RocketGit

catalinux / rocketgit (public) (License: Affero GPLv3) (since 2015-03-19) (hash sha1)

Main RocketGit repo

Clone URLs: https://rocketgit.com/user/catalinux/rocketgit ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit git://git.rocketgit.com/user/catalinux/rocketgit

List of commits:

Subject	Hash	Author	Date (UTC)
More SSH fixes: allow admin to limit what key types are allowed and the max number of keys.	ab10c1c851c68b399d6ef6afb2fbf362f61d328c	Catalin(ux) M. BOIE	2016-11-07 20:35:29
TODO update and typo corrections.	4f3aee242f4465d1c27dc1f171a72ab06ae8b822	Catalin(ux) M. BOIE	2016-11-06 12:39:17
Added possibility to use AuthorizedKeysCommand for performance reasons	bce5d32d2b419cb9bc53d54de2a915ac1342432e	Catalin(ux) M. BOIE	2016-11-06 12:35:15
Restart rocketgit-fpm service if needed	5742bea67f2e784e2b2bb9e97f005fc621c4119d	Catalin(ux) M. BOIE	2016-11-02 19:56:53
Added CORS headers so API will work	57b172971ff1329d02dc1220ec77fe9a875d6633	Catalin(ux) M. BOIE	2016-11-02 19:56:17
Added git hosting solution comparison page	8eca6c104373fd0dbcde54691edfd9e81a3a59be	Catalin(ux) M. BOIE	2016-11-02 19:54:26
Be sure a key is present or use a default one (api)	842d587f948ff4ec9de56e2ebfd591d96b066a43	Catalin(ux) M. BOIE	2016-10-13 22:45:51
Small correction in wording agains CLA	70dc902b1c84e6ee416d7af2af8bef319dbb7504	Catalin(ux) M. BOIE	2016-10-11 15:50:07
Make it the default: word-wrap: break-word	1512f51eba93b6dd296246bf20432ec9223148d9	Catalin(ux) M. BOIE	2016-10-08 07:53:19
Footer: reverse last two columns	d9fe4e8adf980996d5ca06387a0a2c49236e7ad4	Catalin(ux) M. BOIE	2016-10-08 07:51:55
Post configuration must include also web conf file	3583e8915579dc8e4c9a508bac7998a3e612e501	Catalin(ux) M. BOIE	2016-10-08 07:50:00
ssl_request_log -> rocketgit-ssl_request_log	639e5532748729cd8a6ac8e4cf082b24e15e2eeb	Catalin(ux) M. BOIE	2016-10-08 07:47:45
Add 'SSLCipherSuite PROFILE=SYSTEM' to the SSL configuration	100d73878b3da1718cf97c58d016ed182c690a9b	Catalin(ux) M. BOIE	2016-10-08 06:33:09
Instruct login user to create a repo if she/he has none.	f6f2f438deadb1ec80d32acbc8947dcc849dca19	Catalin(ux) M. BOIE	2016-10-08 06:24:57
Small changes at vm docs	8106a47f5bf89990ba7f7dbb0f8feb319ba4d883	Catalin(ux) M. BOIE	2016-10-05 03:32:37
No need to login to find out the ip address	55a3abd3dda66d9d0dccdc0fc27dc3dc3e7c3fa1	Catalin(ux) M. BOIE	2016-10-05 03:25:47
Bump version to 0.62	61acc979d8c3bb629e03dc371bba1f604f300205	Catalin(ux) M. BOIE	2016-10-04 18:49:31
TODO updates	cc78fa90ebdb7605013f2ba40b7d196d708d7415	Catalin(ux) M. BOIE	2016-10-04 18:49:04
Allow php-fpm to use lock files and to regenerate authorized_keys file	5970fcb677e3443ff96549413df105c9956f0abf	Catalin(ux) M. BOIE	2016-10-04 18:48:35
Add ServerName and ServerAlias also for TLS virtual host	08bf46f86137767e4432222475a3ea31034a132a	Catalin(ux) M. BOIE	2016-10-04 18:47:47

Commit ab10c1c851c68b399d6ef6afb2fbf362f61d328c - More SSH fixes: allow admin to limit what key types are allowed and the max number of keys.
Author: Catalin(ux) M. BOIE
Author date (UTC): 2016-11-07 20:35
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2016-11-08 17:59
Parent(s): 4f3aee242f4465d1c27dc1f171a72ab06ae8b822
Signing key:
Tree: 190638306f7f579e90c169eded94627f2f59d8c6

