From 5a4a9a96b24d401158042af2faf899f18311a0e3 Mon Sep 17 00:00:00 2001 From: Gregory Mullen Date: Mon, 30 Oct 2017 13:40:31 -0700 Subject: [PATCH] Support any key type known by openssh previouly only ssh-rsa was supported. This will attempt to support the key_type given by the user. --- git-srht-keys | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/git-srht-keys b/git-srht-keys index f897e8d..66d48be 100755 --- a/git-srht-keys +++ b/git-srht-keys @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# AuthorizedKeysCommand=/usr/bin/git-srht-keys auth "%u" "%h" "%k" +# AuthorizedKeysCommand=/usr/bin/git-srht-keys auth "%u" "%h" "%t" "%k" # AuthorizedKeysUser=root import sys import os @@ -36,7 +36,7 @@ def log(s, *args): def auth_keys_error(): log("This command should be run by sshd's AuthorizedKeysCommand") - log('AuthorizedKeysCommand={} auth "%u" "%h" "%k"\nAuthorizedKeysUser=root', + log('AuthorizedKeysCommand={} auth "%u" "%h" "%t" "%k"\nAuthorizedKeysUser=root', os.path.abspath(sys.argv[0])) sys.exit(1) @@ -51,16 +51,17 @@ git_uid, git_gid = getpwnam(git_user[0]).pw_uid, getgrnam(git_user[-1]).gr_gid repos = cfg("cgit", "repos") def auth_keys(): - if len(sys.argv) != 5: + if len(sys.argv) != 6: auth_keys_error() user = sys.argv[2] uid = getpwnam(user).pw_uid homedir = sys.argv[3] - b64key = sys.argv[4] + key_type = sys.argv[4] + b64key = sys.argv[5] authorized_keys_file = "{}/.ssh/authorized_keys".format(homedir) - log("user={} home={} b64key={}", user, homedir, b64key) + log("user={} home={} b64key={} key_type={}", user, homedir, b64key, key_type) if user != git_user[0]: log("Falling back to existing authorized keys file") @@ -91,7 +92,7 @@ def auth_keys(): log("Authorized user for login") keys = "command=\"{} shell '{}' '{}'\",".format(sys.argv[0], u.id, b64key) + \ "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty " + \ - "ssh-rsa {} {}".format(b64key, username) + "{} {} {}".format(key_type, b64key, username) print(keys) log(keys) sys.exit(0) @@ -159,7 +160,7 @@ def shell(): sys.exit(128) repo.visibility = RepoVisibility.autocreated db.session.commit() - + if cmd[0] == "git-receive-pack": if not has_access(repo, UserAccess.write, user): sys.exit(128) -- 2.38.4