Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-11875

Pushing a code with an unlicensed user is possible if it was once a licensed user and an SSH key is added to user's profile

XMLWordPrintable

      Issue Summary

      If once licensed users have an SSH key added to their profile, it is still possible for them to push the code once the license had been removed. However, it is not possible to pull the code.

      Environment

      Every environment.

      Steps to Reproduce

      1. Create a new user.
      2. Add any Global Permission to the user granting write access to a repository.
      3. Add an SSH key to users' profile.
      4. Clone a repository over SSH with that user.
      5. Push and pull some code.
      6. Remove the Global permission from the user so it becomes unlicensed.
      7. Try to pull the code - no permission
      8. Add some files.
      9. Try to push the code - successful

      Expected Results

      Ad 7. Try to pull the code - no access to the repo. The code can't be pulled, as the user is not licensed. - working as expected
      Ad 9. Try to push the code - no access to the repo. The code shouldn't be pushed, as the user is not licensed. - does not work as expected

      Actual Results

      Ad 7. Try to pull the code - no access to the repo. The code can't be pulled, as the user is not licensed.
      Ad 9. # Try to push the code - it is possible to push the code with an unlicensed user over SSH.

      Git Pull with unlicensed user:

      C02V50FZHTD8:prtest_ssh ttokarczuk$ git pull
fatal: remote error: Unlicensed user
You do not have permission to access Bitbucket. Please ask an administrator to
grant you access.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

      Access log:

      0:0:0:0:0:0:0:1 | ssh | i@1LCYOVQx1120x3279x0 | newuser1 | 2019-07-26 18:40:19,734 | SSH - git-upload-pack '/pul/prtest.git' | "SSH-2.0-OpenSSH_7.9" | - | - | - | - | - | zsndkq | 
0:0:0:0:0:0:0:1 | ssh | o@1LCYOVQx1120x3279x0 | newuser1 | 2019-07-26 18:40:19,741 | SSH - git-upload-pack '/pul/prtest.git' | "SSH-2.0-OpenSSH_7.9" | 1 | 0 | 0 | ssh:user:id:52 | 7 | zsndkq |

      Adding a new file and pushing it with unlicensed user:

      C02V50FZHTD8:prtest_ssh ttokarczuk$ touch push_without_a_license
C02V50FZHTD8:prtest_ssh ttokarczuk$ git add .
C02V50FZHTD8:prtest_ssh ttokarczuk$ git commit -m "Push without a license"
[master a91db00] Push without a license
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 push_without_a_license
C02V50FZHTD8:prtest_ssh ttokarczuk$ git push
Enumerating objects: 3, done.
Counting objects: 100% (3/3), done.
Delta compression using up to 8 threads
Compressing objects: 100% (2/2), done.
Writing objects: 100% (2/2), 263 bytes | 263.00 KiB/s, done.
Total 2 (delta 1), reused 0 (delta 0)
To ssh://localhost:5640/pul/prtest.git
   4802e97..a91db00  master -> master

      Access log:

      0:0:0:0:0:0:0:1 | ssh | i@1LCYOVQx1120x3280x0 | newuser1 | 2019-07-26 18:40:49,809 | SSH - git-receive-pack '/pul/prtest.git' | "SSH-2.0-OpenSSH_7.9" | - | - | - | - | - | biziit | 
0:0:0:0:0:0:0:1 | ssh | o@1LCYOVQx1120x3280x0 | newuser1 | 2019-07-26 18:40:50,188 | SSH - git-receive-pack '/pul/prtest.git' | "SSH-2.0-OpenSSH_7.9" | 0 | 373 | 882 | protocol:1, push, ssh:user:id:52 | 379 | biziit |

      Notes

      Tested in Bitbucket 6.1.x and 6.4.1

      Workaround

      Currently, there is no known workaround, as removing SSH access completely doesn't seem to be feasible.

        1. bitbucket-bserv-11875-hotfix-1.0.0.jar
          12 kB
          Bryan Turner

              bturner Bryan Turner (Inactive)
              ttokarczuk@atlassian.com Tomasz Tokarczuk (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: