File compare.csv changed (mode: 100644) (index 3bafaac..1085d08) |
... |
... |
Usable with lynx,Yes,Yes,Yes,?,?,n/a,Yes |
19 |
19 |
Web Hooks,Yes,Yes,Yes,?,?,No,? |
Web Hooks,Yes,Yes,Yes,?,?,No,? |
20 |
20 |
Web Hooks - provide client certs,Yes,No,No,?,?,n/a,? |
Web Hooks - provide client certs,Yes,No,No,?,?,n/a,? |
21 |
21 |
Web Hooks - authenticate server (CA cert),Yes,No,No,?,?,n/a,? |
Web Hooks - authenticate server (CA cert),Yes,No,No,?,?,n/a,? |
|
22 |
|
OpenSSH AuthorizedKeysCommand,Yes,?,?,?,?,?,? |
22 |
23 |
,,,,,,, |
,,,,,,, |
23 |
24 |
[Rights],,,,,,, |
[Rights],,,,,,, |
24 |
25 |
Path control,Yes,?,?,?,?,?,? |
Path control,Yes,?,?,?,?,?,? |
File inc/admin.inc.php changed (mode: 100644) (index 2f21b5d..8db3708) |
... |
... |
function rg_clean_logs($dir) |
475 |
475 |
} |
} |
476 |
476 |
} |
} |
477 |
477 |
|
|
|
478 |
|
/* |
|
479 |
|
* Admin ->Settings -> SSH menu |
|
480 |
|
*/ |
|
481 |
|
function rg_admin_settings_ssh($db, $rg) |
|
482 |
|
{ |
|
483 |
|
rg_log_enter('admin_settings_menu'); |
|
484 |
|
|
|
485 |
|
$ret = ''; |
|
486 |
|
$errmsg = array(); |
|
487 |
|
$hints = array(); |
|
488 |
|
while ($rg['doit'] == 1) { |
|
489 |
|
if (!rg_valid_referer()) { |
|
490 |
|
$errmsg[] = 'invalid referer; try again'; |
|
491 |
|
break; |
|
492 |
|
} |
|
493 |
|
|
|
494 |
|
if (!rg_token_valid($db, $rg, 'admin_settings_ssh', FALSE)) { |
|
495 |
|
$errmsg[] = 'invalid token; try again'; |
|
496 |
|
break; |
|
497 |
|
} |
|
498 |
|
|
|
499 |
|
$akp = rg_var_int('AuthorizedKeysCommand'); |
|
500 |
|
$r = rg_state_set($db, 'AuthorizedKeysCommand', $akp); |
|
501 |
|
if ($r === FALSE) { |
|
502 |
|
$errmsg[] = 'cannot set state; try again'; |
|
503 |
|
break; |
|
504 |
|
} |
|
505 |
|
|
|
506 |
|
// Nobody will force the regeneration, so, do it here! |
|
507 |
|
$ev = array( |
|
508 |
|
'category' => 'rg_keys_event_regen', |
|
509 |
|
'prio' => 10, |
|
510 |
|
'ui' => array('uid' => $rg['login_ui']['uid']) |
|
511 |
|
); |
|
512 |
|
$r = rg_event_add($db, $ev); |
|
513 |
|
if ($r !== TRUE) { |
|
514 |
|
$errmsg[] = 'cannot add event'; |
|
515 |
|
break; |
|
516 |
|
} |
|
517 |
|
|
|
518 |
|
$ret .= rg_template('admin/settings/ok.html', |
|
519 |
|
$rg, TRUE /*xss*/); |
|
520 |
|
break; |
|
521 |
|
} |
|
522 |
|
|
|
523 |
|
// Load defaults |
|
524 |
|
while (1) { |
|
525 |
|
$r = rg_state_get($db, 'AuthorizedKeysCommand'); |
|
526 |
|
if ($r === FALSE) { |
|
527 |
|
$ret = rg_template('admin/settings/load_err.html', |
|
528 |
|
$rg, TRUE /*xss*/); |
|
529 |
|
break; |
|
530 |
|
} |
|
531 |
|
|
|
532 |
|
$rg['AuthorizedKeysCommand'] = $r; |
|
533 |
|
|
|
534 |
|
$hints[]['HTML:hint'] = rg_template('admin/settings/ssh/hints.html', |
|
535 |
|
$rg, TRUE /*xss*/); |
|
536 |
|
|
|
537 |
|
$rg['HTML:hints'] = rg_template_table('hints/list', $hints, $rg); |
