ISPConfig3 devel
parent: 892f21ac | patch | commit | ignore whitespace
laking
2011-04-04 28a1b864972e1f93aa57c88c0cce9ea97e61bea2 
Update on certificte ssh-rsa authentication. Under construction are the shell plugins.
6 files modified
51 ■■■■ changed files
install/sql/incremental/upd_0008.sql 4 ●●●● patch | view | raw | blame | history
install/sql/ispconfig3.sql 5 ●●●●● patch | view | raw | blame | history
interface/web/client/client_edit.php 13 ●●●●● patch | view | raw | blame | history
interface/web/tools/form/user_settings.tform.php 4 ●●●● patch | view | raw | blame | history
server/plugins-available/shelluser_base_plugin.inc.php 21 ●●●●● patch | view | raw | blame | history
server/plugins-available/shelluser_jailkit_plugin.inc.php 4 ●●●● patch | view | raw | blame | history 
 install/sql/incremental/upd_0008.sql


@@ -1,4 +1,4 @@


-- database patch for rsa-key based shell access.


ALTER TABLE `sys_user` ADD `id_rsa` VARCHAR( 2000 ) NOT NULL ;


ALTER TABLE `sys_user` ADD `ssh_rsa` VARCHAR( 600 ) NOT NULL ;


ALTER TABLE `client` ADD `id_rsa` VARCHAR( 2000 ) NOT NULL ;


ALTER TABLE `client` ADD `ssh_rsa` VARCHAR( 600 ) NOT NULL ;


ALTER TABLE `shell_user` ADD `ssh_rsa` VARCHAR( 600 ) NOT NULL ;




 install/sql/ispconfig3.sql


@@ -112,6 +112,8 @@


  `template_master` int(11) unsigned NOT NULL default '0',


  `template_additional` varchar(255) NOT NULL default '',


  `created_at` bigint(20) DEFAULT NULL,


  `id_rsa` VARCHAR( 2000 ) NOT NULL default '',


  `ssh_rsa` VARCHAR( 600 ) NOT NULL default '',


  PRIMARY KEY  (`client_id`)


) ENGINE=MyISAM AUTO_INCREMENT=1;




@@ -1071,8 +1073,7 @@


  `groups` varchar(255) NOT NULL default '',


  `default_group` int(11) unsigned NOT NULL default '0',


  `client_id` int(11) unsigned NOT NULL default '0',


  `id_rsa` VARCHAR( 2000 ) NOT NULL default '',


  `ssh_rsa` VARCHAR( 600 ) NOT NULL default '',




  PRIMARY KEY  (`userid`)


) ENGINE=MyISAM AUTO_INCREMENT=1;






 interface/web/client/client_edit.php


@@ -152,15 +152,12 @@


        


        //Generate ssh-rsa-keys


        exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');


		


        $privatekey = file_get_contents('/tmp/id_rsa');


        $publickey  = file_get_contents('/tmp/id_rsa.pub');


		


        $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".file_get_contents('/tmp/id_rsa.pub')."' WHERE client_id = ".$this->id;


        exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');




		


        // Create the controlpaneluser for the client


        $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id,id_rsa,ssh_rsa)


        VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.",'$privatekey','$publickey')";


        $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)


        VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";


        $app->db->query($sql);


        


        //* If the user who inserted the client is a reseller (not admin), we will have to add this new client group 


@@ -170,7 +167,7 @@


            $app->db->query("UPDATE client SET parent_client_id = ".intval($_SESSION['s']['user']['client_id'])." WHERE client_id = ".$this->id);


        }


        


        $app->db->query("UPDATE client SET created_at = ".time()." WHERE client_id = ".$this->id);


		




        /* If there is a client-template, process it */


        applyClientTemplates($this->id);




 interface/web/tools/form/user_settings.tform.php


@@ -139,7 +139,7 @@


            'formtype'    => 'TEXT',



            'default'    => '',



            'datasource'    => array (     'type'    => 'SQL',



                                        'querystring' => 'SELECT id_rsa FROM sys_user WHERE {AUTHSQL}',



                                        'querystring' => 'SELECT id_rsa FROM client WHERE {AUTHSQL}',



                                        'valuefield'=> 'id_rsa'



                                     ),



            'value'        => ''



@@ -149,7 +149,7 @@


            'formtype'    => 'TEXT',



            'default'    => '',



            'datasource'    => array (     'type'    => 'SQL',



                                        'querystring' => 'SELECT ssh_rsa FROM sys_user WHERE {AUTHSQL}',



                                        'querystring' => 'SELECT ssh_rsa FROM client WHERE {AUTHSQL}',



                                        'valuefield'=> 'ssh_rsa'



                                     ),



            'value'        => ''





 server/plugins-available/shelluser_base_plugin.inc.php


@@ -195,13 +195,17 @@


    }


    


    function _setup_ssh_rsa() {




            //global $app, $conf;


            //$app->uses('system');


            // Okay, here we have a question, .. how to determine the client id


            //$var = "Var:".intval($this->app->system->getuid($this->data['new']['puser']));


            //exec("echo $var >> /tmp/debug");


            /*


            // ssh-rsa authentication variables


            $sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);


            $usrdir = escapeshellcmd($this->data['new']['dir']);


            $sshdir = escapeshellcmd($this->data['new']['dir']).'/.ssh';


            $sshkeys= escapeshellcmd($this->data['new']['dir']).'/.ssh/authorized_keys';


            global $app;


            


            // determine the client id


            $id = $this->data['new']['sys_groupid'];


@@ -213,18 +217,11 @@


            


            // If this user has no key yet, generate a pair


            if ($userkey == '') 


            {


            {		


                //Generate ssh-rsa-keys


                exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');


				


                $privatekey = file_get_contents('/tmp/id_rsa');


                $publickey  = file_get_contents('/tmp/id_rsa.pub');


				


                $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".file_get_contents('/tmp/id_rsa.pub')."' WHERE client_id = ".$this->id;


                exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');


				


                // Set the missing keypair


                $app->db->query("UPDATE sys_user SET id_rsa='$privatekey' ,ssh_rsa='$publickey' WHERE client_id = ".$id);


                $userkey = $publickey;


                


                $this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);


            


@@ -248,7 +245,7 @@


            // set proper file permissions


            exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);


            exec("chmod 600 '$sshkeys'");


			


            */


            $this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);


    }


    




 server/plugins-available/shelluser_jailkit_plugin.inc.php


@@ -272,7 +272,7 @@


            chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['pgroup']);


                


            $this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);


			


            /*


            // ssh-rsa authentication variables


            $sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);


            $usrdir = escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome;


@@ -327,7 +327,7 @@


            exec("chmod 600 '$sshkeys'");


            


            $this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);




            */


    }


    


    //* Update the website root directory permissions depending on the security level