00
|
|
|
|
2022-06-05 03:18:50 +08:00
|
|
|
fingerprint, err := CalcFingerprint(content)
|
2017-02-14 14:12:52 +08:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-10-11 12:24:07 +08:00
|
|
|
ctx, committer, err := db.TxContext(ctx)
|
2021-11-21 23:41:00 +08:00
|
|
|
if err != nil {
|
2019-02-04 07:56:53 +08:00
|
|
|
return nil, err
|
|
|
|
}
|
2021-11-21 23:41:00 +08:00
|
|
|
defer committer.Close()
|
2019-02-04 07:56:53 +08:00
|
|
|
|
2022-05-20 22:08:52 +08:00
|
|
|
if err := checkKeyFingerprint(ctx, fingerprint); err != nil {
|
2015-12-03 13:24:37 +08:00
|
|
|
return nil, err
|
2014-02-17 23:57:23 +08:00
|
|
|
}
|
|
|
|
|
2015-08-06 22:48:11 +08:00
|
|
|
// Key name of same user cannot be duplicated.
|
2022-05-20 22:08:52 +08:00
|
|
|
has, err := db.GetEngine(ctx).
|
2016-11-10 23:16:32 +08:00
|
|
|
Where("owner_id = ? AND name = ?", ownerID, name).
|
|
|
|
Get(new(PublicKey))
|
2015-08-06 22:48:11 +08:00
|
|
|
if err != nil {
|
2015-12-03 13:24:37 +08:00
|
|
|
return nil, err
|
2015-08-06 22:48:11 +08:00
|
|
|
} else if has {
|
2015-12-03 13:24:37 +08:00
|
|
|
return nil, ErrKeyNameAlreadyUsed{ownerID, name}
|
2015-08-06 22:48:11 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
key := &PublicKey{
|
2018-05-24 12:59:02 +08:00
|
|
|
OwnerID: ownerID,
|
|
|
|
Name: name,
|
|
|
|
Fingerprint: fingerprint,
|
|
|
|
Content: content,
|
2021-11-28 19:58:28 +08:00
|
|
|
Mode: perm.AccessModeWrite,
|
2018-05-24 12:59:02 +08:00
|
|
|
Type: KeyTypeUser,
|
2022-01-02 21:12:35 +08:00
|
|
|
LoginSourceID: authSourceID,
|
2015-08-06 22:48:11 +08:00
|
|
|
}
|
2022-05-20 22:08:52 +08:00
|
|
|
if err = addKey(ctx, key); err != nil {
|
2022-10-25 03:29:17 +08:00
|
|
|
return nil, fmt.Errorf("addKey: %w", err)
|
2015-08-06 22:48:11 +08:00
|
|
|
}
|
|
|
|
|
2021-11-21 23:41:00 +08:00
|
|
|
return key, committer.Commit()
|
2014-02-17 23:57:23 +08:00
|
|
|
}
|
|
|
|
|
2015-08-06 22:48:11 +08:00
|
|
|
// GetPublicKeyByID returns public key by given ID.
|
2023-10-11 12:24:07 +08:00
|
|
|
func GetPublicKeyByID(ctx context.Context, keyID int64) (*PublicKey, error) {
|
2014-08-10 06:40:10 +08:00
|
|
|
key := new(PublicKey)
|
2023-10-11 12:24:07 +08:00
|
|
|
has, err := db.GetEngine(ctx).
|
2020-03-22 23:12:55 +08:00
|
|
|
ID(keyID).
|
2016-11-10 23:16:32 +08:00
|
|
|
Get(key)
|
2014-08-10 06:40:10 +08:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
} else if !has {
|
2015-08-06 22:48:11 +08:00
|
|
|
return nil, ErrKeyNotExist{keyID}
|
2014-08-10 06:40:10 +08:00
|
|
|
}
|
|
|
|
return key, nil
|
|
|
|
}
|
|
|
|
|
2022-05-20 22:08:52 +08:00
|
|
|
// SearchPublicKeyByContent searches content as prefix (leak e-mail part)
|
|
|
|
// and returns public key found.
