Page MenuHomePhabricator
Files F15440433

D20874.id49761.diff
No OneTemporary
Actions

D20874.id49761.diff
View Options

diff --git a/scripts/ssh/ssh-auth.php b/scripts/ssh/ssh-auth.php
--- a/scripts/ssh/ssh-auth.php
+++ b/scripts/ssh/ssh-auth.php
@@ -4,6 +4,24 @@
$root = dirname(dirname(dirname(__FILE__)));
require_once $root.'/scripts/init/init-script.php';
+// TODO: For now, this is using "parseParital()", not "parse()". This allows
+// the script to accept (and ignore) additional arguments. This preserves
+// backward compatibility until installs have time to migrate to the new
+// syntax.
+
+$args = id(new PhutilArgumentParser($argv))
+ ->parsePartial(
+ array(
+ array(
+ 'name' => 'sshd-key',
+ 'param' => 'k',
+ 'help' => pht(
+ 'Accepts the "%%k" parameter from "AuthorizedKeysCommand".'),
+ ),
+ ));
+
+$sshd_key = $args->getArg('sshd-key');
+
// NOTE: We are caching a datastructure rather than the flat key file because
// the path on disk to "ssh-exec" is arbitrarily mutable at runtime. See T12397.
@@ -85,6 +103,22 @@
$cache->setKey($authstruct_key, $authstruct_raw, $ttl);
}
+// If we've received an "--sshd-key" argument and it matches some known key,
+// only emit that key. (For now, if the key doesn't match, we'll fall back to
+// emitting all keys.)
+if ($sshd_key !== null) {
+ $matches = array();
+ foreach ($authstruct['keys'] as $key => $key_struct) {
+ if (phutil_hashes_are_identical($key_struct['key'], $sshd_key)) {
+ $matches[$key] = $key_struct;
+ }
+ }
+
+ if ($matches) {
+ $authstruct['keys'] = $matches;
+ }
+}
+
$bin = $root.'/bin/ssh-exec';
$instance = PhabricatorEnv::getEnvConfig('cluster.instance');

File Metadata

Mime Type
text/plain
Expires
Thu, Mar 27, 12:50 PM (3 w, 6 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7585971
Default Alt Text
D20874.id49761.diff (1 KB)

Event Timeline

Phabricator · Built by Phacility