|
538 |
|
$rg['HTML:errmsg'] = rg_template_errmsg($errmsg); |
|
539 |
|
$rg['rg_form_token'] = rg_token_get($db, $rg, 'admin_settings_ssh'); |
|
540 |
|
$ret .= rg_template('admin/settings/main.html', $rg, TRUE /*xss*/); |
|
541 |
|
break; |
|
542 |
|
} |
|
543 |
|
|
|
544 |
|
rg_log_exit(); |
|
545 |
|
return $ret; |
|
546 |
|
} |
|
547 |
|
|
|
548 |
|
/* |
|
549 |
|
* Deals with Admin -> Settings menu |
|
550 |
|
*/ |
|
551 |
|
function rg_admin_settings($db, &$rg, $paras) |
|
552 |
|
{ |
|
553 |
|
rg_log_enter('admin_settings'); |
|
554 |
|
|
|
555 |
|
$ret = ''; |
|
556 |
|
|
|
557 |
|
$_op = empty($paras) ? 'ssh' : array_shift($paras); |
|
558 |
|
rg_log("DEBUG: _op=$_op sparas=" . rg_array2string($paras)); |
|
559 |
|
|
|
560 |
|
$rg['admin_settings_menu'][$_op] = 1; |
|
561 |
|
$rg['HTML:menu_level2'] = rg_template('admin/settings/menu.html', |
|
562 |
|
$rg, TRUE /*xss*/); |
|
563 |
|
|
|
564 |
|
switch ($_op) { |
|
565 |
|
case 'ssh': |
|
566 |
|
$ret .= rg_admin_settings_ssh($db, $rg); |
|
567 |
|
break; |
|
568 |
|
|
|
569 |
|
default: |
|
570 |
|
$ret .= rg_template('invalid_menu.html', $rg, TRUE /*xss*/); |
|
571 |
|
break; |
|
572 |
|
} |
|
573 |
|
|
|
574 |
|
rg_log_exit(); |
|
575 |
|
return $ret; |
|
576 |
|
} |
|
577 |
|
|
478 |
578 |
?> |
?> |
File inc/fixes.inc.php changed (mode: 100644) (index 4bd2ef2..60e2798) |
... |
... |
$rg_fixes[9] = array( |
42 |
42 |
$rg_fixes[10] = array( |
$rg_fixes[10] = array( |
43 |
43 |
'functions' => 'rg_fixes_drop_if_exists' |
'functions' => 'rg_fixes_drop_if_exists' |
44 |
44 |
); |
); |
|
45 |
|
$rg_fixes[11] = array( |
|
46 |
|
'functions' => 'rg_fixes_fingerprint_sha256' |
|
47 |
|
); |
45 |
48 |
|
|
46 |
49 |
// This must be the last line |
// This must be the last line |
47 |
50 |
$rg_fixes_ver = count($rg_fixes); |
$rg_fixes_ver = count($rg_fixes); |
|
... |
... |
function rg_fixes_drop_if_exists($db) |
680 |
683 |
return $ret; |
return $ret; |
681 |
684 |
} |
} |
682 |
685 |
|
|
|
686 |
|
/* |
|
687 |
|
* We need to update the keys.fingerprint_sha256 field |
|
688 |
|
*/ |
|
689 |
|
function rg_fixes_fingerprint_sha256($db) |
|
690 |
|
{ |
|
691 |
|
global $php_errormsg; |
|
692 |
|
|
|
693 |
|
rg_log_enter('rg_fixes_fingerprint_sha256'); |
|
694 |
|
|
|
695 |
|
$ret = TRUE; |
|
696 |
|
while (1) { |
|
697 |
|
// keys table |
|
698 |
|
$sql = 'SELECT key_id, key FROM keys' |
|
699 |
|
. ' WHERE fingerprint_sha256 = \'\''; |
|
700 |
|
$res = rg_sql_query($db, $sql); |
|
701 |
|
if ($res === FALSE) { |
|
702 |
|
$ret = FALSE; |
|
703 |
|
break; |
|
704 |
|
} |
|
705 |
|
while (($row = rg_sql_fetch_array($res))) { |
|
706 |
|
$ki = rg_keys_info($row['key']); |
|
707 |
|
if ($ki['ok'] !== 1) { |
|
708 |
|
rg_log('Cannot get info about key' |
|
709 |
|