File	Lines added	Lines deleted
compare.csv	2	1
inc/admin.inc.php	82	6
inc/keys.inc.php	84	8
root/themes/default/admin/settings/main.html	32	1
samples/config.php	0	3
tests/Makefile	1	1
tests/config.php	0	1
tests/helpers.inc.php	9	7
tests/keys.php	16	2

File compare.csv changed (mode: 100644) (index 1085d08..734c14d)
...	...	Usable with lynx,Yes,Yes,Yes,?,?,n/a,Yes
19	19	Web Hooks,Yes,Yes,Yes,?,?,No,?	Web Hooks,Yes,Yes,Yes,?,?,No,?
20	20	Web Hooks - provide client certs,Yes,No,No,?,?,n/a,?	Web Hooks - provide client certs,Yes,No,No,?,?,n/a,?
21	21	Web Hooks - authenticate server (CA cert),Yes,No,No,?,?,n/a,?	Web Hooks - authenticate server (CA cert),Yes,No,No,?,?,n/a,?
22		OpenSSH AuthorizedKeysCommand,Yes,?,?,?,?,?,?
	22		OpenSSH AuthorizedKeysCommand,Yes,Yes,?,?,?,?,?
	23		OpenSSH filter by key type and bits,Yes,?,?,?,?,?,?
23	24	,,,,,,,	,,,,,,,
24	25	[Rights],,,,,,,	[Rights],,,,,,,
25	26	Path control,Yes,?,?,?,?,?,?	Path control,Yes,?,?,?,?,?,?

File inc/admin.inc.php changed (mode: 100644) (index 8db3708..c0dfe44)
...	...	function rg_clean_logs($dir)
480	480	*/	*/
481	481	function rg_admin_settings_ssh($db, $rg)	function rg_admin_settings_ssh($db, $rg)
482	482	{	{
	483		global $rg_max_ssh_keys;
	484
483	485	rg_log_enter('admin_settings_menu');	rg_log_enter('admin_settings_menu');
484	486
485	487	$ret = '';	$ret = '';

...	...	function rg_admin_settings_ssh($db, $rg)
496	498	break;	break;
497	499	}	}
498	500
499		$akp = rg_var_int('AuthorizedKeysCommand');
500		$r = rg_state_set($db, 'AuthorizedKeysCommand', $akp);
	501		$v = rg_var_uint('max_ssh_keys');
	502		$r = rg_state_set($db, 'max_ssh_keys', $v);
501	503	if ($r === FALSE) {	if ($r === FALSE) {
502	504	$errmsg[] = 'cannot set state; try again';	$errmsg[] = 'cannot set state; try again';
503	505	break;	break;
504	506	}	}
505	507
	508		$v = rg_var_int('ssh_key_min_bits_rsa');
	509		$r = rg_state_set($db, 'ssh_key_min_bits_rsa', $v);
	510		if ($r === FALSE) {
	511		$errmsg[] = 'cannot set state; try again';
	512		break;
	513		}
	514
	515		$v = rg_var_int('ssh_key_allow_dsa');
	516		$r = rg_state_set($db, 'ssh_key_allow_dsa', $v);
	517		if ($r === FALSE) {
	518		$errmsg[] = 'cannot set state; try again';
	519		break;
	520		}
	521
	522		$v = rg_var_int('ssh_key_min_bits_ecdsa');
	523		$r = rg_state_set($db, 'ssh_key_min_bits_ecdsa', $v);
	524		if ($r === FALSE) {
	525		$errmsg[] = 'cannot set state; try again';
	526		break;
	527		}
	528
	529		$v = rg_var_int('AuthorizedKeysCommand');
	530		$r = rg_state_set($db, 'AuthorizedKeysCommand', $v);
	531		if ($r === FALSE) {
	532		$errmsg[] = 'cannot set state; try again';
	533		break;
	534		}
	535
	536
506	537	// Nobody will force the regeneration, so, do it here!	// Nobody will force the regeneration, so, do it here!
507	538	$ev = array(	$ev = array(
508	539	'category' => 'rg_keys_event_regen',	'category' => 'rg_keys_event_regen',

