Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: opencreek/creekey-cli
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.1.0-beta4
Choose a base ref
...
head repository: opencreek/creekey-cli
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref

Commits on Aug 30, 2021

  1. 🐛

    reckter committed Aug 30, 2021
    Copy the full SHA
    ceddd29 View commit details
  2. 🐛?

    reckter committed Aug 30, 2021
    Copy the full SHA
    1d3ae5e View commit details
  3. try with arm

    reckter committed Aug 30, 2021
    Copy the full SHA
    b0d1e51 View commit details
  4. 💄

    reckter committed Aug 30, 2021
    Copy the full SHA
    b54a074 View commit details
  5. trying arm64 again

    reckter committed Aug 30, 2021
    Copy the full SHA
    4607636 View commit details
  6. Last try

    reckter committed Aug 30, 2021
    Copy the full SHA
    917cdda View commit details
  7. 🔥 Cleanup

    reckter committed Aug 30, 2021
    Copy the full SHA
    79fc797 View commit details

Commits on Aug 31, 2021

  1. 🐛 Fix bug in github action

    reckter committed Aug 31, 2021
    Copy the full SHA
    25f70f2 View commit details
  2. 🐛

    reckter committed Aug 31, 2021
    Copy the full SHA
    d1b964e View commit details
  3. 🐛 Fix sign vs ssh

    reckter committed Aug 31, 2021
    Copy the full SHA
    26891d2 View commit details
  4. bump version

    reckter committed Aug 31, 2021
    Copy the full SHA
    d81f34d View commit details
  5. ✏️

    reckter committed Aug 31, 2021
    Copy the full SHA
    d407506 View commit details

Commits on Aug 26, 2022

  1. Configure dependabot

    mhlz authored Aug 26, 2022
    Copy the full SHA
    53f89cc View commit details
  2. Merge pull request #1 from opencreek/dependabot

    Configure dependabot
    mhlz authored Aug 26, 2022
    Copy the full SHA
    e740c47 View commit details

Commits on Sep 13, 2022

  1. Copy the full SHA
    67461da View commit details
  2. Merge pull request #9 from opencreek/fix-bugs-extensions

    Add handling for extension requests and fix some bugs
    reckter authored Sep 13, 2022
    Copy the full SHA
    2611110 View commit details
  3. Fix infinite loop

    mhlz committed Sep 13, 2022
    Copy the full SHA
    941f17a View commit details
  4. Merge pull request #10 from opencreek/fix-loop

    Fix infinite loop
    reckter authored Sep 13, 2022
    Copy the full SHA
    b6fe628 View commit details

Commits on Sep 30, 2022

  1. ✨ Add auto accept token

    reckter committed Sep 30, 2022
    Copy the full SHA
    6c1dedc View commit details

Commits on Oct 3, 2022

  1. ⬆️ Bump thiserror from 1.0.26 to 1.0.37

    Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.26 to 1.0.37.
    - [Release notes](https://github.com/dtolnay/thiserror/releases)
    - [Commits](dtolnay/thiserror@1.0.26...1.0.37)
    
    ---
    updated-dependencies:
    - dependency-name: thiserror
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    dependabot[bot] authored Oct 3, 2022
    Copy the full SHA
    0317628 View commit details

Commits on Oct 4, 2022

  1. Copy the full SHA
    1a1a542 View commit details

Commits on Oct 5, 2022

  1. 🎨

    reckter committed Oct 5, 2022
    Copy the full SHA
    b7c228c View commit details
  2. Merge pull request #14 from opencreek/add-auto-approve

    ✨ Add auto accept token
    reckter authored Oct 5, 2022
    Copy the full SHA
    325bf5f View commit details

Commits on Nov 10, 2022

  1. Merge pull request #15 from opencreek/dependabot/cargo/thiserror-1.0.37

    ⬆️ Bump thiserror from 1.0.26 to 1.0.37
    mhlz authored Nov 10, 2022
    Copy the full SHA
    30b1d39 View commit details
Showing with 238 additions and 42 deletions.
  1. +11 −0 .github/dependabot.yml
  2. +11 −9 .github/workflows/publish.yml
  3. +6 −5 Cargo.lock
  4. +3 −2 Cargo.toml
  5. +49 −2 src/agent/handle.rs
  6. +23 −3 src/agent/sign.rs
  7. +33 −0 src/auto_accept.rs
  8. +48 −1 src/git.rs
  9. +32 −0 src/keychain.rs
  10. +7 −4 src/main.rs
  11. +9 −14 src/me.rs
  12. +6 −2 src/ssh_agent.rs
11 changes: 11 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
- package-ecosystem: "cargo" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "weekly"
20 changes: 11 additions & 9 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -13,7 +13,7 @@ jobs:
uses: NSHipster/update-homebrew-formula-action@main
with:
repository: opencreek/creekey-cli
tap: opencreek/homebrew-tab
tap: opencreek/homebrew-tap
formula: creekey.rb
env:
GH_PERSONAL_ACCESS_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
@@ -25,7 +25,7 @@ jobs:
steps:
- name: Build a bottle using Homebrew
run: |
brew tap opencreek/tab
brew tap opencreek/tap
brew install --build-bottle --verbose creekey
brew bottle creekey
- name: Upload the bottle to the GitHub release
@@ -34,18 +34,19 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ./creekey--${{ github.event.release.tag_name }}.catalina.bottle.tar.gz
asset_name: creekey-${{ github.event.release.tag_name }}.catalina.bottle.tar.gz
asset_path: ./creekey--${{ github.event.release.tag_name }}.catalina.bottle.1.tar.gz
asset_name: creekey-${{ github.event.release.tag_name }}.catalina.bottle.1.tar.gz
asset_content_type: application/gzip