. ' ' . $row['key_id'] . ': ' |
|
710 |
|
. rg_keys_error() . '; ignore it'); |
|
711 |
|
continue; |
|
712 |
|
} |
|
713 |
|
|
|
714 |
|
$params = array( |
|
715 |
|
'key_id' => $row['key_id'], |
|
716 |
|
'fingerprint_sha256' => $ki['fingerprint_sha256'] |
|
717 |
|
); |
|
718 |
|
$sql = 'UPDATE keys' |
|
719 |
|
. ' SET fingerprint_sha256 = @@fingerprint_sha256@@' |
|
720 |
|
. ' WHERE key_id = @@key_id@@'; |
|
721 |
|
$res2 = rg_sql_query_params($db, $sql, $params); |
|
722 |
|
if ($res2 === FALSE) { |
|
723 |
|
rg_log('Cannot update fingerprint_sha256: ' |
|
724 |
|
. rg_sql_error()); |
|
725 |
|
break; |
|
726 |
|
} |
|
727 |
|
rg_sql_free_result($res2); |
|
728 |
|
} |
|
729 |
|
rg_sql_free_result($res); |
|
730 |
|
|
|
731 |
|
// workers table |
|
732 |
|
$sql = 'SELECT id, ssh_key FROM workers' |
|
733 |
|
. ' WHERE fingerprint_sha256 = \'\''; |
|
734 |
|
$res = rg_sql_query($db, $sql); |
|
735 |
|
if ($res === FALSE) { |
|
736 |
|
$ret = FALSE; |
|
737 |
|
break; |
|
738 |
|
} |
|
739 |
|
while (($row = rg_sql_fetch_array($res))) { |
|
740 |
|
$ki = rg_keys_info($row['ssh_key']); |
|
741 |
|
if ($ki['ok'] !== 1) { |
|
742 |
|
rg_log('Cannot get info about key' |
|
743 |
|
. ' ' . $row['id'] . ': ' |
|
744 |
|
. rg_keys_error() . '; ignore it'); |
|
745 |
|
continue; |
|
746 |
|
} |
|
747 |
|
|
|
748 |
|
$params = array( |
|
749 |
|
'id' => $row['id'], |
|
750 |
|
'fingerprint_sha256' => $ki['fingerprint_sha256'] |
|
751 |
|
); |
|
752 |
|
$sql = 'UPDATE workers' |
|
753 |
|
. ' SET fingerprint_sha256 = @@fingerprint_sha256@@' |
|
754 |
|
. ' WHERE id = @@id@@'; |
|
755 |
|
$res2 = rg_sql_query_params($db, $sql, $params); |
|
756 |
|
if ($res2 === FALSE) { |
|
757 |
|
rg_log('Cannot update fingerprint_sha256: ' |
|
758 |
|
. rg_sql_error()); |
|
759 |
|
break; |
|
760 |
|
} |
|
761 |
|
rg_sql_free_result($res2); |
|
762 |
|
} |
|
763 |
|
rg_sql_free_result($res); |
|
764 |
|
break; |
|
765 |
|
} |
|
766 |
|
|
|
767 |
|
rg_log_exit(); |
|
768 |
|
return $ret; |
|
769 |
|
} |
|
770 |
|
|
683 |
771 |
|
|
684 |
772 |
|
|
685 |
773 |
/* |
/* |
File inc/keys.inc.php changed (mode: 100644) (index f164a44..e117fb5) |
... |
... |
function rg_keys_event_del($db, $event) |
72 |
72 |
* Regenerate keyring. |
* Regenerate keyring. |
73 |
73 |
* We ignore requests that were inserted in queue after we already |
* We ignore requests that were inserted in queue after we already |
74 |
74 |
* regenerated the keys. |
* regenerated the keys. |
75 |
|
* We must regenerate now to not let the user wait too much. |
|
76 |
|
* TODO: When we will have support in sshd for key lookup, we will not need |
|
77 |
|
* to regenerate. |
|
78 |
75 |
*/ |
*/ |
79 |
76 |
function rg_keys_event_regen($db, $event) |
function rg_keys_event_regen($db, $event) |
80 |
77 |
