From 0bad7a428e8ba0bbde3d9657eb31e6eef1eca9fa Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Sun, 12 Jun 2022 00:30:20 -0700
Subject: gitlab-sshd: Add support for signed user certificates

We add a `trusted_user_ca_keys` config setting that allows gitlab-sshd
to trust any SSH certificate signed by the keys listed in this file.
This is equivalent to the `TrustedUserCAKeys` OpenSSH setting.

We assume the certificate identity is equivalent to the GitLab
username.
---
 cmd/gitlab-shell/command/command.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'cmd/gitlab-shell/command')

diff --git a/cmd/gitlab-shell/command/command.go b/cmd/gitlab-shell/command/command.go
index b2a0266..260e517 100644
--- a/cmd/gitlab-shell/command/command.go
+++ b/cmd/gitlab-shell/command/command.go
@@ -58,6 +58,20 @@ func NewWithKrb5Principal(gitlabKrb5Principal string, env sshenv.Env, config *co
 	return nil, disallowedcommand.Error
 }
 
+func NewWithUsername(gitlabUsername string, env sshenv.Env, config *config.Config, readWriter *readwriter.ReadWriter) (command.Command, error) {
+	args, err := Parse(nil, env)
+	if err != nil {
+		return nil, err
+	}
+
+	args.GitlabUsername = gitlabUsername
+	if cmd := Build(args, config, readWriter); cmd != nil {
+		return cmd, nil
+	}
+
+	return nil, disallowedcommand.Error
+}
+
 func Parse(arguments []string, env sshenv.Env) (*commandargs.Shell, error) {
 	args := &commandargs.Shell{Arguments: arguments, Env: env}
 
-- 
cgit v1.2.1