From 2cfdbcdf4c9e32bc6ef43af3463db1d010124760 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Sun, 22 Jan 2017 16:08:16 +0100 Subject: [PATCH] Improved the code that generates the ssh keys for clients and shell users and reorganized it into a central function. --- interface/lib/classes/functions.inc.php | 17 +++++++++++++++++ interface/lib/classes/remoting.inc.php | 5 ++--- interface/web/client/client_edit.php | 5 ++--- interface/web/tools/import_vpopmail.php | 5 ++--- server/lib/classes/functions.inc.php | 17 +++++++++++++++++ .../shelluser_base_plugin.inc.php | 12 ++---------- .../shelluser_jailkit_plugin.inc.php | 13 +++---------- 7 files changed, 45 insertions(+), 29 deletions(-) diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php index 3a9fcb9a10..da35a37002 100644 --- a/interface/lib/classes/functions.inc.php +++ b/interface/lib/classes/functions.inc.php @@ -437,6 +437,23 @@ class functions { return $customer_no; } + + public function generate_ssh_key($client_id, $username = ''){ + global $app; + + // generate the SSH key pair for the client + $id_rsa_file = '/tmp/'.uniqid('',true); + $id_rsa_pub_file = $id_rsa_file.'.pub'; + if(file_exists($id_rsa_file)) unset($id_rsa_file); + if(file_exists($id_rsa_pub_file)) unset($id_rsa_pub_file); + if(!file_exists($id_rsa_file) && !file_exists($id_rsa_pub_file)) { + exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f '.$id_rsa_file.' -N ""'); + $app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents($id_rsa_file), @file_get_contents($id_rsa_pub_file), $client_id); + exec('rm -f '.$id_rsa_file.' '.$id_rsa_pub_file); + } else { + $app->log("Failed to create SSH keypair for ".$username, LOGLEVEL_WARN); + } + } } ?> diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php index 5934646bac..69ebac2e4c 100644 --- a/interface/lib/classes/remoting.inc.php +++ b/interface/lib/classes/remoting.inc.php @@ -230,9 +230,8 @@ class remoting { */ /* copied from the client_edit php */ - exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""'); - $app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id); - exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub'); + $app->uses('functions'); + $app->functions->generate_ssh_key($this->id, $username); diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php index 3f63c7ee8c..9345b5b7c3 100644 --- a/interface/web/client/client_edit.php +++ b/interface/web/client/client_edit.php @@ -260,9 +260,8 @@ class page_action extends tform_actions { // Create the controlpaneluser for the client //Generate ssh-rsa-keys - exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""'); - $app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id); - exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub'); + $app->uses('functions'); + $app->functions->generate_ssh_key($this->id, $username); // Create the controlpaneluser for the client $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id) diff --git a/interface/web/tools/import_vpopmail.php b/interface/web/tools/import_vpopmail.php index 242ea5f2b5..9e560cdf30 100644 --- a/interface/web/tools/import_vpopmail.php +++ b/interface/web/tools/import_vpopmail.php @@ -133,9 +133,8 @@ function start_import() { // Create the controlpaneluser for the client //Generate ssh-rsa-keys - exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""'); - $app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $client_id); - exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub'); + $app->uses('functions'); + $app->functions->generate_ssh_key($client_id, $username); // Create the controlpaneluser for the client $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id) diff --git a/server/lib/classes/functions.inc.php b/server/lib/classes/functions.inc.php index 1f9c6b6efc..e36ed5b04f 100644 --- a/server/lib/classes/functions.inc.php +++ b/server/lib/classes/functions.inc.php @@ -415,6 +415,23 @@ class functions { } return implode("\n", $domains); } + + public function generate_ssh_key($client_id, $username = ''){ + global $app; + + // generate the SSH key pair for the client + $id_rsa_file = '/tmp/'.uniqid('',true); + $id_rsa_pub_file = $id_rsa_file.'.pub'; + if(file_exists($id_rsa_file)) unset($id_rsa_file); + if(file_exists($id_rsa_pub_file)) unset($id_rsa_pub_file); + if(!file_exists($id_rsa_file) && !file_exists($id_rsa_pub_file)) { + exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f '.$id_rsa_file.' -N ""'); + $app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", $app->system->file_get_contents($id_rsa_file), $app->system->file_get_contents($id_rsa_pub_file), $client_id); + exec('rm -f '.$id_rsa_file.' '.$id_rsa_pub_file); + } else { + $app->log("Failed to create SSH keypair for ".$username, LOGLEVEL_WARN); + } + } } diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php index 71275d27a9..d3376f10ca 100755 --- a/server/plugins-available/shelluser_base_plugin.inc.php +++ b/server/plugins-available/shelluser_base_plugin.inc.php @@ -450,16 +450,8 @@ class shelluser_base_plugin { // If this user has no key yet, generate a pair if ($userkey == '' && $id > 0){ //Generate ssh-rsa-keys - exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""'); - - // use the public key that has been generated - $userkey = $app->system->file_get_contents('/tmp/id_rsa.pub'); - - // save keypair in client table - $this->app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", $app->system->file_get_contents('/tmp/id_rsa'), $userkey, $id); - - $app->system->unlink('/tmp/id_rsa'); - $app->system->unlink('/tmp/id_rsa.pub'); + $app->uses('functions'); + $app->functions->generate_ssh_key($id, $username); $this->app->log("ssh-rsa keypair generated for ".$username, LOGLEVEL_DEBUG); }; diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php index 16dbcc7a67..291c771e6c 100755 --- a/server/plugins-available/shelluser_jailkit_plugin.inc.php +++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php @@ -468,16 +468,9 @@ class shelluser_jailkit_plugin { // If this user has no key yet, generate a pair if ($userkey == '' && $id > 0){ //Generate ssh-rsa-keys - exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""'); - - // use the public key that has been generated - $userkey = $app->system->file_get_contents('/tmp/id_rsa.pub'); - - // save keypair in client table - $this->app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ? ssh_rsa = ? WHERE client_id = ?", $app->system->file_get_contents('/tmp/id_rsa'), $userkey, $id); - - $app->system->unlink('/tmp/id_rsa'); - $app->system->unlink('/tmp/id_rsa.pub'); + $app->uses('functions'); + $app->functions->generate_ssh_key($id, $username); + $this->app->log("ssh-rsa keypair generated for ".$username, LOGLEVEL_DEBUG); }; -- GitLab