|
|
|
|
func SearchPublicKeyByContent(ctx context.Context, content string) (*PublicKey, error) {
|
2015-11-09 05:59:56 +08:00
|
|
|
key := new(PublicKey)
|
2022-05-20 22:08:52 +08:00
|
|
|
has, err := db.GetEngine(ctx).
|
2016-11-10 23:16:32 +08:00
|
|
|
Where("content like ?", content+"%").
|
|
|
|
Get(key)
|
2015-11-09 05:59:56 +08:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
} else if !has {
|
|
|
|
return nil, ErrKeyNotExist{}
|
|
|
|
}
|
|
|
|
return key, nil
|
|
|
|
}
|
|
|
|
|
2022-05-20 22:08:52 +08:00
|
|
|
// SearchPublicKeyByContentExact searches content
|
2018-12-28 01:28:48 +08:00
|
|
|
// and returns public key found.
|
2022-05-20 22:08:52 +08:00
|
|
|
func SearchPublicKeyByContentExact(ctx context.Context, content string) (*PublicKey, error) {
|
2020-10-11 08:38:09 +08:00
|
|
|
key := new(PublicKey)
|
2022-05-20 22:08:52 +08:00
|
|
|
has, err := db.GetEngine(ctx).
|
2020-10-11 08:38:09 +08:00
|
|
|
Where("content = ?", content).
|
|
|
|
Get(key)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
} else if !has {
|
|
|
|
return nil, ErrKeyNotExist{}
|
|
|
|
}
|
|
|
|
return key, nil
|
|
|
|
}
|
|
|
|
|
2023-11-24 11:49:41 +08:00
|
|
|
type FindPublicKeyOptions struct {
|
|
|
|
db.ListOptions
|
|
|
|
OwnerID int64
|
|
|
|
Fingerprint string
|
|
|
|
KeyTypes []KeyType
|
|
|
|
NotKeytype KeyType
|
|
|
|
LoginSourceID int64
|
|
|
|
}
|
|
|
|
|
|
|
|
func (opts FindPublicKeyOptions) ToConds() builder.Cond {
|
2018-11-01 11:40:49 +08:00
|
|
|
cond := builder.NewCond()
|
2023-11-24 11:49:41 +08:00
|
|
|
if opts.OwnerID > 0 {
|
|
|
|
cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
|
2018-11-01 11:40:49 +08:00
|
|
|
}
|
2023-11-24 11:49:41 +08:00
|
|
|
if opts.Fingerprint != "" {
|
|
|
|
cond = cond.And(builder.Eq{"fingerprint": opts.Fingerprint})
|
2018-11-01 11:40:49 +08:00
|
|
|
}
|
2023-11-24 11:49:41 +08:00
|
|
|
if len(opts.KeyTypes) > 0 {
|
|
|
|
cond = cond.And(builder.In("type", opts.KeyTypes))
|
2020-01-25 03:00:29 +08:00
|
|
|
}
|
2023-11-24 11:49:41 +08:00
|
|
|
if opts.NotKeytype > 0 {
|
|
|
|
cond = cond.And(builder.Neq{"type": opts.NotKeytype})
|
|
|
|
}
|
|
|
|
if opts.LoginSourceID > 0 {
|
|
|
|
cond = cond.And(builder.Eq{"login_source_id": opts.LoginSourceID})
|
|
|
|
}
|
|
|
|
return cond
|
2018-05-24 12:59:02 +08:00
|
|
|
}
|
|
|
|
|
2017-04-08 08:40:38 +08:00
|
|
|
// UpdatePublicKeyUpdated updates public key use time.
