mirror of https://github.com/go-gitea/gitea
Git with a cup of tea, painless self-hosted git service
Mirror for internal git.with.parts use
https://git.with.parts
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
97 lines
2.8 KiB
97 lines
2.8 KiB
4 years ago
|
// Copyright 2020 The Gitea Authors. All rights reserved.
|
||
2 years ago
|
// SPDX-License-Identifier: MIT
|
||
4 years ago
|
|
||
|
package doctor
|
||
|
|
||
|
import (
|
||
|
"bufio"
|
||
|
"bytes"
|
||
3 years ago
|
"context"
|
||
4 years ago
|
"fmt"
|
||
|
"os"
|
||
|
"path/filepath"
|
||
|
"strings"
|
||
|
|
||
3 years ago
|
asymkey_model "code.gitea.io/gitea/models/asymkey"
|
||
2 years ago
|
"code.gitea.io/gitea/modules/container"
|
||
4 years ago
|
"code.gitea.io/gitea/modules/log"
|
||
|
"code.gitea.io/gitea/modules/setting"
|
||
|
)
|
||
|
|
||
|
const tplCommentPrefix = `# gitea public key`
|
||
|
|
||
3 years ago
|
func checkAuthorizedKeys(ctx context.Context, logger log.Logger, autofix bool) error {
|
||
4 years ago
|
if setting.SSH.StartBuiltinServer || !setting.SSH.CreateAuthorizedKeysFile {
|
||
|
return nil
|
||
|
}
|
||
|
|
||
|
fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
|
||
|
f, err := os.Open(fPath)
|
||
|
if err != nil {
|
||
|
if !autofix {
|
||
|
logger.Critical("Unable to open authorized_keys file. ERROR: %v", err)
|
||
2 years ago
|
return fmt.Errorf("Unable to open authorized_keys file. ERROR: %w", err)
|
||
4 years ago
|
}
|
||
|
logger.Warn("Unable to open authorized_keys. (ERROR: %v). Attempting to rewrite...", err)
|
||
1 year ago
|
if err = asymkey_model.RewriteAllPublicKeys(ctx); err != nil {
|
||
4 years ago
|
logger.Critical("Unable to rewrite authorized_keys file. ERROR: %v", err)
|
||
2 years ago
|
return fmt.Errorf("Unable to rewrite authorized_keys file. ERROR: %w", err)
|
||
4 years ago
|
}
|
||
|
}
|
||
|
defer f.Close()
|
||
|
|
||
2 years ago
|
linesInAuthorizedKeys := make(container.Set[string])
|
||
4 years ago
|
|
||
|
scanner := bufio.NewScanner(f)
|
||
|
for scanner.Scan() {
|
||
|
line := scanner.Text()
|
||
|
if strings.HasPrefix(line, tplCommentPrefix) {
|
||
|
continue
|
||
|
}
|
||
2 years ago
|
linesInAuthorizedKeys.Add(line)
|
||
4 years ago
|
}
|
||
|
f.Close()
|
||
|
|
||
|
// now we regenerate and check if there are any lines missing
|
||
|
regenerated := &bytes.Buffer{}
|
||
3 years ago
|
if err := asymkey_model.RegeneratePublicKeys(ctx, regenerated); err != nil {
|
||
4 years ago
|
logger.Critical("Unable to regenerate authorized_keys file. ERROR: %v", err)
|
||
2 years ago
|
return fmt.Errorf("Unable to regenerate authorized_keys file. ERROR: %w", err)
|
||
4 years ago
|
}
|
||
|
scanner = bufio.NewScanner(regenerated)
|
||
|
for scanner.Scan() {
|
||
|
line := scanner.Text()
|
||
|
if strings.HasPrefix(line, tplCommentPrefix) {
|
||
|
continue
|
||
|
}
|
||
2 years ago
|
if linesInAuthorizedKeys.Contains(line) {
|
||
4 years ago
|
continue
|
||
|
}
|
||
|
if !autofix {
|
||
|
logger.Critical(
|
||
|
"authorized_keys file %q is out of date.\nRegenerate it with:\n\t\"%s\"\nor\n\t\"%s\"",
|
||
|
fPath,
|
||
|
"gitea admin regenerate keys",
|
||
3 years ago
|
"gitea doctor --run authorized-keys --fix")
|
||
|
return fmt.Errorf(`authorized_keys is out of date and should be regenerated with "gitea admin regenerate keys" or "gitea doctor --run authorized-keys --fix"`)
|
||
4 years ago
|
}
|
||
|
logger.Warn("authorized_keys is out of date. Attempting rewrite...")
|
||
1 year ago
|
err = asymkey_model.RewriteAllPublicKeys(ctx)
|
||
4 years ago
|
if err != nil {
|
||
|
logger.Critical("Unable to rewrite authorized_keys file. ERROR: %v", err)
|
||
2 years ago
|
return fmt.Errorf("Unable to rewrite authorized_keys file. ERROR: %w", err)
|
||
4 years ago
|
}
|
||
|
}
|
||
|
return nil
|
||
|
}
|
||
|
|
||
|
func init() {
|
||
|
Register(&Check{
|
||
|
Title: "Check if OpenSSH authorized_keys file is up-to-date",
|
||
|
Name: "authorized-keys",
|
||
|
IsDefault: true,
|
||
|
Run: checkAuthorizedKeys,
|
||
|
Priority: 4,
|
||
|
})
|
||
|
}
|