don't allow DSA keys

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-07 06:40:54 +03:00 · 2024-12-18 19:01:15 +01:00
parent 8c5f92aeb1
commit bfe6c58133
4 changed files with 13 additions and 3 deletions
--- a/internal/dataprovider/dataprovider.go
+++ b/internal/dataprovider/dataprovider.go
@@ -2907,11 +2907,18 @@ func validatePublicKeys(user *User) error {
 				util.I18nErrorPubKeyInvalid,
 			)
 		}
 		if out.Type() == ssh.InsecureKeyAlgoDSA {
 			providerLog(logger.LevelError, "dsa public key not accepted, position: %d", idx)
 			return util.NewI18nError(
 				util.NewValidationError(fmt.Sprintf("DSA key format is insecure and it is not allowed for key at position %d", idx)),
 				util.I18nErrorKeyInsecure,
 			)
 		}
 		if k, ok := out.(ssh.CryptoPublicKey); ok {
 			cryptoKey := k.CryptoPublicKey()
 			if rsaKey, ok := cryptoKey.(*rsa.PublicKey); ok {
 				if size := rsaKey.N.BitLen(); size < 2048 {
-					providerLog(logger.LevelError, "rsa key with size %d not accepted, minimum 2048", size)
+					providerLog(logger.LevelError, "rsa key with size %d at position %d not accepted, minimum 2048", size, idx)
 					return util.NewI18nError(
 						util.NewValidationError(fmt.Sprintf("invalid size %d for rsa key at position %d, minimum 2048",
 							size, idx)),
--- a/internal/util/i18n.go
+++ b/internal/util/i18n.go
@@ -121,6 +121,7 @@ const (
 	I18nErrorPubKeyInvalid             = "user.pub_key_invalid"
 	I18nErrorPrivKeyInvalid            = "user.priv_key_invalid"
 	I18nErrorKeySizeInvalid            = "user.key_invalid_size"
 	I18nErrorKeyInsecure               = "user.key_insecure"
 	I18nErrorPrimaryGroup              = "user.err_primary_group"
 	I18nErrorDuplicateGroup            = "user.err_duplicate_group"
 	I18nErrorNoPermission              = "user.no_permissions"
--- a/static/locales/en/translation.json
+++ b/static/locales/en/translation.json
@@ -501,7 +501,8 @@
        "home_invalid": "The home directory must be an absolute path",
        "pub_key_invalid": "Invalid public key",
        "priv_key_invalid": "Invalid private key",
-        "key_invalid_size": "Invalid RSA key: the minimum supported size is 2048",
+        "key_invalid_size": "Invalid RSA public key: the minimum supported size is 2048",
        "key_insecure": "Insecure public key format not allowed",
        "err_primary_group": "Only one primary group is allowed",
        "err_duplicate_group": "Duplicate groups detected",
        "no_permissions": "Directories permissions are mandatory",
--- a/static/locales/it/translation.json
+++ b/static/locales/it/translation.json
@@ -501,7 +501,8 @@
        "home_invalid": "La directory principale deve essere un path assoluto",
        "pub_key_invalid": "Chiave pubblica non valida",
        "priv_key_invalid": "Chiave privata non valida",
-        "key_invalid_size": "Chiave RSA non valida: la dimensione minima supportata è 2048",
+        "key_invalid_size": "Chiave pubblica RSA non valida: la dimensione minima supportata è 2048",
        "key_insecure": "Formato chiave pubblica non sicuro non consentito",
        "err_primary_group": "È consentito un solo gruppo primario",
        "err_duplicate_group": "Rilevati gruppi duplicati",
        "no_permissions": "I permessi per le directory sono obbligatori",