Changeset View
Changeset View
Standalone View
Standalone View
scripts/ssh/ssh-auth.php
| #!/usr/bin/env php | #!/usr/bin/env php | ||||
| <?php | <?php | ||||
| $root = dirname(dirname(dirname(__FILE__))); | $root = dirname(dirname(dirname(__FILE__))); | ||||
| require_once $root.'/scripts/init/init-script.php'; | require_once $root.'/scripts/init/init-script.php'; | ||||
| // TODO: For now, this is using "parseParital()", not "parse()". This allows | |||||
| // the script to accept (and ignore) additional arguments. This preserves | |||||
| // backward compatibility until installs have time to migrate to the new | |||||
| // syntax. | |||||
| $args = id(new PhutilArgumentParser($argv)) | |||||
| ->parsePartial( | |||||
| array( | |||||
| array( | |||||
| 'name' => 'sshd-key', | |||||
| 'param' => 'k', | |||||
| 'help' => pht( | |||||
| 'Accepts the "%%k" parameter from "AuthorizedKeysCommand".'), | |||||
| ), | |||||
| )); | |||||
| $sshd_key = $args->getArg('sshd-key'); | |||||
| // NOTE: We are caching a datastructure rather than the flat key file because | // NOTE: We are caching a datastructure rather than the flat key file because | ||||
| // the path on disk to "ssh-exec" is arbitrarily mutable at runtime. See T12397. | // the path on disk to "ssh-exec" is arbitrarily mutable at runtime. See T12397. | ||||
| $cache = PhabricatorCaches::getMutableCache(); | $cache = PhabricatorCaches::getMutableCache(); | ||||
| $authstruct_key = PhabricatorAuthSSHKeyQuery::AUTHSTRUCT_CACHEKEY; | $authstruct_key = PhabricatorAuthSSHKeyQuery::AUTHSTRUCT_CACHEKEY; | ||||
| $authstruct_raw = $cache->getKey($authstruct_key); | $authstruct_raw = $cache->getKey($authstruct_key); | ||||
| $authstruct = null; | $authstruct = null; | ||||
| ▲ Show 20 Lines • Show All 65 Lines • ▼ Show 20 Lines | $authstruct = array( | ||||
| 'keys' => $key_list, | 'keys' => $key_list, | ||||
| ); | ); | ||||
| $authstruct_raw = phutil_json_encode($authstruct); | $authstruct_raw = phutil_json_encode($authstruct); | ||||
| $ttl = phutil_units('24 hours in seconds'); | $ttl = phutil_units('24 hours in seconds'); | ||||
| $cache->setKey($authstruct_key, $authstruct_raw, $ttl); | $cache->setKey($authstruct_key, $authstruct_raw, $ttl); | ||||
| } | } | ||||
| // If we've received an "--sshd-key" argument and it matches some known key, | |||||
| // only emit that key. (For now, if the key doesn't match, we'll fall back to | |||||
| // emitting all keys.) | |||||
| if ($sshd_key !== null) { | |||||
| $matches = array(); | |||||
| foreach ($authstruct['keys'] as $key => $key_struct) { | |||||
| if (phutil_hashes_are_identical($key_struct['key'], $sshd_key)) { | |||||
| $matches[$key] = $key_struct; | |||||
| } | |||||
| } | |||||
| if ($matches) { | |||||
| $authstruct['keys'] = $matches; | |||||
| } | |||||
| } | |||||
| $bin = $root.'/bin/ssh-exec'; | $bin = $root.'/bin/ssh-exec'; | ||||
| $instance = PhabricatorEnv::getEnvConfig('cluster.instance'); | $instance = PhabricatorEnv::getEnvConfig('cluster.instance'); | ||||
| $lines = array(); | $lines = array(); | ||||
| foreach ($authstruct['keys'] as $key_struct) { | foreach ($authstruct['keys'] as $key_struct) { | ||||
| $key_argv = $key_struct['argv']; | $key_argv = $key_struct['argv']; | ||||
| $key = $key_struct['key']; | $key = $key_struct['key']; | ||||
| $type = $key_struct['type']; | $type = $key_struct['type']; | ||||
| Show All 27 Lines | |||||