diff options
| author | Stan Hu <stanhu@gmail.com> | 2020-10-19 13:06:59 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2020-10-19 13:26:46 -0700 |
| commit | 354f5bf20c3d1b48481bd4e6f4d4219f830b986b (patch) | |
| tree | 33e517727ce00b49b8fa272996e14096b4a68da2 /client/gitlabnet.go | |
| parent | c09bdad64dc5ae1a57c61a435edb62b5f9a7c3a8 (diff) | |
| download | gitlab-shell-354f5bf20c3d1b48481bd4e6f4d4219f830b986b.tar.gz | |
Fix incorrect actor used to check permissions for SSH receive-packsh-fix-wrong-user-deploy-key-check
During a SSH receive-pack request (e.g. `git push`), gitlab-shell was
incorrectly using the user returned by the `/internal/allowed` API
endpoint to make an SSHReceivePack RPC call. This caused a number of
problems with deploy keys with write access:
1. Keys that were generated by a blocked user would be denied the
ability to write.
2. Keys that were generated by user that did not have write access to
the project would also be denied.
GitLab 12.4 removed the Ruby implementation of gitlab-shell in favor of
the Golang implementation, and these implementations worked slightly
differently. In
https://gitlab.com/gitlab-org/gitlab-shell/blob/v10.1.0/lib/gitlab_shell.rb,
the Ruby implementation would always use `@who` (e.g. `key-123`), but in
gitlab-shell v10.2.0 the Go implementation would always use the user
from the API response.
Reads did not have this issue because the user/deploy key is never
passed to Gitaly for additional permission checks. Writes need this
information for the pre-receive to check access to protected branches,
push rules, etc.
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/479
Diffstat (limited to 'client/gitlabnet.go')
0 files changed, 0 insertions, 0 deletions