Backport #26409 * Fix #26408 * Bypass the data race issue in "ssh" package (cherry picked from commit 8ad331c9d209f50ed41c92b289ea2dcf575b1bdb)
This commit is contained in:
parent
0414e95cfb
commit
e64aa0d9c2
2 changed files with 8 additions and 3 deletions
|
@ -17,6 +17,7 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
"reflect"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
@ -164,6 +165,10 @@ func sessionHandler(session ssh.Session) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
|
func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
|
||||||
|
// FIXME: the "ssh.Context" is not thread-safe, so db operations should use the immutable parent "Context"
|
||||||
|
// TODO: Remove after https://github.com/gliderlabs/ssh/pull/211
|
||||||
|
parentCtx := reflect.ValueOf(ctx).Elem().FieldByName("Context").Interface().(context.Context)
|
||||||
|
|
||||||
if log.IsDebug() { // <- FingerprintSHA256 is kinda expensive so only calculate it if necessary
|
if log.IsDebug() { // <- FingerprintSHA256 is kinda expensive so only calculate it if necessary
|
||||||
log.Debug("Handle Public Key: Fingerprint: %s from %s", gossh.FingerprintSHA256(key), ctx.RemoteAddr())
|
log.Debug("Handle Public Key: Fingerprint: %s from %s", gossh.FingerprintSHA256(key), ctx.RemoteAddr())
|
||||||
}
|
}
|
||||||
|
@ -189,7 +194,7 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
|
||||||
// look for the exact principal
|
// look for the exact principal
|
||||||
principalLoop:
|
principalLoop:
|
||||||
for _, principal := range cert.ValidPrincipals {
|
for _, principal := range cert.ValidPrincipals {
|
||||||
pkey, err := asymkey_model.SearchPublicKeyByContentExact(ctx, principal)
|
pkey, err := asymkey_model.SearchPublicKeyByContentExact(parentCtx, principal)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if asymkey_model.IsErrKeyNotExist(err) {
|
if asymkey_model.IsErrKeyNotExist(err) {
|
||||||
log.Debug("Principal Rejected: %s Unknown Principal: %s", ctx.RemoteAddr(), principal)
|
log.Debug("Principal Rejected: %s Unknown Principal: %s", ctx.RemoteAddr(), principal)
|
||||||
|
@ -246,7 +251,7 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
|
||||||
log.Debug("Handle Public Key: %s Fingerprint: %s is not a certificate", ctx.RemoteAddr(), gossh.FingerprintSHA256(key))
|
log.Debug("Handle Public Key: %s Fingerprint: %s is not a certificate", ctx.RemoteAddr(), gossh.FingerprintSHA256(key))
|
||||||
}
|
}
|
||||||
|
|
||||||
pkey, err := asymkey_model.SearchPublicKeyByContent(ctx, strings.TrimSpace(string(gossh.MarshalAuthorizedKey(key))))
|
pkey, err := asymkey_model.SearchPublicKeyByContent(parentCtx, strings.TrimSpace(string(gossh.MarshalAuthorizedKey(key))))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if asymkey_model.IsErrKeyNotExist(err) {
|
if asymkey_model.IsErrKeyNotExist(err) {
|
||||||
log.Warn("Unknown public key: %s from %s", gossh.FingerprintSHA256(key), ctx.RemoteAddr())
|
log.Warn("Unknown public key: %s from %s", gossh.FingerprintSHA256(key), ctx.RemoteAddr())
|
||||||
|
|
|
@ -16,7 +16,7 @@ func Queues(ctx *context.Context) {
|
||||||
if !setting.IsProd {
|
if !setting.IsProd {
|
||||||
initTestQueueOnce()
|
initTestQueueOnce()
|
||||||
}
|
}
|
||||||
ctx.Data["Title"] = ctx.Tr("admin.monitor.queue")
|
ctx.Data["Title"] = ctx.Tr("admin.monitor.queues")
|
||||||
ctx.Data["PageIsAdminMonitorQueue"] = true
|
ctx.Data["PageIsAdminMonitorQueue"] = true
|
||||||
ctx.Data["Queues"] = queue.GetManager().ManagedQueues()
|
ctx.Data["Queues"] = queue.GetManager().ManagedQueues()
|
||||||
ctx.HTML(http.StatusOK, tplQueue)
|
ctx.HTML(http.StatusOK, tplQueue)
|
||||||
|
|
Loading…
Reference in a new issue