--- a/access/access.go Sun Sep 08 05:11:49 2019 -0500
+++ b/access/access.go Sun Sep 08 05:44:05 2019 -0500
@@ -77,50 +77,6 @@
-func (a *Access) findUsers() []string {
- users := map[string]bool{}
- for _, name := range a.Global.Users() {
- // don't add groups to the users list
- if _, found := a.groups[name]; found {
- for _, groupUsers := range a.groups {
- for _, name := range groupUsers {
- // don't add groups to the users list
- if _, found := a.groups[name]; found {
- for _, acl := range a.patterns {
- for _, name := range acl.Users() {
- // don't add groups to the users list
- if _, found := a.groups[name]; found {
- slice := make([]string, len(users))
- for name, _ := range users {
// load will load the access from file and reindex everything.
func (a *Access) load(r io.Reader) error {
@@ -130,11 +86,9 @@
+ RefreshKeys(a.repoPath)
- log.Infof("keys: %#v", a.fingerprintIndex)
+ log.Infof("keys: %#v", keys) --- a/access/users.go Sun Sep 08 05:11:49 2019 -0500
+++ b/access/users.go Sun Sep 08 05:44:05 2019 -0500
@@ -3,8 +3,8 @@
log "github.com/sirupsen/logrus"
"golang.org/x/crypto/ssh"
@@ -14,44 +14,63 @@
-func (a *Access) loadSshKeys(users []string) error {
- for _, username := range users {
- keyfile := filepath.Join(a.repoPath, keysDir, username)
- if _, err := os.Stat(keyfile); os.IsNotExist(err) {
- log.Warnf("no keys found for user %s", username)
+func RefreshKeys(repoPath string) error { + defer keysLock.Unlock() + keys = map[string]string{} - buffer, err := ioutil.ReadFile(keyfile)
- log.Warnf("failed to read keyfile for user %s: %v", username, err)
+ keysPath := filepath.Join(repoPath, keysDir)
- var pubkey ssh.PublicKey
- pubkey, _, _, buffer, err = ssh.ParseAuthorizedKey(buffer)
- log.Warnf("failed to parse key file for user %s: %v", username, err)
+ entries, err := ioutil.ReadDir(keysPath) - fingerprint := ssh.FingerprintSHA256(pubkey)
- a.fingerprintIndex[fingerprint] = username
+ for _, entry := range entries { + if entry.Mode().IsRegular() { + filename := filepath.Join(keysPath, entry.Name()) + loadSshKey(filename, entry.Name()) +func loadSshKey(filename, username string) { + buffer, err := ioutil.ReadFile(filename) + log.Warnf("failed to read keyfile for user %s: %v", username, err) + // iterate through the file reading one ssh public key at a time + var pubkey ssh.PublicKey + pubkey, _, _, buffer, err = ssh.ParseAuthorizedKey(buffer) + log.Warnf("failed to parse key file for user %s: %v", username, err) + fingerprint := ssh.FingerprintSHA256(pubkey) + keys[fingerprint] = username // UsernameFromFingerprint looks up a username from an SSH key's fingerprint
// and returns the username if found, or err if not found.
-func (a *Access) UsernameFromFingerprint(fingerprint string) (string, error) {
+func UsernameFromFingerprint(fingerprint string) (string, error) { + defer keysLock.Unlock() - username, found := a.fingerprintIndex[fingerprint]
+ username, found := keys[fingerprint] return "", fmt.Errorf("user not found")
@@ -59,6 +78,6 @@
-func (a *Access) UsernameFromPubkey(pubkey ssh.PublicKey) (string, error) {
- return a.UsernameFromFingerprint(ssh.FingerprintSHA256(pubkey))
+func UsernameFromPubkey(pubkey ssh.PublicKey) (string, error) { + return UsernameFromFingerprint(ssh.FingerprintSHA256(pubkey)) --- a/ssh/server.go Sun Sep 08 05:11:49 2019 -0500
+++ b/ssh/server.go Sun Sep 08 05:44:05 2019 -0500
@@ -74,7 +74,7 @@
func (s *Server) publicKeyCallback(meta ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
- username, err := s.a.UsernameFromPubkey(key)
+ username, err := access.UsernameFromPubkey(key) log.Infof("username: %q; err %v", username, err)
if s.a.Global.CanRead(access.Public) {