Page MenuHomePhorge
Differential D25508

Add support for FIDO2-backed SSH keys
ClosedPublic
Actions

Authored by valerio.bozzolan on Jan 8 2024, 13:01.
Tags
None
Referenced Files
F3362370: D25508.1744080571.diff
Mon, Apr 7, 02:49
F3361936: D25508.1744055914.diff
Sun, Apr 6, 19:58
F3359415: D25508.1743944165.diff
Sat, Apr 5, 12:56
F3357374: D25508.1743907159.diff
Sat, Apr 5, 02:39
F3352723: D25508.1743806886.diff
Thu, Apr 3, 22:48
F3352535: D25508.1743800351.diff
Thu, Apr 3, 20:59
F3352533: D25508.1743800314.diff
Thu, Apr 3, 20:58
F3352532: D25508.1743800281.diff
Thu, Apr 3, 20:58
View All 45 Files
Subscribers
avivey
Cigaryno
Matthew
tobiaswiese

Details

Reviewers
antonia
avivey
Group Reviewers
O1: Blessed Committers
Commits
rP6fe942a8f9f6: Add support for FIDO2-backed SSH keys
Summary

U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication.

These keys are available since OpenSSH 8.2 (2020-02-14).

https://www.openssh.com/txt/release-8.2

https://security.stackexchange.com/q/240991/260234

Ref Q96

Test Plan

Check the added keys. They exactly match the output of the command 'ssh -Q key'.

Diff Detail

Repository
rP Phorge
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

valerio.bozzolan created this revision.Jan 8 2024, 13:01
Owners added a reviewer: O1: Blessed Committers.Jan 8 2024, 13:01
Herald added subscribers: Cigaryno, Matthew, tobiaswiese. · View Herald TranscriptJan 8 2024, 13:01
valerio.bozzolan requested review of this revision.Jan 8 2024, 13:01
Harbormaster completed remote builds in B1006: Diff 1615.Jan 8 2024, 13:01
valerio.bozzolan added a reviewer: antonia.Jan 8 2024, 13:02
valerio.bozzolan mentioned this in Q96: Support for FIDO2-backed SSH keys.
antonia accepted this revision.Jan 8 2024, 13:07

This is exactly the same as I've done on the system I patched at my workplace. I apologize for not submitting my own patch, I didn't have access to my work systems during the holidays.

valerio.bozzolan mentioned this in Q96: Support for FIDO2-backed SSH keys (Answer 129).Jan 8 2024, 13:14
avivey accepted this revision.Jan 8 2024, 14:28
avivey subscribed.

notmyfault

This revision is now accepted and ready to land.Jan 8 2024, 14:28
Closed by commit rP6fe942a8f9f6: Add support for FIDO2-backed SSH keys. · Explain WhyJan 8 2024, 18:08
This revision was automatically updated to reflect the committed changes.
valerio.bozzolan added a commit: rP6fe942a8f9f6: Add support for FIDO2-backed SSH keys.
valerio.bozzolan mentioned this in Next Up.Jan 8 2024, 18:08
avivey mentioned this in 2024 week 19.May 11 2024, 04:37

Revision Contents
Changeset List

PathSizePackages
src/
applications/
auth/
sshkey/
4 linesO1: Blessed Committers

Diff 1616

View Options

src/applications/auth/sshkey/PhabricatorAuthSSHPublicKey.php

Show First 20 LinesShow All 290 Lines▼ Show 20 Lines $comment_box = id(new PHUIObjectBoxView())
->appendChild($comment); ->appendChild($comment);
return array($comment_box, $preview); return array($comment_box, $preview);
} }
private function renderCommentPanel() { private function renderCommentPanel() {
$viewer = $this->getViewer(); $viewer = $this->getViewer();
// Set a placeholder text in the comment field defined via
// getCommentFieldPlaceholderText() in the object's EditEngine class
$placeholder_text = '';
$object_phid = $this->getObjectPHID();
aviveyUnsubmitted
Done
Inline Actions

method_exists can be replaced with a concrete method in the base class.

avivey: `method_exists` can be replaced with a concrete method in the base class.
$phid_types = mpull(PhabricatorPHIDType::getAllInstalledTypes($viewer),
valerio.bozzolanUnsubmitted
Done
Inline Actions
$query = id(new ManiphestTaskQuery())
- ->setViewer(PhabricatorUser::getOmnipotentUser())
+ ->setViewer($viewer)
->needSubscriberPHIDs(false)

Have you already tried this?

valerio.bozzolan: Have you already tried this?
null, 'getTypeConstant');
$object_type = idx($phid_types, phid_get_type($object_phid));
// Find matching EditEngine for our object via ApplicationClasses
if ($object_type) {
$app_class = $object_type->getPHIDTypeApplicationClass();
$engines = id(new PhabricatorEditEngineQuery())
->setViewer($this->getViewer())
->execute();
$engines = mpull($engines, null, 'getEngineApplicationClass');
$engine = idx($engines, $app_class);
$engine_class = get_class($engine);
if (method_exists($engine_class, 'getCommentFieldPlaceholderText')) {
$placeholder_text =
$engine->getCommentFieldPlaceholderText($object_phid);
}
}
$remarkup_control = id(new PhabricatorRemarkupControl()) $remarkup_control = id(new PhabricatorRemarkupControl())
->setViewer($viewer) ->setViewer($viewer)
->setID($this->getCommentID()) ->setID($this->getCommentID())
->addClass('phui-comment-fullwidth-control') ->addClass('phui-comment-fullwidth-control')
->addClass('phui-comment-textarea-control') ->addClass('phui-comment-textarea-control')
->setCanPin(true) ->setCanPin(true)
->setPlaceholder($placeholder_text)
->setName('comment'); ->setName('comment');
$draft_comment = ''; $draft_comment = '';
$draft_metadata = array(); $draft_metadata = array();
$draft_key = null; $draft_key = null;
$legacy_draft = $this->getDraft(); $legacy_draft = $this->getDraft();
if ($legacy_draft) { if ($legacy_draft) {
▲ Show 20 LinesShow All 327 LinesShow Last 20 Lines
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0