Skip to content
Snippets Groups Projects
Commit 83e407b0 authored by Kevin Lyda's avatar Kevin Lyda :speech_balloon:
Browse files

First pass at supporting templates in permissions. 

This allows permissions to have `{user}` variables in them. This
would be useful for applications that use the `force-command`
permission for example:

force-command="/bin/gitolite-shell {user}"
parent 019891ab
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 1 deletion
server/signer/signer.go
+ 3
1
View file @ 83e407b0
...@@ -10,6 +10,7 @@ import ( ...@@ -10,6 +10,7 @@ import (
"go4.org/wkfs" "go4.org/wkfs"
_ "go4.org/wkfs/gcs" // Register "/gcs/" as a wkfs. _ "go4.org/wkfs/gcs" // Register "/gcs/" as a wkfs.
"github.com/delicb/gstring"
"github.com/nsheridan/cashier/lib" "github.com/nsheridan/cashier/lib"
"github.com/nsheridan/cashier/server/config" "github.com/nsheridan/cashier/server/config"
"github.com/nsheridan/cashier/server/store" "github.com/nsheridan/cashier/server/store"
...@@ -38,7 +39,8 @@ type KeySigner struct { ...@@ -38,7 +39,8 @@ type KeySigner struct {
func (s *KeySigner) setPermissions(cert *ssh.Certificate) { func (s *KeySigner) setPermissions(cert *ssh.Certificate) {
cert.CriticalOptions = make(map[string]string) cert.CriticalOptions = make(map[string]string)
cert.Extensions = make(map[string]string) cert.Extensions = make(map[string]string)
for _, perm := range s.permissions { for _, p := range s.permissions {
perm := gstring.Sprintm(p, map[string]interface{}{"user": cert.ValidPrincipals[0]})
if strings.Contains(perm, "=") { if strings.Contains(perm, "=") {
opt := strings.Split(perm, "=") opt := strings.Split(perm, "=")
cert.CriticalOptions[strings.TrimSpace(opt[0])] = strings.TrimSpace(opt[1]) cert.CriticalOptions[strings.TrimSpace(opt[0])] = strings.TrimSpace(opt[1])
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment