Implemented passwordless ssh-rsa authentication support.

Author: laking

interface/web/client/client_edit.php

@@ -149,9 +149,17 @@ function onAfterInsert() {
 		$active = 1;
 		$language = $app->db->quote($this->dataRecord["language"]);
 
+		//Generate ssh-rsa-keys
+		exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
+		
+		$privatekey = file_get_contents('/tmp/id_rsa');
+		$publickey  = file_get_contents('/tmp/id_rsa.pub');
+		
+		exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
+
 		// Create the controlpaneluser for the client
-		$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
-		VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
+		$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id,id_rsa,ssh_rsa)
+		VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.",'$privatekey','$publickey')";
 		$app->db->query($sql);
 
 		//* If the user who inserted the client is a reseller (not admin), we will have to add this new client group 
@@ -214,6 +222,7 @@ function onAfterUpdate() {
 			$sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
 			$app->db->query($sql);
 		}
+		
 		/*
 		 *  If there is a client-template, process it */
 		applyClientTemplates($this->id);
@@ -225,4 +234,4 @@ function onAfterUpdate() {
 $page = new page_action;
 $page->onLoad();
 
-?>
+?>

interface/web/sites/form/shell_user.tform.php

@@ -127,6 +127,13 @@
 			'default'	=> 'y',
 			'value'		=> array(0 => 'n',1 => 'y')
 		),
+		'ssh_rsa' => array (
+			'datatype'	=> 'VARCHAR',
+			'formtype'	=> 'TEXT',
+			'default'	=> '',
+			'value'		=> '',
+			'maxlength'	=> '600'
+		),
 	##################################
 	# ENDE Datatable fields
 	##################################
@@ -193,4 +200,4 @@
 }
 
 
-?>
+?>

interface/web/sites/templates/shell_user_edit.htm

@@ -43,6 +43,10 @@ <h2><tmpl_var name="list_head_txt"></h2>
       	<label for="quota_size">{tmpl_var name='quota_size_txt'}</label>
         <input name="quota_size" id="quota_size" value="{tmpl_var name='quota_size'}" size="7" maxlength="7" type="text" class="textInput formLengthLimit" /><p class="formInputUnity">&nbsp;MB</p>
 			</div>
+	<div class="ctrlHolder">
+      		<label for="ssh_rsa">ssh_rsa</label>
+        	<input name="ssh_rsa" id="ssh_rsa" value="" maxlength="600" type="text" class="textInput" />
+			</div>
       <div class="ctrlHolder">
 				<p class="label">{tmpl_var name='active_txt'}</p>
 					<div class="multiField">

interface/web/sites/templates/web_domain_ssl.htm

@@ -33,7 +33,7 @@ <h2><tmpl_var name="list_head_txt"></h2>
       </div>
       <div class="ctrlHolder">
       	<label for="ssl_request">{tmpl_var name='ssl_request_txt'}</label>
-        <textarea name="ssl_request" id="ssl_request" rows='10' cols='30'>{tmpl_var name='ssl_request'}</textarea>
+        <textarea name="ssl_request" id="ssl_request" readonly rows='10' cols='30'>{tmpl_var name='ssl_request'}</textarea>
       </div>
       <div class="ctrlHolder">
       	<label for="ssl_cert">{tmpl_var name='ssl_cert_txt'}</label>

interface/web/tools/form/user_settings.tform.php

@@ -133,6 +133,26 @@
 			'maxlength'	=> '2',
 			'rows'		=> '',
 			'cols'		=> ''
+		),
+		'id_rsa' => array (
+			'datatype'	=> 'VARCHAR',
+			'formtype'	=> 'TEXT',
+			'default'	=> '',
+			'datasource'	=> array ( 	'type'	=> 'SQL',
+										'querystring' => 'SELECT id_rsa FROM sys_user WHERE {AUTHSQL}',
+										'valuefield'=> 'id_rsa'
+									 ),
+			'value'		=> ''
+		),
+		'ssh_rsa' => array (
+			'datatype'	=> 'VARCHAR',
+			'formtype'	=> 'TEXT',
+			'default'	=> '',
+			'datasource'	=> array ( 	'type'	=> 'SQL',
+										'querystring' => 'SELECT ssh_rsa FROM sys_user WHERE {AUTHSQL}',
+										'valuefield'=> 'ssh_rsa'
+									 ),
+			'value'		=> ''
 		)
 	##################################
 	# ENDE Datenbankfelder
@@ -141,4 +161,4 @@
 );
 
