2014-03-16 13:24:13 +04:00
// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2014-02-17 19:57:23 +04:00
package models
import (
2014-03-16 13:24:13 +04:00
"bufio"
2014-03-16 13:48:20 +04:00
"errors"
2014-02-17 19:57:23 +04:00
"fmt"
2014-03-16 13:24:13 +04:00
"io"
2014-02-17 19:57:23 +04:00
"os"
2014-02-25 12:13:47 +04:00
"os/exec"
2014-03-16 14:16:03 +04:00
"path"
2014-02-17 19:57:23 +04:00
"path/filepath"
2014-03-16 13:24:13 +04:00
"strings"
"sync"
2014-02-17 19:57:23 +04:00
"time"
2014-03-03 00:25:09 +04:00
"github.com/Unknwon/com"
2014-02-17 19:57:23 +04:00
)
var (
2014-03-16 13:24:13 +04:00
sshOpLocker = sync . Mutex { }
2014-02-25 14:58:55 +04:00
//publicKeyRootPath string
2014-03-16 13:24:13 +04:00
sshPath string
appPath string
// "### autogenerated by gitgos, DO NOT EDIT\n"
tmplPublicKey = "command=\"%s serv key-%d\",no-port-forwarding," +
2014-02-25 12:13:47 +04:00
"no-X11-forwarding,no-agent-forwarding,no-pty %s\n"
2014-02-17 19:57:23 +04:00
)
2014-02-25 12:13:47 +04:00
func exePath ( ) ( string , error ) {
file , err := exec . LookPath ( os . Args [ 0 ] )
if err != nil {
return "" , err
}
return filepath . Abs ( file )
}
2014-02-25 14:58:55 +04:00
func homeDir ( ) string {
2014-03-03 00:25:09 +04:00
home , err := com . HomeDir ( )
2014-02-25 14:58:55 +04:00
if err != nil {
return "/"
}
2014-03-03 00:25:09 +04:00
return home
2014-02-25 14:58:55 +04:00
}
2014-02-25 12:13:47 +04:00
func init ( ) {
var err error
appPath , err = exePath ( )
if err != nil {
println ( err . Error ( ) )
os . Exit ( 2 )
}
2014-02-25 14:58:55 +04:00
sshPath = filepath . Join ( homeDir ( ) , ".ssh" )
2014-02-25 12:13:47 +04:00
}
2014-02-17 19:57:23 +04:00
type PublicKey struct {
2014-03-16 14:16:03 +04:00
Id int64
OwnerId int64 ` xorm:"index" `
Name string ` xorm:"unique not null" `
Fingerprint string
Content string ` xorm:"text not null" `
Created time . Time ` xorm:"created" `
Updated time . Time ` xorm:"updated" `
2014-02-17 19:57:23 +04:00
}
2014-02-25 12:13:47 +04:00
func GenAuthorizedKey ( keyId int64 , key string ) string {
return fmt . Sprintf ( tmplPublicKey , appPath , keyId , key )
2014-02-17 19:57:23 +04:00
}
2014-03-16 14:16:03 +04:00
func AddPublicKey ( key * PublicKey ) ( err error ) {
// Calculate fingerprint.
tmpPath := filepath . Join ( os . TempDir ( ) , fmt . Sprintf ( "%d" , time . Now ( ) . Nanosecond ( ) ) ,
"id_rsa.pub" )
os . MkdirAll ( path . Dir ( tmpPath ) , os . ModePerm )
f , err := os . Create ( tmpPath )
2014-02-17 19:57:23 +04:00
if err != nil {
2014-03-16 14:16:03 +04:00
return
}
if _ , err = f . WriteString ( key . Content ) ; err != nil {
2014-02-17 19:57:23 +04:00
return err
}
2014-03-16 14:16:03 +04:00
f . Close ( )
stdout , _ , err := com . ExecCmd ( "ssh-keygen" , "-l" , "-f" , tmpPath )
2014-02-17 19:57:23 +04:00
if err != nil {
2014-03-16 14:16:03 +04:00
return err
} else if len ( stdout ) < 2 {
return errors . New ( "Not enough output for calculating fingerprint" )
}
key . Fingerprint = strings . Split ( stdout , " " ) [ 1 ]
// Save SSH key.
if _ , err = orm . Insert ( key ) ; err != nil {
return err
}
if err = SaveAuthorizedKeyFile ( key ) ; err != nil {
if _ , err2 := orm . Delete ( key ) ; err2 != nil {
return err2
2014-02-17 19:57:23 +04:00
}
return err
}
return nil
}
2014-03-16 13:24:13 +04:00
// DeletePublicKey deletes SSH key information both in database and authorized_keys file.
func DeletePublicKey ( key * PublicKey ) ( err error ) {
2014-03-16 13:48:20 +04:00
has , err := orm . Id ( key . Id ) . Get ( key )
if err != nil {
return err
} else if ! has {
return errors . New ( "Public key does not exist" )
}
2014-03-16 13:24:13 +04:00
if _ , err = orm . Delete ( key ) ; err != nil {
return err
}
sshOpLocker . Lock ( )
defer sshOpLocker . Unlock ( )
p := filepath . Join ( sshPath , "authorized_keys" )
tmpP := filepath . Join ( sshPath , "authorized_keys.tmp" )
fr , err := os . Open ( p )
if err != nil {
return err
}
defer fr . Close ( )
fw , err := os . Create ( tmpP )
if err != nil {
return err
}
defer fw . Close ( )
buf := bufio . NewReader ( fr )
for {
line , errRead := buf . ReadString ( '\n' )
line = strings . TrimSpace ( line )
if errRead != nil {
if errRead != io . EOF {
return errRead
}
// Reached end of file, if nothing to read then break,
// otherwise handle the last line.
if len ( line ) == 0 {
break
}
}
// Found the line and copy rest of file.
2014-03-16 13:53:06 +04:00
if strings . Contains ( line , fmt . Sprintf ( "key-%d" , key . Id ) ) && strings . Contains ( line , key . Content ) {
2014-03-16 13:48:20 +04:00
continue
2014-03-16 13:24:13 +04:00
}
// Still finding the line, copy the line that currently read.
if _ , err = fw . WriteString ( line + "\n" ) ; err != nil {
return err
}
if errRead == io . EOF {
break
}
}
if err = os . Remove ( p ) ; err != nil {
return err
}
return os . Rename ( tmpP , p )
2014-03-10 13:15:02 +04:00
}
2014-03-07 07:34:41 +04:00
func ListPublicKey ( userId int64 ) ( [ ] PublicKey , error ) {
keys := make ( [ ] PublicKey , 0 )
err := orm . Find ( & keys , & PublicKey { OwnerId : userId } )
return keys , err
}
2014-02-25 12:13:47 +04:00
func SaveAuthorizedKeyFile ( key * PublicKey ) error {
2014-03-16 13:24:13 +04:00
sshOpLocker . Lock ( )
defer sshOpLocker . Unlock ( )
2014-02-25 12:13:47 +04:00
p := filepath . Join ( sshPath , "authorized_keys" )
2014-02-25 14:30:48 +04:00
f , err := os . OpenFile ( p , os . O_CREATE | os . O_WRONLY | os . O_APPEND , 0600 )
2014-02-17 19:57:23 +04:00
if err != nil {
return err
}
2014-03-16 13:24:13 +04:00
defer f . Close ( )
2014-02-25 14:30:48 +04:00
//os.Chmod(p, 0600)
2014-02-25 12:13:47 +04:00
_ , err = f . WriteString ( GenAuthorizedKey ( key . Id , key . Content ) )
2014-02-17 19:57:23 +04:00
return err
}
