Преглед на файлове

Support multiple public keys

This will parse the public key field as a newline delimited list of public keys.

Return (valid) result on first match.
Jo Vandeginste преди 6 години
родител
ревизия
c752dd8e81
променени са 2 файла, в които са добавени 16 реда и са изтрити 12 реда
  1. 6 3
      dataprovider/dataprovider.go
  2. 10 9
      dataprovider/sqlcommon.go

+ 6 - 3
dataprovider/dataprovider.go

@@ -234,11 +234,14 @@ func validateUser(user *User) error {
 		user.Password = pwd
 	}
 	if len(user.PublicKey) > 0 {
-		_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(user.PublicKey))
-		if err != nil {
-			return err
+		for i, k := range strings.Split(user.PublicKey, "\n") {
+			_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(k))
+			if err != nil {
+				return &ValidationError{err: fmt.Sprintf("Could not parse key nr. %d: %s", i, err)}
+			}
 		}
 	}
+
 	return nil
 }
 

+ 10 - 9
dataprovider/sqlcommon.go

@@ -73,20 +73,21 @@ func sqlCommonValidateUserAndPubKey(username string, pubKey string) (User, error
 		logger.Warn(logSender, "error authenticating user: %v, error: %v", username, err)
 		return user, err
 	}
-	if len(user.PublicKey) > 0 {
-		storedPubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(user.PublicKey))
+	if len(user.PublicKey) == 0 {
+		return user, errors.New("Invalid credentials")
+	}
+
+	for i, k := range strings.Split(user.PublicKey, "\n") {
+		storedPubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(k))
 		if err != nil {
-			logger.Warn(logSender, "error parsing stored public key for user %v: %v", username, err)
+			logger.Warn(logSender, "error parsing stored public key %d for user %v: %v", i, username, err)
 			return user, err
 		}
-		if string(storedPubKey.Marshal()) != pubKey {
-			err = errors.New("Invalid credentials")
-			return user, err
+		if string(storedPubKey.Marshal()) == pubKey {
+			return user, nil
 		}
-	} else {
-		err = errors.New("Invalid credentials")
 	}
-	return user, err
+	return user, errors.New("Invalid credentials")
 }
 
 func sqlCommonGetUserByID(ID int64) (User, error) {