|
2023-10-11 12:24:07 +08:00
|
|
|
func UpdatePublicKeyUpdated(ctx context.Context, id int64) error {
|
2017-07-20 11:15:10 +08:00
|
|
|
// Check if key exists before update as affected rows count is unreliable
|
|
|
|
// and will return 0 affected rows if two updates are made at the same time
|
2023-10-11 12:24:07 +08:00
|
|
|
if cnt, err := db.GetEngine(ctx).ID(id).Count(&PublicKey{}); err != nil {
|
2017-07-20 11:15:10 +08:00
|
|
|
return err
|
|
|
|
} else if cnt != 1 {
|
|
|
|
return ErrKeyNotExist{id}
|
|
|
|
}
|
|
|
|
|
2023-10-11 12:24:07 +08:00
|
|
|
_, err := db.GetEngine(ctx).ID(id).Cols("updated_unix").Update(&PublicKey{
|
2019-08-15 22:46:21 +08:00
|
|
|
UpdatedUnix: timeutil.TimeStampNow(),
|
2017-04-08 08:40:38 +08:00
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-12-10 16:14:24 +08:00
|
|
|
// DeletePublicKeys does the actual key deletion but does not update authorized_keys file.
|
|
|
|
func DeletePublicKeys(ctx context.Context, keyIDs ...int64) error {
|
2016-07-26 17:26:48 +08:00
|
|
|
if len(keyIDs) == 0 {
|
2015-08-06 22:48:11 +08:00
|
|
|
return nil
|
2014-03-23 02:27:03 +08:00
|
|
|
}
|
2014-05-07 04:28:52 +08:00
|
|
|
|
2021-12-10 16:14:24 +08:00
|
|
|
_, err := db.GetEngine(ctx).In("id", keyIDs).Delete(new(PublicKey))
|
2016-07-26 17:26:48 +08:00
|
|
|
return err
|
2014-02-17 23:57:23 +08:00
|
|
|
}
|
2015-01-01 02:07:51 +08:00
|
|
|
|
2020-12-26 12:24:47 +08:00
|
|
|
// PublicKeysAreExternallyManaged returns whether the provided KeyID represents an externally managed Key
|
2023-10-11 12:24:07 +08:00
|
|
|
func PublicKeysAreExternallyManaged(ctx context.Context, keys []*PublicKey) ([]bool, error) {
|
2022-01-02 21:12:35 +08:00
|
|
|
sources := make([]*auth.Source, 0, 5)
|
2020-12-26 12:24:47 +08:00
|
|
|
externals := make([]bool, len(keys))
|
|
|
|
keyloop:
|
|
|
|
for i, key := range keys {
|
|
|
|
if key.LoginSourceID == 0 {
|
|
|
|
externals[i] = false
|
|
|
|
continue keyloop
|
|
|
|
}
|
|
|
|
|
2022-01-02 21:12:35 +08:00
|
|
|
var source *auth.Source
|
2020-12-26 12:24:47 +08:00
|
|
|
|
|
|
|
sourceloop:
|
|
|
|
for _, s := range sources {
|
|
|
|
if s.ID == key.LoginSourceID {
|
|
|
|
source = s
|
|
|
|
break sourceloop
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if source == nil {
|
|
|
|
var err error
|
2023-10-11 12:24:07 +08:00
|
|
|
source, err = auth.GetSourceByID(ctx, key.LoginSourceID)
|
2020-12-26 12:24:47 +08:00
|
|
|
if err != nil {
|
2022-01-02 21:12:35 +08:00
|
|
|
if auth.IsErrSourceNotExist(err) {
|
2020-12-26 12:24:47 +08:00
|
|
|
externals[i] = false
|
2022-01-02 21:12:35 +08:00
|
|
|
sources[i] = &auth.Source{
|
2020-12-26 12:24:47 +08:00
|
|
|
ID: key.LoginSourceID,
|
|
|
|
}
|
|
|
|
continue keyloop
|
|
|
|
}
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-01-02 21:12:35 +08:00
|
|
|
if sshKeyProvider, ok := source.Cfg.(auth.SSHKeyProvider); ok && sshKeyProvider.ProvidesSSHKeys() {
