summaryrefslogtreecommitdiff
path: root/internal/command/commandargs/shell.go
Commit message (Collapse)AuthorAgeFilesLines
* Relax key and username matching for sshdsh-improve-key-matching-sshdStan Hu2021-11-101-11/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to the way sshd works, gitlab-shell could be called with a single string in the form: ``` /path/to/gitlab-shell -c key-id ``` However, due to the tightening of the regular expressions in fcff692b this string no longer matches, so logins would fail with: ``` Failed to get username: who='' is invalid ``` This can be reproduced by changing the user's shell to point to gitlab-shell. For example: ``` usermod git -s /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell ``` While setting gitlab-shell as the user's shell isn't officially supported, gitlab-shell still should be able to cope with the key being specified as the last argument. We now split the argument list and use the last value. Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/530
* Don't swallow an error parsing SSH_ORIGINAL_COMMANDNick Thomas2021-09-271-9/+4
|
* Modify regex to prevent partial matchesRobert May2021-06-291-2/+2
|
* chore: Refactor env introspection to rely on command initialization496-move-env-introspection-to-sshenvLucas Charles2021-03-151-17/+6
| | | | | | | Refactors introspection of execution environment to rely on per-connection state (`gitlab-shell`) or per request (`gitlab-sshd`) Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/496
* RFC: Simple built-in SSH serverLorenz Brun2021-01-181-3/+9
|
* Add 2fa_verify commandImre Farkas2020-12-101-0/+1
|
* Add support obtaining personal access tokens via SSHTaylan Develioglu2020-08-171-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | Implements the feature requested in gitlab-org/gitlab#19672 This requires the internal api counterpart in gitlab-org/gitlab!36302 to be merged first. It can be used as follows: ``` censored@censored-VirtualBox:~/git/gitlab$ ssh git@gitlab-2004 personal_access_token remote: remote: ======================================================================== remote: remote: Usage: personal_access_token <name> <scope1[,scope2,...]> [ttl_days] remote: remote: ======================================================================== remote: censored@censored-VirtualBox:~/git/gitlab$ ssh git@gitlab-2004 personal_access_token newtoken read_api,read_repository 30 Token: aAY1G3YPeemECgUvxuXY Scopes: read_api,read_repository Expires: 2020-08-07 ```
* commands: pass through GIT_PROTOCOL envvar provided by clientsps-git-protocol-envvarPatrick Steinhardt2020-02-281-0/+2
| | | | | | | | | | | Both git-upload-pack and git-receive-pack services inspect the GIT_PROTOCOL environment transferred via SSH in order to decide which protocols are supported by a given client. Currently, we don't use the environment variable at all, though, but instead forward the GitProtocol field of the access verification response. Improve this by passing on the GIT_PROTOCOL environment variable provided by the client as-is.
* Move go code up one levelNick Thomas2019-10-181-0/+131
View Lorry Controller Status