Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ECDSA keys don't work with LDAP sync #5092

Closed
2 of 7 tasks
xor-gate opened this issue Oct 16, 2018 · 2 comments
Closed
2 of 7 tasks

ECDSA keys don't work with LDAP sync #5092

xor-gate opened this issue Oct 16, 2018 · 2 comments
Labels
type/bug type/enhancement An improvement of existing functionality
Milestone
1.7.0

Comments

@xor-gate
Copy link
Contributor

xor-gate commented Oct 16, 2018
edited

  • Gitea version (or commit ref): 1.5.0+rc1-249-g4090204 (latest HEAD)
  • Git version: n.a
  • Operating system: Linux (debian 8)
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant

Description

LDAP sync doesn't work with ECDSA keys because the algo string check is hardcoded instead of using ssh.ParseAuthorizedKey.

2018/10/16 10:15:49 [W] addLdapSSHPublicKeys[auth.example.com]: Skipping invalid LDAP Public SSH Key for user jjacobs: ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAE1igxlv03cX/DzPgLyOtd554AZD+FTxpM80cfIcOfEiRG6KgDRWqhlezHWfMytPhTHICnXIP4d5qg72ITWt1FGFQAsWCQoRDK6/FsQ1eYuBGmesF0oK/MQyyiWdula8RWCb+3IuxiJzvN81V0iel7WTNw8MzTRqIm0ikdiNc+canhRkw==
2018/10/16 10:19:59 [T] ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAE1igxlv03cX/DzPgLyOtd554AZD+FTxpM80cfIcOfEiRG6KgDRWqhlezHWfMytPhTHICnXIP4d5qg72ITWt1FGFQAsWCQoRDK6/FsQ1eYuBGmesF0oK/MQyyiWdula8RWCb+3IuxiJzvN81V0iel7WTNw8MzTRqIm0ikdiNc+canhRkw==

Solution

https://github.com/go-gitea/gitea/blob/master/models/user.go#L1458

Should become

                _, _, _, _, err := ssh.ParseAuthorizedKey([]byte(sshKey))
                if err == nil {
@lunny lunny added the type/enhancement An improvement of existing functionality label Oct 16, 2018
@xor-gate
Copy link
Contributor Author

Hi Guys,

I could create a PR for this as I have tested it and works fine with parsing in a normal way instead of checking for a limited ssh prefix.

Just let me know.

Kind regards,
Jerry Jacobs

@techknowlogick
Copy link
Member

@xor-gate PRs are always welcome 😄

@xor-gate xor-gate mentioned this issue Oct 30, 2018
Merged
@lunny lunny added this to the 1.7.0 milestone Oct 31, 2018
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug type/enhancement An improvement of existing functionality
Projects
None yet
Milestone
1.7.0
Development

No branches or pull requests
4 participants
@lunny @techknowlogick @lafriks @xor-gate