|
2020-12-26 12:24:47 +08:00
|
|
|
// Disable setting SSH keys for this user
|
|
|
|
externals[i] = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return externals, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// PublicKeyIsExternallyManaged returns whether the provided KeyID represents an externally managed Key
|
2023-10-11 12:24:07 +08:00
|
|
|
func PublicKeyIsExternallyManaged(ctx context.Context, id int64) (bool, error) {
|
|
|
|
key, err := GetPublicKeyByID(ctx, id)
|
2020-12-26 12:24:47 +08:00
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
if key.LoginSourceID == 0 {
|
|
|
|
return false, nil
|
|
|
|
}
|
2023-10-11 12:24:07 +08:00
|
|
|
source, err := auth.GetSourceByID(ctx, key.LoginSourceID)
|
2020-12-26 12:24:47 +08:00
|
|
|
if err != nil {
|
2022-01-02 21:12:35 +08:00
|
|
|
if auth.IsErrSourceNotExist(err) {
|
2020-12-26 12:24:47 +08:00
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
return false, err
|
|
|
|
}
|
2022-01-02 21:12:35 +08:00
|
|
|
if sshKeyProvider, ok := source.Cfg.(auth.SSHKeyProvider); ok && sshKeyProvider.ProvidesSSHKeys() {
|
2020-12-26 12:24:47 +08:00
|
|
|
// Disable setting SSH keys for this user
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
// deleteKeysMarkedForDeletion returns true if ssh keys needs update
|
2023-10-11 12:24:07 +08:00
|
|
|
func deleteKeysMarkedForDeletion(ctx context.Context, keys []string) (bool, error) {
|
2021-07-24 18:16:34 +08:00
|
|
|
// Start session
|
2023-10-11 12:24:07 +08:00
|
|
|
ctx, committer, err := db.TxContext(ctx)
|
2021-11-21 23:41:00 +08:00
|
|
|
if err != nil {
|
2021-07-24 18:16:34 +08:00
|
|
|
return false, err
|
2015-12-03 13:24:37 +08:00
|
|
|
}
|
2021-11-21 23:41:00 +08:00
|
|
|
defer committer.Close()
|
2015-12-03 13:24:37 +08:00
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
// Delete keys marked for deletion
|
|
|
|
var sshKeysNeedUpdate bool
|
|
|
|
for _, KeyToDelete := range keys {
|
2022-05-20 22:08:52 +08:00
|
|
|
key, err := SearchPublicKeyByContent(ctx, KeyToDelete)
|
2015-12-06 06:13:13 +08:00
|
|
|
if err != nil {
|
2021-07-24 18:16:34 +08:00
|
|
|
log.Error("SearchPublicKeyByContent: %v", err)
|
|
|
|
continue
|
2015-08-06 22:48:11 +08:00
|
|
|
}
|
2021-12-10 16:14:24 +08:00
|
|
|
if err = DeletePublicKeys(ctx, key.ID); err != nil {
|
2021-07-24 18:16:34 +08:00
|
|
|
log.Error("deletePublicKeys: %v", err)
|
|
|
|
continue
|
2019-01-10 02:10:46 +08:00
|
|
|
}
|
2021-07-24 18:16:34 +08:00
|
|
|
sshKeysNeedUpdate = true
|
2015-08-06 22:48:11 +08:00
|
|
|
}
|
|
|
|
|
2021-11-21 23:41:00 +08:00
|
|
|
if err := committer.Commit(); err != nil {
|
2021-07-24 18:16:34 +08:00
|
|
|
return false, err
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
return sshKeysNeedUpdate, nil
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
// AddPublicKeysBySource add a users public keys. Returns true if there are changes.
