diff options
author | Unknwon <u@gogs.io> | 2016-02-27 18:55:14 -0500 |
---|---|---|
committer | Unknwon <u@gogs.io> | 2016-02-27 18:55:14 -0500 |
commit | 83c74878df3f6edec4fca51e9cec299d2a1bb897 (patch) | |
tree | f98a798eb0d5330f4d3e900898f047c1f39df251 /modules | |
parent | d320915ad2a7b4bbab075b98890aa50f91f0ced5 (diff) | |
parent | e721c5cf86c4d693a84bcf48d3a8a531efd24aaf (diff) | |
download | gitea-83c74878df3f6edec4fca51e9cec299d2a1bb897.tar.gz gitea-83c74878df3f6edec4fca51e9cec299d2a1bb897.zip |
Merge pull request #2637 from Gibheer/ssh-publickeys
allow native and ssh-keygen public key check
Diffstat (limited to 'modules')
-rw-r--r-- | modules/setting/setting.go | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go index c74416613d..2b1b553126 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -27,6 +27,11 @@ import ( "github.com/gogits/gogs/modules/user" ) +const ( + SSH_PUBLICKEY_CHECK_NATIVE = "native" + SSH_PUBLICKEY_CHECK_KEYGEN = "ssh-keygen" +) + type Scheme string const ( @@ -67,6 +72,9 @@ var ( SSHPort int SSHListenPort int SSHRootPath string + SSHPublicKeyCheck string + SSHWorkPath string + SSHKeyGenPath string OfflineMode bool DisableRouterLog bool CertFile, KeyFile string @@ -330,6 +338,29 @@ func NewContext() { if err := os.MkdirAll(SSHRootPath, 0700); err != nil { log.Fatal(4, "Fail to create '%s': %v", SSHRootPath, err) } + checkDefault := SSH_PUBLICKEY_CHECK_KEYGEN + if StartSSHServer { + checkDefault = SSH_PUBLICKEY_CHECK_NATIVE + } + SSHPublicKeyCheck = sec.Key("SSH_PUBLICKEY_CHECK").MustString(checkDefault) + if SSHPublicKeyCheck != SSH_PUBLICKEY_CHECK_NATIVE && + SSHPublicKeyCheck != SSH_PUBLICKEY_CHECK_KEYGEN { + log.Fatal(4, "SSH_PUBLICKEY_CHECK must be ssh-keygen or native") + } + SSHWorkPath = sec.Key("SSH_WORK_PATH").MustString(os.TempDir()) + if !DisableSSH && (!StartSSHServer || SSHPublicKeyCheck == SSH_PUBLICKEY_CHECK_KEYGEN) { + if tmpDirStat, err := os.Stat(SSHWorkPath); err != nil || !tmpDirStat.IsDir() { + log.Fatal(4, "directory '%s' set in SSHWorkPath is not a directory: %s", SSHWorkPath, err) + } + } + SSHKeyGenPath = sec.Key("SSH_KEYGEN_PATH").MustString("") + if !DisableSSH && !StartSSHServer && + SSHKeyGenPath == "" && SSHPublicKeyCheck == SSH_PUBLICKEY_CHECK_KEYGEN { + SSHKeyGenPath, err = exec.LookPath("ssh-keygen") + if err != nil { + log.Fatal(4, "could not find ssh-keygen, maybe set DISABLE_SSH to use the internal ssh server") + } + } OfflineMode = sec.Key("OFFLINE_MODE").MustBool() DisableRouterLog = sec.Key("DISABLE_ROUTER_LOG").MustBool() StaticRootPath = sec.Key("STATIC_ROOT_PATH").MustString(workDir) @@ -461,6 +492,8 @@ var Service struct { EnableReverseProxyAuth bool EnableReverseProxyAutoRegister bool EnableCaptcha bool + EnableMinimumKeySizeCheck bool + MinimumKeySizes map[string]int } func newService() { @@ -473,6 +506,15 @@ func newService() { Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool() Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool() + Service.EnableMinimumKeySizeCheck = sec.Key("ENABLE_MINIMUM_KEY_SIZE_CHECK").MustBool() + Service.MinimumKeySizes = map[string]int{} + + minimumKeySizes := Cfg.Section("service.minimum_key_sizes").Keys() + for _, key := range minimumKeySizes { + if key.MustInt() != -1 { + Service.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt() + } + } } var logLevels = map[string]string{ |