diff options
| author | Patrick Bajao <ebajao@gitlab.com> | 2019-07-29 14:33:01 +0800 |
|---|---|---|
| committer | Patrick Bajao <ebajao@gitlab.com> | 2019-07-29 14:58:32 +0800 |
| commit | aab85f3600caf04b491d6ca4fc3f0f004d9e3fc0 (patch) | |
| tree | da3f6ab04de4e0c1ba5b79a281c6ca91852e0aa1 /bin/gitlab-shell-authorized-principals-check-ruby | |
| parent | ed0460374a5ca13d9ea17c6a9c21151319b7fd53 (diff) | |
| download | gitlab-shell-aab85f3600caf04b491d6ca4fc3f0f004d9e3fc0.tar.gz | |
Support falling back to ruby version of checkers
Rename the ruby scripts to have `-ruby` suffix and add a symlink
for both to `./gitlab-shell`. The executable name will be used to
determine how args will be parsed.
For now, we only parse the arguments for gitlab-shell commands. If
the executable is `gitlab-shell-authorized-keys-check` or
`gitlab-shell-authorized-principals-check`, it'll always fallback
to the ruby version.
Ruby specs test the ruby script, the fallback from go to ruby and
go implementation of both (still pending).
Diffstat (limited to 'bin/gitlab-shell-authorized-principals-check-ruby')
| -rwxr-xr-x | bin/gitlab-shell-authorized-principals-check-ruby | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/bin/gitlab-shell-authorized-principals-check-ruby b/bin/gitlab-shell-authorized-principals-check-ruby new file mode 100755 index 0000000..25ee612 --- /dev/null +++ b/bin/gitlab-shell-authorized-principals-check-ruby @@ -0,0 +1,36 @@ +#!/usr/bin/env ruby + +# +# GitLab shell authorized principals helper. Emits the same sort of +# command="..." line as gitlab-shell-authorized-principals-check, with +# the right options. +# +# Ex. +# bin/gitlab-shell-authorized-keys-check <key-id> <principal1> [<principal2>...] +# +# Returns one line per principal passed in, e.g.: +# command="/bin/gitlab-shell username-{KEY_ID}",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty {PRINCIPAL} +# [command="/bin/gitlab-shell username-{KEY_ID}",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty {PRINCIPAL2}] +# +# Expects to be called by the SSH daemon, via configuration like: +# AuthorizedPrincipalsCommandUser root +# AuthorizedPrincipalsCommand /bin/gitlab-shell-authorized-principals-check git %i sshUsers + +abort "# Wrong number of arguments. #{ARGV.size}. Usage: +# gitlab-shell-authorized-principals-check <key-id> <principal1> [<principal2>...]" unless ARGV.size >= 2 + +key_id = ARGV[0] +abort '# No key_id provided' if key_id.nil? || key_id == '' + +principals = ARGV[1..-1] +principals.each { |principal| + abort '# An invalid principal was provided' if principal.nil? || principal == '' +} + +require_relative '../lib/gitlab_init' +require_relative '../lib/gitlab_net' +require_relative '../lib/gitlab_keys' + +principals.each { |principal| + puts GitlabKeys.principal_line("username-#{key_id}", principal.dup) +} |