|
2023-10-11 12:24:07 +08:00
|
|
|
func AddPublicKeysBySource(ctx context.Context, usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool {
|
2021-07-24 18:16:34 +08:00
|
|
|
var sshKeysNeedUpdate bool
|
|
|
|
for _, sshKey := range sshPublicKeys {
|
|
|
|
var err error
|
|
|
|
found := false
|
|
|
|
keys := []byte(sshKey)
|
|
|
|
loop:
|
|
|
|
for len(keys) > 0 && err == nil {
|
|
|
|
var out ssh.PublicKey
|
|
|
|
// We ignore options as they are not relevant to Gitea
|
|
|
|
out, _, _, keys, err = ssh.ParseAuthorizedKey(keys)
|
2020-10-11 08:38:09 +08:00
|
|
|
if err != nil {
|
2021-07-24 18:16:34 +08:00
|
|
|
break loop
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
2021-07-24 18:16:34 +08:00
|
|
|
found = true
|
|
|
|
marshalled := string(ssh.MarshalAuthorizedKey(out))
|
|
|
|
marshalled = marshalled[:len(marshalled)-1]
|
|
|
|
sshKeyName := fmt.Sprintf("%s-%s", s.Name, ssh.FingerprintSHA256(out))
|
|
|
|
|
2023-10-11 12:24:07 +08:00
|
|
|
if _, err := AddPublicKey(ctx, usr.ID, sshKeyName, marshalled, s.ID); err != nil {
|
2021-07-24 18:16:34 +08:00
|
|
|
if IsErrKeyAlreadyExist(err) {
|
|
|
|
log.Trace("AddPublicKeysBySource[%s]: Public SSH Key %s already exists for user", sshKeyName, usr.Name)
|
|
|
|
} else {
|
|
|
|
log.Error("AddPublicKeysBySource[%s]: Error adding Public SSH Key for user %s: %v", sshKeyName, usr.Name, err)
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
2021-07-24 18:16:34 +08:00
|
|
|
} else {
|
|
|
|
log.Trace("AddPublicKeysBySource[%s]: Added Public SSH Key for user %s", sshKeyName, usr.Name)
|
|
|
|
sshKeysNeedUpdate = true
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
2021-07-24 18:16:34 +08:00
|
|
|
}
|
|
|
|
if !found && err != nil {
|
|
|
|
log.Warn("AddPublicKeysBySource[%s]: Skipping invalid Public SSH Key for user %s: %v", s.Name, usr.Name, sshKey)
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
|
|
|
}
|
2021-07-24 18:16:34 +08:00
|
|
|
return sshKeysNeedUpdate
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
// SynchronizePublicKeys updates a users public keys. Returns true if there are changes.
|
2023-10-11 12:24:07 +08:00
|
|
|
func SynchronizePublicKeys(ctx context.Context, usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool {
|
2021-07-24 18:16:34 +08:00
|
|
|
var sshKeysNeedUpdate bool
|
2020-10-11 08:38:09 +08:00
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
log.Trace("synchronizePublicKeys[%s]: Handling Public SSH Key synchronization for user %s", s.Name, usr.Name)
|
2020-10-11 08:38:09 +08:00
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
// Get Public Keys from DB with current LDAP source
|
|
|
|
var giteaKeys []string
|
2023-11-24 11:49:41 +08:00
|
|
|
keys, err := db.Find[PublicKey](ctx, FindPublicKeyOptions{
|
|
|
|
OwnerID: usr.ID,
|
|
|
|
LoginSourceID: s.ID,
|
|
|
|
})
|
2021-07-24 18:16:34 +08:00
|
|
|
if err != nil {
|
|
|
|
log.Error("synchronizePublicKeys[%s]: Error listing Public SSH Keys for user %s: %v", s.Name, usr.Name, err)
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
for _, v := range keys {
|
|
|
|
giteaKeys = append(giteaKeys, v.OmitEmail())
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
// Process the provided keys to remove duplicates and name part
|
|
|
|
var providedKeys []string
|
|
|
|
for _, v := range sshPublicKeys {
|
|
|
|
sshKeySplit := strings.Split(v, " ")
|
|
|
|
if len(sshKeySplit) > 1 {
|
|
|
|
key := strings.Join(sshKeySplit[:2], " ")
|
Improve utils of slices (#22379)
- Move the file `compare.go` and `slice.go` to `slice.go`.
- Fix `ExistsInSlice`, it's buggy
- It uses `sort.Search`, so it assumes that the input slice is sorted.
