playground
/
gogs
mirror of https://github.com/gogits/gogs.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

setting: disable SSH minimum key size check when not eligible (#4507)

pull/4584/head
Unknwon 8 years ago
parent
ab2197bc75
commit
e16196124e
No known key found for this signature in database
GPG Key ID: 25B575AE3213B2B3
4 changed files with 38 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      gogs.go
  2. 5
      models/ssh_key.go
  3. 44
      pkg/setting/setting.go
  4. 2
      templates/.VERSION

2
gogs.go
Unescape View File

@ -16,7 +16,7 @@ import (
"github.com/gogits/gogs/pkg/setting" "github.com/gogits/gogs/pkg/setting"
) )
const APP_VER = "0.11.20.0611" const APP_VER = "0.11.21.0611"
func init() { func init() {
setting.AppVer = APP_VER setting.AppVer = APP_VER

5
models/ssh_key.go
Unescape View File

@ -194,11 +194,6 @@ func writeTmpKeyFile(content string) (string, error) {
// SSHKeyGenParsePublicKey extracts key type and length using ssh-keygen. // SSHKeyGenParsePublicKey extracts key type and length using ssh-keygen.
func SSHKeyGenParsePublicKey(key string) (string, int, error) { func SSHKeyGenParsePublicKey(key string) (string, int, error) {
// The ssh-keygen in Windows does not print key type, so no need go further.
if setting.IsWindows {
return "", 0, nil
}
tmpName, err := writeTmpKeyFile(key) tmpName, err := writeTmpKeyFile(key)
if err != nil { if err != nil {
return "", 0, fmt.Errorf("writeTmpKeyFile: %v", err) return "", 0, fmt.Errorf("writeTmpKeyFile: %v", err)

44
pkg/setting/setting.go
Unescape View File

@ -21,12 +21,14 @@ import (
_ "github.com/go-macaron/cache/redis" _ "github.com/go-macaron/cache/redis"
"github.com/go-macaron/session" "github.com/go-macaron/session"
_ "github.com/go-macaron/session/redis" _ "github.com/go-macaron/session/redis"
"github.com/mcuadros/go-version"
log "gopkg.in/clog.v1" log "gopkg.in/clog.v1"
"gopkg.in/ini.v1" "gopkg.in/ini.v1"
"github.com/gogits/go-libravatar" "github.com/gogits/go-libravatar"
"github.com/gogits/gogs/pkg/bindata" "github.com/gogits/gogs/pkg/bindata"
"github.com/gogits/gogs/pkg/process"
"github.com/gogits/gogs/pkg/user" "github.com/gogits/gogs/pkg/user"
) )
@ -90,7 +92,7 @@ var (
ServerCiphers []string `ini:"SSH_SERVER_CIPHERS"` ServerCiphers []string `ini:"SSH_SERVER_CIPHERS"`
KeyTestPath string `ini:"SSH_KEY_TEST_PATH"` KeyTestPath string `ini:"SSH_KEY_TEST_PATH"`
KeygenPath string `ini:"SSH_KEYGEN_PATH"` KeygenPath string `ini:"SSH_KEYGEN_PATH"`
MinimumKeySizeCheck bool `ini:"-"` MinimumKeySizeCheck bool `ini:"MINIMUM_KEY_SIZE_CHECK"`
MinimumKeySizes map[string]int `ini:"-"` MinimumKeySizes map[string]int `ini:"-"`
} }
@ -377,6 +379,21 @@ func IsRunUserMatchCurrentUser(runUser string) (string, bool) {
return currentUser, runUser == currentUser return currentUser, runUser == currentUser
} }
// getOpenSSHVersion parses and returns string representation of OpenSSH version
// returned by command "ssh -V".
func getOpenSSHVersion() string {
// Note: somehow version is printed to stderr
_, stderr, err := process.Exec("getOpenSSHVersion", "ssh", "-V")
if err != nil {
log.Fatal(2, "Fail to get OpenSSH version: %v - %s", err, stderr)
}
// Trim unused information: https://github.com/gogits/gogs/issues/4507#issuecomment-305150441
version := strings.TrimRight(strings.Fields(stderr)[0], ",1234567890")
version = strings.TrimSuffix(strings.TrimPrefix(version, "OpenSSH_"), "p")
return version
}
// NewContext initializes configuration context. // NewContext initializes configuration context.
// NOTE: do not print any log except error. // NOTE: do not print any log except error.
func NewContext() { func NewContext() {
@ -474,9 +491,9 @@ func NewContext() {
if err = Cfg.Section("server").MapTo(&SSH); err != nil { if err = Cfg.Section("server").MapTo(&SSH); err != nil {
log.Fatal(2, "Fail to map SSH settings: %v", err) log.Fatal(2, "Fail to map SSH settings: %v", err)
} }
// When disable SSH, start builtin server value is ignored.
if SSH.Disabled { if SSH.Disabled {
SSH.StartBuiltinServer = false SSH.StartBuiltinServer = false
SSH.MinimumKeySizeCheck = false
} }
if !SSH.Disabled && !SSH.StartBuiltinServer { if !SSH.Disabled && !SSH.StartBuiltinServer {
@ -487,12 +504,23 @@ func NewContext() {
} }
} }
SSH.MinimumKeySizeCheck = sec.Key("MINIMUM_KEY_SIZE_CHECK").MustBool() // Check if server is eligible for minimum key size check when user choose to enable.
SSH.MinimumKeySizes = map[string]int{} // Windows server and OpenSSH version lower than 5.1 (https://github.com/gogits/gogs/issues/4507)
minimumKeySizes := Cfg.Section("ssh.minimum_key_sizes").Keys() // are forced to be disabled because the "ssh-keygen" in Windows does not print key type.
for _, key := range minimumKeySizes { if SSH.MinimumKeySizeCheck &&
if key.MustInt() != -1 { (IsWindows || version.Compare(getOpenSSHVersion(), "5.1", "<")) {
SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt() SSH.MinimumKeySizeCheck = false
log.Warn(`SSH minimum key size check is forced to be disabled because server is not eligible:
1. Windows server
2. OpenSSH version is lower than 5.1`)
}
if SSH.MinimumKeySizeCheck {
SSH.MinimumKeySizes = map[string]int{}
for _, key := range Cfg.Section("ssh.minimum_key_sizes").Keys() {
if key.MustInt() != -1 {
SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt()
}
} }
} }

2
templates/.VERSION
Unescape View File

@ -1 +1 @@
0.11.20.0611 0.11.21.0611
Write Preview
Loading…
Cancel
Save