check SSH key

This commit is contained in:
Roland Gruber 2019-08-29 20:44:47 +02:00
parent d73ffee957
commit ab3d13cf28
2 changed files with 64 additions and 24 deletions

View File

@ -117,21 +117,9 @@ class Remote {
}
$password = $_SESSION['ldap']->getPassword();
$keyPath = $_SESSION['config']->getScriptSSHKey();
if (!empty($keyPath)) {
// use key authentication
if (!file_exists($keyPath) || !is_readable($keyPath)) {
throw new LAMException(sprintf(_("Unable to read %s."), htmlspecialchars($keyPath)));
}
$key = file_get_contents($keyPath);
$rsa = new RSA();
$keyPassword = $_SESSION['config']->getScriptSSHKeyPassword();
if (!empty($keyPassword)) {
$rsa->setPassword($keyPassword);
}
if (!$rsa->loadKey($key)) {
throw new LAMException(sprintf(_("Unable to load key %s."), htmlspecialchars($keyPath)));
}
$password = $rsa;
if (!empty($keyPath)) {
$password = $this->loadKey($keyPath, $keyPassword);
}
$login = @$handle->login($username, $password);
if (!$login) {
@ -160,6 +148,30 @@ class Remote {
require_once($prefix . 'Net/SSH2.php');
}
/**
* Loads the key
*
* @param string $keyPath file name
* @param string $keyPassword password
* @throws LAMException error loading key
* @return \phpseclib\Crypt\RSA key object
*/
public function loadKey($keyPath, $keyPassword) {
// use key authentication
if (!file_exists($keyPath) || !is_readable($keyPath)) {
throw new LAMException(sprintf(_("Unable to read %s."), htmlspecialchars($keyPath)));
}
$key = file_get_contents($keyPath);
$rsa = new RSA();
if (!empty($keyPassword)) {
$rsa->setPassword($keyPassword);
}
if (!$rsa->loadKey($key)) {
throw new LAMException(sprintf(_("Unable to load key %s."), htmlspecialchars($keyPath)));
}
return $rsa;
}
}
?>

View File

@ -22,7 +22,7 @@ use \htmlGroup;
/*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2018 Roland Gruber
Copyright (C) 2003 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -659,15 +659,33 @@ function checkInput() {
$chmodOwner = 0;
$chmodGroup = 0;
$chmodOther = 0;
if (isset($_POST['chmod_owr']) && ($_POST['chmod_owr'] == 'on')) $chmodOwner += 4;
if (isset($_POST['chmod_oww']) && ($_POST['chmod_oww'] == 'on')) $chmodOwner += 2;
if (isset($_POST['chmod_owe']) && ($_POST['chmod_owe'] == 'on')) $chmodOwner += 1;
if (isset($_POST['chmod_grr']) && ($_POST['chmod_grr'] == 'on')) $chmodGroup += 4;
if (isset($_POST['chmod_grw']) && ($_POST['chmod_grw'] == 'on')) $chmodGroup += 2;
if (isset($_POST['chmod_gre']) && ($_POST['chmod_gre'] == 'on')) $chmodGroup += 1;
if (isset($_POST['chmod_otr']) && ($_POST['chmod_otr'] == 'on')) $chmodOther += 4;
if (isset($_POST['chmod_otw']) && ($_POST['chmod_otw'] == 'on')) $chmodOther += 2;
if (isset($_POST['chmod_ote']) && ($_POST['chmod_ote'] == 'on')) $chmodOther += 1;
if (isset($_POST['chmod_owr']) && ($_POST['chmod_owr'] == 'on')) {
$chmodOwner += 4;
}
if (isset($_POST['chmod_oww']) && ($_POST['chmod_oww'] == 'on')) {
$chmodOwner += 2;
}
if (isset($_POST['chmod_owe']) && ($_POST['chmod_owe'] == 'on')) {
$chmodOwner += 1;
}
if (isset($_POST['chmod_grr']) && ($_POST['chmod_grr'] == 'on')) {
$chmodGroup += 4;
}
if (isset($_POST['chmod_grw']) && ($_POST['chmod_grw'] == 'on')) {
$chmodGroup += 2;
}
if (isset($_POST['chmod_gre']) && ($_POST['chmod_gre'] == 'on')) {
$chmodGroup += 1;
}
if (isset($_POST['chmod_otr']) && ($_POST['chmod_otr'] == 'on')) {
$chmodOther += 4;
}
if (isset($_POST['chmod_otw']) && ($_POST['chmod_otw'] == 'on')) {
$chmodOther += 2;
}
if (isset($_POST['chmod_ote']) && ($_POST['chmod_ote'] == 'on')) {
$chmodOther += 1;
}
$chmod = $chmodOwner . $chmodGroup . $chmodOther;
if (!$conf->set_scriptrights($chmod)) {
$errors[] = array("ERROR", _("Script rights are invalid!"));
@ -675,6 +693,16 @@ function checkInput() {
$conf->setScriptUserName($_POST['scriptuser']);
$conf->setScriptSSHKey($_POST['scriptkey']);
$conf->setScriptSSHKeyPassword($_POST['scriptkeypassword']);
if (!empty($_POST['scriptkey'])) {
include_once '../../lib/remote.inc';
$remote = new \LAM\REMOTE\Remote();
try {
$remote->loadKey($conf->getScriptSSHKey(), $conf->getScriptSSHKeyPassword());
}
catch (\LAMException $e) {
$errors[] = array('ERROR', _('SSH key file'), $e->getTitle());
}
}
// tool settings
$tools = getTools();
$toolSettings = array();