{ |
{ |
|
... |
... |
function rg_keys_add($db, $ui, $key) |
421 |
418 |
'key' => $ki['type'] . ' ' . $ki['key'] |
'key' => $ki['type'] . ' ' . $ki['key'] |
422 |
419 |
. ' ' . $ki['comment'], |
. ' ' . $ki['comment'], |
423 |
420 |
'count' => 0, |
'count' => 0, |
424 |
|
'first_use' => 0); |
|
425 |
|
$sql = "INSERT INTO keys (itime, uid, key)" |
|
426 |
|
. " VALUES (@@itime@@, @@uid@@, @@key@@)" |
|
|
421 |
|
'first_use' => 0, |
|
422 |
|
'fingerprint_sha256' => $ki['fingerprint_sha256']); |
|
423 |
|
$sql = "INSERT INTO keys (itime, uid, key" |
|
424 |
|
. ", fingerprint_sha256)" |
|
425 |
|
. " VALUES (@@itime@@, @@uid@@, @@key@@" |
|
426 |
|
. ", @@fingerprint_sha256@@)" |
427 |
427 |
. " RETURNING key_id"; |
. " RETURNING key_id"; |
428 |
428 |
$res = rg_sql_query_params($db, $sql, $params); |
$res = rg_sql_query_params($db, $sql, $params); |
429 |
429 |
if ($res === FALSE) { |
if ($res === FALSE) { |
|
... |
... |
function rg_keys_update_use($db, $uid, $key_id, $ip, $cmd) |
559 |
559 |
return $ret; |
return $ret; |
560 |
560 |
} |
} |
561 |
561 |
|
|
|
562 |
|
/* |
|
563 |
|
* Outputs a line for authorized_keys file |
|
564 |
|
*/ |
|
565 |
|
function rg_keys_output_line($i) |
|
566 |
|
{ |
|
567 |
|
global $rg_scripts; |
|
568 |
|
global $rg_ssh_paras; |
|
569 |
|
|
|
570 |
|
return 'command="' |
|
571 |
|
. $rg_scripts . '/scripts/remote.sh' |
|
572 |
|
. ' ' . $i['uid'] |
|
573 |
|
. ' ' . $i['key_id'] |
|
574 |
|
. ' ' . $i['flags'] |
|
575 |
|
. '"' |
|
576 |
|
. ',' . $rg_ssh_paras |
|
577 |
|
. ' ' . trim($i['key']) . "\n"; |
|
578 |
|
} |
|
579 |
|
|
562 |
580 |
/* |
/* |
563 |
581 |
* Regenerates authorized_keys files |
* Regenerates authorized_keys files |
564 |
582 |
*/ |
*/ |
|
... |
... |
function rg_keys_regen($db) |
567 |
585 |
global $php_errormsg; |
global $php_errormsg; |
568 |
586 |
global $rg_keys_file; |
global $rg_keys_file; |
569 |
587 |
global $rg_scripts; |
global $rg_scripts; |
570 |
|
global $rg_ssh_paras; |
|
571 |
588 |
|
|
572 |
589 |
rg_prof_start("keys_regen"); |
rg_prof_start("keys_regen"); |
573 |
590 |
|
|
|
... |
... |
function rg_keys_regen($db) |
585 |
602 |
chgrp($dir, "rocketgit"); |
chgrp($dir, "rocketgit"); |
586 |
603 |
} |
} |
587 |
604 |
|
|
|
605 |
|
$akp = rg_state_get($db, 'AuthorizedKeysCommand'); |
|
606 |
|
if ($akp === FALSE) { |
|
607 |
|
rg_keys_set_error('cannot get state of AuthorizedKeysCommand'); |
|
608 |
|
break; |
|
609 |
|
} |
|
610 |
|
|
|
611 |
|
if ($akp == 1) { |
|
612 |
|
if (file_exists($rg_keys_file)) |
|
613 |
|
unlink($rg_keys_file); |
|
614 |
|
$ret = TRUE; |
|
615 |
|
break; |
|
616 |
|
} |
|
617 |
|
|
588 |
618 |
$tmp = $rg_keys_file . ".tmp"; |
$tmp = $rg_keys_file . ".tmp"; |
589 |
619 |
$f = @fopen($tmp, "w"); |
$f = @fopen($tmp, "w"); |
590 |
620 |