...	...	function rg_admin_settings_ssh($db, $rg)
522	553
523	554	// Load defaults	// Load defaults
524	555	while (1) {	while (1) {
525		$r = rg_state_get($db, 'AuthorizedKeysCommand');
	556		$r = rg_state_get($db, 'max_ssh_keys');
526	557	if ($r === FALSE) {	if ($r === FALSE) {
527	558	$ret = rg_template('admin/settings/load_err.html',	$ret = rg_template('admin/settings/load_err.html',
528	559	$rg, TRUE /xss/);	$rg, TRUE /xss/);
529	560	break;	break;
530	561	}	}
	562		if (empty($r))
	563		$r = $rg_max_ssh_keys;
	564		$rg['max_ssh_keys'] = $r;
531	565
	566		$r = rg_state_get($db, 'ssh_key_min_bits_rsa');
	567		if ($r === FALSE) {
	568		$ret = rg_template('admin/settings/load_err.html',
	569		$rg, TRUE /xss/);
	570		break;
	571		}
	572		if (empty($r))
	573		$r = 2048;
	574		$rg['ssh_key_min_bits_rsa'] = $r;
	575
	576		$r = rg_state_get($db, 'ssh_key_allow_dsa');
	577		if ($r === FALSE) {
	578		$ret = rg_template('admin/settings/load_err.html',
	579		$rg, TRUE /xss/);
	580		break;
	581		}
	582		if (empty($r))
	583		$r = 0;
	584		$rg['ssh_key_allow_dsa'] = $r;
	585
	586		$r = rg_state_get($db, 'ssh_key_min_bits_ecdsa');
	587		if ($r === FALSE) {
	588		$ret = rg_template('admin/settings/load_err.html',
	589		$rg, TRUE /xss/);
	590		break;
	591		}
	592		if (empty($r))
	593		$r = 256;
	594		$rg['ssh_key_min_bits_ecdsa'] = $r;
	595
	596		$r = rg_state_get($db, 'AuthorizedKeysCommand');
	597		if ($r === FALSE) {
	598		$ret = rg_template('admin/settings/load_err.html',
	599		$rg, TRUE /xss/);
	600		break;
	601		}
	602		if (empty($r))
	603		$r = 0;
532	604	$rg['AuthorizedKeysCommand'] = $r;	$rg['AuthorizedKeysCommand'] = $r;
533	605
534	606	$hints[]['HTML:hint'] = rg_template('admin/settings/ssh/hints.html',	$hints[]['HTML:hint'] = rg_template('admin/settings/ssh/hints.html',

...	...	function rg_admin_settings_ssh($db, $rg)
536	608
537	609	$rg['HTML:hints'] = rg_template_table('hints/list', $hints, $rg);	$rg['HTML:hints'] = rg_template_table('hints/list', $hints, $rg);
538	610	$rg['HTML:errmsg'] = rg_template_errmsg($errmsg);	$rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
539		$rg['rg_form_token'] = rg_token_get($db, $rg, 'admin_settings_ssh');
540		$ret .= rg_template('admin/settings/main.html', $rg, TRUE /xss/);
	611		$rg['rg_form_token'] = rg_token_get($db, $rg,
	612		'admin_settings_ssh');
	613		$ret .= rg_template('admin/settings/main.html',
	614		$rg, TRUE /xss/);
541	615	break;	break;
542	616	}	}
543	617

...	...	function rg_admin_settings($db, &$rg, $paras)
555	629	$ret = '';	$ret = '';
556	630
557	631	$_op = empty($paras) ? 'ssh' : array_shift($paras);	$_op = empty($paras) ? 'ssh' : array_shift($paras);
558		rg_log("DEBUG: _op=$_op sparas=" . rg_array2string($paras));
	632
	633		$rg['url_up'] = $rg['url'];
	634		$rg['url'] .= '/' . $_op;
559	635
560	636	$rg['admin_settings_menu'][$_op] = 1;	$rg['admin_settings_menu'][$_op] = 1;
561	637	$rg['HTML:menu_level2'] = rg_template('admin/settings/menu.html',	$rg['HTML:menu_level2'] = rg_template('admin/settings/menu.html',

File inc/keys.inc.php changed (mode: 100644) (index 644f306..31381da)
...	...	require_once($INC . "/mail.inc.php");
6	6	require_once($INC . "/events.inc.php");	require_once($INC . "/events.inc.php");
7	7	require_once($INC . "/cache.inc.php");	require_once($INC . "/cache.inc.php");
8	8
	9		if (!isset($rg_max_ssh_keys))
	10		$rg_max_ssh_keys = 10;
	11
9	12	$rg_keys_error = "";	$rg_keys_error = "";
10	13
11	14	function rg_keys_set_error($str)	function rg_keys_set_error($str)

...	...	function rg_keys_info($key)
217	220
218	221	$bits_div = 1;	$bits_div = 1;
219	222	$bits_sub = 1;	$bits_sub = 1;
	223		$fixes = array();
220	224	if (strcasecmp($ret['type'], 'ssh-rsa') == 0) {	if (strcasecmp($ret['type'], 'ssh-rsa') == 0) {
	225		// OK
221	226	$count = 2;	$count = 2;
222	227	$bits_pos = 1;	$bits_pos = 1;
223	228	} else if (strcasecmp($ret['type'], 'ssh-dss') == 0) {	} else if (strcasecmp($ret['type'], 'ssh-dss') == 0) {
	229		// Always 1024 - OK
224	230	$count = 4;	$count = 4;
225	231	$bits_pos = 3;	$bits_pos = 3;
	232		$bits_sub = 0;
226	233	} else if (strncasecmp($ret['type'], 'ecdsa-', 6) == 0) {	} else if (strncasecmp($ret['type'], 'ecdsa-', 6) == 0) {
	234		// Possible: 256, 384, 521 - OK
227	235	$count = 2;	$count = 2;
228	236	$bits_pos = 1;	$bits_pos = 1;
229	237	$bits_div = 2;	$bits_div = 2;
	238		$fixes[528] = 521;
230	239	} else if (strcasecmp($ret['type'], 'ssh-ed25519') == 0) {	} else if (strcasecmp($ret['type'], 'ssh-ed25519') == 0) {
	240		// Always 256 - OK
231	241	$count = 1;	$count = 1;
232		// TODO: not sure about this!
233	242	$bits_pos = 0;	$bits_pos = 0;
234	243	$bits_sub = 0;	$bits_sub = 0;
235	244	} else {	} else {

...	...	function rg_keys_info($key)
253	262	}	}
254	263	$_t = unpack('N', substr($d, $used, 4));	$_t = unpack('N', substr($d, $used, 4));
255	264	$xlen = $_t[1];	$xlen = $_t[1];
256		rg_log_ml("xlen=$xlen");
	265		rg_log("xlen=$xlen bits_sub=$bits_sub bits_div=$bits_div");
257	266	//rg_log('bin: ' . bin2hex(substr($d, $used + 4, $xlen)));	//rg_log('bin: ' . bin2hex(substr($d, $used + 4, $xlen)));
258	267	//rg_log('ascii: ' . substr($d, $used + 4, $xlen));	//rg_log('ascii: ' . substr($d, $used + 4, $xlen));
259	268	if ($d_len < $used + 4 + $xlen) {	if ($d_len < $used + 4 + $xlen) {

...	...	function rg_keys_info($key)
262	271	break;	break;
263	272	}	}
264	273
265		if ($i == $bits_pos)
	274		if ($i == $bits_pos) {
266	275	$ret['bits'] = (($xlen - $bits_sub) / $bits_div) * 8;	$ret['bits'] = (($xlen - $bits_sub) / $bits_div) * 8;
	276		if (isset($fixes[$ret['bits']]))
	277		$ret['bits'] = $fixes[$ret['bits']];
	278		}
267	279
268	280	$used += 4 + $xlen;	$used += 4 + $xlen;
269	281	}	}

...	...	function rg_keys_count($db, $uid)
378	390	return $ret;	return $ret;
379	391	}	}
380	392
	393		/*
	394		* Returns the maximum number of keys allowed per user
	395		*/
	396		function rg_keys_max($db)
	397		{
	398		global $rg_max_ssh_keys;
	399
	400		$r = rg_state_get($db, 'max_ssh_keys');
	401		if (($r === FALSE) \|\| empty($r))
	402		return $rg_max_ssh_keys;
	403
	404		return $r;
	405		}
	406
381	407	/*	/*
382	408	* Adds a key	* Adds a key
383	409	* Returns the key_id of the key.	* Returns the key_id of the key.
384	410	*/	*/
385	411	function rg_keys_add($db, $ui, $key)	function rg_keys_add($db, $ui, $key)
386	412	{	{
387		global $rg_max_ssh_keys;
388
389	413	rg_prof_start("keys_add");	rg_prof_start("keys_add");
390	414	rg_log_enter("keys_add: key=$key");	rg_log_enter("keys_add: key=$key");
391	415

...	...	function rg_keys_add($db, $ui, $key)
398	422	if ($ki['ok'] != 1)	if ($ki['ok'] != 1)
399	423	break;	break;
400	424
	425		$r = rg_keys_weak($db, $ki);
	426		if ($r['weak'] != 0)
	427		break;
	428
401	429	// Check if we are over the maximum	// Check if we are over the maximum
402	430	// the config after update may not have this defined.	// the config after update may not have this defined.
403		if ($rg_max_ssh_keys == 0)
404		$rg_max_ssh_keys = 10;
405	431	$no_of_keys = rg_keys_count($db, $ui['uid']);	$no_of_keys = rg_keys_count($db, $ui['uid']);
406	432	if ($no_of_keys === FALSE)	if ($no_of_keys === FALSE)
407	433	break;	break;
408	434
409		if ($no_of_keys >= $rg_max_ssh_keys) {
	435		if ($no_of_keys >= rg_keys_max($db)) {
410	436	rg_keys_set_error("too many keys"	rg_keys_set_error("too many keys"
411	437	. " (" . $no_of_keys . "); please delete some");	. " (" . $no_of_keys . "); please delete some");
412	438	break;	break;

