2017-09-16 13:09:25 +00:00
|
|
|
<?php
|
|
|
|
namespace LAM\REMOTE;
|
2017-12-13 09:59:38 +00:00
|
|
|
use \LAMException;
|
2017-09-16 13:09:25 +00:00
|
|
|
use \phpseclib\Net\SSH2;
|
|
|
|
use \phpseclib\Crypt\RSA;
|
|
|
|
/*
|
|
|
|
|
|
|
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
2019-05-30 15:18:01 +00:00
|
|
|
Copyright (C) 2017 - 2019 Roland Gruber
|
2017-09-16 13:09:25 +00:00
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This file includes functions to control LAM remote executions.
|
|
|
|
*
|
|
|
|
* @author Roland Gruber
|
|
|
|
*
|
|
|
|
* @package modules
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Runs remote commands.
|
|
|
|
*
|
|
|
|
* @author Roland Gruber
|
|
|
|
*/
|
|
|
|
class Remote {
|
|
|
|
|
|
|
|
/** SSH2 server handle */
|
|
|
|
private $server = null;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Constructor, include SSH library.
|
|
|
|
*/
|
|
|
|
public function __construct() {
|
|
|
|
$this->includeSshLibrary();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sends commands to remote script.
|
|
|
|
*
|
|
|
|
* @param string $command command to execute
|
|
|
|
* @return string output of remote script
|
|
|
|
*/
|
|
|
|
public function execute($command) {
|
|
|
|
if ($this->server == null) {
|
|
|
|
return array();
|
|
|
|
}
|
|
|
|
return $this->server->exec("sudo " . $_SESSION['config']->get_scriptPath() . ' ' . escapeshellarg($command));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Connects to the given SSH server.
|
|
|
|
*
|
|
|
|
* @param String $server server name (e.g. localhost or localhost,1234)
|
|
|
|
*/
|
|
|
|
public function connect($server) {
|
|
|
|
$serverNameParts = explode(",", $server);
|
|
|
|
$handle = false;
|
|
|
|
if (sizeof($serverNameParts) > 1) {
|
|
|
|
$handle = @new SSH2($serverNameParts[0], $serverNameParts[1]);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$handle = @new SSH2($server);
|
|
|
|
}
|
|
|
|
if (!$handle) {
|
2017-12-13 09:59:38 +00:00
|
|
|
throw new LAMException(_("Unable to connect to remote server!"));
|
2017-09-16 13:09:25 +00:00
|
|
|
}
|
|
|
|
$this->loginSSH($handle);
|
|
|
|
$this->server = $handle;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Closes the connection.
|
|
|
|
*/
|
|
|
|
public function disconnect() {
|
2017-09-16 14:55:21 +00:00
|
|
|
if ($this->server == null) {
|
|
|
|
return;
|
|
|
|
}
|
2017-09-16 13:09:25 +00:00
|
|
|
$this->server->disconnect();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Performs a login to the provided SSH handle.
