#1133 add config option [service] DISABLE_MINIMUM_KEY_SIZE_CHECK

This commit is contained in:
Unknwon 2015-03-25 08:59:48 -04:00
parent 5169a0e025
commit aae74c793a
4 changed files with 37 additions and 32 deletions

View File

@ -83,6 +83,8 @@ ENABLE_NOTIFY_MAIL = false
; More detail: https://github.com/gogits/gogs/issues/165 ; More detail: https://github.com/gogits/gogs/issues/165
ENABLE_REVERSE_PROXY_AUTHENTICATION = false ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
; Do not check minimum key size with corresponding type
DISABLE_MINIMUM_KEY_SIZE_CHECK = false
[webhook] [webhook]
; Cron task interval in minutes ; Cron task interval in minutes

View File

@ -101,8 +101,7 @@ func (key *PublicKey) GetAuthorizedString() string {
return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.Id, setting.CustomConf, key.Content) return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.Id, setting.CustomConf, key.Content)
} }
var ( var minimumKeySizes = map[string]int{
MinimumKeySize = map[string]int{
"(ED25519)": 256, "(ED25519)": 256,
"(ECDSA)": 256, "(ECDSA)": 256,
"(NTRU)": 1087, "(NTRU)": 1087,
@ -110,8 +109,7 @@ var (
"(McE)": 1702, "(McE)": 1702,
"(RSA)": 2048, "(RSA)": 2048,
"(DSA)": 1024, "(DSA)": 1024,
} }
)
func extractTypeFromBase64Key(key string) (string, error) { func extractTypeFromBase64Key(key string) (string, error) {
b, err := base64.StdEncoding.DecodeString(key) b, err := base64.StdEncoding.DecodeString(key)
@ -228,16 +226,18 @@ func CheckPublicKeyString(content string) (bool, error) {
} }
// Check if key type and key size match. // Check if key type and key size match.
if !setting.Service.DisableMinimumKeySizeCheck {
keySize := com.StrTo(sshKeygenOutput[0]).MustInt() keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
if keySize == 0 { if keySize == 0 {
return false, errors.New("cannot get key size of the given key") return false, errors.New("cannot get key size of the given key")
} }
keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1]) keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
if minimumKeySize := MinimumKeySize[keyType]; minimumKeySize == 0 { if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 {
return false, errors.New("sorry, unrecognized public key type") return false, errors.New("sorry, unrecognized public key type")
} else if keySize < minimumKeySize { } else if keySize < minimumKeySize {
return false, fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize) return false, fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
} }
}
return true, nil return true, nil
} }

File diff suppressed because one or more lines are too long

View File

@ -339,6 +339,8 @@ func NewConfigContext() {
} }
var Service struct { var Service struct {
ActiveCodeLives int
ResetPwdCodeLives int
RegisterEmailConfirm bool RegisterEmailConfirm bool
DisableRegistration bool DisableRegistration bool
ShowRegistrationButton bool ShowRegistrationButton bool
@ -347,19 +349,20 @@ var Service struct {
EnableNotifyMail bool EnableNotifyMail bool
EnableReverseProxyAuth bool EnableReverseProxyAuth bool
EnableReverseProxyAutoRegister bool EnableReverseProxyAutoRegister bool
ActiveCodeLives int DisableMinimumKeySizeCheck bool
ResetPwdCodeLives int
} }
func newService() { func newService() {
Service.ActiveCodeLives = Cfg.Section("service").Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180) sec := Cfg.Section("service")
Service.ResetPwdCodeLives = Cfg.Section("service").Key("RESET_PASSWD_CODE_LIVE_MINUTES").MustInt(180) Service.ActiveCodeLives = sec.Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180)
Service.DisableRegistration = Cfg.Section("service").Key("DISABLE_REGISTRATION").MustBool() Service.ResetPwdCodeLives = sec.Key("RESET_PASSWD_CODE_LIVE_MINUTES").MustInt(180)
Service.ShowRegistrationButton = Cfg.Section("service").Key("SHOW_REGISTRATION_BUTTON").MustBool(!Service.DisableRegistration) Service.DisableRegistration = sec.Key("DISABLE_REGISTRATION").MustBool()
Service.RequireSignInView = Cfg.Section("service").Key("REQUIRE_SIGNIN_VIEW").MustBool() Service.ShowRegistrationButton = sec.Key("SHOW_REGISTRATION_BUTTON").MustBool(!Service.DisableRegistration)
Service.EnableCacheAvatar = Cfg.Section("service").Key("ENABLE_CACHE_AVATAR").MustBool() Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool()
Service.EnableReverseProxyAuth = Cfg.Section("service").Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool() Service.EnableCacheAvatar = sec.Key("ENABLE_CACHE_AVATAR").MustBool()
Service.EnableReverseProxyAutoRegister = Cfg.Section("service").Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool()
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
Service.DisableRegistration = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool()
} }
var logLevels = map[string]string{ var logLevels = map[string]string{