...	...	function rg_keys_search_by_fingerprint($db, $fp)
819	845	return $ret;	return $ret;
820	846	}	}
821	847
	848		/*
	849		* Returns TRUE if the key is too weak by the admin standards
	850		* @ki - output of rg_keys_info()
	851		*/
	852		function rg_keys_weak($db, $ki)
	853		{
	854		$ret = array('ok' => 0, 'weak' => 1);
	855
	856		if (strcmp($ki['type'], 'ssh-rsa') == 0) {
	857		$min = rg_state_get($db, 'ssh_key_min_bits_rsa');
	858		if ($min === FALSE) {
	859		rg_keys_set_error('cannot lookup state');
	860		return $ret;
	861		}
	862		if ($ki['bits'] < $min) {
	863		rg_keys_set_error('RSA key has less than '
	864		. $min . ' bits (' . $ki['bits'] . ')');
	865		$ret['ok'] = 1;
	866		return $ret;
	867		}
	868		} else if (strcmp($ki['type'], 'ssh-dss') == 0) {
	869		$r = rg_state_get($db, 'ssh_key_allow_dsa');
	870		if ($r === FALSE) {
	871		rg_keys_set_error('cannot lookup state');
	872		return $ret;
	873		}
	874		if ($r != 1) {
	875		rg_keys_set_error('DSA keys are not allowed');
	876		$ret['ok'] = 1;
	877		return $ret;
	878		}
	879		} else if (strncmp($ki['type'], 'ecdsa-', 6) == 0) {
	880		$min = rg_state_get($db, 'ssh_key_min_bits_ecdsa');
	881		if ($min === FALSE) {
	882		rg_keys_set_error('cannot lookup state');
	883		return $ret;
	884		}
	885		if ($ki['bits'] < $min) {
	886		rg_keys_set_error('ECDSA key has less than '
	887		. $min . ' bits (' . $ki['bits'] . ')');
	888		$ret['ok'] = 1;
	889		return $ret;
	890		}
	891		}
	892
	893		$ret['ok'] = 1;
	894		$ret['weak'] = 0;
	895		return $ret;
	896		}
	897
822	898	?>	?>

File root/themes/default/admin/settings/main.html changed (mode: 100644) (index 0d5f09b..0ba1aa3)
4	4
5	5	@@errmsg@@	@@errmsg@@
6	6
7		<form method="post" action="/op/admin/settings/ssh">
	7		<form method="post" action="@@url@@">
8	8	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
9	9	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
10	10
	11		<p>
	12		<label for="max_ssh_keys">Maximum number of SSH keys allowed per user</label><br />
	13		<input type="text" name="max_ssh_keys" id="max_ssh_keys" value="@@max_ssh_keys@@" />
	14		</p>
	15
	16		<p>
	17		<label for="ssh_key_min_bits_rsa">Minimum RSA key bits (inclusive)</label><br />
	18		<select name="ssh_key_min_bits_rsa" id="ssh_key_min_bits_rsa">
	19		<option value="1024"@@if(@@ssh_key_min_bits_rsa@@ == 1024){{ selected="selected"}}>1024 bits (not recommended)</option>
	20		<option value="2048"@@if(@@ssh_key_min_bits_rsa@@ == 2048){{ selected="selected"}}>2048 bits (sufficient)</option>
	21		<option value="4096"@@if(@@ssh_key_min_bits_rsa@@ == 4096){{ selected="selected"}}>4096 bits (best)</option>
	22		</select>
	23		</p>
	24
	25		<p>
	26		<label for="ssh_key_allow_dsa">Allow DSA keys?</label><br />
	27		<select name="ssh_key_allow_dsa" id="ssh_key_allow_dsa">
	28		<option value="0"@@if(@@ssh_key_allow_dsa@@ == 0){{ selected="selected"}}>No (good)</option>
	29		<option value="1"@@if(@@ssh_key_allow_dsa@@ == 1){{ selected="selected"}}>Yes (not recommended)</option>
	30		</select>
	31		</p>
	32
	33		<p>
	34		<label for="ssh_key_min_bits_ecdsa">Minimum ECDSA key bits (inclusive)</label><br />
	35		<select name="ssh_key_min_bits_ecdsa" id="ssh_key_min_bits_ecdsa">
	36		<option value="256"@@if(@@ssh_key_min_bits_ecdsa@@ == 256){{ selected="selected"}}>256 bits</option>
	37		<option value="384"@@if(@@ssh_key_min_bits_ecdsa@@ == 384){{ selected="selected"}}>384 bits</option>
	38		<option value="521"@@if(@@ssh_key_min_bits_ecdsa@@ == 521){{ selected="selected"}}>521 bits</option>
	39		</select>
	40		</p>
	41
11	42	<p>	<p>
12	43	<label for="AuthorizedKeysCommand">Activate OpenSSH's AuthorizedKeysCommand (see hints)</label><br />	<label for="AuthorizedKeysCommand">Activate OpenSSH's AuthorizedKeysCommand (see hints)</label><br />
13	44	<select name="AuthorizedKeysCommand" id="AuthorizedKeysCommand">	<select name="AuthorizedKeysCommand" id="AuthorizedKeysCommand">

File samples/config.php changed (mode: 100644) (index ef1c04d..7c4c806)
...	...	$rg_account_allow_creation = 1;
47	47	// Set to 0 if you do not want mandatory e-mail confirmation before usage.	// Set to 0 if you do not want mandatory e-mail confirmation before usage.
48	48	$rg_account_email_confirm = 1;	$rg_account_email_confirm = 1;
49	49
50		// Maximum number of keys per user
51		$rg_max_ssh_keys = 10;
52
53	50	// log dir	// log dir
54	51	$rg_log_dir = "/var/log/rocketgit";	$rg_log_dir = "/var/log/rocketgit";
55	52

File tests/Makefile changed (mode: 100644) (index 36aaccf..7e96863)
...	...	tests := http_forgot \
6	6	bug hook_update git2	bug hook_update git2
7	7	.PHONY: $(tests)	.PHONY: $(tests)
8	8
9		all: $(tests)
	9		all: clean $(tests)
10	10	@echo "All OK. Good work!"	@echo "All OK. Good work!"
11	11	@-ls -l err-*	@-ls -l err-*
12	12	@echo "Do not forget to check for errors in /var/log/rocketgit!"	@echo "Do not forget to check for errors in /var/log/rocketgit!"

File tests/config.php changed (mode: 100644) (index eaf6ec8..65fb166)
...	...	$rg_admin_name = "RocketGit Admin (test)";
18	18	$rg_admin_email = "admin@site.tld";	$rg_admin_email = "admin@site.tld";
19	19	$rg_account_allow_creation = 1;	$rg_account_allow_creation = 1;
20	20	$rg_account_email_confirm = 0;	$rg_account_email_confirm = 0;
21		$rg_max_ssh_keys = 10;
22	21	$rg_log_dir = dirname(__FILE__);	$rg_log_dir = dirname(__FILE__);
23	22	$rg_state_dir = dirname(__FILE__);	$rg_state_dir = dirname(__FILE__);
24	23	$rg_lock_dir = dirname(__FILE__);	$rg_lock_dir = dirname(__FILE__);

File tests/helpers.inc.php changed (mode: 100644) (index f8a70b9..9d498e9)
...	...	function rg_test_upload_ssh_key($db, $rg_ui, $key_name, $good_sid)
307	307	exit(1);	exit(1);
308	308	}	}
309	309
310		rg_log("Waiting for key to be added to the authorized_keys file");
311		while (1) {
312		$c = file_get_contents("/home/rocketgit/.ssh/authorized_keys");
313		if (strstr($c, $key))
314		break;
	310		$akp = rg_state_get($db, 'AuthorizedKeysCommand');
	311		if ($akp == 0) {
	312		rg_log("Waiting for key to be added to the authorized_keys file");
	313		while (1) {
	314		$c = file_get_contents("/home/rocketgit/.ssh/authorized_keys");
	315		if (strstr($c, $key))
	316		break;
315	317
316		sleep(1);
	318		sleep(1);
	319		}
317	320	}	}
318
319	321	rg_log("Uploading done");	rg_log("Uploading done");
320	322
321	323	return $key;	return $key;

