mirror of
https://github.com/thomiceli/opengist.git
synced 2025-07-09 17:38:04 +02:00
Fix SSH pubkey detection
This commit is contained in:
@ -12,7 +12,6 @@ import (
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"strings"
|
||||
"syscall"
|
||||
)
|
||||
@ -24,7 +23,8 @@ func Start() {
|
||||
|
||||
sshConfig := &ssh.ServerConfig{
|
||||
PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
|
||||
pkey, err := models.GetSSHKeyByContent(strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key))))
|
||||
strKey := strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key)))
|
||||
_, err := models.SSHKeyDoesExists(strKey)
|
||||
if err != nil {
|
||||
if !errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return nil, err
|
||||
@ -33,7 +33,7 @@ func Start() {
|
||||
log.Warn().Msg("Invalid SSH authentication attempt from " + conn.RemoteAddr().String())
|
||||
return nil, errors.New("unknown public key")
|
||||
}
|
||||
return &ssh.Permissions{Extensions: map[string]string{"key-id": strconv.Itoa(int(pkey.ID))}}, nil
|
||||
return &ssh.Permissions{Extensions: map[string]string{"key": strKey}}, nil
|
||||
},
|
||||
}
|
||||
|
||||
@ -71,13 +71,12 @@ func listen(serverConfig *ssh.ServerConfig) {
|
||||
}
|
||||
|
||||
go ssh.DiscardRequests(reqs)
|
||||
keyID, _ := strconv.Atoi(sConn.Permissions.Extensions["key-id"])
|
||||
go handleConnexion(channels, uint(keyID), sConn.RemoteAddr().String())
|
||||
go handleConnexion(channels, sConn.Permissions.Extensions["key"], sConn.RemoteAddr().String())
|
||||
}()
|
||||
}
|
||||
}
|
||||
|
||||
func handleConnexion(channels <-chan ssh.NewChannel, keyID uint, ip string) {
|
||||
func handleConnexion(channels <-chan ssh.NewChannel, key string, ip string) {
|
||||
for channel := range channels {
|
||||
if channel.ChannelType() != "session" {
|
||||
_ = channel.Reject(ssh.UnknownChannelType, "Unknown channel type")
|
||||
@ -109,7 +108,7 @@ func handleConnexion(channels <-chan ssh.NewChannel, keyID uint, ip string) {
|
||||
payloadCmd = payloadCmd[i:]
|
||||
}
|
||||
|
||||
if err = runGitCommand(ch, payloadCmd, keyID, ip); err != nil {
|
||||
if err = runGitCommand(ch, payloadCmd, key, ip); err != nil {
|
||||
_, _ = ch.Stderr().Write([]byte("Opengist: " + err.Error() + "\r\n"))
|
||||
}
|
||||
_, _ = ch.SendRequest("exit-status", false, []byte{0, 0, 0, 0})
|
||||
|
Reference in New Issue
Block a user