From 08c588789bb4663f38cbe53e2055b530d2029b60 Mon Sep 17 00:00:00 2001
From: laking <laking@ispconfig3>
Date: Sun, 03 Apr 2011 23:53:30 -0400
Subject: [PATCH] Implemented passwordless ssh-rsa authentication support.
---
server/plugins-available/shelluser_base_plugin.inc.php | 71 +++++++++++++++++
interface/web/client/client_edit.php | 15 +++
interface/web/sites/templates/web_domain_ssl.htm | 2
interface/web/tools/form/user_settings.tform.php | 22 +++++
server/plugins-available/shelluser_jailkit_plugin.inc.php | 56 ++++++++++++++
interface/web/tools/templates/user_settings.htm | 8 ++
interface/web/tools/lib/lang/de_usersettings.lng | 2
interface/web/tools/lib/lang/en_usersettings.lng | 2
interface/web/tools/lib/lang/hu_usersettings.lng | 2
interface/web/sites/form/shell_user.tform.php | 9 ++
interface/web/sites/templates/shell_user_edit.htm | 4 +
11 files changed, 182 insertions(+), 11 deletions(-)
diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php
index 0cee48a..9b57d72 100644
--- a/interface/web/client/client_edit.php
+++ b/interface/web/client/client_edit.php
@@ -149,9 +149,17 @@
$active = 1;
$language = $app->db->quote($this->dataRecord["language"]);
+ //Generate ssh-rsa-keys
+ exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
+
+ $privatekey = file_get_contents('/tmp/id_rsa');
+ $publickey = file_get_contents('/tmp/id_rsa.pub');
+
+ exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
+
// Create the controlpaneluser for the client
- $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
- VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
+ $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id,id_rsa,ssh_rsa)
+ VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.",'$privatekey','$publickey')";
$app->db->query($sql);
//* If the user who inserted the client is a reseller (not admin), we will have to add this new client group
@@ -214,6 +222,7 @@
$sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
$app->db->query($sql);
}
+
/*
* If there is a client-template, process it */
applyClientTemplates($this->id);
@@ -225,4 +234,4 @@
$page = new page_action;
$page->onLoad();
-?>
\ No newline at end of file
+?>
diff --git a/interface/web/sites/form/shell_user.tform.php b/interface/web/sites/form/shell_user.tform.php
index 0b009bb..ec7b612 100644
--- a/interface/web/sites/form/shell_user.tform.php
+++ b/interface/web/sites/form/shell_user.tform.php
@@ -127,6 +127,13 @@
'default' => 'y',
'value' => array(0 => 'n',1 => 'y')
),
+ 'ssh_rsa' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'default' => '',
+ 'value' => '',
+ 'maxlength' => '600'
+ ),
##################################
# ENDE Datatable fields
##################################
@@ -193,4 +200,4 @@
}
-?>
\ No newline at end of file
+?>
diff --git a/interface/web/sites/templates/shell_user_edit.htm b/interface/web/sites/templates/shell_user_edit.htm
index 7655743..6e2c3d9 100644
--- a/interface/web/sites/templates/shell_user_edit.htm
+++ b/interface/web/sites/templates/shell_user_edit.htm
@@ -43,6 +43,10 @@
<label for="quota_size">{tmpl_var name='quota_size_txt'}</label>
<input name="quota_size" id="quota_size" value="{tmpl_var name='quota_size'}" size="7" maxlength="7" type="text" class="textInput formLengthLimit" /><p class="formInputUnity"> MB</p>
</div>
+ <div class="ctrlHolder">
+ <label for="ssh_rsa">ssh_rsa</label>
+ <input name="ssh_rsa" id="ssh_rsa" value="" maxlength="600" type="text" class="textInput" />
+ </div>
<div class="ctrlHolder">
<p class="label">{tmpl_var name='active_txt'}</p>
<div class="multiField">
diff --git a/interface/web/sites/templates/web_domain_ssl.htm b/interface/web/sites/templates/web_domain_ssl.htm
index 9e86006..e282015 100644
--- a/interface/web/sites/templates/web_domain_ssl.htm
+++ b/interface/web/sites/templates/web_domain_ssl.htm
@@ -33,7 +33,7 @@
</div>
<div class="ctrlHolder">
<label for="ssl_request">{tmpl_var name='ssl_request_txt'}</label>
- <textarea name="ssl_request" id="ssl_request" rows='10' cols='30'>{tmpl_var name='ssl_request'}</textarea>
+ <textarea name="ssl_request" id="ssl_request" readonly rows='10' cols='30'>{tmpl_var name='ssl_request'}</textarea>
</div>
<div class="ctrlHolder">
<label for="ssl_cert">{tmpl_var name='ssl_cert_txt'}</label>
