#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK

tokarchuk/v1.17
Unknwon 10 years ago
parent 5169a0e025
commit aae74c793a
  1. 2
      conf/app.ini
  2. 40
      models/publickey.go
  3. 4
      modules/bindata/bindata.go
  4. 23
      modules/setting/setting.go

@ -83,6 +83,8 @@ ENABLE_NOTIFY_MAIL = false
; More detail: https://github.com/gogits/gogs/issues/165 ; More detail: https://github.com/gogits/gogs/issues/165
ENABLE_REVERSE_PROXY_AUTHENTICATION = false ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
; Do not check minimum key size with corresponding type
DISABLE_MINIMUM_KEY_SIZE_CHECK = false
[webhook] [webhook]
; Cron task interval in minutes ; Cron task interval in minutes

@ -101,17 +101,15 @@ func (key *PublicKey) GetAuthorizedString() string {
return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.Id, setting.CustomConf, key.Content) return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.Id, setting.CustomConf, key.Content)
} }
var ( var minimumKeySizes = map[string]int{
MinimumKeySize = map[string]int{ "(ED25519)": 256,
"(ED25519)": 256, "(ECDSA)": 256,
"(ECDSA)": 256, "(NTRU)": 1087,
"(NTRU)": 1087, "(MCE)": 1702,
"(MCE)": 1702, "(McE)": 1702,
"(McE)": 1702, "(RSA)": 2048,
"(RSA)": 2048, "(DSA)": 1024,
"(DSA)": 1024, }
}
)
func extractTypeFromBase64Key(key string) (string, error) { func extractTypeFromBase64Key(key string) (string, error) {
b, err := base64.StdEncoding.DecodeString(key) b, err := base64.StdEncoding.DecodeString(key)
@ -228,15 +226,17 @@ func CheckPublicKeyString(content string) (bool, error) {
} }
// Check if key type and key size match. // Check if key type and key size match.
keySize := com.StrTo(sshKeygenOutput[0]).MustInt() if !setting.Service.DisableMinimumKeySizeCheck {
if keySize == 0 { keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
return false, errors.New("cannot get key size of the given key") if keySize == 0 {
} return false, errors.New("cannot get key size of the given key")
keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1]) }
if minimumKeySize := MinimumKeySize[keyType]; minimumKeySize == 0 { keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
return false, errors.New("sorry, unrecognized public key type") if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 {
} else if keySize < minimumKeySize { return false, errors.New("sorry, unrecognized public key type")
return false, fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize) } else if keySize < minimumKeySize {
return false, fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
}
} }
return true, nil return true, nil

File diff suppressed because one or more lines are too long

@ -339,6 +339,8 @@ func NewConfigContext() {
} }
var Service struct { var Service struct {
ActiveCodeLives int
ResetPwdCodeLives int
RegisterEmailConfirm bool RegisterEmailConfirm bool
DisableRegistration bool DisableRegistration bool
ShowRegistrationButton bool ShowRegistrationButton bool
@ -347,19 +349,20 @@ var Service struct {
EnableNotifyMail bool EnableNotifyMail bool
EnableReverseProxyAuth bool EnableReverseProxyAuth bool
EnableReverseProxyAutoRegister bool EnableReverseProxyAutoRegister bool
ActiveCodeLives int DisableMinimumKeySizeCheck bool
ResetPwdCodeLives int
} }
func newService() { func newService() {
Service.ActiveCodeLives = Cfg.Section("service").Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180) sec := Cfg.Section("service")
Service.ResetPwdCodeLives = Cfg.Section("service").Key("RESET_PASSWD_CODE_LIVE_MINUTES").MustInt(180) Service.ActiveCodeLives = sec.Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180)
Service.DisableRegistration = Cfg.Section("service").Key("DISABLE_REGISTRATION").MustBool() Service.ResetPwdCodeLives = sec.Key("RESET_PASSWD_CODE_LIVE_MINUTES").MustInt(180)
Service.ShowRegistrationButton = Cfg.Section("service").Key("SHOW_REGISTRATION_BUTTON").MustBool(!Service.DisableRegistration) Service.DisableRegistration = sec.Key("DISABLE_REGISTRATION").MustBool()
Service.RequireSignInView = Cfg.Section("service").Key("REQUIRE_SIGNIN_VIEW").MustBool() Service.ShowRegistrationButton = sec.Key("SHOW_REGISTRATION_BUTTON").MustBool(!Service.DisableRegistration)
Service.EnableCacheAvatar = Cfg.Section("service").Key("ENABLE_CACHE_AVATAR").MustBool() Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool()
Service.EnableReverseProxyAuth = Cfg.Section("service").Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool() Service.EnableCacheAvatar = sec.Key("ENABLE_CACHE_AVATAR").MustBool()
Service.EnableReverseProxyAutoRegister = Cfg.Section("service").Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool()
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
Service.DisableRegistration = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool()
} }
var logLevels = map[string]string{ var logLevels = map[string]string{

Loading…
Cancel
Save