 
-?>
+?>

interface/web/tools/lib/lang/de_usersettings.lng

@@ -3,6 +3,6 @@ $wb['passwort_txt'] = 'Passwort';
 $wb['language_txt'] = 'Sprache';
 $wb['password_mismatch'] = 'Die Passwörter stimmen nicht überein.';
 $wb['password_strength_txt'] = 'Passwortkomplexität';
-$wb['Form to edit the user password and language.'] = 'Formular, um das Benutzerpasswort und die Sprache zu bearbeiten.';
+$wb['Form to edit the user password and language.'] = 'Formular, um das Benutzerpasswort, die Sprache und die authentication zu bearbeiten.';
 $wb['Settings'] = 'Einstellungen';
 ?>

interface/web/tools/lib/lang/en_usersettings.lng

@@ -3,6 +3,6 @@ $wb["passwort_txt"] = 'Password';
 $wb["password_strength_txt"] = 'Password strength';
 $wb["language_txt"] = 'Language';
 $wb["password_mismatch"] = 'The password in the second password field does not match the first password.';
-$wb["Form to edit the user password and language."] = 'Form to edit the user password and language.';
+$wb["Form to edit the user password and language."] = 'Form to edit the user password, language, and authentication.';
 $wb["Settings"] = 'Settings';
 ?>

interface/web/tools/lib/lang/hu_usersettings.lng

@@ -2,7 +2,7 @@
 $wb['passwort_txt'] = 'Jelszó';
 $wb['language_txt'] = 'Nyelv';
 $wb['password_mismatch'] = 'Jelszavak nem egyeznek meg.';
-$wb['Form to edit the user password and language.'] = 'Jelszó és nyelv beállító oldal.';
+$wb['Form to edit the user password and language.'] = 'Jelszó, nyelv és hitelesítés beállító oldal.';
 $wb['Settings'] = 'Beállítások';
 $wb['password_strength_txt'] = 'Jelszó erősség';
 ?>

interface/web/tools/templates/user_settings.htm

@@ -24,6 +24,14 @@ <h2><tmpl_var name="list_head_txt"></h2>
 					{tmpl_var name='language'}
 				</select>
       </div>
+     <div class="ctrlHolder">
+      	<label for="id_rsa">id_rsa</label>
+        <textarea name="id_rsa" id="id_rsa" readonly rows='10' cols='30'>{tmpl_var name='id_rsa'}</textarea>
+      </div>
+      <div class="ctrlHolder">
+      	<label for="ssh_rsa">ssh_rsa</label>
+        <input name="ssh_rsa" id="ssh_rsa" value="{tmpl_var name='ssh_rsa'}" size="30" maxlength="600" type="text" class="textInput" />
+      </div>
 
     <input type="hidden" name="id" value="{tmpl_var name='id'}">
 

server/plugins-available/shelluser_base_plugin.inc.php

@@ -88,6 +88,12 @@ function insert($event_name,$data) {
 				exec($command);
 				$app->log("Executed command: ".$command,LOGLEVEL_DEBUG);
 				$app->log("Added shelluser: ".$data['new']['username'],LOGLEVEL_DEBUG);
+								
+				// call the ssh-rsa update function
+				$app->uses("getconf");
+				$this->data = $data;
+				$this->app = $app;
+				$this->_setup_ssh_rsa();
 
 				//* Create .bash_history file
 				touch(escapeshellcmd($data['new']['dir']).'/.bash_history');
@@ -134,7 +140,12 @@ function update($event_name,$data) {
 					exec($command);
 					$app->log("Executed command: $command ",LOGLEVEL_DEBUG);
 					$app->log("Updated shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
-					
+									
+					// call the ssh-rsa update function
+					$app->uses("getconf");
+					$this->data = $data;
+					$this->app = $app;
+					$this->_setup_ssh_rsa();
 
 					//* Create .bash_history file
 					if(!is_file($data['new']['dir']).'/.bash_history') {
@@ -183,7 +194,63 @@ function delete($event_name,$data) {
 
 	}
 
-	
+	function _setup_ssh_rsa() {
+
+			// ssh-rsa authentication variables
+			$sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
+			$usrdir = escapeshellcmd($this->data['new']['dir']);
+			$sshdir = escapeshellcmd($this->data['new']['dir']).'/.ssh';
+			$sshkeys= escapeshellcmd($this->data['new']['dir']).'/.ssh/authorized_keys';
+			global $app;
+			
+			// determine the client id
+			$id = $this->data['new']['sys_groupid'];
+			if ($id>0) $id = $id -1;
+			
+			$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id  = ".$id);
+			$userkey = $user['ssh_rsa'];
+			$username= $user['username'];
+			
+			// If this user has no key yet, generate a pair
+			if ($userkey == '') 
+			{
+				//Generate ssh-rsa-keys
+				exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
+				
+				$privatekey = file_get_contents('/tmp/id_rsa');
+				$publickey  = file_get_contents('/tmp/id_rsa.pub');
+				
+				exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
+				
+				// Set the missing keypair
+				$app->db->query("UPDATE sys_user SET id_rsa='$privatekey' ,ssh_rsa='$publickey' WHERE client_id = ".$id);
+				$userkey = $publickey;
+				
+				$this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);
+			
+			};
+			
+			if (!file_exists($sshkeys))
+			{
+				// add root's key
+				exec("mkdir '$sshdir'");
+				exec("cat /root/.ssh/authorized_keys > '$sshkeys'");
+				exec("echo '' >> '$sshkeys'");
+			
+				// add the user's key
+				exec("echo '$userkey' >> '$sshkeys'");
+				exec("echo '' >> '$sshkeys'");
+			}
+			// add the custom key 
+			exec("echo '$sshrsa' >> '$sshkeys'");
+			exec("echo '' >> '$sshkeys'");
+			
+			// set proper file permissions
+			exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
+			exec("chmod 600 '$sshkeys'");
+			
+			$this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);
+	}
 
 
 } // end class