third-party-mirrors/ssh-chat
1
0
Fork 0
mirror of https://github.com/shazow/ssh-chat.git synced 2025-06-07 19:03:17 +03:00
Code Issues Projects Releases Wiki Activity

Can now whitelist users by github pubkeys.

Browse Source
This commit is contained in:
empathetic-alligator 2014-12-15 23:55:46 -05:00
parent 21abb26040
commit 2a4a005b3c
2 changed files with 69 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
client.go
View File

@ -415,8 +415,12 @@ func (c *Client) handleShell(channel ssh.Channel) {
c.SysMsg("Missing $FINGERPRINT from: /whitelist $FINGERPRINT") c.SysMsg("Missing $FINGERPRINT from: /whitelist $FINGERPRINT")
} else { } else {
fingerprint := parts[1] fingerprint := parts[1]
c.Server.Whitelist(fingerprint) err = c.Server.Whitelist(fingerprint)
c.SysMsg("Added %s to the whitelist", fingerprint) if err != nil {
c.SysMsg("Error adding to whitelist: %s", err)
} else {
c.SysMsg("Added %s to the whitelist", fingerprint)
}
} }
default: default:

68
server.go
View File

@ -9,6 +9,10 @@ import (
"sync" "sync"
"syscall" "syscall"
"time" "time"
"net/http"
"io/ioutil"
"encoding/base64"
"errors"
"golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh"
) )
@ -260,11 +264,65 @@ func (s *Server) Op(fingerprint string) {
} }
// Whitelist adds the given fingerprint to the whitelist // Whitelist adds the given fingerprint to the whitelist
func (s *Server) Whitelist(fingerprint string) { func (s *Server) Whitelist(fingerprint string) error {
logger.Infof("Adding whitelist: %s", fingerprint) if strings.HasPrefix(fingerprint, "github.com/") {
s.Lock() logger.Infof("Adding github account %s to whitelist", fingerprint)
s.whitelist[fingerprint] = struct{}{}
s.Unlock() keys, err := getGithubKey(fingerprint)
if err != nil {
return err
}
if len(keys) == 0 {
return errors.New(fmt.Sprintf("No github user %s", fingerprint))
}
for _, key := range keys {
fingerprint = Fingerprint(key)
logger.Infof("Adding whitelist: %s", fingerprint)
s.Lock()
s.whitelist[fingerprint] = struct{}{}
s.Unlock()
}
} else {
logger.Infof("Adding whitelist: %s", fingerprint)
s.Lock()
s.whitelist[fingerprint] = struct{}{}
s.Unlock()
}
return nil
}
var r *regexp.Regexp = regexp.MustCompile(`ssh-rsa ([A-Za-z0-9\+=\/]+)\s*`)
func getGithubKey(url string) ([]ssh.PublicKey, error) {
resp, err := http.Get("http://" + url + ".keys")
if err != nil {
return nil, err
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, err
}
body_str := string(body)
keys := r.FindAllStringSubmatch(body_str, -1)
pubs := make([]ssh.PublicKey, 0, 3)
for _, key := range keys {
if(len(key) < 2) {
continue
}
body_decoded, err := base64.StdEncoding.DecodeString(key[1])
if err != nil {
return nil, err
}
pub, err := ssh.ParsePublicKey(body_decoded)
if err != nil {
return nil, err
}
pubs = append(pubs, pub)
}
return pubs, nil
} }
// Uptime returns the time since the server was started // Uptime returns the time since the server was started