|
|
@ -5,6 +5,11 @@ |
|
|
|
package user |
|
|
|
|
|
|
|
import ( |
|
|
|
"errors" |
|
|
|
"fmt" |
|
|
|
"io/ioutil" |
|
|
|
"os" |
|
|
|
"strconv" |
|
|
|
"strings" |
|
|
|
|
|
|
|
"github.com/gogits/gogs/models" |
|
|
@ -12,6 +17,7 @@ import ( |
|
|
|
"github.com/gogits/gogs/modules/base" |
|
|
|
"github.com/gogits/gogs/modules/log" |
|
|
|
"github.com/gogits/gogs/modules/middleware" |
|
|
|
"github.com/gogits/gogs/modules/process" |
|
|
|
) |
|
|
|
|
|
|
|
const ( |
|
|
@ -23,6 +29,17 @@ const ( |
|
|
|
SECURITY base.TplName = "user/security" |
|
|
|
) |
|
|
|
|
|
|
|
var ( |
|
|
|
MinimumKeySize = map[string]int{ |
|
|
|
"(ED25519)": 256, |
|
|
|
"(ECDSA)": 256, |
|
|
|
"(NTRU)": 1087, |
|
|
|
"(MCE)": 1702, |
|
|
|
"(McE)": 1702, |
|
|
|
"(RSA)": 2048, |
|
|
|
} |
|
|
|
) |
|
|
|
|
|
|
|
func Setting(ctx *middleware.Context) { |
|
|
|
ctx.Data["Title"] = "Setting" |
|
|
|
ctx.Data["PageIsUserSetting"] = true |
|
|
@ -142,6 +159,50 @@ func SettingPasswordPost(ctx *middleware.Context, form auth.UpdatePasswdForm) { |
|
|
|
ctx.Redirect("/user/settings/password") |
|
|
|
} |
|
|
|
|
|
|
|
// Checks if the given public key string is recognized by SSH.
|
|
|
|
func CheckPublicKeyString(keyContent string) (ok bool, err error) { |
|
|
|
if strings.ContainsAny(keyContent, "\n\r") { |
|
|
|
return false, errors.New("Only a single line with a single key please") |
|
|
|
} |
|
|
|
|
|
|
|
// write the key to a file…
|
|
|
|
tmpFile, err := ioutil.TempFile(os.TempDir(), "keytest") |
|
|
|
if err != nil { |
|
|
|
return false, err |
|
|
|
} |
|
|
|
tmpPath := tmpFile.Name() |
|
|
|
defer os.Remove(tmpPath) |
|
|
|
tmpFile.WriteString(keyContent) |
|
|
|
tmpFile.Close() |
|
|
|
|
|
|
|
// … see if ssh-keygen recognizes its contents
|
|
|
|
stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-l", "-f", tmpPath) |
|
|
|
if err != nil { |
|
|
|
return false, errors.New("ssh-keygen -l -f: " + stderr) |
|
|
|
} else if len(stdout) < 2 { |
|
|
|
return false, errors.New("ssh-keygen returned not enough output to evaluate the key") |
|
|
|
} |
|
|
|
sshKeygenOutput := strings.Split(stdout, " ") |
|
|
|
if len(sshKeygenOutput) < 4 { |
|
|
|
return false, errors.New("Not enough fields returned by ssh-keygen -l -f") |
|
|
|
} |
|
|
|
keySize, err := strconv.Atoi(sshKeygenOutput[0]) |
|
|
|
if err != nil { |
|
|
|
return false, errors.New("Cannot get key size of the given key") |
|
|
|
} |
|
|
|
keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1]) |
|
|
|
|
|
|
|
if minimumKeySize := MinimumKeySize[keyType]; minimumKeySize == 0 { |
|
|
|
return false, errors.New("Sorry, unrecognized public key type") |
|
|
|
} else { |
|
|
|
if keySize < minimumKeySize { |
|
|
|
return false, fmt.Errorf("The minimum accepted size of a public key %s is %d", keyType, minimumKeySize) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
return true, nil |
|
|
|
} |
|
|
|
|
|
|
|
func SettingSSHKeys(ctx *middleware.Context, form auth.AddSSHKeyForm) { |
|
|
|
ctx.Data["Title"] = "SSH Keys" |
|
|
|
ctx.Data["PageIsUserSetting"] = true |
|
|
@ -189,8 +250,8 @@ func SettingSSHKeys(ctx *middleware.Context, form auth.AddSSHKeyForm) { |
|
|
|
return |
|
|
|
} |
|
|
|
|
|
|
|
if len(form.KeyContent) < 100 || !strings.HasPrefix(form.KeyContent, "ssh-rsa") { |
|
|
|
ctx.Flash.Error("SSH key content is not valid.") |
|
|
|
if ok, err := CheckPublicKeyString(form.KeyContent); !ok { |
|
|
|
ctx.Flash.Error(err.Error()) |
|
|
|
ctx.Redirect("/user/settings/ssh") |
|
|
|
return |
|
|
|
} |
|
|
|