Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't rewrite non-gitea public keys #906

Merged
merged 2 commits into from
Mar 2, 2017
Merged

Don't rewrite non-gitea public keys #906

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d230fc2
don't rewrite non-gitea public keys
lunny Feb 11, 2017
671781e
add comment for public key
lunny Feb 27, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions models/migrations/migrations.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,8 @@ var migrations = []Migration{
NewMigration("generate and migrate Git hooks", generateAndMigrateGitHooks),
// v20 -> v21
NewMigration("use new avatar path name for security reason", useNewNameAvatars),
// v21 -> v22
NewMigration("rewrite authorized_keys file via new format", useNewPublickeyFormat),
}

// Migrate database to current version
Expand Down
53 changes: 53 additions & 0 deletions models/migrations/v21.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
// Copyright 2017 Gitea. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package migrations

import (
"fmt"
"os"
"path/filepath"

"code.gitea.io/gitea/modules/setting"

"github.com/go-xorm/xorm"
)

const (
tplCommentPrefix = `# gitea public key`
tplPublicKey = tplCommentPrefix + "\n" + `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
)

func useNewPublickeyFormat(x *xorm.Engine) error {
fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
tmpPath := fpath + ".tmp"
f, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
return err
}
defer func() {
f.Close()
os.Remove(tmpPath)
}()

type PublicKey struct {
ID int64
Content string
}

err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this assuming all authorized_keys belong to gitea ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it's an old gitea, of course because every time you add a new public key. it will remove other non-gitea public key.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a new gitea, this will not be executed.

key := bean.(*PublicKey)
_, err = f.WriteString(fmt.Sprintf(tplPublicKey, setting.AppPath, key.ID, setting.CustomConf, key.Content))
return err
})
if err != nil {
return err
}

f.Close()
if err = os.Rename(tmpPath, fpath); err != nil {
return err
}
return nil
}
34 changes: 30 additions & 4 deletions models/ssh_key.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
package models

import (
"bufio"
"encoding/base64"
"encoding/binary"
"errors"
Expand All @@ -28,7 +29,8 @@ import (
)

const (
tplPublicKey = `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
tplCommentPrefix = `# gitea public key`
tplPublicKey = tplCommentPrefix + "\n" + `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
)

var sshOpLocker sync.Mutex
Expand Down Expand Up @@ -553,22 +555,46 @@ func RewriteAllPublicKeys() error {
if err != nil {
return err
}
defer os.Remove(tmpPath)
defer func() {
f.Close()
os.Remove(tmpPath)
}()

err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
_, err = f.WriteString((bean.(*PublicKey)).AuthorizedString())
return err
})
f.Close()
if err != nil {
return err
}

if com.IsExist(fpath) {
if err = os.Remove(fpath); err != nil {
bakPath := fpath + fmt.Sprintf("_%d.gitea_bak", time.Now().Unix())
if err = com.Copy(fpath, bakPath); err != nil {
return err
}

p, err := os.Open(bakPath)
if err != nil {
return err
}
defer p.Close()

scanner := bufio.NewScanner(p)
for scanner.Scan() {
line := scanner.Text()
if strings.HasPrefix(line, tplCommentPrefix) {
scanner.Scan()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will skip every other line no?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will skip always the next line if the current line is the prefix

continue
}
_, err = f.WriteString(line + "\n")
if err != nil {
return err
}
}
}

f.Close()
if err = os.Rename(tmpPath, fpath); err != nil {
return err
}
Expand Down