summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorUnknwon <u@gogs.io>2016-02-27 18:55:14 -0500
committerUnknwon <u@gogs.io>2016-02-27 18:55:14 -0500
commit83c74878df3f6edec4fca51e9cec299d2a1bb897 (patch)
treef98a798eb0d5330f4d3e900898f047c1f39df251 /modules
parentd320915ad2a7b4bbab075b98890aa50f91f0ced5 (diff)
parente721c5cf86c4d693a84bcf48d3a8a531efd24aaf (diff)
downloadgitea-83c74878df3f6edec4fca51e9cec299d2a1bb897.tar.gz
gitea-83c74878df3f6edec4fca51e9cec299d2a1bb897.zip
Merge pull request #2637 from Gibheer/ssh-publickeys
allow native and ssh-keygen public key check
Diffstat (limited to 'modules')
-rw-r--r--modules/setting/setting.go42
1 files changed, 42 insertions, 0 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index c74416613d..2b1b553126 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -27,6 +27,11 @@ import (
"github.com/gogits/gogs/modules/user"
)
+const (
+ SSH_PUBLICKEY_CHECK_NATIVE = "native"
+ SSH_PUBLICKEY_CHECK_KEYGEN = "ssh-keygen"
+)
+
type Scheme string
const (
@@ -67,6 +72,9 @@ var (
SSHPort int
SSHListenPort int
SSHRootPath string
+ SSHPublicKeyCheck string
+ SSHWorkPath string
+ SSHKeyGenPath string
OfflineMode bool
DisableRouterLog bool
CertFile, KeyFile string
@@ -330,6 +338,29 @@ func NewContext() {
if err := os.MkdirAll(SSHRootPath, 0700); err != nil {
log.Fatal(4, "Fail to create '%s': %v", SSHRootPath, err)
}
+ checkDefault := SSH_PUBLICKEY_CHECK_KEYGEN
+ if StartSSHServer {
+ checkDefault = SSH_PUBLICKEY_CHECK_NATIVE
+ }
+ SSHPublicKeyCheck = sec.Key("SSH_PUBLICKEY_CHECK").MustString(checkDefault)
+ if SSHPublicKeyCheck != SSH_PUBLICKEY_CHECK_NATIVE &&
+ SSHPublicKeyCheck != SSH_PUBLICKEY_CHECK_KEYGEN {
+ log.Fatal(4, "SSH_PUBLICKEY_CHECK must be ssh-keygen or native")
+ }
+ SSHWorkPath = sec.Key("SSH_WORK_PATH").MustString(os.TempDir())
+ if !DisableSSH && (!StartSSHServer || SSHPublicKeyCheck == SSH_PUBLICKEY_CHECK_KEYGEN) {
+ if tmpDirStat, err := os.Stat(SSHWorkPath); err != nil || !tmpDirStat.IsDir() {
+ log.Fatal(4, "directory '%s' set in SSHWorkPath is not a directory: %s", SSHWorkPath, err)
+ }
+ }
+ SSHKeyGenPath = sec.Key("SSH_KEYGEN_PATH").MustString("")
+ if !DisableSSH && !StartSSHServer &&
+ SSHKeyGenPath == "" && SSHPublicKeyCheck == SSH_PUBLICKEY_CHECK_KEYGEN {
+ SSHKeyGenPath, err = exec.LookPath("ssh-keygen")
+ if err != nil {
+ log.Fatal(4, "could not find ssh-keygen, maybe set DISABLE_SSH to use the internal ssh server")
+ }
+ }
OfflineMode = sec.Key("OFFLINE_MODE").MustBool()
DisableRouterLog = sec.Key("DISABLE_ROUTER_LOG").MustBool()
StaticRootPath = sec.Key("STATIC_ROOT_PATH").MustString(workDir)
@@ -461,6 +492,8 @@ var Service struct {
EnableReverseProxyAuth bool
EnableReverseProxyAutoRegister bool
EnableCaptcha bool
+ EnableMinimumKeySizeCheck bool
+ MinimumKeySizes map[string]int
}
func newService() {
@@ -473,6 +506,15 @@ func newService() {
Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool()
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool()
+ Service.EnableMinimumKeySizeCheck = sec.Key("ENABLE_MINIMUM_KEY_SIZE_CHECK").MustBool()
+ Service.MinimumKeySizes = map[string]int{}
+
+ minimumKeySizes := Cfg.Section("service.minimum_key_sizes").Keys()
+ for _, key := range minimumKeySizes {
+ if key.MustInt() != -1 {
+ Service.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt()
+ }
+ }
}
var logLevels = map[string]string{