check SSH key
This commit is contained in:
parent
d73ffee957
commit
ab3d13cf28
|
@ -117,21 +117,9 @@ class Remote {
|
|||
}
|
||||
$password = $_SESSION['ldap']->getPassword();
|
||||
$keyPath = $_SESSION['config']->getScriptSSHKey();
|
||||
if (!empty($keyPath)) {
|
||||
// use key authentication
|
||||
if (!file_exists($keyPath) || !is_readable($keyPath)) {
|
||||
throw new LAMException(sprintf(_("Unable to read %s."), htmlspecialchars($keyPath)));
|
||||
}
|
||||
$key = file_get_contents($keyPath);
|
||||
$rsa = new RSA();
|
||||
$keyPassword = $_SESSION['config']->getScriptSSHKeyPassword();
|
||||
if (!empty($keyPassword)) {
|
||||
$rsa->setPassword($keyPassword);
|
||||
}
|
||||
if (!$rsa->loadKey($key)) {
|
||||
throw new LAMException(sprintf(_("Unable to load key %s."), htmlspecialchars($keyPath)));
|
||||
}
|
||||
$password = $rsa;
|
||||
if (!empty($keyPath)) {
|
||||
$password = $this->loadKey($keyPath, $keyPassword);
|
||||
}
|
||||
$login = @$handle->login($username, $password);
|
||||
if (!$login) {
|
||||
|
@ -160,6 +148,30 @@ class Remote {
|
|||
require_once($prefix . 'Net/SSH2.php');
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads the key
|
||||
*
|
||||
* @param string $keyPath file name
|
||||
* @param string $keyPassword password
|
||||
* @throws LAMException error loading key
|
||||
* @return \phpseclib\Crypt\RSA key object
|
||||
*/
|
||||
public function loadKey($keyPath, $keyPassword) {
|
||||
// use key authentication
|
||||
if (!file_exists($keyPath) || !is_readable($keyPath)) {
|
||||
throw new LAMException(sprintf(_("Unable to read %s."), htmlspecialchars($keyPath)));
|
||||
}
|
||||
$key = file_get_contents($keyPath);
|
||||
$rsa = new RSA();
|
||||
if (!empty($keyPassword)) {
|
||||
$rsa->setPassword($keyPassword);
|
||||
}
|
||||
if (!$rsa->loadKey($key)) {
|
||||
throw new LAMException(sprintf(_("Unable to load key %s."), htmlspecialchars($keyPath)));
|
||||
}
|
||||
return $rsa;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -22,7 +22,7 @@ use \htmlGroup;
|
|||
/*
|
||||
|
||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||
Copyright (C) 2003 - 2018 Roland Gruber
|
||||
Copyright (C) 2003 - 2019 Roland Gruber
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -659,15 +659,33 @@ function checkInput() {
|
|||
$chmodOwner = 0;
|
||||
$chmodGroup = 0;
|
||||
$chmodOther = 0;
|
||||
if (isset($_POST['chmod_owr']) && ($_POST['chmod_owr'] == 'on')) $chmodOwner += 4;
|
||||
if (isset($_POST['chmod_oww']) && ($_POST['chmod_oww'] == 'on')) $chmodOwner += 2;
|
||||
if (isset($_POST['chmod_owe']) && ($_POST['chmod_owe'] == 'on')) $chmodOwner += 1;
|
||||
if (isset($_POST['chmod_grr']) && ($_POST['chmod_grr'] == 'on')) $chmodGroup += 4;
|
||||
if (isset($_POST['chmod_grw']) && ($_POST['chmod_grw'] == 'on')) $chmodGroup += 2;
|
||||
if (isset($_POST['chmod_gre']) && ($_POST['chmod_gre'] == 'on')) $chmodGroup += 1;
|
||||
if (isset($_POST['chmod_otr']) && ($_POST['chmod_otr'] == 'on')) $chmodOther += 4;
|
||||
if (isset($_POST['chmod_otw']) && ($_POST['chmod_otw'] == 'on')) $chmodOther += 2;
|
||||
if (isset($_POST['chmod_ote']) && ($_POST['chmod_ote'] == 'on')) $chmodOther += 1;
|
||||
if (isset($_POST['chmod_owr']) && ($_POST['chmod_owr'] == 'on')) {
|
||||
$chmodOwner += 4;
|
||||
}
|
||||
if (isset($_POST['chmod_oww']) && ($_POST['chmod_oww'] == 'on')) {
|
||||
$chmodOwner += 2;
|
||||
}
|
||||
if (isset($_POST['chmod_owe']) && ($_POST['chmod_owe'] == 'on')) {
|
||||
$chmodOwner += 1;
|
||||
}
|
||||
if (isset($_POST['chmod_grr']) && ($_POST['chmod_grr'] == 'on')) {
|
||||
$chmodGroup += 4;
|
||||
}
|
||||
if (isset($_POST['chmod_grw']) && ($_POST['chmod_grw'] == 'on')) {
|
||||
$chmodGroup += 2;
|
||||
}
|
||||
if (isset($_POST['chmod_gre']) && ($_POST['chmod_gre'] == 'on')) {
|
||||
$chmodGroup += 1;
|
||||
}
|
||||
if (isset($_POST['chmod_otr']) && ($_POST['chmod_otr'] == 'on')) {
|
||||
$chmodOther += 4;
|
||||
}
|
||||
if (isset($_POST['chmod_otw']) && ($_POST['chmod_otw'] == 'on')) {
|
||||
$chmodOther += 2;
|
||||
}
|
||||
if (isset($_POST['chmod_ote']) && ($_POST['chmod_ote'] == 'on')) {
|
||||
$chmodOther += 1;
|
||||
}
|
||||
$chmod = $chmodOwner . $chmodGroup . $chmodOther;
|
||||
if (!$conf->set_scriptrights($chmod)) {
|
||||
$errors[] = array("ERROR", _("Script rights are invalid!"));
|
||||
|
@ -675,6 +693,16 @@ function checkInput() {
|
|||
$conf->setScriptUserName($_POST['scriptuser']);
|
||||
$conf->setScriptSSHKey($_POST['scriptkey']);
|
||||
$conf->setScriptSSHKeyPassword($_POST['scriptkeypassword']);
|
||||
if (!empty($_POST['scriptkey'])) {
|
||||
include_once '../../lib/remote.inc';
|
||||
$remote = new \LAM\REMOTE\Remote();
|
||||
try {
|
||||
$remote->loadKey($conf->getScriptSSHKey(), $conf->getScriptSSHKeyPassword());
|
||||
}
|
||||
catch (\LAMException $e) {
|
||||
$errors[] = array('ERROR', _('SSH key file'), $e->getTitle());
|
||||
}
|
||||
}
|
||||
// tool settings
|
||||
$tools = getTools();
|
||||
$toolSettings = array();
|
||||
|
|
Loading…
Reference in New Issue