* cleanup old comments for ed25519
These comments were added when x/crypto/ed25519 could not yet handle
ed25519. It does now, so it should be removed.
Also the key type is now replaced with the proper constant.
* move the minimum key size config before the check
This moves the actual config lookup before any check is done. This
avoids problems with calling to ssh-keygen which doesn't support the
expected output format and returning an error, when the check is disabled.
* use created & updated instead BeforeInsert & BeforeUpdate
* fix vendor checksum
* only show generated SQL when development mode
* remove extra update column updated_unix
* remove trace config
* Add setting to disable authorized_keys backup when rewriting public keys
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Update default value to comply with documentation
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Use tmp-file instead of bak-file for saving manually added keys.
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change casing
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change casing and build bakpath with sprintf only
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Only close file once
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Do not modify calcFingerprint
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Fix casing
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change style from disable to enable
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change name, just SSH_BACKUP_AUTHORIZED_KEYS
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Do not check for directory existence if backup is disabled
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Delete public key tmp file after calculating fingerprint
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Move line
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Remove defer statement
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Readd defer statement and move remove
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Delete space
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* add internal routes for ssh hook comands
* fix lint
* add comment on why package named private not internal but the route name is internal
* add comment above package private why package named private not internal but the route name is internal
* remove exp time on internal access
* move routes from /internal to /api/internal
* add comment and defer on UpdatePublicKeyUpdated
This change corrects a few logging issues:
* Standardized formatting errors with '%v'.
* Standardized failure warning word usage.
* Corrected an instance of using the standard log library when
the gitea log library should be used instead.
* Add a process.Manager singleton with process.GetManager()
* Use process.GetManager everywhere
* Fix godoc comments for process module
* Increment process counter id after locking the mutex
* Handle user ssh key input better
ssh_key: when user submitted keys had a newline at the end, strings.Split
would have created a slice with an empty last element, and the key type
check would be incorrect. Perhaps a better way is to look for 'ssh-rsa' or
'ssh-dsa' at the beginning of the string, but this is simple.
* ssh_key: correct indentation
This commit adds the possibibility to use either the native golang
libraries or ssh-keygen to check public keys. The check is adjusted
depending on the settings, so that only supported keys are let through.
This commit also brings back the blacklist feature, which was removed in
7ef9a05588. This allows to blacklist
algorythms or keys based on the key length. This works with the native
and the ssh-keygen way.
Because of #2179 it also includes a way to adjust the path to
ssh-keygen and the working directory for ssh-keygen. With this,
sysadmins should be able to adjust the settings in a way, that SELinux
is okay with it. In the worst case, they can switch to the native
implementation and only loose support for ed25519 keys at the moment.
There are some other places which need adjustment to utilize the
parameters and the native implementation, but this sets the ground work.
