From 2d4d61bb4b01ede5b96e5d1c71390315e1100007 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Tue, 18 Oct 2011 16:59:31 +0000
Subject: [PATCH] - Added check for duplicate SSH-RSA keys. - Replaced SSH-RSA
input field with textarea so that you can put in multiple SSH-RSA keys.
---
.../web/sites/lib/lang/de_shell_user.lng | 1 +
.../web/sites/lib/lang/en_shell_user.lng | 1 +
interface/web/sites/shell_user_edit.php | 2 +
.../web/sites/templates/shell_user_edit.htm | 4 +-
.../shelluser_base_plugin.inc.php | 64 ++++++++++++-----
.../shelluser_jailkit_plugin.inc.php | 68 +++++++++++++------
6 files changed, 100 insertions(+), 40 deletions(-)
diff --git a/interface/web/sites/lib/lang/de_shell_user.lng b/interface/web/sites/lib/lang/de_shell_user.lng
index 4f0b2ec24..c2373ad83 100644
--- a/interface/web/sites/lib/lang/de_shell_user.lng
+++ b/interface/web/sites/lib/lang/de_shell_user.lng
@@ -19,4 +19,5 @@ $wb['password_strength_txt'] = 'Passwortkomplexität';
$wb['parent_domain_id_error_empty'] = 'Keine Website ausgewählt.';
$wb['puser_txt'] = 'Web Username';
$wb['pgroup_txt'] = 'Web Group';
+$wb['ssh_rsa_txt'] = 'SSH-RSA Public Key (für key-basierte Logins)';
?>
diff --git a/interface/web/sites/lib/lang/en_shell_user.lng b/interface/web/sites/lib/lang/en_shell_user.lng
index f98f3f980..e05fd258e 100644
--- a/interface/web/sites/lib/lang/en_shell_user.lng
+++ b/interface/web/sites/lib/lang/en_shell_user.lng
@@ -20,4 +20,5 @@ $wb["uid_error_empty"] = 'GID empty.';
$wb["directory_error_empty"] = 'Directory empty.';
$wb["limit_shell_user_txt"] = 'The max number of shell users is reached.';
$wb["parent_domain_id_error_empty"] = 'No website selected.';
+$wb["ssh_rsa_txt"] = 'SSH-RSA Public Key (for key-based logins)';
?>
diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php
index cf4a585a9..bb93bf222 100644
--- a/interface/web/sites/shell_user_edit.php
+++ b/interface/web/sites/shell_user_edit.php
@@ -112,6 +112,8 @@ class page_action extends tform_actions {
if(isset($this->dataRecord['username']) && trim($this->dataRecord['username']) == '') $app->tform->errorMessage .= $app->tform->lng('username_error_empty').'<br />';
if(isset($this->dataRecord['username']) && empty($this->dataRecord['parent_domain_id'])) $app->tform->errorMessage .= $app->tform->lng('parent_domain_id_error_empty').'<br />';
+ if(isset($this->dataRecord['ssh_rsa'])) $this->dataRecord['ssh_rsa'] = trim($this->dataRecord['ssh_rsa']);
+
parent::onSubmit();
}
diff --git a/interface/web/sites/templates/shell_user_edit.htm b/interface/web/sites/templates/shell_user_edit.htm
index 45bdcc408..3924d39e7 100644
--- a/interface/web/sites/templates/shell_user_edit.htm
+++ b/interface/web/sites/templates/shell_user_edit.htm
@@ -44,8 +44,8 @@
<input name="quota_size" id="quota_size" value="{tmpl_var name='quota_size'}" size="7" maxlength="7" type="text" class="textInput formLengthLimit" /><p class="formInputUnity"> MB</p>
</div>
<div class="ctrlHolder">
- <label for="ssh_rsa">ssh_rsa</label>
- <input name="ssh_rsa" id="ssh_rsa" value="" maxlength="600" type="text" class="textInput" />
+ <label for="ssh_rsa">{tmpl_var name='ssh_rsa_txt'}</label>
+ <textarea name="ssh_rsa" id="ssh_rsa" rows="10" cols="30">{tmpl_var name='ssh_rsa'}</textarea>
</div>
<div class="ctrlHolder">
<p class="label">{tmpl_var name='active_txt'}</p>
diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index 58858a3bc..946aaaa4c 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -195,6 +195,7 @@ class shelluser_base_plugin {