diff --git a/interface/web/tools/form/user_settings.tform.php b/interface/web/tools/form/user_settings.tform.php
index 516031a..df3f5a8 100644
--- a/interface/web/tools/form/user_settings.tform.php
+++ b/interface/web/tools/form/user_settings.tform.php
@@ -133,6 +133,26 @@
'maxlength' => '2',
'rows' => '',
'cols' => ''
+ ),
+ 'id_rsa' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'default' => '',
+ 'datasource' => array ( 'type' => 'SQL',
+ 'querystring' => 'SELECT id_rsa FROM sys_user WHERE {AUTHSQL}',
+ 'valuefield'=> 'id_rsa'
+ ),
+ 'value' => ''
+ ),
+ 'ssh_rsa' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'default' => '',
+ 'datasource' => array ( 'type' => 'SQL',
+ 'querystring' => 'SELECT ssh_rsa FROM sys_user WHERE {AUTHSQL}',
+ 'valuefield'=> 'ssh_rsa'
+ ),
+ 'value' => ''
)
##################################
# ENDE Datenbankfelder
@@ -141,4 +161,4 @@
);
-?>
\ No newline at end of file
+?>
diff --git a/interface/web/tools/lib/lang/de_usersettings.lng b/interface/web/tools/lib/lang/de_usersettings.lng
index 28b1f74..1791b71 100644
--- a/interface/web/tools/lib/lang/de_usersettings.lng
+++ b/interface/web/tools/lib/lang/de_usersettings.lng
@@ -3,6 +3,6 @@
$wb['language_txt'] = 'Sprache';
$wb['password_mismatch'] = 'Die Passwörter stimmen nicht überein.';
$wb['password_strength_txt'] = 'Passwortkomplexität';
-$wb['Form to edit the user password and language.'] = 'Formular, um das Benutzerpasswort und die Sprache zu bearbeiten.';
+$wb['Form to edit the user password and language.'] = 'Formular, um das Benutzerpasswort, die Sprache und die authentication zu bearbeiten.';
$wb['Settings'] = 'Einstellungen';
?>
diff --git a/interface/web/tools/lib/lang/en_usersettings.lng b/interface/web/tools/lib/lang/en_usersettings.lng
index bfe4871..4169e8c 100644
--- a/interface/web/tools/lib/lang/en_usersettings.lng
+++ b/interface/web/tools/lib/lang/en_usersettings.lng
@@ -3,6 +3,6 @@
$wb["password_strength_txt"] = 'Password strength';
$wb["language_txt"] = 'Language';
$wb["password_mismatch"] = 'The password in the second password field does not match the first password.';
-$wb["Form to edit the user password and language."] = 'Form to edit the user password and language.';
+$wb["Form to edit the user password and language."] = 'Form to edit the user password, language, and authentication.';
$wb["Settings"] = 'Settings';
?>
diff --git a/interface/web/tools/lib/lang/hu_usersettings.lng b/interface/web/tools/lib/lang/hu_usersettings.lng
index 89dc628..d9cc0bf 100644
--- a/interface/web/tools/lib/lang/hu_usersettings.lng
+++ b/interface/web/tools/lib/lang/hu_usersettings.lng
@@ -2,7 +2,7 @@
$wb['passwort_txt'] = 'Jelszó';
$wb['language_txt'] = 'Nyelv';
$wb['password_mismatch'] = 'Jelszavak nem egyeznek meg.';
-$wb['Form to edit the user password and language.'] = 'Jelszó és nyelv beállító oldal.';
+$wb['Form to edit the user password and language.'] = 'Jelszó, nyelv és hitelesítés beállító oldal.';
$wb['Settings'] = 'Beállítások';
$wb['password_strength_txt'] = 'Jelszó erősség';
?>
diff --git a/interface/web/tools/templates/user_settings.htm b/interface/web/tools/templates/user_settings.htm
index 658b94f..a3202ad 100644
--- a/interface/web/tools/templates/user_settings.htm
+++ b/interface/web/tools/templates/user_settings.htm
@@ -24,6 +24,14 @@
{tmpl_var name='language'}
</select>
</div>
+ <div class="ctrlHolder">
+ <label for="id_rsa">id_rsa</label>
+ <textarea name="id_rsa" id="id_rsa" readonly rows='10' cols='30'>{tmpl_var name='id_rsa'}</textarea>
+ </div>
+ <div class="ctrlHolder">
+ <label for="ssh_rsa">ssh_rsa</label>
+ <input name="ssh_rsa" id="ssh_rsa" value="{tmpl_var name='ssh_rsa'}" size="30" maxlength="600" type="text" class="textInput" />
+ </div>
<input type="hidden" name="id" value="{tmpl_var name='id'}">
diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index 69348f5..22c5f5f 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -88,6 +88,12 @@
exec($command);
$app->log("Executed command: ".$command,LOGLEVEL_DEBUG);
$app->log("Added shelluser: ".$data['new']['username'],LOGLEVEL_DEBUG);
+
+ // call the ssh-rsa update function
+ $app->uses("getconf");
+ $this->data = $data;
+ $this->app = $app;
+ $this->_setup_ssh_rsa();
//* Create .bash_history file
