Fix perms for http/ssh clone (#288)

This commit is contained in:
Thomas Miceli
2024-05-28 01:30:08 +02:00
committed by GitHub
parent 77d87aeecd
commit 38892d8a4a
12 changed files with 225 additions and 22 deletions

View File

@ -50,11 +50,18 @@ func runGitCommand(ch ssh.Channel, gitCmd string, key string, ip string) error {
// - gist is not found (obfuscation)
// - admin setting to require login is set to true
if verb == "receive-pack" ||
gist.Private == 2 ||
gist.Private == db.PrivateVisibility ||
gist.ID == 0 ||
!allowUnauthenticated {
pubKey, err := db.SSHKeyExistsForUser(key, gist.UserID)
var userToCheckPermissions *db.User
if gist.Private != db.PrivateVisibility && verb == "upload-pack" {
userToCheckPermissions, _ = db.GetUserFromSSHKey(key)
} else {
userToCheckPermissions = &gist.User
}
pubKey, err := db.SSHKeyExistsForUser(key, userToCheckPermissions.ID)
if err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) {
log.Warn().Msg("Invalid SSH authentication attempt from " + ip)

View File

@ -24,8 +24,8 @@ func Start() {
sshConfig := &ssh.ServerConfig{
PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
strKey := strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key)))
_, err := db.SSHKeyDoesExists(strKey)
if err != nil {
exists, err := db.SSHKeyDoesExists(strKey)
if !exists {
if !errors.Is(err, gorm.ErrRecordNotFound) {
return nil, err
}