configs: fix backward compatibility
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
parent
f05fe78737
commit
4b685b21a2
2 changed files with 18 additions and 8 deletions
|
|
@ -97,11 +97,18 @@ func (c *SFTPDConfigs) GetModuliAsString() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *SFTPDConfigs) validate() error {
|
func (c *SFTPDConfigs) validate() error {
|
||||||
|
var hostKeyAlgos []string
|
||||||
for _, algo := range c.HostKeyAlgos {
|
for _, algo := range c.HostKeyAlgos {
|
||||||
|
if algo == ssh.CertAlgoRSAv01 {
|
||||||
|
continue
|
||||||
|
}
|
||||||
if !util.Contains(supportedHostKeyAlgos, algo) {
|
if !util.Contains(supportedHostKeyAlgos, algo) {
|
||||||
return util.NewValidationError(fmt.Sprintf("unsupported host key algorithm %q", algo))
|
return util.NewValidationError(fmt.Sprintf("unsupported host key algorithm %q", algo))
|
||||||
}
|
}
|
||||||
|
hostKeyAlgos = append(hostKeyAlgos, algo)
|
||||||
}
|
}
|
||||||
|
c.HostKeyAlgos = hostKeyAlgos
|
||||||
|
var kexAlgos []string
|
||||||
for _, algo := range c.KexAlgorithms {
|
for _, algo := range c.KexAlgorithms {
|
||||||
if algo == "diffie-hellman-group18-sha512" {
|
if algo == "diffie-hellman-group18-sha512" {
|
||||||
continue
|
continue
|
||||||
|
|
@ -109,7 +116,9 @@ func (c *SFTPDConfigs) validate() error {
|
||||||
if !util.Contains(supportedKexAlgos, algo) {
|
if !util.Contains(supportedKexAlgos, algo) {
|
||||||
return util.NewValidationError(fmt.Sprintf("unsupported KEX algorithm %q", algo))
|
return util.NewValidationError(fmt.Sprintf("unsupported KEX algorithm %q", algo))
|
||||||
}
|
}
|
||||||
|
kexAlgos = append(kexAlgos, algo)
|
||||||
}
|
}
|
||||||
|
c.KexAlgorithms = kexAlgos
|
||||||
for _, cipher := range c.Ciphers {
|
for _, cipher := range c.Ciphers {
|
||||||
if !util.Contains(supportedCiphers, cipher) {
|
if !util.Contains(supportedCiphers, cipher) {
|
||||||
return util.NewValidationError(fmt.Sprintf("unsupported cipher %q", cipher))
|
return util.NewValidationError(fmt.Sprintf("unsupported cipher %q", cipher))
|
||||||
|
|
|
||||||
|
|
@ -7887,7 +7887,7 @@ func TestLoaddata(t *testing.T) {
|
||||||
configsGet, err := dataprovider.GetConfigs()
|
configsGet, err := dataprovider.GetConfigs()
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Equal(t, configs.SMTP, configsGet.SMTP)
|
assert.Equal(t, configs.SMTP, configsGet.SMTP)
|
||||||
assert.Equal(t, configs.SFTPD.HostKeyAlgos, configsGet.SFTPD.HostKeyAlgos)
|
assert.Equal(t, []string{ssh.KeyAlgoRSA}, configsGet.SFTPD.HostKeyAlgos)
|
||||||
assert.Len(t, configsGet.SFTPD.Moduli, 0)
|
assert.Len(t, configsGet.SFTPD.Moduli, 0)
|
||||||
assert.Len(t, configsGet.SFTPD.KexAlgorithms, 0)
|
assert.Len(t, configsGet.SFTPD.KexAlgorithms, 0)
|
||||||
assert.Len(t, configsGet.SFTPD.Ciphers, 0)
|
assert.Len(t, configsGet.SFTPD.Ciphers, 0)
|
||||||
|
|
@ -12705,6 +12705,8 @@ func TestWebConfigsMock(t *testing.T) {
|
||||||
assert.Contains(t, rr.Body.String(), ssh.CertAlgoDSAv01) // invalid algo
|
assert.Contains(t, rr.Body.String(), ssh.CertAlgoDSAv01) // invalid algo
|
||||||
form.Set("sftp_host_key_algos", ssh.KeyAlgoRSA)
|
form.Set("sftp_host_key_algos", ssh.KeyAlgoRSA)
|
||||||
form.Add("sftp_host_key_algos", ssh.CertAlgoRSAv01)
|
form.Add("sftp_host_key_algos", ssh.CertAlgoRSAv01)
|
||||||
|
form.Set("sftp_kex_algos", "diffie-hellman-group18-sha512")
|
||||||
|
form.Add("sftp_kex_algos", "diffie-hellman-group16-sha512")
|
||||||
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
setJWTCookieForReq(req, webToken)
|
setJWTCookieForReq(req, webToken)
|
||||||
|
|