if ($f === FALSE) { |
if ($f === FALSE) { |
|
... |
... |
function rg_keys_regen($db) |
634 |
664 |
$errors = 0; |
$errors = 0; |
635 |
665 |
foreach ($list as $row) { |
foreach ($list as $row) { |
636 |
666 |
//rg_log("Writing key [" . $row['key'] . "] for uid " . $row['uid']); |
//rg_log("Writing key [" . $row['key'] . "] for uid " . $row['uid']); |
637 |
|
$buf = "command=\"" |
|
638 |
|
. $rg_scripts . "/scripts/remote.sh" |
|
639 |
|
. " " . $row['uid'] |
|
640 |
|
. " " . $row['key_id'] |
|
641 |
|
. " " . $row['flags'] |
|
642 |
|
. "\"" |
|
643 |
|
. "," . $rg_ssh_paras |
|
644 |
|
. " " . $row['key'] . "\n"; |
|
|
667 |
|
$buf = rg_keys_output_line($row); |
645 |
668 |
if (@fwrite($f, $buf) === FALSE) { |
if (@fwrite($f, $buf) === FALSE) { |
646 |
669 |
rg_keys_set_error("cannot write; disk space problems? ($php_errormsg)"); |
rg_keys_set_error("cannot write; disk space problems? ($php_errormsg)"); |
647 |
670 |
$errors = 1; |
$errors = 1; |
|
... |
... |
function rg_keys_list($db, $ui) |
686 |
709 |
. " ORDER BY itime DESC"; |
. " ORDER BY itime DESC"; |
687 |
710 |
$res = rg_sql_query_params($db, $sql, $params); |
$res = rg_sql_query_params($db, $sql, $params); |
688 |
711 |
if ($res === FALSE) { |
if ($res === FALSE) { |
689 |
|
rg_keys_set_error("Cannot query (" . rg_sql_error() . ")"); |
|
|
712 |
|
rg_keys_set_error('cannot select from db'); |
690 |
713 |
break; |
break; |
691 |
714 |
} |
} |
692 |
715 |
|
|
|
... |
... |
function rg_keys_list($db, $ui) |
738 |
761 |
return $ret; |
return $ret; |
739 |
762 |
} |
} |
740 |
763 |
|
|
|
764 |
|
/* |
|
765 |
|
* Search a key by fingerprint |
|
766 |
|
* Used for OpenSSH (rg_authorize script) |
|
767 |
|
*/ |
|
768 |
|
function rg_keys_search_by_fingerprint($db, $fp) |
|
769 |
|
{ |
|
770 |
|
rg_prof_start('keys_search_by_fingerprint'); |
|
771 |
|
|
|
772 |
|
$ret = array('ok' => 0, 'list' => array()); |
|
773 |
|
while (1) { |
|
774 |
|
$params = array('fp' => $fp); |
|
775 |
|
$sql = 'SELECT key_id, uid, key FROM keys' |
|
776 |
|
. ' WHERE fingerprint_sha256 = @@fp@@'; |
|
777 |
|
$res = rg_sql_query_params($db, $sql, $params); |
|
778 |
|
if ($res === FALSE) { |
|
779 |
|
rg_keys_set_error('cannot select from keys table'); |
|
780 |
|
break; |
|
781 |
|
} |
|
782 |
|
while (($row = rg_sql_fetch_array($res))) { |
|
783 |
|
$row['flags'] = 'N'; |
|
784 |
|
$ret['list'][] = $row; |
|
785 |
|
} |
|
786 |
|
rg_sql_free_result($res); |
|
787 |
|
|
|
788 |
|
$sql = 'SELECT id, who, ssh_key FROM workers' |
|
789 |
|
. ' WHERE fingerprint_sha256 = @@fp@@'; |
|
790 |
|
$res = rg_sql_query_params($db, $sql, $params); |
|
791 |
|
if ($res === FALSE) { |
|
792 |
|
rg_keys_set_error('cannot select from workers table'); |
|
793 |
|
break; |
|
794 |
|
} |
|
795 |
|
while (($row = rg_sql_fetch_array($res))) { |
|
796 |
|
$row2 = array( |
|
797 |
|
'key_id' => $row['id'], |
|
798 |
|
'uid' => $row['who'], |
|
799 |
|
'key' => $row['ssh_key'], |
|
800 |
|
'flags' => 'W' |
|
801 |
|
); |
|
802 |
|
$ret['list'][] = $row2; |
|
803 |
|
} |
|
804 |
|
rg_sql_free_result($res); |
|
805 |
|
|
|
806 |
|
$ret['ok'] = 1; |
|
807 |
|
break; |
|
808 |
|
} |
|
809 |
|
|
|
810 |
|
rg_prof_end('keys_search_by_fingerprint'); |
|
811 |
|
return $ret; |
|
812 |
|
} |
|
813 |
|
|
741 |
814 |
?> |
?> |
File inc/struct.inc.php changed (mode: 100644) (index bf940b6..a30d3e5) |
... |
... |
$rg_sql_struct[40]['other'] = array( |
577 |
577 |
"UPDATE users SET disk_used_mb = 0 WHERE disk_used_mb IS NULL" |
"UPDATE users SET disk_used_mb = 0 WHERE disk_used_mb IS NULL" |
578 |
578 |
); |
); |
579 |
579 |
|
|
|
580 |
|
$rg_sql_struct[41]['other'] = array( |
|
581 |
|
'keys_fingerprint' => "ALTER TABLE keys ADD fingerprint_sha256" |
|
582 |
|
. " TEXT NOT NULL DEFAULT ''", |
|
583 |
|
'keys_fingerprint_index' => "CREATE INDEX keys_i_fingerprint_sha256" |
|
584 |
|
. " ON keys(fingerprint_sha256)", |
|
585 |
|
'workers_fingerprint' => "ALTER TABLE workers ADD fingerprint_sha256" |
|
586 |
|
. " TEXT NOT NULL DEFAULT ''", |
|
587 |
|
'workers_fingerprint_index' => "CREATE INDEX workers_i_fingerprint_sha256" |
|
588 |
|
. " ON workers(fingerprint_sha256)" |
|
589 |
|
); |
|
590 |
|
|
580 |
591 |
// Do not forget to add the new tables to statistics |
// Do not forget to add the new tables to statistics |
581 |
592 |
// This must be the last line |
// This must be the last line |
582 |
593 |
$rg_sql_schema_ver = count($rg_sql_struct); |
$rg_sql_schema_ver = count($rg_sql_struct); |
File selinux/rocketgit.te.tmpl changed (mode: 100644) (index 87bec49..6fe2153) |
1 |
|
policy_module(rocketgit,1.0.112) |
|
|
1 |
|
policy_module(rocketgit,1.0.114) |
2 |
2 |
|
|
3 |
3 |
######################################## |
######################################## |
4 |
4 |
# |
# |
|
... |
... |
gen_require(` |
14 |
14 |
type unconfined_t; |
type unconfined_t; |
15 |
15 |
role unconfined_r; |
role unconfined_r; |
16 |
16 |
type fs_t; |
type fs_t; |
|
17 |
|
type sshd_t; |
17 |
18 |
# next are for worker.sh |
# next are for worker.sh |
18 |
19 |
#class dir mounton; |
#class dir mounton; |
19 |
20 |
#class filesystem { getattr mount unmount }; |
#class filesystem { getattr mount unmount }; |
|
... |
... |
optional_policy(` |
57 |
58 |
|
|
58 |
59 |
# Force ssh to transition to rocketgit_t |
# Force ssh to transition to rocketgit_t |
59 |
60 |
domain_auto_trans(unconfined_t, rocketgit_exec_t, rocketgit_t) |
domain_auto_trans(unconfined_t, rocketgit_exec_t, rocketgit_t) |
|
61 |
|
domain_auto_trans(sshd_t, rocketgit_exec_t, rocketgit_t) |
|
62 |
|
# Allow rocketgit_t to send sigchld to sshd, else: |
|
