configs: fix backward compatibility
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
parent
f05fe78737
commit
4b685b21a2
2 changed files with 18 additions and 8 deletions
|
|
@ -97,11 +97,18 @@ func (c *SFTPDConfigs) GetModuliAsString() string {
|
|||
}
|
||||
|
||||
func (c *SFTPDConfigs) validate() error {
|
||||
var hostKeyAlgos []string
|
||||
for _, algo := range c.HostKeyAlgos {
|
||||
if algo == ssh.CertAlgoRSAv01 {
|
||||
continue
|
||||
}
|
||||
if !util.Contains(supportedHostKeyAlgos, algo) {
|
||||
return util.NewValidationError(fmt.Sprintf("unsupported host key algorithm %q", algo))
|
||||
}
|
||||
hostKeyAlgos = append(hostKeyAlgos, algo)
|
||||
}
|
||||
c.HostKeyAlgos = hostKeyAlgos
|
||||
var kexAlgos []string
|
||||
for _, algo := range c.KexAlgorithms {
|
||||
if algo == "diffie-hellman-group18-sha512" {
|
||||
continue
|
||||
|
|
@ -109,7 +116,9 @@ func (c *SFTPDConfigs) validate() error {
|
|||
if !util.Contains(supportedKexAlgos, algo) {
|
||||
return util.NewValidationError(fmt.Sprintf("unsupported KEX algorithm %q", algo))
|
||||
}
|
||||
kexAlgos = append(kexAlgos, algo)
|
||||
}
|
||||
c.KexAlgorithms = kexAlgos
|
||||
for _, cipher := range c.Ciphers {
|
||||
if !util.Contains(supportedCiphers, cipher) {
|
||||
return util.NewValidationError(fmt.Sprintf("unsupported cipher %q", cipher))
|
||||
|
|
|
|||
|
|
@ -7887,7 +7887,7 @@ func TestLoaddata(t *testing.T) {
|
|||
configsGet, err := dataprovider.GetConfigs()
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, configs.SMTP, configsGet.SMTP)
|
||||
assert.Equal(t, configs.SFTPD.HostKeyAlgos, configsGet.SFTPD.HostKeyAlgos)
|
||||
assert.Equal(t, []string{ssh.KeyAlgoRSA}, configsGet.SFTPD.HostKeyAlgos)
|
||||
assert.Len(t, configsGet.SFTPD.Moduli, 0)
|
||||
assert.Len(t, configsGet.SFTPD.KexAlgorithms, 0)
|
||||
assert.Len(t, configsGet.SFTPD.Ciphers, 0)
|
||||
|
|
@ -12705,6 +12705,8 @@ func TestWebConfigsMock(t *testing.T) {
|
|||
assert.Contains(t, rr.Body.String(), ssh.CertAlgoDSAv01) // invalid algo
|
||||
form.Set("sftp_host_key_algos", ssh.KeyAlgoRSA)
|
||||
form.Add("sftp_host_key_algos", ssh.CertAlgoRSAv01)
|
||||
form.Set("sftp_kex_algos", "diffie-hellman-group18-sha512")
|
||||
form.Add("sftp_kex_algos", "diffie-hellman-group16-sha512")
|
||||
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
||||
assert.NoError(t, err)
|
||||
setJWTCookieForReq(req, webToken)
|
||||
|
|
@ -12715,12 +12717,13 @@ func TestWebConfigsMock(t *testing.T) {
|
|||
// check SFTP configs
|
||||
configs, err := dataprovider.GetConfigs()
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 2)
|
||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 1)
|
||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
|
||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.CertAlgoRSAv01)
|
||||
assert.Len(t, configs.SFTPD.Moduli, 2)
|
||||
assert.Contains(t, configs.SFTPD.Moduli, "path 1")
|
||||
assert.Contains(t, configs.SFTPD.Moduli, "path 2")
|
||||
assert.Len(t, configs.SFTPD.KexAlgorithms, 1)
|
||||
assert.Contains(t, configs.SFTPD.KexAlgorithms, "diffie-hellman-group16-sha512")
|
||||
// invalid form action
|
||||
form.Set("form_action", "")
|
||||
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
||||
|
|
@ -12762,9 +12765,8 @@ func TestWebConfigsMock(t *testing.T) {
|
|||
// check
|
||||
configs, err = dataprovider.GetConfigs()
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 2)
|
||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 1)
|
||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
|
||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.CertAlgoRSAv01)
|
||||
assert.Len(t, configs.SFTPD.Moduli, 2)
|
||||
assert.Equal(t, "mail.example.net", configs.SMTP.Host)
|
||||
assert.Equal(t, 587, configs.SMTP.Port)
|
||||
|
|
@ -12833,9 +12835,8 @@ func TestWebConfigsMock(t *testing.T) {
|
|||
// check
|
||||
configs, err = dataprovider.GetConfigs()
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 2)
|
||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 1)
|
||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
|
||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.CertAlgoRSAv01)
|
||||
assert.Len(t, configs.SFTPD.Moduli, 2)
|
||||
assert.Equal(t, 80, configs.ACME.HTTP01Challenge.Port)
|
||||
assert.Equal(t, 7, configs.ACME.Protocols)
|
||||
|
|
@ -12866,7 +12867,7 @@ func TestWebConfigsMock(t *testing.T) {
|
|||
assert.Contains(t, rr.Body.String(), "Configurations updated")
|
||||
configs, err = dataprovider.GetConfigs()
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 2)
|
||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 1)
|
||||
assert.Equal(t, 402, configs.ACME.HTTP01Challenge.Port)
|
||||
assert.Equal(t, 1, configs.ACME.Protocols)
|
||||
assert.Equal(t, domain, configs.ACME.Domain)
|
||||
|
|
|
|||
Loading…
Reference in a new issue