|
|
|
|
@ -21,12 +21,14 @@ import (
|
|
|
|
|
_ "github.com/go-macaron/cache/redis" |
|
|
|
|
"github.com/go-macaron/session" |
|
|
|
|
_ "github.com/go-macaron/session/redis" |
|
|
|
|
"github.com/mcuadros/go-version" |
|
|
|
|
log "gopkg.in/clog.v1" |
|
|
|
|
"gopkg.in/ini.v1" |
|
|
|
|
|
|
|
|
|
"github.com/gogits/go-libravatar" |
|
|
|
|
|
|
|
|
|
"github.com/gogits/gogs/pkg/bindata" |
|
|
|
|
"github.com/gogits/gogs/pkg/process" |
|
|
|
|
"github.com/gogits/gogs/pkg/user" |
|
|
|
|
) |
|
|
|
|
|
|
|
|
|
@ -90,7 +92,7 @@ var (
|
|
|
|
|
ServerCiphers []string `ini:"SSH_SERVER_CIPHERS"` |
|
|
|
|
KeyTestPath string `ini:"SSH_KEY_TEST_PATH"` |
|
|
|
|
KeygenPath string `ini:"SSH_KEYGEN_PATH"` |
|
|
|
|
MinimumKeySizeCheck bool `ini:"-"` |
|
|
|
|
MinimumKeySizeCheck bool `ini:"MINIMUM_KEY_SIZE_CHECK"` |
|
|
|
|
MinimumKeySizes map[string]int `ini:"-"` |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -377,6 +379,21 @@ func IsRunUserMatchCurrentUser(runUser string) (string, bool) {
|
|
|
|
|
return currentUser, runUser == currentUser |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// getOpenSSHVersion parses and returns string representation of OpenSSH version
|
|
|
|
|
// returned by command "ssh -V".
|
|
|
|
|
func getOpenSSHVersion() string { |
|
|
|
|
// Note: somehow version is printed to stderr
|
|
|
|
|
_, stderr, err := process.Exec("getOpenSSHVersion", "ssh", "-V") |
|
|
|
|
if err != nil { |
|
|
|
|
log.Fatal(2, "Fail to get OpenSSH version: %v - %s", err, stderr) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Trim unused information: https://github.com/gogits/gogs/issues/4507#issuecomment-305150441
|
|
|
|
|
version := strings.TrimRight(strings.Fields(stderr)[0], ",1234567890") |
|
|
|
|
version = strings.TrimSuffix(strings.TrimPrefix(version, "OpenSSH_"), "p") |
|
|
|
|
return version |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// NewContext initializes configuration context.
|
|
|
|
|
// NOTE: do not print any log except error.
|
|
|
|
|
func NewContext() { |
|
|
|
|
@ -474,9 +491,9 @@ func NewContext() {
|
|
|
|
|
if err = Cfg.Section("server").MapTo(&SSH); err != nil { |
|
|
|
|
log.Fatal(2, "Fail to map SSH settings: %v", err) |
|
|
|
|
} |
|
|
|
|
// When disable SSH, start builtin server value is ignored.
|
|
|
|
|
if SSH.Disabled { |
|
|
|
|
SSH.StartBuiltinServer = false |
|
|
|
|
SSH.MinimumKeySizeCheck = false |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if !SSH.Disabled && !SSH.StartBuiltinServer { |
|
|
|
|
@ -487,12 +504,23 @@ func NewContext() {
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
SSH.MinimumKeySizeCheck = sec.Key("MINIMUM_KEY_SIZE_CHECK").MustBool() |
|
|
|
|
SSH.MinimumKeySizes = map[string]int{} |
|
|
|
|
minimumKeySizes := Cfg.Section("ssh.minimum_key_sizes").Keys() |
|
|
|
|
for _, key := range minimumKeySizes { |
|
|
|
|
if key.MustInt() != -1 { |
|
|
|
|
SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt() |
|
|
|
|
// Check if server is eligible for minimum key size check when user choose to enable.
|
|
|
|
|
// Windows server and OpenSSH version lower than 5.1 (https://github.com/gogits/gogs/issues/4507)
|
|
|
|
|
// are forced to be disabled because the "ssh-keygen" in Windows does not print key type.
|
|
|
|
|
if SSH.MinimumKeySizeCheck && |
|
|
|
|
(IsWindows || version.Compare(getOpenSSHVersion(), "5.1", "<")) { |
|
|
|
|
SSH.MinimumKeySizeCheck = false |
|
|
|
|
log.Warn(`SSH minimum key size check is forced to be disabled because server is not eligible: |
|
|
|
|
1. Windows server |
|
|
|
|
2. OpenSSH version is lower than 5.1`) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if SSH.MinimumKeySizeCheck { |
|
|
|
|
SSH.MinimumKeySizes = map[string]int{} |
|
|
|
|
for _, key := range Cfg.Section("ssh.minimum_key_sizes").Keys() { |
|
|
|
|
if key.MustInt() != -1 { |
|
|
|
|
SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt() |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
Unknwon
8 years ago