- It passes `func(i int) bool { return slice[i] == target })` to
`sort.Search`, that's incorrect, check the doc of `sort.Search`.
- Conbine `IsInt64InSlice(int64, []int64)` and `ExistsInSlice(string,
[]string)` to `SliceContains[T]([]T, T)`.
- Conbine `IsSliceInt64Eq([]int64, []int64)` and `IsEqualSlice([]string,
[]string)` to `SliceSortedEqual[T]([]T, T)`.
- Add `SliceEqual[T]([]T, T)` as a distinction from
`SliceSortedEqual[T]([]T, T)`.
- Redesign `RemoveIDFromList([]int64, int64) ([]int64, bool)` to
`SliceRemoveAll[T]([]T, T) []T`.
- Add `SliceContainsFunc[T]([]T, func(T) bool)` and
`SliceRemoveAllFunc[T]([]T, func(T) bool)` for general use.
- Add comments to explain why not `golang.org/x/exp/slices`.
- Add unit tests.
2023-01-11 13:31:16 +08:00
|
|
|
if !util.SliceContainsString(providedKeys, key) {
|
2021-07-24 18:16:34 +08:00
|
|
|
providedKeys = append(providedKeys, key)
|
2020-11-28 10:42:08 +08:00
|
|
|
}
|
|
|
|
}
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
// Check if Public Key sync is needed
|
Improve utils of slices (#22379)
- Move the file `compare.go` and `slice.go` to `slice.go`.
- Fix `ExistsInSlice`, it's buggy
- It uses `sort.Search`, so it assumes that the input slice is sorted.
- It passes `func(i int) bool { return slice[i] == target })` to
`sort.Search`, that's incorrect, check the doc of `sort.Search`.
- Conbine `IsInt64InSlice(int64, []int64)` and `ExistsInSlice(string,
[]string)` to `SliceContains[T]([]T, T)`.
- Conbine `IsSliceInt64Eq([]int64, []int64)` and `IsEqualSlice([]string,
[]string)` to `SliceSortedEqual[T]([]T, T)`.
- Add `SliceEqual[T]([]T, T)` as a distinction from
`SliceSortedEqual[T]([]T, T)`.
- Redesign `RemoveIDFromList([]int64, int64) ([]int64, bool)` to
`SliceRemoveAll[T]([]T, T) []T`.
- Add `SliceContainsFunc[T]([]T, func(T) bool)` and
`SliceRemoveAllFunc[T]([]T, func(T) bool)` for general use.
- Add comments to explain why not `golang.org/x/exp/slices`.
- Add unit tests.
2023-01-11 13:31:16 +08:00
|
|
|
if util.SliceSortedEqual(giteaKeys, providedKeys) {
|
2021-07-24 18:16:34 +08:00
|
|
|
log.Trace("synchronizePublicKeys[%s]: Public Keys are already in sync for %s (Source:%v/DB:%v)", s.Name, usr.Name, len(providedKeys), len(giteaKeys))
|
|
|
|
return false
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
2021-07-24 18:16:34 +08:00
|
|
|
log.Trace("synchronizePublicKeys[%s]: Public Key needs update for user %s (Source:%v/DB:%v)", s.Name, usr.Name, len(providedKeys), len(giteaKeys))
|
2020-10-11 08:38:09 +08:00
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
// Add new Public SSH Keys that doesn't already exist in DB
|
|
|
|
var newKeys []string
|
|
|
|
for _, key := range providedKeys {
|
Improve utils of slices (#22379)
- Move the file `compare.go` and `slice.go` to `slice.go`.
- Fix `ExistsInSlice`, it's buggy
- It uses `sort.Search`, so it assumes that the input slice is sorted.
- It passes `func(i int) bool { return slice[i] == target })` to
`sort.Search`, that's incorrect, check the doc of `sort.Search`.
- Conbine `IsInt64InSlice(int64, []int64)` and `ExistsInSlice(string,
[]string)` to `SliceContains[T]([]T, T)`.
- Conbine `IsSliceInt64Eq([]int64, []int64)` and `IsEqualSlice([]string,
[]string)` to `SliceSortedEqual[T]([]T, T)`.
- Add `SliceEqual[T]([]T, T)` as a distinction from
`SliceSortedEqual[T]([]T, T)`.
- Redesign `RemoveIDFromList([]int64, int64) ([]int64, bool)` to
`SliceRemoveAll[T]([]T, T) []T`.
- Add `SliceContainsFunc[T]([]T, func(T) bool)` and
`SliceRemoveAllFunc[T]([]T, func(T) bool)` for general use.
- Add comments to explain why not `golang.org/x/exp/slices`.
- Add unit tests.
2023-01-11 13:31:16 +08:00
|
|
|
if !util.SliceContainsString(giteaKeys, key) {
|
2021-07-24 18:16:34 +08:00
|
|
|
newKeys = append(newKeys, key)
|
|
|
|
}
|
|
|
|
}
|
2023-10-11 12:24:07 +08:00
|
|
|
if AddPublicKeysBySource(ctx, usr, s, newKeys) {
|
2021-07-24 18:16:34 +08:00
|
|
|
sshKeysNeedUpdate = true
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
// Mark keys from DB that no longer exist in the source for deletion
|
|
|
|
var giteaKeysToDelete []string
|
|
|
|
for _, giteaKey := range giteaKeys {
|
Improve utils of slices (#22379)
- Move the file `compare.go` and `slice.go` to `slice.go`.
- Fix `ExistsInSlice`, it's buggy
- It uses `sort.Search`, so it assumes that the input slice is sorted.
- It passes `func(i int) bool { return slice[i] == target })` to
`sort.Search`, that's incorrect, check the doc of `sort.Search`.
- Conbine `IsInt64InSlice(int64, []int64)` and `ExistsInSlice(string,
[]string)` to `SliceContains[T]([]T, T)`.
- Conbine `IsSliceInt64Eq([]int64, []int64)` and `IsEqualSlice([]string,
[]string)` to `SliceSortedEqual[T]([]T, T)`.
- Add `SliceEqual[T]([]T, T)` as a distinction from
`SliceSortedEqual[T]([]T, T)`.
- Redesign `RemoveIDFromList([]int64, int64) ([]int64, bool)` to
`SliceRemoveAll[T]([]T, T) []T`.
- Add `SliceContainsFunc[T]([]T, func(T) bool)` and
`SliceRemoveAllFunc[T]([]T, func(T) bool)` for general use.
- Add comments to explain why not `golang.org/x/exp/slices`.
- Add unit tests.
2023-01-11 13:31:16 +08:00
|
|
|
if !util.SliceContainsString(providedKeys, giteaKey) {
|
2021-07-24 18:16:34 +08:00
|
|
|
log.Trace("synchronizePublicKeys[%s]: Marking Public SSH Key for deletion for user %s: %v", s.Name, usr.Name, giteaKey)
|
|
|
|
giteaKeysToDelete = append(giteaKeysToDelete, giteaKey)
|
|
|
|
}
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
|
|
|
|
2021-07-24 18:16:34 +08:00
|
|
|
// Delete keys from DB that no longer exist in the source
|
2023-10-11 12:24:07 +08:00
|
|
|
needUpd, err := deleteKeysMarkedForDeletion(ctx, giteaKeysToDelete)
|
2020-11-28 10:42:08 +08:00
|
|
|
if err != nil {
|
2021-07-24 18:16:34 +08:00
|
|
|
log.Error("synchronizePublicKeys[%s]: Error deleting Public Keys marked for deletion for user %s: %v", s.Name, usr.Name, err)
|
2020-11-28 10:42:08 +08:00
|
|
|
}
|
2021-07-24 18:16:34 +08:00
|
|
|
if needUpd {
|
|
|
|
sshKeysNeedUpdate = true
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|
2021-07-24 18:16:34 +08:00
|
|
|
|
|
|
|
return sshKeysNeedUpdate
|
2020-10-11 08:38:09 +08:00
|
|
|
}
|