Changeset View
Changeset View
Standalone View
Standalone View
scripts/ssh/ssh-auth.php
- This file was copied to scripts/ssh/ssh-auth-key.php.
| #!/usr/bin/env php | #!/usr/bin/env php | ||||
| <?php | <?php | ||||
| $root = dirname(dirname(dirname(__FILE__))); | $root = dirname(dirname(dirname(__FILE__))); | ||||
| require_once $root.'/scripts/__init_script__.php'; | require_once $root.'/scripts/__init_script__.php'; | ||||
| $cert = file_get_contents('php://stdin'); | |||||
| if (!$cert) { | |||||
| exit(1); | |||||
| } | |||||
| $parts = preg_split('/\s+/', $cert); | |||||
| if (count($parts) < 2) { | |||||
| exit(1); | |||||
| } | |||||
| list($type, $body) = $parts; | |||||
| $user_dao = new PhabricatorUser(); | $user_dao = new PhabricatorUser(); | ||||
| $ssh_dao = new PhabricatorUserSSHKey(); | $ssh_dao = new PhabricatorUserSSHKey(); | ||||
| $conn_r = $user_dao->establishConnection('r'); | $conn_r = $user_dao->establishConnection('r'); | ||||
| $row = queryfx_one( | $rows = queryfx_all( | ||||
| $conn_r, | $conn_r, | ||||
| 'SELECT userName FROM %T u JOIN %T ssh ON u.phid = ssh.userPHID | 'SELECT userName, keyBody, keyType FROM %T u JOIN %T ssh | ||||
| WHERE ssh.keyType = %s AND ssh.keyBody = %s', | ON u.phid = ssh.userPHID', | ||||
| $user_dao->getTableName(), | $user_dao->getTableName(), | ||||
| $ssh_dao->getTableName(), | $ssh_dao->getTableName()); | ||||
| $type, | |||||
| $body); | |||||
| if (!$row) { | $bin = $root.'/bin/ssh-exec'; | ||||
| exit(1); | foreach ($rows as $row) { | ||||
| } | $user = $row['userName']; | ||||
| $cmd = csprintf('%s --phabricator-ssh-user %s', $bin, $user); | |||||
| // This is additional escaping for the SSH 'command="..."' string. | |||||
| $cmd = addcslashes($cmd, '"\\'); | |||||
| $user = idx($row, 'userName'); | // Strip out newlines and other nonsense from the key type and key body. | ||||
| if (!$user) { | $type = $row['keyType']; | ||||
| exit(1); | $type = preg_replace('@[\x00-\x20]+@', '', $type); | ||||
| } | |||||
| if (!PhabricatorUser::validateUsername($user)) { | $key = $row['keyBody']; | ||||
| exit(1); | $key = preg_replace('@[\x00-\x20]+@', '', $key); | ||||
| } | |||||
| $bin = $root.'/bin/ssh-exec'; | |||||
| $cmd = csprintf('%s --phabricator-ssh-user %s', $bin, $user); | |||||
| // This is additional escaping for the SSH 'command="..."' string. | |||||
| $cmd = str_replace('"', '\\"', $cmd); | |||||
| $options = array( | $options = array( | ||||
| 'command="'.$cmd.'"', | 'command="'.$cmd.'"', | ||||
| 'no-port-forwarding', | 'no-port-forwarding', | ||||
| 'no-X11-forwarding', | 'no-X11-forwarding', | ||||
| 'no-agent-forwarding', | 'no-agent-forwarding', | ||||
| 'no-pty', | 'no-pty', | ||||
| ); | ); | ||||
| $options = implode(',', $options); | |||||
| $lines[] = $options.' '.$type.' '.$key."\n"; | |||||
| } | |||||
| echo implode(',', $options); | echo implode('', $lines); | ||||
| exit(0); | exit(0); | ||||