bottle_macos_big_sur:
name: Build and distribute Homebrew bottle for macOS Big Sur
runs-on: macos-11.0
needs: [formula]
steps:
- name: Build a bottle using Homebrew
run: |
brew tap opencreek/tab
brew tap opencreek/tap
brew install --build-bottle --verbose creekey
brew bottle creekey
- name: Upload the bottle to the GitHub release
@@ -54,8 +55,8 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ./creekey--${{ github.event.release.tag_name }}.big_sur.bottle.tar.gz
asset_name: creekey-${{ github.event.release.tag_name }}.big_sur.bottle.tar.gz
asset_path: ./creekey--${{ github.event.release.tag_name }}.big_sur.bottle.1.tar.gz
asset_name: creekey-${{ github.event.release.tag_name }}.big_sur.bottle.1.tar.gz
asset_content_type: application/gzip

update_formula_bottle:
@@ -65,11 +66,12 @@ jobs:
- bottle_macos_catalina
- bottle_macos_big_sur
steps:
- uses: NSHipster/update-homebrew-formula-action@main
- uses: opencreek/update-homebrew-formula-action@main
with:
repository: opencreek/creekey-cli
tap: opencreek/homebrew-tab
tap: opencreek/homebrew-tap
formula: creekey.rb
name: creekey
message: |
Add bottles for creekey ${{ github.event.release.tag_name }}
on macOS 10.15 (Catalina) and macOS 11.0 (Big Sur)
11 changes: 6 additions & 5 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 3 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "creekey"
version = "0.1.0"
version = "0.1.1"
edition = "2018"
authors = ["Opencreek Technogoly UG"]
repository = "https://github.com/opencreek/creekey"
@@ -10,6 +10,7 @@ homepage = "https://creekey.io"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
chrono = "0.4.19"
ctrlc = "3.1.9"
base64 = "0.13.0"
dirs = "3.0.2"
@@ -19,7 +20,7 @@ reqwest = { version = "0.11", features = ["blocking", "json"] }
serde_json = "1.0"
qrcode = "0.12.0"
serde = { version = "1.0", features = ["derive"]}
thiserror = "1.0.26"
thiserror = "1.0.37"
anyhow = "1.0.42"
clap = "2.33.3"
clipboard = "0.5"
51 changes: 49 additions & 2 deletions src/agent/handle.rs
Original file line number Diff line number Diff line change
@@ -5,6 +5,7 @@ use anyhow::Result;
use byteorder::{BigEndian, ReadBytesExt};
use futures::channel::mpsc::UnboundedSender;
use futures::SinkExt;
use std::io::Write;
use std::io::{Cursor, Read};

use std::time::{SystemTime, UNIX_EPOCH};
@@ -17,6 +18,9 @@ pub enum SSHAgentPacket {
SignRequest(Vec<u8>, Vec<u8>, u32),
// hostname, socket_path, signature, key
HostName(String, String, Vec<u8>, Vec<u8>),
// extension type, extension data
ExtensionRequest(String, Vec<u8>),
Unkown(u8),
}

pub fn parse_packet(packet: &Vec<u8>, _socket: &mut UnixStream) -> SSHAgentPacket {
@@ -42,6 +46,19 @@ pub fn parse_packet(packet: &Vec<u8>, _socket: &mut UnixStream) -> SSHAgentPacke
return SSHAgentPacket::SignRequest(key_blob, data, flags);
}

if typ == 27 {
let extension_type_length = cursor.read_u32::<BigEndian>().unwrap();
let mut extension_type_data = vec![0u8; extension_type_length as usize];
cursor.read_exact(&mut extension_type_data).unwrap();
let extension_type = String::from_utf8(extension_type_data).unwrap();

let extension_data_length = cursor.read_u32::<BigEndian>().unwrap();
let mut extension_data = vec![0u8; extension_data_length as usize];
cursor.read_exact(&mut extension_data).unwrap();

return SSHAgentPacket::ExtensionRequest(extension_type, extension_data);
}

if typ == 254 {
let data_length = cursor.read_u32::<BigEndian>().unwrap();
let mut data = vec![0u8; data_length as usize];
@@ -68,7 +85,19 @@ pub fn parse_packet(packet: &Vec<u8>, _socket: &mut UnixStream) -> SSHAgentPacke
);
}

panic!("unknown packet")
return SSHAgentPacket::Unkown(typ);
}

async fn reply_general_failure(socket: &mut UnixStream) -> Result<()> {
let typ = 5u8;
let mut msg_payload = vec![];
msg_payload.write(&[typ])?;
let length = msg_payload.len() as u32;

tokio::io::AsyncWriteExt::write_u32(socket, length).await?;
tokio::io::AsyncWriteExt::write_all(socket, &msg_payload).await?;

