Auto detect git signage

This commit is contained in:
Bernd Schoolmann 2023-12-28 13:11:00 +01:00
parent 1d2c2f4f7b
commit 7f4565b048
No known key found for this signature in database
1 changed files with 16 additions and 2 deletions

View File

@ -100,7 +100,17 @@ func (vaultAgent vaultAgent) Sign(key ssh.PublicKey, data []byte) (*ssh.Signatur
}
}
message := fmt.Sprintf("%s on %s>%s>%s is requesting signage with key %s", vaultAgent.context.UserName, vaultAgent.context.GrandParentProcessName, vaultAgent.context.ParentProcessName, vaultAgent.context.ProcessName, sshKey.Name)
isGit := false
magicHeader := []byte("SSHSIG\x00\x00\x00\x03git")
if bytes.HasPrefix(data, magicHeader) {
isGit = true
}
requestTemplate := "%s on %s>%s>%s is requesting ssh signage with key %s"
if isGit {
requestTemplate = "%s on %s>%s>%s is requesting git signage with key %s"
}
message := fmt.Sprintf(requestTemplate, vaultAgent.context.UserName, vaultAgent.context.GrandParentProcessName, vaultAgent.context.ParentProcessName, vaultAgent.context.ProcessName, sshKey.Name)
if approved, err := pinentry.GetApproval("SSH Key Signing Request", message); err != nil || !approved {
log.Info("Sign Request for key: %s denied", sshKey.Name)
@ -114,7 +124,11 @@ func (vaultAgent vaultAgent) Sign(key ssh.PublicKey, data []byte) (*ssh.Signatur
var rand = rand.Reader
log.Info("Sign Request for key: %s %s accepted", ssh.FingerprintSHA256(key), sshKey.Name)
notify.Notify("Goldwarden", fmt.Sprintf("SSH Key Signing Request Approved for %s", sshKey.Name), "", func() {})
if isGit {
notify.Notify("Goldwarden", fmt.Sprintf("Git Signing Request Approved for %s", sshKey.Name), "", func() {})
} else {
notify.Notify("Goldwarden", fmt.Sprintf("SSH Signing Request Approved for %s", sshKey.Name), "", func() {})
}
return signer.Sign(rand, data)
}