diff options
| author | Unknwon <u@gogs.io> | 2017-06-11 02:06:26 -0400 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2017-06-11 02:06:26 -0400 |
| commit | e16196124eff47924691b3e5c70c6f4d5dcca9b1 (patch) | |
| tree | dedb9cf4e4a8c3a68b858a64c0bcb829b9260672 /pkg/setting/setting.go | |
| parent | ab2197bc75fc85089a4ff7f8d2ee46caf04507a4 (diff) | |
setting: disable SSH minimum key size check when not eligible (#4507)
Diffstat (limited to 'pkg/setting/setting.go')
| -rw-r--r-- | pkg/setting/setting.go | 44 |
1 files changed, 36 insertions, 8 deletions
diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go index 09bc4969..039c29c6 100644 --- a/pkg/setting/setting.go +++ b/pkg/setting/setting.go @@ -21,12 +21,14 @@ import ( _ "github.com/go-macaron/cache/redis" "github.com/go-macaron/session" _ "github.com/go-macaron/session/redis" + "github.com/mcuadros/go-version" log "gopkg.in/clog.v1" "gopkg.in/ini.v1" "github.com/gogits/go-libravatar" "github.com/gogits/gogs/pkg/bindata" + "github.com/gogits/gogs/pkg/process" "github.com/gogits/gogs/pkg/user" ) @@ -90,7 +92,7 @@ var ( ServerCiphers []string `ini:"SSH_SERVER_CIPHERS"` KeyTestPath string `ini:"SSH_KEY_TEST_PATH"` KeygenPath string `ini:"SSH_KEYGEN_PATH"` - MinimumKeySizeCheck bool `ini:"-"` + MinimumKeySizeCheck bool `ini:"MINIMUM_KEY_SIZE_CHECK"` MinimumKeySizes map[string]int `ini:"-"` } @@ -377,6 +379,21 @@ func IsRunUserMatchCurrentUser(runUser string) (string, bool) { return currentUser, runUser == currentUser } +// getOpenSSHVersion parses and returns string representation of OpenSSH version +// returned by command "ssh -V". +func getOpenSSHVersion() string { + // Note: somehow version is printed to stderr + _, stderr, err := process.Exec("getOpenSSHVersion", "ssh", "-V") + if err != nil { + log.Fatal(2, "Fail to get OpenSSH version: %v - %s", err, stderr) + } + + // Trim unused information: https://github.com/gogits/gogs/issues/4507#issuecomment-305150441 + version := strings.TrimRight(strings.Fields(stderr)[0], ",1234567890") + version = strings.TrimSuffix(strings.TrimPrefix(version, "OpenSSH_"), "p") + return version +} + // NewContext initializes configuration context. // NOTE: do not print any log except error. func NewContext() { @@ -474,9 +491,9 @@ func NewContext() { if err = Cfg.Section("server").MapTo(&SSH); err != nil { log.Fatal(2, "Fail to map SSH settings: %v", err) } - // When disable SSH, start builtin server value is ignored. if SSH.Disabled { SSH.StartBuiltinServer = false + SSH.MinimumKeySizeCheck = false } if !SSH.Disabled && !SSH.StartBuiltinServer { @@ -487,12 +504,23 @@ func NewContext() { } } - SSH.MinimumKeySizeCheck = sec.Key("MINIMUM_KEY_SIZE_CHECK").MustBool() - SSH.MinimumKeySizes = map[string]int{} - minimumKeySizes := Cfg.Section("ssh.minimum_key_sizes").Keys() - for _, key := range minimumKeySizes { - if key.MustInt() != -1 { - SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt() + // Check if server is eligible for minimum key size check when user choose to enable. + // Windows server and OpenSSH version lower than 5.1 (https://github.com/gogits/gogs/issues/4507) + // are forced to be disabled because the "ssh-keygen" in Windows does not print key type. + if SSH.MinimumKeySizeCheck && + (IsWindows || version.Compare(getOpenSSHVersion(), "5.1", "<")) { + SSH.MinimumKeySizeCheck = false + log.Warn(`SSH minimum key size check is forced to be disabled because server is not eligible: +1. Windows server +2. OpenSSH version is lower than 5.1`) + } + + if SSH.MinimumKeySizeCheck { + SSH.MinimumKeySizes = map[string]int{} + for _, key := range Cfg.Section("ssh.minimum_key_sizes").Keys() { + if key.MustInt() != -1 { + SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt() + } } } |