From 28a1b864972e1f93aa57c88c0cce9ea97e61bea2 Mon Sep 17 00:00:00 2001
From: laking <laking@ispconfig3>
Date: Tue, 5 Apr 2011 01:33:44 +0000
Subject: [PATCH] Update on certificte ssh-rsa authentication. Under
construction are the shell plugins.
---
install/sql/incremental/upd_0008.sql | 4 ++--
install/sql/ispconfig3.sql | 5 +++--
interface/web/client/client_edit.php | 13 +++++-------
.../web/tools/form/user_settings.tform.php | 4 ++--
.../shelluser_base_plugin.inc.php | 21 ++++++++-----------
.../shelluser_jailkit_plugin.inc.php | 4 ++--
6 files changed, 23 insertions(+), 28 deletions(-)
diff --git a/install/sql/incremental/upd_0008.sql b/install/sql/incremental/upd_0008.sql
index e81daedb7..14d83ea46 100644
--- a/install/sql/incremental/upd_0008.sql
+++ b/install/sql/incremental/upd_0008.sql
@@ -1,4 +1,4 @@
-- database patch for rsa-key based shell access.
-ALTER TABLE `sys_user` ADD `id_rsa` VARCHAR( 2000 ) NOT NULL ;
-ALTER TABLE `sys_user` ADD `ssh_rsa` VARCHAR( 600 ) NOT NULL ;
+ALTER TABLE `client` ADD `id_rsa` VARCHAR( 2000 ) NOT NULL ;
+ALTER TABLE `client` ADD `ssh_rsa` VARCHAR( 600 ) NOT NULL ;
ALTER TABLE `shell_user` ADD `ssh_rsa` VARCHAR( 600 ) NOT NULL ;
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 3221aa3f5..1eb1d5793 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -112,6 +112,8 @@ CREATE TABLE `client` (
`template_master` int(11) unsigned NOT NULL default '0',
`template_additional` varchar(255) NOT NULL default '',
`created_at` bigint(20) DEFAULT NULL,
+ `id_rsa` VARCHAR( 2000 ) NOT NULL default '',
+ `ssh_rsa` VARCHAR( 600 ) NOT NULL default '',
PRIMARY KEY (`client_id`)
) ENGINE=MyISAM AUTO_INCREMENT=1;
@@ -1071,8 +1073,7 @@ CREATE TABLE `sys_user` (
`groups` varchar(255) NOT NULL default '',
`default_group` int(11) unsigned NOT NULL default '0',
`client_id` int(11) unsigned NOT NULL default '0',
- `id_rsa` VARCHAR( 2000 ) NOT NULL default '',
- `ssh_rsa` VARCHAR( 600 ) NOT NULL default '',
+
PRIMARY KEY (`userid`)
) ENGINE=MyISAM AUTO_INCREMENT=1;
diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php
index a42be337c..4514b5cc0 100644
--- a/interface/web/client/client_edit.php
+++ b/interface/web/client/client_edit.php
@@ -152,15 +152,12 @@ class page_action extends tform_actions {
//Generate ssh-rsa-keys
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
-
- $privatekey = file_get_contents('/tmp/id_rsa');
- $publickey = file_get_contents('/tmp/id_rsa.pub');
-
+ $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".file_get_contents('/tmp/id_rsa.pub')."' WHERE client_id = ".$this->id;
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
-
+
// Create the controlpaneluser for the client
- $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id,id_rsa,ssh_rsa)
- VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.",'$privatekey','$publickey')";
+ $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
+ VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
$app->db->query($sql);
//* If the user who inserted the client is a reseller (not admin), we will have to add this new client group
@@ -170,7 +167,7 @@ class page_action extends tform_actions {
$app->db->query("UPDATE client SET parent_client_id = ".intval($_SESSION['s']['user']['client_id'])." WHERE client_id = ".$this->id);
}
- $app->db->query("UPDATE client SET created_at = ".time()." WHERE client_id = ".$this->id);
+
/* If there is a client-template, process it */
applyClientTemplates($this->id);
diff --git a/interface/web/tools/form/user_settings.tform.php b/interface/web/tools/form/user_settings.tform.php
index df3f5a867..f261b1150 100644
--- a/interface/web/tools/form/user_settings.tform.php
+++ b/interface/web/tools/form/user_settings.tform.php
@@ -139,7 +139,7 @@ $form['tabs']['users'] = array (
'formtype' => 'TEXT',
'default' => '',
'datasource' => array ( 'type' => 'SQL',
- 'querystring' => 'SELECT id_rsa FROM sys_user WHERE {AUTHSQL}',
+ 'querystring' => 'SELECT id_rsa FROM client WHERE {AUTHSQL}',
'valuefield'=> 'id_rsa'
),
'value' => ''
@@ -149,7 +149,7 @@ $form['tabs']['users'] = array (
'formtype' => 'TEXT',
'default' => '',
'datasource' => array ( 'type' => 'SQL',
- 'querystring' => 'SELECT ssh_rsa FROM sys_user WHERE {AUTHSQL}',
+ 'querystring' => 'SELECT ssh_rsa FROM client WHERE {AUTHSQL}',
'valuefield'=> 'ssh_rsa'
),
'value' => ''
diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index 22c5f5f4e..3222d2c88 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -195,13 +195,17 @@ class shelluser_base_plugin {
}
function _setup_ssh_rsa() {
-
+ //global $app, $conf;
+ //$app->uses('system');
+ // Okay, here we have a question, .. how to determine the client id
+ //$var = "Var:".intval($this->app->system->getuid($this->data['new']['puser']));
+ //exec("echo $var >> /tmp/debug");
+ /*
// ssh-rsa authentication variables
$sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
$usrdir = escapeshellcmd($this->data['new']['dir']);
$sshdir = escapeshellcmd($this->data['new']['dir']).'/.ssh';
$sshkeys= escapeshellcmd($this->data['new']['dir']).'/.ssh/authorized_keys';
- global $app;
// determine the client id
$id = $this->data['new']['sys_groupid'];
@@ -213,19 +217,12 @@ class shelluser_base_plugin {
// If this user has no key yet, generate a pair
if ($userkey == '')
- {
+ {
//Generate ssh-rsa-keys
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
-
- $privatekey = file_get_contents('/tmp/id_rsa');
- $publickey = file_get_contents('/tmp/id_rsa.pub');
-
+ $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".file_get_contents('/tmp/id_rsa.pub')."' WHERE client_id = ".$this->id;
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
- // Set the missing keypair
- $app->db->query("UPDATE sys_user SET id_rsa='$privatekey' ,ssh_rsa='$publickey' WHERE client_id = ".$id);
- $userkey = $publickey;
-
$this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);
};
@@ -248,7 +245,7 @@ class shelluser_base_plugin {
// set proper file permissions
exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
exec("chmod 600 '$sshkeys'");
-
+ */
$this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);
}
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index ca7b5abaf..ffe94fa31 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -272,7 +272,7 @@ class shelluser_jailkit_plugin {
chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['pgroup']);
$this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);
-
+ /*
// ssh-rsa authentication variables
$sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
$usrdir = escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome;
@@ -327,7 +327,7 @@ class shelluser_jailkit_plugin {
exec("chmod 600 '$sshkeys'");
$this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);
-
+ */
}
//* Update the website root directory permissions depending on the security level
--
GitLab