@ -12715,12 +12717,13 @@ func TestWebConfigsMock(t *testing.T) {
|
||||||
// check SFTP configs
|
// check SFTP configs
|
||||||
configs, err := dataprovider.GetConfigs()
|
configs, err := dataprovider.GetConfigs()
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 2)
|
assert.Len(t, configs.SFTPD.HostKeyAlgos, 1)
|
||||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
|
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
|
||||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.CertAlgoRSAv01)
|
|
||||||
assert.Len(t, configs.SFTPD.Moduli, 2)
|
assert.Len(t, configs.SFTPD.Moduli, 2)
|
||||||
assert.Contains(t, configs.SFTPD.Moduli, "path 1")
|
assert.Contains(t, configs.SFTPD.Moduli, "path 1")
|
||||||
assert.Contains(t, configs.SFTPD.Moduli, "path 2")
|
assert.Contains(t, configs.SFTPD.Moduli, "path 2")
|
||||||
|
assert.Len(t, configs.SFTPD.KexAlgorithms, 1)
|
||||||
|
assert.Contains(t, configs.SFTPD.KexAlgorithms, "diffie-hellman-group16-sha512")
|
||||||
// invalid form action
|
// invalid form action
|
||||||
form.Set("form_action", "")
|
form.Set("form_action", "")
|
||||||
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode())))
|
||||||
|
|
@ -12762,9 +12765,8 @@ func TestWebConfigsMock(t *testing.T) {
|
||||||
// check
|
// check
|
||||||
configs, err = dataprovider.GetConfigs()
|
configs, err = dataprovider.GetConfigs()
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 2)
|
assert.Len(t, configs.SFTPD.HostKeyAlgos, 1)
|
||||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
|
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
|
||||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.CertAlgoRSAv01)
|
|
||||||
assert.Len(t, configs.SFTPD.Moduli, 2)
|
assert.Len(t, configs.SFTPD.Moduli, 2)
|
||||||
assert.Equal(t, "mail.example.net", configs.SMTP.Host)
|
assert.Equal(t, "mail.example.net", configs.SMTP.Host)
|
||||||
assert.Equal(t, 587, configs.SMTP.Port)
|
assert.Equal(t, 587, configs.SMTP.Port)
|
||||||
|
|
@ -12833,9 +12835,8 @@ func TestWebConfigsMock(t *testing.T) {
|
||||||
// check
|
// check
|
||||||
configs, err = dataprovider.GetConfigs()
|
configs, err = dataprovider.GetConfigs()
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 2)
|
assert.Len(t, configs.SFTPD.HostKeyAlgos, 1)
|
||||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
|
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA)
|
||||||
assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.CertAlgoRSAv01)
|
|
||||||
assert.Len(t, configs.SFTPD.Moduli, 2)
|
assert.Len(t, configs.SFTPD.Moduli, 2)
|
||||||
assert.Equal(t, 80, configs.ACME.HTTP01Challenge.Port)
|
assert.Equal(t, 80, configs.ACME.HTTP01Challenge.Port)
|
||||||
assert.Equal(t, 7, configs.ACME.Protocols)
|
assert.Equal(t, 7, configs.ACME.Protocols)
|
||||||
|
|
@ -12866,7 +12867,7 @@ func TestWebConfigsMock(t *testing.T) {
|
||||||
assert.Contains(t, rr.Body.String(), "Configurations updated")
|
assert.Contains(t, rr.Body.String(), "Configurations updated")
|
||||||
configs, err = dataprovider.GetConfigs()
|
configs, err = dataprovider.GetConfigs()
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Len(t, configs.SFTPD.HostKeyAlgos, 2)
|
assert.Len(t, configs.SFTPD.HostKeyAlgos, 1)
|
||||||
assert.Equal(t, 402, configs.ACME.HTTP01Challenge.Port)
|
assert.Equal(t, 402, configs.ACME.HTTP01Challenge.Port)
|
||||||
assert.Equal(t, 1, configs.ACME.Protocols)
|
assert.Equal(t, 1, configs.ACME.Protocols)
|
||||||
assert.Equal(t, domain, configs.ACME.Domain)
|
assert.Equal(t, domain, configs.ACME.Domain)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue