diff options
| author | Patrick Bajao <ebajao@gitlab.com> | 2019-07-29 14:33:01 +0800 |
|---|---|---|
| committer | Patrick Bajao <ebajao@gitlab.com> | 2019-07-29 14:58:32 +0800 |
| commit | aab85f3600caf04b491d6ca4fc3f0f004d9e3fc0 (patch) | |
| tree | da3f6ab04de4e0c1ba5b79a281c6ca91852e0aa1 /bin/gitlab-shell-authorized-keys-check | |
| parent | ed0460374a5ca13d9ea17c6a9c21151319b7fd53 (diff) | |
| download | gitlab-shell-aab85f3600caf04b491d6ca4fc3f0f004d9e3fc0.tar.gz | |
Support falling back to ruby version of checkers
Rename the ruby scripts to have `-ruby` suffix and add a symlink
for both to `./gitlab-shell`. The executable name will be used to
determine how args will be parsed.
For now, we only parse the arguments for gitlab-shell commands. If
the executable is `gitlab-shell-authorized-keys-check` or
`gitlab-shell-authorized-principals-check`, it'll always fallback
to the ruby version.
Ruby specs test the ruby script, the fallback from go to ruby and
go implementation of both (still pending).
Diffstat (limited to 'bin/gitlab-shell-authorized-keys-check')
| l---------[-rwxr-xr-x] | bin/gitlab-shell-authorized-keys-check | 43 |
1 files changed, 1 insertions, 42 deletions
diff --git a/bin/gitlab-shell-authorized-keys-check b/bin/gitlab-shell-authorized-keys-check index 2ea1a74..3dc14d1 100755..120000 --- a/bin/gitlab-shell-authorized-keys-check +++ b/bin/gitlab-shell-authorized-keys-check @@ -1,42 +1 @@ -#!/usr/bin/env ruby - -# -# GitLab shell authorized_keys helper. Query GitLab API to get the authorized -# command for a given ssh key fingerprint -# -# Ex. -# bin/gitlab-shell-authorized-keys-check <username> <public-key> -# -# Returns -# command="/bin/gitlab-shell key-#",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAA... -# -# Expects to be called by the SSH daemon, via configuration like: -# AuthorizedKeysCommandUser git -# AuthorizedKeysCommand /bin/gitlab-shell-authorized-keys-check git %u %k - -abort "# Wrong number of arguments. #{ARGV.size}. Usage: -# gitlab-shell-authorized-keys-check <expected-username> <actual-username> <key>" unless ARGV.size == 3 - -expected_username = ARGV[0] -abort '# No username provided' if expected_username.nil? || expected_username == '' - -actual_username = ARGV[1] -abort '# No username provided' if actual_username.nil? || actual_username == '' - -# Only check access if the requested username matches the configured username. -# Normally, these would both be 'git', but it can be configured by the user -exit 0 unless expected_username == actual_username - -key = ARGV[2] -abort "# No key provided" if key.nil? || key == '' - -require_relative '../lib/gitlab_init' -require_relative '../lib/gitlab_net' -require_relative '../lib/gitlab_keys' - -authorized_key = GitlabNet.new.authorized_key(key) -if authorized_key.nil? - puts "# No key was found for #{key}" -else - puts GitlabKeys.key_line("key-#{authorized_key['id']}", authorized_key['key']) -end +./gitlab-shell
\ No newline at end of file |