From eecaad8b8e2c447429c31a01d49260ddd6b4ee03 Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Sat, 16 Apr 2016 17:35:32 -0400
Subject: [PATCH] Proof of concept #1026

---
 src/main/java/com/gitblit/transport/ssh/FileKeyManager.java |   54 ++++++++++++++++++++++++++++++++++++------------------
 1 files changed, 36 insertions(+), 18 deletions(-)

diff --git a/src/main/java/com/gitblit/transport/ssh/FileKeyManager.java b/src/main/java/com/gitblit/transport/ssh/FileKeyManager.java
index 77f818c..1a2cd68 100644
--- a/src/main/java/com/gitblit/transport/ssh/FileKeyManager.java
+++ b/src/main/java/com/gitblit/transport/ssh/FileKeyManager.java
@@ -23,11 +23,13 @@
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
+import com.gitblit.Constants.AccessPermission;
 import com.gitblit.Keys;
 import com.gitblit.manager.IRuntimeManager;
 import com.google.common.base.Charsets;
 import com.google.common.base.Joiner;
 import com.google.common.io.Files;
+import com.google.inject.Inject;
 
 /**
  * Manages public keys on the filesystem.
@@ -41,6 +43,7 @@
 
 	protected final Map<File, Long> lastModifieds;
 
+	@Inject
 	public FileKeyManager(IRuntimeManager runtimeManager) {
 		this.runtimeManager = runtimeManager;
 		this.lastModifieds = new ConcurrentHashMap<File, Long>();
@@ -89,7 +92,7 @@
 	@Override
 	protected List<SshKey> getKeysImpl(String username) {
 		try {
-			log.info("loading keystore for {}", username);
+			log.info("loading ssh keystore for {}", username);
 			File keystore = getKeystore(username);
 			if (!keystore.exists()) {
 				return null;
@@ -105,8 +108,18 @@
 						// skip comments
 						continue;
 					}
-					SshKey key = new SshKey(entry);
-					list.add(key);
+					String [] parts = entry.split(" ", 2);
+					AccessPermission perm = AccessPermission.fromCode(parts[0]);
+					if (perm.equals(AccessPermission.NONE)) {
+						// ssh-rsa DATA COMMENT
+						SshKey key = new SshKey(entry);
+						list.add(key);
+					} else if (perm.exceeds(AccessPermission.NONE)) {
+						// PERMISSION ssh-rsa DATA COMMENT
+						SshKey key = new SshKey(parts[1]);
+						key.setPermission(perm);
+						list.add(key);
+					}
 				}
 
 				if (list.isEmpty()) {
@@ -117,7 +130,7 @@
 				return list;
 			}
 		} catch (IOException e) {
-			throw new RuntimeException("Canot read ssh keys", e);
+			throw new RuntimeException("Cannot read ssh keys", e);
 		}
 		return null;
 	}
@@ -129,7 +142,6 @@
 	@Override
 	public boolean addKey(String username, SshKey key) {
 		try {
-			String newKey = stripCommentFromKey(key.getRawData());
 			boolean replaced = false;
 			List<String> lines = new ArrayList<String>();
 			File keystore = getKeystore(username);
@@ -147,10 +159,10 @@
 						continue;
 					}
 
-					String oldKey = stripCommentFromKey(line);
-					if (newKey.equals(oldKey)) {
+					SshKey oldKey = parseKey(line);
+					if (key.equals(oldKey)) {
 						// replace key
-						lines.add(key.getRawData());
+						lines.add(key.getPermission() + " " + key.getRawData());
 						replaced = true;
 					} else {
 						// retain key
@@ -161,7 +173,7 @@
 
 			if (!replaced) {
 				// new key, append
-				lines.add(key.getRawData());
+				lines.add(key.getPermission() + " " + key.getRawData());
 			}
 
 			// write keystore
@@ -182,8 +194,6 @@
 	@Override
 	public boolean removeKey(String username, SshKey key) {
 		try {
-			String rmKey = stripCommentFromKey(key.getRawData());
-
 			File keystore = getKeystore(username);
 			if (keystore.exists()) {
 				List<String> lines = new ArrayList<String>();
@@ -201,8 +211,8 @@
 					}
 
 					// only include keys that are NOT rmKey
-					String oldKey = stripCommentFromKey(line);
-					if (!rmKey.equals(oldKey)) {
+					SshKey oldKey = parseKey(line);
+					if (!key.equals(oldKey)) {
 						lines.add(entry);
 					}
 				}
@@ -242,10 +252,18 @@
 		return keys;
 	}
 
-	/* Strips the comment from the key data and eliminates whitespace diffs */
-	protected String stripCommentFromKey(String data) {
-		String [] cols = data.split(" ", 3);
-		String key = Joiner.on(" ").join(cols[0], cols[1]);
-		return key;
+	protected SshKey parseKey(String line) {
+		String [] parts = line.split(" ", 2);
+		AccessPermission perm = AccessPermission.fromCode(parts[0]);
+		if (perm.equals(AccessPermission.NONE)) {
+			// ssh-rsa DATA COMMENT
+			SshKey key = new SshKey(line);
+			return key;
+		} else {
+			// PERMISSION ssh-rsa DATA COMMENT
+			SshKey key = new SshKey(parts[1]);
+			key.setPermission(perm);
+			return key;
+		}
 	}
 }

--
Gitblit v1.9.1