نسخ من khaledmahfouz5/Maqtaa
Fix perms for http/ssh clone (#288)
هذا الالتزام موجود في:
Thomas Miceli
@@ -50,11 +50,18 @@ func runGitCommand(ch ssh.Channel, gitCmd string, key string, ip string) error {
|
||||
// - gist is not found (obfuscation)
|
||||
// - admin setting to require login is set to true
|
||||
if verb == "receive-pack" ||
|
||||
gist.Private == 2 ||
|
||||
gist.Private == db.PrivateVisibility ||
|
||||
gist.ID == 0 ||
|
||||
!allowUnauthenticated {
|
||||
|
||||
pubKey, err := db.SSHKeyExistsForUser(key, gist.UserID)
|
||||
var userToCheckPermissions *db.User
|
||||
if gist.Private != db.PrivateVisibility && verb == "upload-pack" {
|
||||
userToCheckPermissions, _ = db.GetUserFromSSHKey(key)
|
||||
} else {
|
||||
userToCheckPermissions = &gist.User
|
||||
}
|
||||
|
||||
pubKey, err := db.SSHKeyExistsForUser(key, userToCheckPermissions.ID)
|
||||
if err != nil {
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
log.Warn().Msg("Invalid SSH authentication attempt from " + ip)
|
||||
|
||||
@@ -24,8 +24,8 @@ func Start() {
|
||||
sshConfig := &ssh.ServerConfig{
|
||||
PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
|
||||
strKey := strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key)))
|
||||
_, err := db.SSHKeyDoesExists(strKey)
|
||||
if err != nil {
|
||||
exists, err := db.SSHKeyDoesExists(strKey)
|
||||
if !exists {
|
||||
if !errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
المرجع في مشكلة جديدة
حظر مستخدم