diff options
| author | Ævar Arnfjörð Bjarmason <avarab@gmail.com> | 2018-06-14 15:54:38 +0200 |
|---|---|---|
| committer | Ævar Arnfjörð Bjarmason <avarab@gmail.com> | 2018-07-26 12:35:55 +0200 |
| commit | 2e8b67027067761034f36dadb3c2208ce66d2552 (patch) | |
| tree | 1f35c43611dcd0041d3f30fe7a86eac507912b75 /lib/gitlab_keys.rb | |
| parent | dc67cf1a62529bf7aecc8e350994ac40d5f4a068 (diff) | |
| download | gitlab-shell-2e8b67027067761034f36dadb3c2208ce66d2552.tar.gz | |
Add support for SSH certificate authentication
This along with the code submitted to gitlab-ce in the
gitlab-org/gitlab-ce! MR implements SSH certificate
authentication. See the docs added to gitlab-ce for why and how to
enable this. This, along with that MR, closes
gitlab-org/gitlab-ce#3457
Implementation notes:
- Because it's easy to do, and because an earlier nascent version of
this would pass user-ID to gitlab-shell, that's now supported, even
though the SSH certificate authentication uses username-USERNAME.
- The astute reader will notice that not all the API calls in
gitlab-ce's lib/api/internal.rb support a "username" argument, some
only support "user_id".
There's a few reasons for this:
a) For this to be efficient, I am bending over backwards to avoid
extra API calls when using SSH certificates.
Therefore the /allowed API call will now return a "user id" to
us if we're allowed to proceed further. This is then fed to
existing APIs that would only be called after a successful
call to /allowed.
b) Not all of the git-shell codepaths go through
/internal/allowed, or ever deal with a repository, e.g. the
argument-less "Welcome to GitLab", and
/internal/2fa_recovery_codes. These need to use
/internal/discover to figure out details about the user, so
support looking that up by username.
c) Once we have the "user id", the GL_ID gets passed down to
e.g. user-authored hooks. I don't want to have those all break
by having to handle a third GL_ID mode of "username" in
addition to the current "key id" and "user id".
Diffstat (limited to 'lib/gitlab_keys.rb')
| -rw-r--r-- | lib/gitlab_keys.rb | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/lib/gitlab_keys.rb b/lib/gitlab_keys.rb index 30444c3..3ee2882 100644 --- a/lib/gitlab_keys.rb +++ b/lib/gitlab_keys.rb @@ -9,12 +9,20 @@ class GitlabKeys # rubocop:disable Metrics/ClassLength attr_accessor :auth_file, :key - def self.command(key_id) + def self.command(whatever) + "#{ROOT_PATH}/bin/gitlab-shell #{whatever}" + end + + def self.command_key(key_id) unless /\A[a-z0-9-]+\z/ =~ key_id raise KeyError, "Invalid key_id: #{key_id.inspect}" end - "#{ROOT_PATH}/bin/gitlab-shell #{key_id}" + command(key_id) + end + + def self.whatever_line(command, trailer) + "command=\"#{command}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty #{trailer}" end def self.key_line(key_id, public_key) @@ -24,7 +32,17 @@ class GitlabKeys # rubocop:disable Metrics/ClassLength raise KeyError, "Invalid public_key: #{public_key.inspect}" end - "command=\"#{command(key_id)}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty #{public_key}" + whatever_line(command_key(key_id), public_key) + end + + def self.principal_line(username_key_id, principal) + principal.chomp! + + if principal.include?("\n") + raise KeyError, "Invalid principal: #{principal.inspect}" + end + + whatever_line(command_key(username_key_id), principal) end def initialize @@ -119,7 +137,7 @@ class GitlabKeys # rubocop:disable Metrics/ClassLength $logger.info('Removing key', key_id: @key_id) open_auth_file('r+') do |f| while line = f.gets # rubocop:disable Style/AssignmentInCondition - next unless line.start_with?("command=\"#{self.class.command(@key_id)}\"") + next unless line.start_with?("command=\"#{self.class.command_key(@key_id)}\"") f.seek(-line.length, IO::SEEK_CUR) # Overwrite the line with #'s. Because the 'line' variable contains # a terminating '\n', we write line.length - 1 '#' characters. |