diff options
author | Patrick Bajao <ebajao@gitlab.com> | 2019-08-27 12:33:48 +0800 |
---|---|---|
committer | Patrick Bajao <ebajao@gitlab.com> | 2019-08-29 16:33:04 +0800 |
commit | 0e33f16b5f93382214f806737d3fcf5e065c5447 (patch) | |
tree | d7ba941512c78438f7605f63bbf255ecb9f22eab /lib/gitlab | |
parent | 95ffd22f07d821f223388bd60a287365d3b7d8f6 (diff) | |
download | gitlab-ce-0e33f16b5f93382214f806737d3fcf5e065c5447.tar.gz |
Add system check for authorized_keys file perm
This check is being removed from gitlab-shell as the file
is now being managed by gitlab-rails.
Diffstat (limited to 'lib/gitlab')
-rw-r--r-- | lib/gitlab/authorized_keys.rb | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/lib/gitlab/authorized_keys.rb b/lib/gitlab/authorized_keys.rb index 3fe72f5fd43..ca9b65b7c44 100644 --- a/lib/gitlab/authorized_keys.rb +++ b/lib/gitlab/authorized_keys.rb @@ -13,6 +13,15 @@ module Gitlab @logger = logger end + # Checks if the file is accessible or not + # + # @return [Boolean] + def accessible? + open_authorized_keys_file('r') { true } + rescue Errno::ENOENT, Errno::EACCES + false + end + # Add id and its key to the authorized_keys file # # @param [String] id identifier of key prefixed by `key-` @@ -102,10 +111,14 @@ module Gitlab [] end + def file + @file ||= Gitlab.config.gitlab_shell.authorized_keys_file + end + private def lock(timeout = 10) - File.open("#{authorized_keys_file}.lock", "w+") do |f| + File.open("#{file}.lock", "w+") do |f| f.flock File::LOCK_EX Timeout.timeout(timeout) { yield } ensure @@ -114,7 +127,7 @@ module Gitlab end def open_authorized_keys_file(mode) - File.open(authorized_keys_file, mode, 0o600) do |file| + File.open(file, mode, 0o600) do |file| file.chmod(0o600) yield file end @@ -141,9 +154,5 @@ module Gitlab def strip(key) key.split(/[ ]+/)[0, 2].join(' ') end - - def authorized_keys_file - Gitlab.config.gitlab_shell.authorized_keys_file - end end end |