Merge branch 'master' into blender-tweaks
This commit is contained in:
@@ -1,42 +0,0 @@
|
||||
#!/usr/bin/env php
|
||||
<?php
|
||||
|
||||
$root = dirname(dirname(dirname(__FILE__)));
|
||||
require_once $root.'/scripts/__init_script__.php';
|
||||
|
||||
try {
|
||||
$cert = file_get_contents('php://stdin');
|
||||
$public_key = PhabricatorAuthSSHPublicKey::newFromRawKey($cert);
|
||||
} catch (Exception $ex) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
$key = id(new PhabricatorAuthSSHKeyQuery())
|
||||
->setViewer(PhabricatorUser::getOmnipotentUser())
|
||||
->withKeys(array($public_key))
|
||||
->withIsActive(true)
|
||||
->executeOne();
|
||||
if (!$key) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
$object = $key->getObject();
|
||||
if (!($object instanceof PhabricatorUser)) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
$bin = $root.'/bin/ssh-exec';
|
||||
$cmd = csprintf('%s --phabricator-ssh-user %s', $bin, $object->getUsername());
|
||||
// This is additional escaping for the SSH 'command="..."' string.
|
||||
$cmd = addcslashes($cmd, '"\\');
|
||||
|
||||
$options = array(
|
||||
'command="'.$cmd.'"',
|
||||
'no-port-forwarding',
|
||||
'no-X11-forwarding',
|
||||
'no-agent-forwarding',
|
||||
'no-pty',
|
||||
);
|
||||
|
||||
echo implode(',', $options);
|
||||
exit(0);
|
||||
@@ -4,6 +4,24 @@
|
||||
$root = dirname(dirname(dirname(__FILE__)));
|
||||
require_once $root.'/scripts/init/init-script.php';
|
||||
|
||||
// TODO: For now, this is using "parseParital()", not "parse()". This allows
|
||||
// the script to accept (and ignore) additional arguments. This preserves
|
||||
// backward compatibility until installs have time to migrate to the new
|
||||
// syntax.
|
||||
|
||||
$args = id(new PhutilArgumentParser($argv))
|
||||
->parsePartial(
|
||||
array(
|
||||
array(
|
||||
'name' => 'sshd-key',
|
||||
'param' => 'k',
|
||||
'help' => pht(
|
||||
'Accepts the "%%k" parameter from "AuthorizedKeysCommand".'),
|
||||
),
|
||||
));
|
||||
|
||||
$sshd_key = $args->getArg('sshd-key');
|
||||
|
||||
// NOTE: We are caching a datastructure rather than the flat key file because
|
||||
// the path on disk to "ssh-exec" is arbitrarily mutable at runtime. See T12397.
|
||||
|
||||
@@ -85,6 +103,22 @@ if ($authstruct === null) {
|
||||
$cache->setKey($authstruct_key, $authstruct_raw, $ttl);
|
||||
}
|
||||
|
||||
// If we've received an "--sshd-key" argument and it matches some known key,
|
||||
// only emit that key. (For now, if the key doesn't match, we'll fall back to
|
||||
// emitting all keys.)
|
||||
if ($sshd_key !== null) {
|
||||
$matches = array();
|
||||
foreach ($authstruct['keys'] as $key => $key_struct) {
|
||||
if ($key_struct['key'] === $sshd_key) {
|
||||
$matches[$key] = $key_struct;
|
||||
}
|
||||
}
|
||||
|
||||
if ($matches) {
|
||||
$authstruct['keys'] = $matches;
|
||||
}
|
||||
}
|
||||
|
||||
$bin = $root.'/bin/ssh-exec';
|
||||
$instance = PhabricatorEnv::getEnvConfig('cluster.instance');
|
||||
|
||||
|
||||
Reference in New Issue
Block a user