touch(escapeshellcmd($data['new']['dir']).'/.bash_history');
@@ -134,7 +140,12 @@
exec($command);
$app->log("Executed command: $command ",LOGLEVEL_DEBUG);
$app->log("Updated shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
-
+
+ // call the ssh-rsa update function
+ $app->uses("getconf");
+ $this->data = $data;
+ $this->app = $app;
+ $this->_setup_ssh_rsa();
//* Create .bash_history file
if(!is_file($data['new']['dir']).'/.bash_history') {
@@ -183,7 +194,63 @@
}
-
+ function _setup_ssh_rsa() {
+
+ // ssh-rsa authentication variables
+ $sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
+ $usrdir = escapeshellcmd($this->data['new']['dir']);
+ $sshdir = escapeshellcmd($this->data['new']['dir']).'/.ssh';
+ $sshkeys= escapeshellcmd($this->data['new']['dir']).'/.ssh/authorized_keys';
+ global $app;
+
+ // determine the client id
+ $id = $this->data['new']['sys_groupid'];
+ if ($id>0) $id = $id -1;
+
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ".$id);
+ $userkey = $user['ssh_rsa'];
+ $username= $user['username'];
+
+ // If this user has no key yet, generate a pair
+ if ($userkey == '')
+ {
+ //Generate ssh-rsa-keys
+ exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
+
+ $privatekey = file_get_contents('/tmp/id_rsa');
+ $publickey = file_get_contents('/tmp/id_rsa.pub');
+
+ exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
+
+ // Set the missing keypair
+ $app->db->query("UPDATE sys_user SET id_rsa='$privatekey' ,ssh_rsa='$publickey' WHERE client_id = ".$id);
+ $userkey = $publickey;
+
+ $this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);
+
+ };
+
+ if (!file_exists($sshkeys))
+ {
+ // add root's key
+ exec("mkdir '$sshdir'");
+ exec("cat /root/.ssh/authorized_keys > '$sshkeys'");
+ exec("echo '' >> '$sshkeys'");
+
+ // add the user's key
+ exec("echo '$userkey' >> '$sshkeys'");
+ exec("echo '' >> '$sshkeys'");
+ }
+ // add the custom key
+ exec("echo '$sshrsa' >> '$sshkeys'");
+ exec("echo '' >> '$sshkeys'");
+
+ // set proper file permissions
+ exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
+ exec("chmod 600 '$sshkeys'");
+
+ $this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);
+ }
} // end class
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index b1ee45e..ca7b5ab 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -272,6 +272,62 @@
chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['pgroup']);
$this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);
+
+ // ssh-rsa authentication variables
+ $sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
+ $usrdir = escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome;
+ $sshdir = escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome.'/.ssh';
+ $sshkeys= escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome.'/.ssh/authorized_keys';
+ global $app;
+
+ // determine the client id
+ $id = $this->data['new']['sys_groupid'];
+ if ($id>0) $id = $id -1;
+
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ".$id);
+ $userkey = $user['ssh_rsa'];
+ $username= $user['username'];
+
+ // If this user has no key yet, generate a pair
+ if ($userkey == '')
+ {
+ //Generate ssh-rsa-keys
+ exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
+
+ $privatekey = file_get_contents('/tmp/id_rsa');
+ $publickey = file_get_contents('/tmp/id_rsa.pub');
+
+ exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
+
+ // Set the missing keypair
+ $app->db->query("UPDATE sys_user SET id_rsa='$privatekey' ,ssh_rsa='$publickey' WHERE client_id = ".$id);
+ $userkey = $publickey;
+
+ $this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);
+
+ };
+
+ if (!file_exists($sshkeys))
+ {
+ // add root's key
+ exec("mkdir '$sshdir'");
+ exec("cat /root/.ssh/authorized_keys > '$sshkeys'");
+ exec("echo '' >> '$sshkeys'");
+
+ // add the user's key
+ exec("echo '$userkey' >> '$sshkeys'");
+ exec("echo '' >> '$sshkeys'");
+ }
+ // add the custom key
+ exec("echo '$sshrsa' >> '$sshkeys'");
+ exec("echo '' >> '$sshkeys'");
+
+ // set proper file permissions
+ exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
+ exec("chmod 600 '$sshkeys'");
+
+ $this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);
+
}
//* Update the website root directory permissions depending on the security level
--
Gitblit v1.9.1