* Add setting to disable authorized_keys backup when rewriting public keys
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Update default value to comply with documentation
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Use tmp-file instead of bak-file for saving manually added keys.
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change casing
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change casing and build bakpath with sprintf only
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Only close file once
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Do not modify calcFingerprint
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Fix casing
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change style from disable to enable
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Change name, just SSH_BACKUP_AUTHORIZED_KEYS
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Do not check for directory existence if backup is disabled
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Delete public key tmp file after calculating fingerprint
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Move line
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Remove defer statement
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Readd defer statement and move remove
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Delete space
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* add internal routes for ssh hook comands
* fix lint
* add comment on why package named private not internal but the route name is internal
* add comment above package private why package named private not internal but the route name is internal
* remove exp time on internal access
* move routes from /internal to /api/internal
* add comment and defer on UpdatePublicKeyUpdated
This change corrects a few logging issues:
* Standardized formatting errors with '%v'.
* Standardized failure warning word usage.
* Corrected an instance of using the standard log library when
the gitea log library should be used instead.
* Add a process.Manager singleton with process.GetManager()
* Use process.GetManager everywhere
* Fix godoc comments for process module
* Increment process counter id after locking the mutex
* Handle user ssh key input better
ssh_key: when user submitted keys had a newline at the end, strings.Split
would have created a slice with an empty last element, and the key type
check would be incorrect. Perhaps a better way is to look for 'ssh-rsa' or
'ssh-dsa' at the beginning of the string, but this is simple.
* ssh_key: correct indentation
This commit adds the possibibility to use either the native golang
libraries or ssh-keygen to check public keys. The check is adjusted
depending on the settings, so that only supported keys are let through.
This commit also brings back the blacklist feature, which was removed in
7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist
algorythms or keys based on the key length. This works with the native
and the ssh-keygen way.
Because of #2179 it also includes a way to adjust the path to
ssh-keygen and the working directory for ssh-keygen. With this,
sysadmins should be able to adjust the settings in a way, that SELinux
is okay with it. In the worst case, they can switch to the native
implementation and only loose support for ed25519 keys at the moment.
There are some other places which need adjustment to utilize the
parameters and the native implementation, but this sets the ground work.