From ab3d13cf287af2309fe632aec5e69842db974cae Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Thu, 29 Aug 2019 20:44:47 +0200 Subject: [PATCH] check SSH key --- lam/lib/remote.inc | 40 +++++++++++++++++--------- lam/templates/config/confmain.php | 48 ++++++++++++++++++++++++------- 2 files changed, 64 insertions(+), 24 deletions(-) diff --git a/lam/lib/remote.inc b/lam/lib/remote.inc index f5aca48e..9190d7fd 100644 --- a/lam/lib/remote.inc +++ b/lam/lib/remote.inc @@ -117,21 +117,9 @@ class Remote { } $password = $_SESSION['ldap']->getPassword(); $keyPath = $_SESSION['config']->getScriptSSHKey(); + $keyPassword = $_SESSION['config']->getScriptSSHKeyPassword(); if (!empty($keyPath)) { - // use key authentication - if (!file_exists($keyPath) || !is_readable($keyPath)) { - throw new LAMException(sprintf(_("Unable to read %s."), htmlspecialchars($keyPath))); - } - $key = file_get_contents($keyPath); - $rsa = new RSA(); - $keyPassword = $_SESSION['config']->getScriptSSHKeyPassword(); - if (!empty($keyPassword)) { - $rsa->setPassword($keyPassword); - } - if (!$rsa->loadKey($key)) { - throw new LAMException(sprintf(_("Unable to load key %s."), htmlspecialchars($keyPath))); - } - $password = $rsa; + $password = $this->loadKey($keyPath, $keyPassword); } $login = @$handle->login($username, $password); if (!$login) { @@ -160,6 +148,30 @@ class Remote { require_once($prefix . 'Net/SSH2.php'); } + /** + * Loads the key + * + * @param string $keyPath file name + * @param string $keyPassword password + * @throws LAMException error loading key + * @return \phpseclib\Crypt\RSA key object + */ + public function loadKey($keyPath, $keyPassword) { + // use key authentication + if (!file_exists($keyPath) || !is_readable($keyPath)) { + throw new LAMException(sprintf(_("Unable to read %s."), htmlspecialchars($keyPath))); + } + $key = file_get_contents($keyPath); + $rsa = new RSA(); + if (!empty($keyPassword)) { + $rsa->setPassword($keyPassword); + } + if (!$rsa->loadKey($key)) { + throw new LAMException(sprintf(_("Unable to load key %s."), htmlspecialchars($keyPath))); + } + return $rsa; + } + } ?> diff --git a/lam/templates/config/confmain.php b/lam/templates/config/confmain.php index 24c74135..7f8abe91 100644 --- a/lam/templates/config/confmain.php +++ b/lam/templates/config/confmain.php @@ -22,7 +22,7 @@ use \htmlGroup; /* This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2003 - 2018 Roland Gruber + Copyright (C) 2003 - 2019 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -659,15 +659,33 @@ function checkInput() { $chmodOwner = 0; $chmodGroup = 0; $chmodOther = 0; - if (isset($_POST['chmod_owr']) && ($_POST['chmod_owr'] == 'on')) $chmodOwner += 4; - if (isset($_POST['chmod_oww']) && ($_POST['chmod_oww'] == 'on')) $chmodOwner += 2; - if (isset($_POST['chmod_owe']) && ($_POST['chmod_owe'] == 'on')) $chmodOwner += 1; - if (isset($_POST['chmod_grr']) && ($_POST['chmod_grr'] == 'on')) $chmodGroup += 4; - if (isset($_POST['chmod_grw']) && ($_POST['chmod_grw'] == 'on')) $chmodGroup += 2; - if (isset($_POST['chmod_gre']) && ($_POST['chmod_gre'] == 'on')) $chmodGroup += 1; - if (isset($_POST['chmod_otr']) && ($_POST['chmod_otr'] == 'on')) $chmodOther += 4; - if (isset($_POST['chmod_otw']) && ($_POST['chmod_otw'] == 'on')) $chmodOther += 2; - if (isset($_POST['chmod_ote']) && ($_POST['chmod_ote'] == 'on')) $chmodOther += 1; + if (isset($_POST['chmod_owr']) && ($_POST['chmod_owr'] == 'on')) { + $chmodOwner += 4; + } + if (isset($_POST['chmod_oww']) && ($_POST['chmod_oww'] == 'on')) { + $chmodOwner += 2; + } + if (isset($_POST['chmod_owe']) && ($_POST['chmod_owe'] == 'on')) { + $chmodOwner += 1; + } + if (isset($_POST['chmod_grr']) && ($_POST['chmod_grr'] == 'on')) { + $chmodGroup += 4; + } + if (isset($_POST['chmod_grw']) && ($_POST['chmod_grw'] == 'on')) { + $chmodGroup += 2; + } + if (isset($_POST['chmod_gre']) && ($_POST['chmod_gre'] == 'on')) { + $chmodGroup += 1; + } + if (isset($_POST['chmod_otr']) && ($_POST['chmod_otr'] == 'on')) { + $chmodOther += 4; + } + if (isset($_POST['chmod_otw']) && ($_POST['chmod_otw'] == 'on')) { + $chmodOther += 2; + } + if (isset($_POST['chmod_ote']) && ($_POST['chmod_ote'] == 'on')) { + $chmodOther += 1; + } $chmod = $chmodOwner . $chmodGroup . $chmodOther; if (!$conf->set_scriptrights($chmod)) { $errors[] = array("ERROR", _("Script rights are invalid!")); @@ -675,6 +693,16 @@ function checkInput() { $conf->setScriptUserName($_POST['scriptuser']); $conf->setScriptSSHKey($_POST['scriptkey']); $conf->setScriptSSHKeyPassword($_POST['scriptkeypassword']); + if (!empty($_POST['scriptkey'])) { + include_once '../../lib/remote.inc'; + $remote = new \LAM\REMOTE\Remote(); + try { + $remote->loadKey($conf->getScriptSSHKey(), $conf->getScriptSSHKeyPassword()); + } + catch (\LAMException $e) { + $errors[] = array('ERROR', _('SSH key file'), $e->getTitle()); + } + } // tool settings $tools = getTools(); $toolSettings = array();