63 |
|
# type=AVC msg=audit(1478322111.327:1158923): avc: denied { sigchld } for pid=24506 comm="sshd" scontext=system_u:system_r:rocketgit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process permissive=0 |
|
64 |
|
# Not sure if this is the best way. |
|
65 |
|
allow rocketgit_t sshd_t:process sigchld; |
60 |
66 |
|
|
61 |
67 |
# Allow events.php to manage /home/rocketgit/.ssh |
# Allow events.php to manage /home/rocketgit/.ssh |
62 |
68 |
userdom_manage_user_home_content(rocketgit_t) |
userdom_manage_user_home_content(rocketgit_t) |
File tools/rg_authorize added (mode: 100755) (index 0000000..0ca4cbc) |
|
1 |
|
#!/usr/bin/php |
|
2 |
|
<?php |
|
3 |
|
// This is called by SSH daemon to lookup a fingerprint |
|
4 |
|
error_reporting(E_ALL); |
|
5 |
|
ini_set('track_errors', 'On'); |
|
6 |
|
set_time_limit(30); |
|
7 |
|
|
|
8 |
|
$_s = microtime(TRUE); |
|
9 |
|
|
|
10 |
|
require_once('/etc/rocketgit/config.php'); |
|
11 |
|
|
|
12 |
|
$INC = $rg_scripts . '/inc'; |
|
13 |
|
require_once($INC . '/init.inc.php'); |
|
14 |
|
require_once($INC . '/log.inc.php'); |
|
15 |
|
require_once($INC . '/sql.inc.php'); |
|
16 |
|
require_once($INC . '/struct.inc.php'); |
|
17 |
|
require_once($INC . '/cache.inc.php'); |
|
18 |
|
require_once($INC . '/prof.inc.php'); |
|
19 |
|
require_once($INC . '/keys.inc.php'); |
|
20 |
|
require_once($INC . '/user.inc.php'); |
|
21 |
|
require_once($INC . '/fixes.inc.php'); |
|
22 |
|
|
|
23 |
|
|
|
24 |
|
rg_prof_start('MAIN'); |
|
25 |
|
|
|
26 |
|
rg_log_set_file($rg_log_dir . '/authorize.log'); |
|
27 |
|
rg_log_set_sid('000000'); // to spread the logs |
|
28 |
|
|
|
29 |
|
rg_sql_app('rg_authorize'); |
|
30 |
|
$db = rg_sql_open($rg_sql); |
|
31 |
|
if ($db === FALSE) { |
|
32 |
|
rg_log('Cannot connect to db!'); |
|
33 |
|
exit(1); |
|
34 |
|
} |
|
35 |
|
|
|
36 |
|
if ($_SERVER['argc'] != 2) { |
|
37 |
|
rg_log('Invalid number of parameters (' . $_SERVER['argc'] . ')!'); |
|
38 |
|
rg_log_ml('argv: ' . print_r($_SERVER['argv'], TRUE)); |
|
39 |
|
exit(1); |
|
40 |
|
} |
|
41 |
|
|
|
42 |
|
$fp = trim($_SERVER['argv'][1]); |
|
43 |
|
if (strncmp($fp, 'SHA256:', 7) != 0) { |
|
44 |
|
rg_log('Invalid fingerprint type: ' . $fp . '!'); |
|
45 |
|
exit(1); |
|
46 |
|
} |
|
47 |
|
$fp = substr($fp, 7); |
|
48 |
|
$fp = rtrim($fp, '='); |
|
49 |
|
|
|
50 |
|
$r = rg_keys_search_by_fingerprint($db, $fp); |
|
51 |
|
if ($r['ok'] !== 1) { |
|
52 |
|
rg_log('Cannot lookup by fingerprint: ' . rg_keys_error()); |
|
53 |
|
exit(1); |
|
54 |
|
} |
|
55 |
|
rg_log('DEBUG: Found ' . count($r['list']) . ' key(s)'); |
|
56 |
|
|
|
57 |
|
foreach ($r['list'] as $i) |
|
58 |
|
echo rg_keys_output_line($i); |
|
59 |
|
|
|
60 |
|
rg_prof_end('MAIN'); |
|
61 |
|
rg_prof_log(); |
|
62 |
|
?> |