LDAPAccountManager/lam/lib/remote.inc

178 lines
4.9 KiB
PHP
Raw Normal View History

2017-09-16 13:09:25 +00:00
<?php
namespace LAM\REMOTE;
2017-12-13 09:59:38 +00:00
use \LAMException;
2017-09-16 13:09:25 +00:00
use \phpseclib\Net\SSH2;
use \phpseclib\Crypt\RSA;
/*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
2019-05-30 15:18:01 +00:00
Copyright (C) 2017 - 2019 Roland Gruber
2017-09-16 13:09:25 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* This file includes functions to control LAM remote executions.
*
* @author Roland Gruber
*
* @package modules
*/
/**
* Runs remote commands.
*
* @author Roland Gruber
*/
class Remote {
/** SSH2 server handle */
private $server = null;
/**
* Constructor, include SSH library.
*/
public function __construct() {
$this->includeSshLibrary();
}
/**
* Sends commands to remote script.
*
* @param string $command command to execute
* @return string output of remote script
*/
public function execute($command) {
if ($this->server == null) {
return array();
}
return $this->server->exec("sudo " . $_SESSION['config']->get_scriptPath() . ' ' . escapeshellarg($command));
}
/**
* Connects to the given SSH server.
*
* @param String $server server name (e.g. localhost or localhost,1234)
*/
public function connect($server) {
$serverNameParts = explode(",", $server);
$handle = false;
if (sizeof($serverNameParts) > 1) {
$handle = @new SSH2($serverNameParts[0], $serverNameParts[1]);
}
else {
$handle = @new SSH2($server);
}
if (!$handle) {
2017-12-13 09:59:38 +00:00
throw new LAMException(_("Unable to connect to remote server!"));
2017-09-16 13:09:25 +00:00
}
$this->loginSSH($handle);
$this->server = $handle;
}
/**
* Closes the connection.
*/
public function disconnect() {
2017-09-16 14:55:21 +00:00
if ($this->server == null) {
return;
}
2017-09-16 13:09:25 +00:00
$this->server->disconnect();
}
/**
* Performs a login to the provided SSH handle.
*
* @param SSH2 $handle SSH handle
* @throws Exception login failed
*/
private function loginSSH($handle) {
$username = $_SESSION['config']->getScriptUserName();
2019-08-05 19:56:06 +00:00
$ldapUser = $_SESSION['ldap']->getUserName();
2017-09-16 13:09:25 +00:00
if (empty($username)) {
// get user name from current LAM user
2019-08-05 19:56:06 +00:00
$sr = @ldap_read($_SESSION['ldap']->server(), $ldapUser, "objectClass=posixAccount", array('uid'), 0, 0, 0, LDAP_DEREF_NEVER);
2017-09-16 13:09:25 +00:00
if ($sr) {
$entry = @ldap_get_entries($_SESSION['ldap']->server(), $sr);
2019-05-30 15:18:01 +00:00
if (!empty($entry[0]['uid'])) {
$username = $entry[0]['uid'][0];
}
2017-09-16 13:09:25 +00:00
}
if (empty($username)) {
2019-08-05 19:56:06 +00:00
throw new LAMException(sprintf(_("Your LAM admin user (%s) must be a valid Unix account to work with lamdaemon!"), getAbstractDN($ldapUser)));
2017-09-16 13:09:25 +00:00
}
}
2019-08-05 19:56:06 +00:00
$password = $_SESSION['ldap']->getPassword();
2017-09-16 13:09:25 +00:00
$keyPath = $_SESSION['config']->getScriptSSHKey();
2019-08-29 18:44:47 +00:00
$keyPassword = $_SESSION['config']->getScriptSSHKeyPassword();
2017-09-16 13:09:25 +00:00
if (!empty($keyPath)) {
2019-08-29 18:44:47 +00:00
$password = $this->loadKey($keyPath, $keyPassword);
2017-09-16 13:09:25 +00:00
}
$login = @$handle->login($username, $password);
if (!$login) {
2017-12-13 09:59:38 +00:00
throw new LAMException(_("Unable to login to remote server!"));
2017-09-16 13:09:25 +00:00
}
}
/**
* Include the SSH files.
*/
private function includeSshLibrary() {
$prefix = dirname(__FILE__) . '/3rdParty/phpseclib/';
require_once($prefix . 'Crypt/Base.php');
require_once($prefix . 'Crypt/Blowfish.php');
require_once($prefix . 'Crypt/Hash.php');
require_once($prefix . 'Crypt/Random.php');
require_once($prefix . 'Crypt/RC4.php');
require_once($prefix . 'Crypt/Rijndael.php');
require_once($prefix . 'Crypt/AES.php');
require_once($prefix . 'Crypt/RSA.php');
require_once($prefix . 'Crypt/DES.php');
require_once($prefix . 'Crypt/TripleDES.php');
require_once($prefix . 'Crypt/Twofish.php');
require_once($prefix . 'Math/BigInteger.php');
require_once($prefix . 'System/SSH/Agent.php');
require_once($prefix . 'Net/SSH2.php');
}
2019-08-29 18:44:47 +00:00
/**
* Loads the key
*
* @param string $keyPath file name
* @param string $keyPassword password
* @throws LAMException error loading key
* @return \phpseclib\Crypt\RSA key object
*/
public function loadKey($keyPath, $keyPassword) {
// use key authentication
if (!file_exists($keyPath) || !is_readable($keyPath)) {
throw new LAMException(sprintf(_("Unable to read %s."), htmlspecialchars($keyPath)));
}
$key = file_get_contents($keyPath);
$rsa = new RSA();
if (!empty($keyPassword)) {
$rsa->setPassword($keyPassword);
}
if (!$rsa->loadKey($key)) {
throw new LAMException(sprintf(_("Unable to load key %s."), htmlspecialchars($keyPath)));
}
return $rsa;
}
2017-09-16 13:09:25 +00:00
}
?>