File tests/keys.php changed (mode: 100644) (index 3909a36..8b1cbe3)
...	...	rg_sql_free_result($res);
29	29
30	30	// insert a key 1	// insert a key 1
31	31	$key1 = "ssh-dss AAAAB3NzaC1kc3MAAACBAJLkWtcoCUbWCRXecE907nO1gSh6IrfkD5bsyobrFOp6xYuJvfteKKpE79HUcbEpzIVFNk3mlQf/+k9cFP2Wy8F34UXFk8cXU4FU7z/TM1iHHOHnqFqvzv59LRaaMw4MaHm/4WKdfJy16KOLgosSBzWif3a1nKMdIZuYeIGso7qFAAAAFQC4JU7YoGu2nZQ0fEXFKaRhq+d9UQAAAIEAhgslkwwID6oBBdWx+mUuaXKt/bZcdCfNyjnejxlsZHPfDnayuqCKIgxlhYpiPS6LwiSK5feL55meF33HanCzX53z7ieoW6Je9z2H8/93sCvzk4LMj7XkeEy3G5UnRuL+uc6qrazF7Pu448cQH0pkh6N0zNueQlPpGL4/lHbIiVgAAACAQJup/h36aD9DprosVCQe40nalp7t4o/M75Y70sV7FNrL0azUQcn1ZL+J8F9l/dDRPG3rST2DABgba9pHGWa96vaNfTLnopy3po/296SYQl7/1nek0YtioEikoB+HQxk7eSwRI6bTpKEFNyUnp2/bcNjJYORKCeYwJJ2KDW6GJro= first_key";	$key1 = "ssh-dss AAAAB3NzaC1kc3MAAACBAJLkWtcoCUbWCRXecE907nO1gSh6IrfkD5bsyobrFOp6xYuJvfteKKpE79HUcbEpzIVFNk3mlQf/+k9cFP2Wy8F34UXFk8cXU4FU7z/TM1iHHOHnqFqvzv59LRaaMw4MaHm/4WKdfJy16KOLgosSBzWif3a1nKMdIZuYeIGso7qFAAAAFQC4JU7YoGu2nZQ0fEXFKaRhq+d9UQAAAIEAhgslkwwID6oBBdWx+mUuaXKt/bZcdCfNyjnejxlsZHPfDnayuqCKIgxlhYpiPS6LwiSK5feL55meF33HanCzX53z7ieoW6Je9z2H8/93sCvzk4LMj7XkeEy3G5UnRuL+uc6qrazF7Pu448cQH0pkh6N0zNueQlPpGL4/lHbIiVgAAACAQJup/h36aD9DprosVCQe40nalp7t4o/M75Y70sV7FNrL0azUQcn1ZL+J8F9l/dDRPG3rST2DABgba9pHGWa96vaNfTLnopy3po/296SYQl7/1nek0YtioEikoB+HQxk7eSwRI6bTpKEFNyUnp2/bcNjJYORKCeYwJJ2KDW6GJro= first_key";
	32		rg_state_set($db, 'ssh_key_allow_dsa', 1);
32	33	$key_id1 = rg_keys_add($db, $rg_ui, $key1);	$key_id1 = rg_keys_add($db, $rg_ui, $key1);
33	34	if ($key_id1 === FALSE) {	if ($key_id1 === FALSE) {
34	35	rg_log("Cannot add key 1 (" . rg_keys_error() . ")!");	rg_log("Cannot add key 1 (" . rg_keys_error() . ")!");

...	...	if ($key_id1 === FALSE) {
38	39	// insert a key 2	// insert a key 2
39	40	$rg_ui['uid'] = 2;	$rg_ui['uid'] = 2;
40	41	$key2 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+2OHaQiZzdwV4HQF9pCBbSQFaoM5Q0YmmRYDL8BUCjwClDgOLp9lQVN5XksoBx2t9INj6XrobjNc/GUF60c1Ald0FtjRl7nIZdYvKDutlxHcGUy6MHsVnCDviXQJD9Hm9fyuBLdy3/oadSCAaQYE/Tcf9rWt1NmhQ7560bCGmh4pw8N+XXAz2nQBCqvIK8VDoBbOOgFa/HOwBrKCgaGmcTGs5wRWHbw3+h6CO1vqEYcSCSqBPMG1JOMfMTuJ0aTXXEkSNPF+TVva85L4qrQslyHbn2JU1t7/HQsFnGtgF1o2AglIR2RbyMmr6axI51Srf20EB9/c9T3auYQipbw85 second_key";	$key2 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+2OHaQiZzdwV4HQF9pCBbSQFaoM5Q0YmmRYDL8BUCjwClDgOLp9lQVN5XksoBx2t9INj6XrobjNc/GUF60c1Ald0FtjRl7nIZdYvKDutlxHcGUy6MHsVnCDviXQJD9Hm9fyuBLdy3/oadSCAaQYE/Tcf9rWt1NmhQ7560bCGmh4pw8N+XXAz2nQBCqvIK8VDoBbOOgFa/HOwBrKCgaGmcTGs5wRWHbw3+h6CO1vqEYcSCSqBPMG1JOMfMTuJ0aTXXEkSNPF+TVva85L4qrQslyHbn2JU1t7/HQsFnGtgF1o2AglIR2RbyMmr6axI51Srf20EB9/c9T3auYQipbw85 second_key";
	42		rg_state_set($db, 'ssh_key_min_bits_rsa', 1024);
41	43	$key_id2 = rg_keys_add($db, $rg_ui, $key2);	$key_id2 = rg_keys_add($db, $rg_ui, $key2);
42	44	if ($key_id2 === FALSE) {	if ($key_id2 === FALSE) {
43	45	rg_log("Cannot add key 2 (" . rg_keys_error() . ")!");	rg_log("Cannot add key 2 (" . rg_keys_error() . ")!");

