check SSH key

This commit is contained in:
Roland Gruber 2019-08-29 20:44:47 +02:00
parent d73ffee957
commit ab3d13cf28
2 changed files with 64 additions and 24 deletions

View File

@ -117,21 +117,9 @@ class Remote {
} }
$password = $_SESSION['ldap']->getPassword(); $password = $_SESSION['ldap']->getPassword();
$keyPath = $_SESSION['config']->getScriptSSHKey(); $keyPath = $_SESSION['config']->getScriptSSHKey();
if (!empty($keyPath)) {
// use key authentication
if (!file_exists($keyPath) || !is_readable($keyPath)) {
throw new LAMException(sprintf(_("Unable to read %s."), htmlspecialchars($keyPath)));
}
$key = file_get_contents($keyPath);
$rsa = new RSA();
$keyPassword = $_SESSION['config']->getScriptSSHKeyPassword(); $keyPassword = $_SESSION['config']->getScriptSSHKeyPassword();
if (!empty($keyPassword)) { if (!empty($keyPath)) {
$rsa->setPassword($keyPassword); $password = $this->loadKey($keyPath, $keyPassword);
}
if (!$rsa->loadKey($key)) {
throw new LAMException(sprintf(_("Unable to load key %s."), htmlspecialchars($keyPath)));
}
$password = $rsa;
} }
$login = @$handle->login($username, $password); $login = @$handle->login($username, $password);
if (!$login) { if (!$login) {
@ -160,6 +148,30 @@ class Remote {
require_once($prefix . 'Net/SSH2.php'); require_once($prefix . 'Net/SSH2.php');
} }
/**
* Loads the key
*
* @param string $keyPath file name
* @param string $keyPassword password
* @throws LAMException error loading key
* @return \phpseclib\Crypt\RSA key object
*/
public function loadKey($keyPath, $keyPassword) {
// use key authentication
if (!file_exists($keyPath) || !is_readable($keyPath)) {
throw new LAMException(sprintf(_("Unable to read %s."), htmlspecialchars($keyPath)));
}
$key = file_get_contents($keyPath);
$rsa = new RSA();
if (!empty($keyPassword)) {
$rsa->setPassword($keyPassword);
}
if (!$rsa->loadKey($key)) {
throw new LAMException(sprintf(_("Unable to load key %s."), htmlspecialchars($keyPath)));
}
return $rsa;
}
} }
?> ?>

View File

@ -22,7 +22,7 @@ use \htmlGroup;
/* /*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2018 Roland Gruber Copyright (C) 2003 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -659,15 +659,33 @@ function checkInput() {
$chmodOwner = 0; $chmodOwner = 0;
$chmodGroup = 0; $chmodGroup = 0;
$chmodOther = 0; $chmodOther = 0;
if (isset($_POST['chmod_owr']) && ($_POST['chmod_owr'] == 'on')) $chmodOwner += 4; if (isset($_POST['chmod_owr']) && ($_POST['chmod_owr'] == 'on')) {
if (isset($_POST['chmod_oww']) && ($_POST['chmod_oww'] == 'on')) $chmodOwner += 2; $chmodOwner += 4;
if (isset($_POST['chmod_owe']) && ($_POST['chmod_owe'] == 'on')) $chmodOwner += 1; }
if (isset($_POST['chmod_grr']) && ($_POST['chmod_grr'] == 'on')) $chmodGroup += 4; if (isset($_POST['chmod_oww']) && ($_POST['chmod_oww'] == 'on')) {
if (isset($_POST['chmod_grw']) && ($_POST['chmod_grw'] == 'on')) $chmodGroup += 2; $chmodOwner += 2;
if (isset($_POST['chmod_gre']) && ($_POST['chmod_gre'] == 'on')) $chmodGroup += 1; }
if (isset($_POST['chmod_otr']) && ($_POST['chmod_otr'] == 'on')) $chmodOther += 4; if (isset($_POST['chmod_owe']) && ($_POST['chmod_owe'] == 'on')) {
if (isset($_POST['chmod_otw']) && ($_POST['chmod_otw'] == 'on')) $chmodOther += 2; $chmodOwner += 1;
if (isset($_POST['chmod_ote']) && ($_POST['chmod_ote'] == 'on')) $chmodOther += 1; }
if (isset($_POST['chmod_grr']) && ($_POST['chmod_grr'] == 'on')) {
$chmodGroup += 4;
}
if (isset($_POST['chmod_grw']) && ($_POST['chmod_grw'] == 'on')) {
$chmodGroup += 2;
}
if (isset($_POST['chmod_gre']) && ($_POST['chmod_gre'] == 'on')) {
$chmodGroup += 1;
}
if (isset($_POST['chmod_otr']) && ($_POST['chmod_otr'] == 'on')) {
$chmodOther += 4;
}
if (isset($_POST['chmod_otw']) && ($_POST['chmod_otw'] == 'on')) {
$chmodOther += 2;
}
if (isset($_POST['chmod_ote']) && ($_POST['chmod_ote'] == 'on')) {
$chmodOther += 1;
}
$chmod = $chmodOwner . $chmodGroup . $chmodOther; $chmod = $chmodOwner . $chmodGroup . $chmodOther;
if (!$conf->set_scriptrights($chmod)) { if (!$conf->set_scriptrights($chmod)) {
$errors[] = array("ERROR", _("Script rights are invalid!")); $errors[] = array("ERROR", _("Script rights are invalid!"));
@ -675,6 +693,16 @@ function checkInput() {
$conf->setScriptUserName($_POST['scriptuser']); $conf->setScriptUserName($_POST['scriptuser']);
$conf->setScriptSSHKey($_POST['scriptkey']); $conf->setScriptSSHKey($_POST['scriptkey']);
$conf->setScriptSSHKeyPassword($_POST['scriptkeypassword']); $conf->setScriptSSHKeyPassword($_POST['scriptkeypassword']);
if (!empty($_POST['scriptkey'])) {
include_once '../../lib/remote.inc';
$remote = new \LAM\REMOTE\Remote();
try {
$remote->loadKey($conf->getScriptSSHKey(), $conf->getScriptSSHKeyPassword());
}
catch (\LAMException $e) {
$errors[] = array('ERROR', _('SSH key file'), $e->getTitle());
}
}
// tool settings // tool settings
$tools = getTools(); $tools = getTools();
$toolSettings = array(); $toolSettings = array();