diff options
author | Nick Thomas <nick@gitlab.com> | 2017-08-25 16:08:48 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2017-08-30 22:50:44 +0300 |
commit | 6847060266792471c9c14518a5106e0f622cd6c5 (patch) | |
tree | 291238748abd929e77aaf462b8833bd336e39f5d /app/models/application_setting.rb | |
parent | b49b7bc147955df6589b13942d0437a3b4518c7b (diff) |
Rework the permissions model for SSH key restrictions
`allowed_key_types` is removed and the `minimum_<type>_bits` fields are
renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies
that the key type is disabled.
This also feeds through to the UI - checkboxes per key type are out, inline
selection of "forbidden" and "allowed" (i.e., no restrictions) are in.
As with the previous model, unknown key types are disallowed, even if the
underlying ssh daemon happens to support them. The defaults have also been
changed from the lowest known bit size to "no restriction". So if someone
does happen to have a 768-bit RSA key, it will continue to work on upgrade, at
least until the administrator restricts them.
Diffstat (limited to 'app/models/application_setting.rb')
-rw-r--r-- | app/models/application_setting.rb | 62 |
1 files changed, 31 insertions, 31 deletions
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index 988ee4802b9..0f9053262c2 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -13,6 +13,15 @@ class ApplicationSetting < ActiveRecord::Base [\r\n] # any number of newline characters }x + # Setting a key restriction to `-1` means that all keys of this type are + # forbidden. + FORBIDDEN_KEY_VALUE = -1 + SUPPORTED_KEY_TYPES = %i[rsa dsa ecdsa ed25519].freeze + + def self.supported_key_restrictions(type) + [0, *Gitlab::SSHPublicKey.supported_sizes(type), FORBIDDEN_KEY_VALUE] + end + serialize :restricted_visibility_levels # rubocop:disable Cop/ActiveRecordSerialize serialize :import_sources # rubocop:disable Cop/ActiveRecordSerialize serialize :disabled_oauth_sign_in_sources, Array # rubocop:disable Cop/ActiveRecordSerialize @@ -20,7 +29,6 @@ class ApplicationSetting < ActiveRecord::Base serialize :domain_blacklist, Array # rubocop:disable Cop/ActiveRecordSerialize serialize :repository_storages # rubocop:disable Cop/ActiveRecordSerialize serialize :sidekiq_throttling_queues, Array # rubocop:disable Cop/ActiveRecordSerialize - serialize :allowed_key_types, Array # rubocop:disable Cop/ActiveRecordSerialize cache_markdown_field :sign_in_text cache_markdown_field :help_page_text @@ -147,23 +155,11 @@ class ApplicationSetting < ActiveRecord::Base presence: true, numericality: { greater_than_or_equal_to: 0 } - validates :allowed_key_types, presence: true - - validates :minimum_rsa_bits, - presence: true, - inclusion: { in: Gitlab::SSHPublicKey.allowed_sizes('rsa') } - - validates :minimum_dsa_bits, - presence: true, - inclusion: { in: Gitlab::SSHPublicKey.allowed_sizes('dsa') } - - validates :minimum_ecdsa_bits, - presence: true, - inclusion: { in: Gitlab::SSHPublicKey.allowed_sizes('ecdsa') } - - validates :minimum_ed25519_bits, - presence: true, - inclusion: { in: Gitlab::SSHPublicKey.allowed_sizes('ed25519') } + SUPPORTED_KEY_TYPES.each do |type| + validates :"#{type}_key_restriction", + presence: true, + inclusion: { in: ApplicationSetting.supported_key_restrictions(type) } + end validates_each :restricted_visibility_levels do |record, attr, value| value&.each do |level| @@ -189,14 +185,6 @@ class ApplicationSetting < ActiveRecord::Base end end - validates_each :allowed_key_types do |record, attr, value| - value&.each do |type| - unless Gitlab::SSHPublicKey.allowed_type?(type) - record.errors.add(attr, "'#{type}' is not a valid SSH key type") - end - end - end - before_validation :ensure_uuid! before_save :ensure_runners_registration_token @@ -240,7 +228,6 @@ class ApplicationSetting < ActiveRecord::Base { after_sign_up_text: nil, akismet_enabled: false, - allowed_key_types: Gitlab::SSHPublicKey.technology_names, container_registry_token_expire_delay: 5, default_artifacts_expire_in: '30 days', default_branch_protection: Settings.gitlab['default_branch_protection'], @@ -250,6 +237,9 @@ class ApplicationSetting < ActiveRecord::Base default_group_visibility: Settings.gitlab.default_projects_features['visibility_level'], disabled_oauth_sign_in_sources: [], domain_whitelist: Settings.gitlab['domain_whitelist'], + dsa_key_restriction: 0, + ecdsa_key_restriction: 0, + ed25519_key_restriction: 0, gravatar_enabled: Settings.gravatar['enabled'], help_page_text: nil, help_page_hide_commercial_content: false, @@ -268,10 +258,7 @@ class ApplicationSetting < ActiveRecord::Base max_attachment_size: Settings.gitlab['max_attachment_size'], password_authentication_enabled: Settings.gitlab['password_authentication_enabled'], performance_bar_allowed_group_id: nil, - minimum_rsa_bits: 1024, - minimum_dsa_bits: 1024, - minimum_ecdsa_bits: 256, - minimum_ed25519_bits: 256, + rsa_key_restriction: 0, plantuml_enabled: false, plantuml_url: nil, project_export_enabled: true, @@ -446,6 +433,19 @@ class ApplicationSetting < ActiveRecord::Base usage_ping_can_be_configured? && super end + def allowed_key_types + SUPPORTED_KEY_TYPES.select do |type| + key_restriction_for(type) != FORBIDDEN_KEY_VALUE + end + end + + def key_restriction_for(type) + attr_name = "#{type}_key_restriction" + + # rubocop:disable GitlabSecurity/PublicSend + has_attribute?(attr_name) ? public_send(attr_name) : FORBIDDEN_KEY_VALUE + end + private def ensure_uuid! |