Auto detect git signage

2023-12-28 13:11:00 +01:00 · 2023-12-28 13:11:00 +01:00 · 7f4565b048
parent 1d2c2f4f7b
commit 7f4565b048
1 changed files with 16 additions and 2 deletions
--- a/agent/ssh/ssh.go
+++ b/agent/ssh/ssh.go
@ -100,7 +100,17 @@ func (vaultAgent vaultAgent) Sign(key ssh.PublicKey, data []byte) (*ssh.Signatur
 		}
 	}

-	message := fmt.Sprintf("%s on %s>%s>%s is requesting signage with key %s", vaultAgent.context.UserName, vaultAgent.context.GrandParentProcessName, vaultAgent.context.ParentProcessName, vaultAgent.context.ProcessName, sshKey.Name)
+	isGit := false
+	magicHeader := []byte("SSHSIG\x00\x00\x00\x03git")
+	if bytes.HasPrefix(data, magicHeader) {
+		isGit = true
+	}
+
+	requestTemplate := "%s on %s>%s>%s is requesting ssh signage with key %s"
+	if isGit {
+		requestTemplate = "%s on %s>%s>%s is requesting git signage with key %s"
+	}
+	message := fmt.Sprintf(requestTemplate, vaultAgent.context.UserName, vaultAgent.context.GrandParentProcessName, vaultAgent.context.ParentProcessName, vaultAgent.context.ProcessName, sshKey.Name)

 	if approved, err := pinentry.GetApproval("SSH Key Signing Request", message); err != nil || !approved {
 		log.Info("Sign Request for key: %s denied", sshKey.Name)
@ -114,7 +124,11 @@ func (vaultAgent vaultAgent) Sign(key ssh.PublicKey, data []byte) (*ssh.Signatur

 	var rand = rand.Reader
 	log.Info("Sign Request for key: %s %s accepted", ssh.FingerprintSHA256(key), sshKey.Name)
-	notify.Notify("Goldwarden", fmt.Sprintf("SSH Key Signing Request Approved for %s", sshKey.Name), "", func() {})
+	if isGit {
+		notify.Notify("Goldwarden", fmt.Sprintf("Git Signing Request Approved for %s", sshKey.Name), "", func() {})
+	} else {
+		notify.Notify("Goldwarden", fmt.Sprintf("SSH Signing Request Approved for %s", sshKey.Name), "", func() {})
+	}
 	return signer.Sign(rand, data)
 }