}
private function _setup_ssh_rsa() {
+ global $app;
$this->app->log("ssh-rsa setup shelluser_base",LOGLEVEL_DEBUG);
// Get the client ID, username, and the key
$domain_data = $this->app->db->queryOneRecord('SELECT sys_groupid FROM web_domain WHERE web_domain.domain_id = '.intval($this->data['new']['parent_domain_id']));
@@ -207,41 +208,68 @@ class shelluser_base_plugin {
unset($client_data);
// ssh-rsa authentication variables
- $sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
+ $sshrsa = $this->data['new']['ssh_rsa'];
$usrdir = escapeshellcmd($this->data['new']['dir']);
$sshdir = $usrdir.'/.ssh';
$sshkeys= $usrdir.'/.ssh/authorized_keys';
+ $app->uses('file');
+ $sshrsa = $app->file->unix_nl($sshrsa);
+ $sshrsa = $app->file->remove_blank_lines($sshrsa,0);
+
// If this user has no key yet, generate a pair
- if ($userkey == '' && $id>0)
- {
+ if ($userkey == '' && $id > 0){
//Generate ssh-rsa-keys
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
+
+ // use the public key that has been generated
+ $userkey = file_get_contents('/tmp/id_rsa.pub');
+
// save keypair in client table
- $this->app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".file_get_contents('/tmp/id_rsa.pub')."' WHERE client_id = ".$id);
- // and use the public key that has been generated
- $userkey = file_get_contents('/tmp/id_rsa.pub')
- ;
+ $this->app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".$userkey."' WHERE client_id = ".$id);
+
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
$this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);
};
-
- if (!file_exists($sshkeys))
- {
+
+ if (!file_exists($sshkeys)){
// add root's key
- exec("mkdir '$sshdir'");
- exec("cat /root/.ssh/authorized_keys > '$sshkeys'");
- exec("echo '' >> '$sshkeys'");
+ $app->file->mkdirs($sshdir, '0755');
+ file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
+ // Remove duplicate keys
+ $existing_keys = file($sshkeys);
+ $new_keys = explode("\n", $userkey);
+ $final_keys_arr = array_merge($existing_keys, $new_keys);
+ $new_final_keys_arr = array();
+ if(is_array($final_keys_arr) && !empty($final_keys_arr)){
+ foreach($final_keys_arr as $key => $val){
+ $new_final_keys_arr[$key] = trim($val);
+ }
+ }
+ $final_keys = implode("\n", array_flip(array_flip($new_final_keys_arr)));
+
// add the user's key
- exec("echo '$userkey' >> '$sshkeys'");
- exec("echo '' >> '$sshkeys'");
+ file_put_contents($sshkeys, $final_keys);
+ $app->file->remove_blank_lines($sshkeys);
$this->app->log("ssh-rsa authorisation keyfile created in ".$sshkeys,LOGLEVEL_DEBUG);
}
- if ($sshrsa!=''){
+ if ($sshrsa != ''){
+ // Remove duplicate keys
+ $existing_keys = file($sshkeys);
+ $new_keys = explode("\n", $sshrsa);
+ $final_keys_arr = array_merge($existing_keys, $new_keys);
+ $new_final_keys_arr = array();
+ if(is_array($final_keys_arr) && !empty($final_keys_arr)){
+ foreach($final_keys_arr as $key => $val){
+ $new_final_keys_arr[$key] = trim($val);
+ }
+ }
+ $final_keys = implode("\n", array_flip(array_flip($new_final_keys_arr)));
+
// add the custom key
- exec("echo '$sshrsa' >> '$sshkeys'");
- exec("echo '' >> '$sshkeys'");
+ file_put_contents($sshkeys, $final_keys);
+ $app->file->remove_blank_lines($sshkeys);
$this->app->log("ssh-rsa key updated in ".$sshkeys,LOGLEVEL_DEBUG);
}
// set proper file permissions
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index 31db30f55..c1e2b2cd3 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -364,6 +364,7 @@ class shelluser_jailkit_plugin {