|
|
|
|
*
|
|
|
|
* @param SSH2 $handle SSH handle
|
|
|
|
* @throws Exception login failed
|
|
|
|
*/
|
|
|
|
private function loginSSH($handle) {
|
|
|
|
$username = $_SESSION['config']->getScriptUserName();
|
2019-08-05 19:56:06 +00:00
|
|
|
$ldapUser = $_SESSION['ldap']->getUserName();
|
2017-09-16 13:09:25 +00:00
|
|
|
if (empty($username)) {
|
|
|
|
// get user name from current LAM user
|
2019-08-05 19:56:06 +00:00
|
|
|
$sr = @ldap_read($_SESSION['ldap']->server(), $ldapUser, "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER);
|
2017-09-16 13:09:25 +00:00
|
|
|
if ($sr) {
|
|
|
|
$entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr);
|
2019-05-30 15:18:01 +00:00
|
|
|
if (!empty($entry[0]['uid'])) {
|
|
|
|
$username = $entry[0]['uid'][0];
|
|
|
|
}
|
2017-09-16 13:09:25 +00:00
|
|
|
}
|
|
|
|
if (empty($username)) {
|
2019-08-05 19:56:06 +00:00
|
|
|
throw new LAMException(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), getAbstractDN($ldapUser)));
|
2017-09-16 13:09:25 +00:00
|
|
|
}
|
|
|
|
}
|
2019-08-05 19:56:06 +00:00
|
|
|
$password = $_SESSION['ldap']->getPassword();
|
2017-09-16 13:09:25 +00:00
|
|
|
$keyPath = $_SESSION['config']->getScriptSSHKey();
|
2019-08-29 18:44:47 +00:00
|
|
|
$keyPassword = $_SESSION['config']->getScriptSSHKeyPassword();
|
2017-09-16 13:09:25 +00:00
|
|
|
if (!empty($keyPath)) {
|
2019-08-29 18:44:47 +00:00
|
|
|
$password = $this->loadKey($keyPath, $keyPassword);
|
2017-09-16 13:09:25 +00:00
|
|
|
}
|
|
|
|
$login = @$handle->login($username, $password);
|
|
|
|
if (!$login) {
|
2017-12-13 09:59:38 +00:00
|
|
|
throw new LAMException(_("Unable to login to remote server!"));
|
2017-09-16 13:09:25 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Include the SSH files.
|
|
|
|
*/
|
|
|
|
private function includeSshLibrary() {
|
|
|
|
$prefix = dirname(__FILE__) . '/3rdParty/phpseclib/';
|
|
|
|
require_once($prefix . 'Crypt/Base.php');
|
|
|
|
require_once($prefix . 'Crypt/Blowfish.php');
|
|
|
|
require_once($prefix . 'Crypt/Hash.php');
|
|
|
|
require_once($prefix . 'Crypt/Random.php');
|
|
|
|
require_once($prefix . 'Crypt/RC4.php');
|
|
|
|
require_once($prefix . 'Crypt/Rijndael.php');
|
|
|
|
require_once($prefix . 'Crypt/AES.php');
|
|
|
|
require_once($prefix . 'Crypt/RSA.php');
|
|
|
|
require_once($prefix . 'Crypt/DES.php');
|
|
|
|
require_once($prefix . 'Crypt/TripleDES.php');
|
|
|
|
require_once($prefix . 'Crypt/Twofish.php');
|
|
|
|
require_once($prefix . 'Math/BigInteger.php');
|
|
|
|
require_once($prefix . 'System/SSH/Agent.php');
|
|
|
|
require_once($prefix . 'Net/SSH2.php');
|
|
|
|
}
|
|
|
|
|
2019-08-29 18:44:47 +00:00
|
|
|
/**
|
|
|
|
* Loads the key
|
|
|
|
*
|
|
|
|
* @param string $keyPath file name
|
|
|
|
* @param string $keyPassword password
|
|
|
|
* @throws LAMException error loading key
|
|
|
|
* @return \phpseclib\Crypt\RSA key object
|
|
|
|
*/
|
|
|
|
public function loadKey($keyPath, $keyPassword) {
|
|
|
|
// use key authentication
|
|
|
|
if (!file_exists($keyPath) || !is_readable($keyPath)) {
|
|
|
|
throw new LAMException(sprintf(_("Unable to read %s."), htmlspecialchars($keyPath)));
|
|
|
|
}
|
|
|
|
$key = file_get_contents($keyPath);
|
|
|
|
$rsa = new RSA();
|
|
|
|
if (!empty($keyPassword)) {
|
|
|
|
$rsa->setPassword($keyPassword);
|
|
|
|
}
|
|
|
|
if (!$rsa->loadKey($key)) {
|
|
|
|
throw new LAMException(sprintf(_("Unable to load key %s."), htmlspecialchars($keyPath)));
|
|
|
|
}
|
|
|
|
return $rsa;
|
|
|
|
}
|
|
|
|
|
2017-09-16 13:09:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
?>
|