Ok(())
}

pub async fn read_and_handle_packet(
@@ -78,7 +107,14 @@ pub async fn read_and_handle_packet(
remove_proxy_send: UnboundedSender<SshProxy>,
) -> Result<()> {
loop {
let length_bytes = tokio::io::AsyncReadExt::read_i32(socket).await?;
socket.readable().await?;
let length_bytes = match tokio::io::AsyncReadExt::read_u32(socket).await {
Ok(b) => b,
Err(e) => match e.kind() {
std::io::ErrorKind::UnexpectedEof => break Ok(()),
_ => break Err(e.into()),
},
};

let mut msg = vec![0u8; length_bytes as usize];
tokio::io::AsyncReadExt::read_exact(socket, &mut msg).await?;
@@ -111,6 +147,17 @@ pub async fn read_and_handle_packet(
})
.await?;
}
SSHAgentPacket::ExtensionRequest(extension_type, _) => {
println!("Received extension request: {}", extension_type);
reply_general_failure(socket).await?;
}
SSHAgentPacket::Unkown(unknown_type) => {
println!(
"Received unknown/unsupported message type: {}",
unknown_type
);
reply_general_failure(socket).await?;
}
}
}
}
26 changes: 23 additions & 3 deletions src/agent/sign.rs
Original file line number Diff line number Diff line change
@@ -21,7 +21,8 @@ use ring_compat::signature::ecdsa::p256::NistP256;
use ring_compat::signature::ecdsa::p384::NistP384;
use ring_compat::signature::Verifier;

use crate::keychain::{get_phone_id, get_secret_key};
use crate::auto_accept::get_auto_accept;
use crate::keychain::{get_phone_id, get_secret_key, store_auto_accept};
use crate::sign_on_phone::{sign_on_phone, SignError};
use thrussh_keys::key::{parse_public_key, PublicKey};
use tokio::io::AsyncWriteExt;
@@ -248,10 +249,22 @@ pub async fn sign_request(
let base64_data = base64::encode(data);
let relay_id = base64::encode_config(randombytes(32), base64::URL_SAFE);

let request_id = match proxy {
None => None,
Some(proxy) => Some(format!("{}@{}", name, proxy.host.clone())),
};
let auto_accept_token = match request_id.clone() {
None => None,
Some(request_id) => get_auto_accept("ssh".to_string(), request_id.clone()),
};

let mut payload = HashMap::new();
payload.insert("type", "sign".to_string());
payload.insert("type", "ssh".to_string());
payload.insert("data", base64_data);
payload.insert("userName", name);
if let Some(token) = auto_accept_token {
payload.insert("autoAcceptToken", token);
}

match proxy {
Some(a) => {
@@ -282,7 +295,6 @@ pub async fn sign_request(
return Ok(());
}
};

let phone_response: PhoneSignResponse =
match sign_on_phone(payload, phone_id, relay_id, key.clone()).await {
Ok(res) => res,
@@ -315,6 +327,14 @@ pub async fn sign_request(
let signature_bytes = base64::decode(phone_response.signature.unwrap())?;
println!("responding to socket with authorization");

if let (Some(auto_accept_token), Some(expires_at), Some(request_id)) = (
phone_response.auto_accept_token,
phone_response.auto_accept_expires_at,
request_id,
) {
store_auto_accept("ssh".to_string(), request_id, auto_accept_token, expires_at)?;
}

let typ = 14u8;
let mut msg_payload = vec![];
std::io::Write::write(&mut msg_payload, &[typ])?;
33 changes: 33 additions & 0 deletions src/auto_accept.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
use crate::keychain::{get_auto_accept_expires_at, get_auto_accept_token, KeyChainError};
use crate::output::Log;
use chrono::{DateTime, Utc};
use std::env;

pub fn get_auto_accept(request_type: String, request_id: String) -> Option<String> {
let auto_accept_expires_at =
match get_auto_accept_expires_at(request_type.clone(), request_id.clone()) {
Ok(it) => Some(it),
Err(error) => match error {
KeyChainError::Missing => None,
e => {
Log::NONE.handle_keychain_error("auto accept", e).ok()?;
None
}
},
};

match auto_accept_expires_at {
None => None,
Some(expires_at) => {
let date = DateTime::parse_from_rfc3339(expires_at.as_str()).ok()?;
if date > Utc::now() {
match get_auto_accept_token(request_type, request_id) {
Ok(token) => Some(token),
Err(_) => None,
}
} else {
None
}
}
}
}
Loading