}
private function _setup_ssh_rsa() {
+ global $app;
$this->app->log("ssh-rsa setup shelluser_jailkit",LOGLEVEL_DEBUG);
// Get the client ID, username, and the key
$domain_data = $this->app->db->queryOneRecord('SELECT sys_groupid FROM web_domain WHERE web_domain.domain_id = '.intval($this->data['new']['parent_domain_id']));
@@ -376,41 +377,68 @@ class shelluser_jailkit_plugin {
unset($client_data);
// ssh-rsa authentication variables
- $sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
+ $sshrsa = $this->data['new']['ssh_rsa'];
$usrdir = escapeshellcmd($this->data['new']['dir']).'/'.$this->_get_home_dir($this->data['new']['username']);
- $sshdir = $usrdir.'/.ssh';
- $sshkeys= $usrdir.'/.ssh/authorized_keys';
+ $sshdir = $usrdir.'/.ssh';
+ $sshkeys= $usrdir.'/.ssh/authorized_keys';
+
+ $app->uses('file');
+ $sshrsa = $app->file->unix_nl($sshrsa);
+ $sshrsa = $app->file->remove_blank_lines($sshrsa,0);
// If this user has no key yet, generate a pair
- if ($userkey == '' && $id>0)
- {
+ if ($userkey == '' && $id > 0){
//Generate ssh-rsa-keys
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
+
+ // use the public key that has been generated
+ $userkey = file_get_contents('/tmp/id_rsa.pub');
+
// save keypair in client table
- $this->app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".file_get_contents('/tmp/id_rsa.pub')."' WHERE client_id = ".$id);
- // and use the public key that has been generated
- $userkey = file_get_contents('/tmp/id_rsa.pub')
- ;
+ $this->app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".$userkey."' WHERE client_id = ".$id);
+
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
$this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);
};
- if (!file_exists($sshkeys))
- {
+ if (!file_exists($sshkeys)){
// add root's key
- exec("mkdir '$sshdir'");
- exec("cat /root/.ssh/authorized_keys > '$sshkeys'");
- exec("echo '' >> '$sshkeys'");
-
+ $app->file->mkdirs($sshdir, '0755');
+ file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
+
+ // Remove duplicate keys
+ $existing_keys = file($sshkeys);
+ $new_keys = explode("\n", $userkey);
+ $final_keys_arr = array_merge($existing_keys, $new_keys);
+ $new_final_keys_arr = array();
+ if(is_array($final_keys_arr) && !empty($final_keys_arr)){
+ foreach($final_keys_arr as $key => $val){
+ $new_final_keys_arr[$key] = trim($val);
+ }
+ }
+ $final_keys = implode("\n", array_flip(array_flip($new_final_keys_arr)));
+
// add the user's key
- exec("echo '$userkey' >> '$sshkeys'");
- exec("echo '' >> '$sshkeys'");
+ file_put_contents($sshkeys, $final_keys);
+ $app->file->remove_blank_lines($sshkeys);
$this->app->log("ssh-rsa authorisation keyfile created in ".$sshkeys,LOGLEVEL_DEBUG);
}
- if ($sshrsa!=''){
+ if ($sshrsa != ''){
+ // Remove duplicate keys
+ $existing_keys = file($sshkeys);
+ $new_keys = explode("\n", $sshrsa);
+ $final_keys_arr = array_merge($existing_keys, $new_keys);
+ $new_final_keys_arr = array();
+ if(is_array($final_keys_arr) && !empty($final_keys_arr)){
+ foreach($final_keys_arr as $key => $val){
+ $new_final_keys_arr[$key] = trim($val);
+ }
+ }
+ $final_keys = implode("\n", array_flip(array_flip($new_final_keys_arr)));
+
// add the custom key
- exec("echo '$sshrsa' >> '$sshkeys'");
- exec("echo '' >> '$sshkeys'");
+ file_put_contents($sshkeys, $final_keys);
+ $app->file->remove_blank_lines($sshkeys);
$this->app->log("ssh-rsa key updated in ".$sshkeys,LOGLEVEL_DEBUG);
}
// set proper file permissions
--
GitLab