...	...	if (strcmp($c, $e) != 0) {
74	76	@unlink("afile.txt");	@unlink("afile.txt");
75	77
76	78
77		// test rg_max_ssh_keys - must fail because overlimit
78		$rg_max_ssh_keys = 1;
	79		// test max_ssh_keys - must fail because overlimit
	80		rg_state_set($db, 'max_ssh_keys', 1);
79	81	$key3 = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUiVHDS3rhn79+9YbXXN+npU9tDTzXZHkXZF9BNqI0GrnASuaBU2oJ/UK2OCgGQ45JOlzUCXcP09hHcyPqd4pZdHQhMAImCnm0iRivQ9VhJRRbl/s8kokoStZGAdcW+ETlhUtRXSQOu8U1PXqwUwZCkeE9asmS4Wg9/OO3eDuTMvE3yiNpHKt6TcVYlU6PlsiTFVJrAuIEbXRs5b5luuM+nM17caos0mn6w+kZ3QD9AnX+9pN4VgXKxEHGfWpOCtRDOQb9mTk2bX6MBJrcKtkAPnyYDiaRs1ANG7L4AP6to/gy3A9w6flTAD94gFAm833earIZJnCiavx3/dUWWt3L third_key';	$key3 = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUiVHDS3rhn79+9YbXXN+npU9tDTzXZHkXZF9BNqI0GrnASuaBU2oJ/UK2OCgGQ45JOlzUCXcP09hHcyPqd4pZdHQhMAImCnm0iRivQ9VhJRRbl/s8kokoStZGAdcW+ETlhUtRXSQOu8U1PXqwUwZCkeE9asmS4Wg9/OO3eDuTMvE3yiNpHKt6TcVYlU6PlsiTFVJrAuIEbXRs5b5luuM+nM17caos0mn6w+kZ3QD9AnX+9pN4VgXKxEHGfWpOCtRDOQb9mTk2bX6MBJrcKtkAPnyYDiaRs1ANG7L4AP6to/gy3A9w6flTAD94gFAm833earIZJnCiavx3/dUWWt3L third_key';
80	82	$key_id3 = rg_keys_add($db, $rg_ui, $key3);	$key_id3 = rg_keys_add($db, $rg_ui, $key3);
81	83	if ($key_id3 !== FALSE) {	if ($key_id3 !== FALSE) {
82	84	rg_log("Seems we can add more keys than allowed! Not good!");	rg_log("Seems we can add more keys than allowed! Not good!");
83	85	exit(1);	exit(1);
84	86	}	}
	87		rg_state_set($db, 'max_ssh_keys', 10);
	88
	89		rg_log('');
	90		rg_log_enter('Uploading a RSA key that is forbidden');
	91		rg_state_set($db, 'ssh_key_min_bits_rsa', 4096);
	92		$_key = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDHotZMHPSwhVDwV5xOroZ21kzgFuBaXk3xXIT9hHM9WKD3jw0/C6TotbOoghTfJxdQtOG1t0t7eUUCJXR/3BLqamxIyAXTH2qIxf9ySIVLylKXriHQZoOa0GVhnF0ZYxR7Ot5GkIuXsjtSLrvw9p2BPf41EoR1ZZ74QYQdKfDiGw== root@host';
	93		$r = rg_keys_add($db, $rg_ui, $_key);
	94		if ($r !== FALSE) {
	95		rg_log('Seems we can add forbidden keys (rsa-1024)!');
	96		exit(1);
	97		}
	98		rg_state_set($db, 'ssh_key_min_bits_rsa', 2048);
85	99
86	100	// delete a key	// delete a key
87	101	$rg_ui['uid'] = 1;	$rg_ui['uid'] = 1;

Hints:
Before first commit, do not forget to setup your git environment:

git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):

git clone https://rocketgit.com/user/catalinux/rocketgit

Clone this repository using ssh (do not forget to upload a key first):

git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit

Clone this repository using git:

git clone git://git.rocketgit.com/user/catalinux/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:

... clone the repository ...
... make some changes and some commits ...
git push origin main