Rework the permissions model for SSH key restrictions

`allowed_key_types` is removed and the `minimum_<type>_bits` fields are
renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies
that the key type is disabled.

This also feeds through to the UI - checkboxes per key type are out, inline
selection of "forbidden" and "allowed" (i.e., no restrictions) are in.

As with the previous model, unknown key types are disallowed, even if the
underlying ssh daemon happens to support them. The defaults have also been
changed from the lowest known bit size to "no restriction". So if someone
does happen to have a 768-bit RSA key, it will continue to work on upgrade, at
least until the administrator restricts them.

2 files changed, 18 insertions, 15 deletions

diff --git a/db/migrate/20161020180657_add_minimum_key_length_to_application_settings.rb b/db/migrate/20161020180657_add_minimum_key_length_to_application_settings.rb
index ce87d8a26b6..2882e7f8b45 100644
--- a/db/migrate/20161020180657_add_minimum_key_length_to_application_settings.rb
+++ b/db/migrate/20161020180657_add_minimum_key_length_to_application_settings.rb
@@ -7,18 +7,22 @@ class AddMinimumKeyLengthToApplicationSettings < ActiveRecord::Migration
   disable_ddl_transaction!
 
   def up
-    add_column_with_default :application_settings, :minimum_rsa_bits, :integer, default: 1024
-    add_column_with_default :application_settings, :minimum_dsa_bits, :integer, default: 1024
-    add_column_with_default :application_settings, :minimum_ecdsa_bits, :integer, default: 256
-    add_column_with_default :application_settings, :minimum_ed25519_bits, :integer, default: 256
-    add_column_with_default :application_settings, :allowed_key_types, :string, default: %w[rsa dsa ecdsa ed25519].to_yaml
+    # A key restriction has two possible states:
+    #
+    #   * -1 means "this key type is completely disabled"
+    #   * >= 0 means "keys must have at least this many bits to be valid"
+    #
+    # A value of 0 is equivalent to "there are no restrictions on keys of this type"
+    add_column_with_default :application_settings, :rsa_key_restriction, :integer, default: 0
+    add_column_with_default :application_settings, :dsa_key_restriction, :integer, default: 0
+    add_column_with_default :application_settings, :ecdsa_key_restriction, :integer, default: 0
+    add_column_with_default :application_settings, :ed25519_key_restriction, :integer, default: 0
   end
 
   def down
-    remove_column :application_settings, :minimum_rsa_bits
-    remove_column :application_settings, :minimum_dsa_bits
-    remove_column :application_settings, :minimum_ecdsa_bits
-    remove_column :application_settings, :minimum_ed25519_bits
-    remove_column :application_settings, :allowed_key_types
+    remove_column :application_settings, :rsa_key_restriction
+    remove_column :application_settings, :dsa_key_restriction
+    remove_column :application_settings, :ecdsa_key_restriction
+    remove_column :application_settings, :ed25519_key_restriction
   end
 end
diff --git a/db/schema.rb b/db/schema.rb
index 49ae4b48627..434d1326419 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -129,11 +129,10 @@ ActiveRecord::Schema.define(version: 20170824162758) do
     t.boolean "password_authentication_enabled"
     t.boolean "project_export_enabled", default: true, null: false
     t.boolean "hashed_storage_enabled", default: false, null: false
-    t.integer "minimum_rsa_bits", default: 1024, null: false
-    t.integer "minimum_dsa_bits", default: 1024, null: false
-    t.integer "minimum_ecdsa_bits", default: 256, null: false
-    t.integer "minimum_ed25519_bits", default: 256, null: false
-    t.string "allowed_key_types", default: "---\n- rsa\n- dsa\n- ecdsa\n- ed25519\n", null: false
+    t.integer "rsa_key_restriction", default: 0, null: false
+    t.integer "dsa_key_restriction", default: 0, null: false
+    t.integer "ecdsa_key_restriction", default: 0, null: false
+    t.integer "ed25519_key_restriction", default: 0, null: false
   end
 
   create_table "audit_events", force: :cascade do |t|