Skip to content

Commit

Permalink
skip adding duplicate keys
Browse files Browse the repository at this point in the history
  • Loading branch information
@hellt
hellt committed May 16, 2023
1 parent 51295f7 commit 4134107
Showing 1 changed file with 30 additions and 16 deletions.
46 changes: 30 additions & 16 deletions clab/authz_keys.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"net"
"os"
"path/filepath"
"strings"

log "github.com/sirupsen/logrus"
"github.com/srl-labs/containerlab/utils"
Expand Down Expand Up @@ -41,28 +42,25 @@ func (c *CLab) CreateAuthzKeysFile() error {
all = append(all, f)
}

// try extracting keys from ssh agent
keys, err := retrieveAgentKeys()
// get keys registered with ssh-agent
keys, err := SSHAgentKeys()
if err != nil {
log.Debug(err)

Check warning on line 48 in clab/authz_keys.go

View check run for this annotation

Codecov / codecov/patch

clab/authz_keys.go#L46-L48 

Added lines #L46 - L48 were not covered by tests
} else {
log.Debugf("extracted %d keys from ssh-agent", len(keys))
for _, k := range keys {
b.WriteString(k + "\n")
}
}

log.Debugf("extracted %d keys from ssh-agent", len(keys))
for _, k := range keys {
b.WriteString(k + "\n")

}

Check warning on line 55 in clab/authz_keys.go

View check run for this annotation

Codecov / codecov/patch

clab/authz_keys.go#L51-L55 

Added lines #L51 - L55 were not covered by tests

for _, fn := range all {
rb, err := os.ReadFile(fn)
if err != nil {
return fmt.Errorf("failed reading the file %s: %v", fn, err)
}
// ensure the key ends with a newline
if !bytes.HasSuffix(rb, []byte("\n")) {
rb = append(rb, []byte("\n")...)
}

b.Write(rb)
addKeyToBuffer(b, string(rb))

Check warning on line 63 in clab/authz_keys.go

View check run for this annotation

Codecov / codecov/patch

clab/authz_keys.go#L63 

Added line #L63 was not covered by tests
}

clabAuthzKeysFPath := c.TopoPaths.AuthorizedKeysFilename()
Expand All @@ -74,11 +72,25 @@ func (c *CLab) CreateAuthzKeysFile() error {
return os.Chmod(clabAuthzKeysFPath, 0644) // skipcq: GSC-G302
}

// retrieveAgentKeys retrieves SSH Pubkeys from the ssh-agent
func retrieveAgentKeys() ([]string, error) {
// addKeyToBuffer adds a key to the buffer if the key is not already present
func addKeyToBuffer(b *bytes.Buffer, key string) {
// since they key might have a comment as a third field, we need to strip it
elems := strings.Fields(key)
if len(elems) < 2 {
return
}

Check warning on line 81 in clab/authz_keys.go

View check run for this annotation

Codecov / codecov/patch

clab/authz_keys.go#L76-L81 

Added lines #L76 - L81 were not covered by tests

key = elems[0] + " " + elems[1]
if !strings.Contains(b.String(), key) {
b.WriteString(key + "\n")
}

Check warning on line 86 in clab/authz_keys.go

View check run for this annotation

Codecov / codecov/patch

clab/authz_keys.go#L83-L86 

Added lines #L83 - L86 were not covered by tests
}

// SSHAgentKeys retrieves public keys registered with the ssh-agent
func SSHAgentKeys() ([]string, error) {
socket := os.Getenv("SSH_AUTH_SOCK")
if len(socket) == 0 {
return nil, fmt.Errorf("SSH_AUTH_SOCK not set skipping pubkey evaluation")
return nil, fmt.Errorf("SSH_AUTH_SOCK not set, skipping pubkey fetching")
}
conn, err := net.Dial("unix", socket)
if err != nil {
Expand All @@ -88,11 +100,13 @@ func retrieveAgentKeys() ([]string, error) {
agentClient := agent.NewClient(conn)
keys, err := agentClient.List()
if err != nil {
return nil, fmt.Errorf("error listing agent pub keys %w", err)
return nil, fmt.Errorf("error listing agent's pub keys %w", err)
}

Check warning on line 104 in clab/authz_keys.go

View check run for this annotation

Codecov / codecov/patch

clab/authz_keys.go#L100-L104 

Added lines #L100 - L104 were not covered by tests

var pubKeys []string
for _, key := range keys {
pubKeys = append(pubKeys, key.String())
}

Check warning on line 109 in clab/authz_keys.go

View check run for this annotation

Codecov / codecov/patch

clab/authz_keys.go#L106-L109 

Added lines #L106 - L109 were not covered by tests

return pubKeys, nil

Check warning on line 111 in clab/authz_keys.go

View check run for this annotation

Codecov / codecov/patch

clab/authz_keys.go#L111 

Added line #L111 was not covered by tests
}

0 comments on commit 4134107

Please sign in to comment.