diff options
| author | Unknwon <u@gogs.io> | 2016-01-15 18:39:51 +0800 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2016-01-15 18:39:51 +0800 |
| commit | 7ef9a055886574655d9f2be70c957bc16bf30500 (patch) | |
| tree | 0f3d46f2d09e16bae1625e6be719773557e23893 | |
| parent | c631a4a9b988e63bd8b07dfdeee1f1d4b3ad7d45 (diff) | |
| download | gitea-7ef9a055886574655d9f2be70c957bc16bf30500.tar.gz gitea-7ef9a055886574655d9f2be70c957bc16bf30500.zip | |
#2179 use Go sub-repo ssh to verify public key content
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | conf/app.ini | 12 | ||||
| -rw-r--r-- | gogs.go | 2 | ||||
| -rw-r--r-- | models/ssh_key.go | 47 | ||||
| -rw-r--r-- | modules/setting/setting.go | 9 | ||||
| -rw-r--r-- | templates/.VERSION | 2 |
6 files changed, 13 insertions, 61 deletions
@@ -3,7 +3,7 @@ Gogs - Go Git Service [ -##### Current version: 0.8.21 +##### Current version: 0.8.22 | Web | UI | Preview | |:-------------:|:-------:|:-------:| diff --git a/conf/app.ini b/conf/app.ini index c1ca838ac0..69829fcaba 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -120,21 +120,9 @@ ENABLE_NOTIFY_MAIL = false ; More detail: https://github.com/gogits/gogs/issues/165 ENABLE_REVERSE_PROXY_AUTHENTICATION = false ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false -; Do not check minimum key size with corresponding type -DISABLE_MINIMUM_KEY_SIZE_CHECK = false ; Enable captcha validation for registration ENABLE_CAPTCHA = true -; used to filter keys which are too short -[service.minimum_key_sizes] -ED25519 = 256 -ECDSA = 256 -NTRU = 1087 -MCE = 1702 -McE = 1702 -RSA = 1024 -DSA = 1024 - [webhook] ; Hook task queue length QUEUE_LENGTH = 1000 @@ -17,7 +17,7 @@ import ( "github.com/gogits/gogs/modules/setting" ) -const APP_VER = "0.8.21.0114" +const APP_VER = "0.8.22.0115" func init() { runtime.GOMAXPROCS(runtime.NumCPU()) diff --git a/models/ssh_key.go b/models/ssh_key.go index f0db4de430..a7b1680f67 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -21,6 +21,7 @@ import ( "github.com/Unknwon/com" "github.com/go-xorm/xorm" + "golang.org/x/crypto/ssh" "github.com/gogits/gogs/modules/log" "github.com/gogits/gogs/modules/process" @@ -164,48 +165,20 @@ func CheckPublicKeyString(content string) (_ string, err error) { return "", errors.New("only a single line with a single key please") } - // write the key to a fileā¦ - tmpFile, err := ioutil.TempFile(os.TempDir(), "keytest") - if err != nil { - return "", err + fields := strings.Fields(content) + if len(fields) < 2 { + return "", errors.New("too less fields") } - tmpPath := tmpFile.Name() - defer os.Remove(tmpPath) - tmpFile.WriteString(content) - tmpFile.Close() - // Check if ssh-keygen recognizes its contents. - stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-lf", tmpPath) + key, err := base64.StdEncoding.DecodeString(fields[1]) if err != nil { - return "", errors.New("ssh-keygen -lf: " + stderr) - } else if len(stdout) < 2 { - return "", errors.New("ssh-keygen returned not enough output to evaluate the key: " + stdout) + return "", fmt.Errorf("StdEncoding.DecodeString: %v", err) } - - // The ssh-keygen in Windows does not print key type, so no need go further. - if setting.IsWindows { - return content, nil - } - - sshKeygenOutput := strings.Split(stdout, " ") - if len(sshKeygenOutput) < 4 { - return content, ErrKeyUnableVerify{stdout} - } - - // Check if key type and key size match. - if !setting.Service.DisableMinimumKeySizeCheck { - keySize := com.StrTo(sshKeygenOutput[0]).MustInt() - if keySize == 0 { - return "", errors.New("cannot get key size of the given key") - } - - keyType := strings.Trim(sshKeygenOutput[len(sshKeygenOutput)-1], " ()\n") - if minimumKeySize := setting.Service.MinimumKeySizes[keyType]; minimumKeySize == 0 { - return "", fmt.Errorf("unrecognized public key type: %s", keyType) - } else if keySize < minimumKeySize { - return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize) - } + pkey, err := ssh.ParsePublicKey([]byte(key)) + if err != nil { + return "", fmt.Errorf("ParsePublicKey: %v", err) } + log.Trace("Key type: %s", pkey.Type()) return content, nil } diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 0ab0eafaa1..e719153ae2 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -453,8 +453,6 @@ var Service struct { EnableNotifyMail bool EnableReverseProxyAuth bool EnableReverseProxyAutoRegister bool - DisableMinimumKeySizeCheck bool - MinimumKeySizes map[string]int EnableCaptcha bool } @@ -468,14 +466,7 @@ func newService() { Service.EnableCacheAvatar = sec.Key("ENABLE_CACHE_AVATAR").MustBool() Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool() Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() - Service.DisableMinimumKeySizeCheck = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool() Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool() - - minimumKeySizes := Cfg.Section("service.minimum_key_sizes").Keys() - Service.MinimumKeySizes = make(map[string]int) - for _, key := range minimumKeySizes { - Service.MinimumKeySizes[key.Name()] = key.MustInt() - } } var logLevels = map[string]string{ diff --git a/templates/.VERSION b/templates/.VERSION index 51bb73689e..fbe31ee632 100644 --- a/templates/.VERSION +++ b/templates/.VERSION @@ -1 +1 @@ -0.8.21.0114
\ No newline at end of file +0.8.22.0115
\ No newline at end of file |