Update on certificte ssh-rsa authentication. Under construction are the shell plugins.

laking · laking · commit 28a1b864972e · 2011-04-05T01:33:44.000Z
diff --git a/install/sql/incremental/upd_0008.sql b/install/sql/incremental/upd_0008.sql
@@ -1,4 +1,4 @@
 -- database patch for rsa-key based shell access.
-ALTER TABLE `sys_user` ADD `id_rsa` VARCHAR( 2000 ) NOT NULL ;
-ALTER TABLE `sys_user` ADD `ssh_rsa` VARCHAR( 600 ) NOT NULL ;
+ALTER TABLE `client` ADD `id_rsa` VARCHAR( 2000 ) NOT NULL ;
+ALTER TABLE `client` ADD `ssh_rsa` VARCHAR( 600 ) NOT NULL ;
 ALTER TABLE `shell_user` ADD `ssh_rsa` VARCHAR( 600 ) NOT NULL ;
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
@@ -112,6 +112,8 @@ CREATE TABLE `client` (
   `template_master` int(11) unsigned NOT NULL default '0',
   `template_additional` varchar(255) NOT NULL default '',
   `created_at` bigint(20) DEFAULT NULL,
+  `id_rsa` VARCHAR( 2000 ) NOT NULL default '',
+  `ssh_rsa` VARCHAR( 600 ) NOT NULL default '',
   PRIMARY KEY  (`client_id`)
 ) ENGINE=MyISAM AUTO_INCREMENT=1;
 
@@ -1071,8 +1073,7 @@ CREATE TABLE `sys_user` (
   `groups` varchar(255) NOT NULL default '',
   `default_group` int(11) unsigned NOT NULL default '0',
   `client_id` int(11) unsigned NOT NULL default '0',
-  `id_rsa` VARCHAR( 2000 ) NOT NULL default '',
-  `ssh_rsa` VARCHAR( 600 ) NOT NULL default '',
+
   PRIMARY KEY  (`userid`)
 ) ENGINE=MyISAM AUTO_INCREMENT=1;
 
diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php
@@ -152,15 +152,12 @@ function onAfterInsert() {
 		
 		//Generate ssh-rsa-keys
 		exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
-		
-		$privatekey = file_get_contents('/tmp/id_rsa');
-		$publickey  = file_get_contents('/tmp/id_rsa.pub');
-		
+		$app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".file_get_contents('/tmp/id_rsa.pub')."' WHERE client_id = ".$this->id;
 		exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
-
+		
 		// Create the controlpaneluser for the client
-		$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id,id_rsa,ssh_rsa)
-		VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.",'$privatekey','$publickey')";
+		$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
+		VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
 		$app->db->query($sql);
 		
 		//* If the user who inserted the client is a reseller (not admin), we will have to add this new client group 
@@ -170,7 +167,7 @@ function onAfterInsert() {
 			$app->db->query("UPDATE client SET parent_client_id = ".intval($_SESSION['s']['user']['client_id'])." WHERE client_id = ".$this->id);
 		}
 		
-		$app->db->query("UPDATE client SET created_at = ".time()." WHERE client_id = ".$this->id);
+		
 
 		/* If there is a client-template, process it */
 		applyClientTemplates($this->id);
diff --git a/interface/web/tools/form/user_settings.tform.php b/interface/web/tools/form/user_settings.tform.php
@@ -139,7 +139,7 @@
 			'formtype'	=> 'TEXT',
 			'default'	=> '',
 			'datasource'	=> array ( 	'type'	=> 'SQL',
-										'querystring' => 'SELECT id_rsa FROM sys_user WHERE {AUTHSQL}',
+										'querystring' => 'SELECT id_rsa FROM client WHERE {AUTHSQL}',
 										'valuefield'=> 'id_rsa'
 									 ),
 			'value'		=> ''
@@ -149,7 +149,7 @@
 			'formtype'	=> 'TEXT',
 			'default'	=> '',
 			'datasource'	=> array ( 	'type'	=> 'SQL',
-										'querystring' => 'SELECT ssh_rsa FROM sys_user WHERE {AUTHSQL}',
+										'querystring' => 'SELECT ssh_rsa FROM client WHERE {AUTHSQL}',
 										'valuefield'=> 'ssh_rsa'
 									 ),
 			'value'		=> ''
diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -195,13 +195,17 @@ function delete($event_name,$data) {
 	}
 	
 	function _setup_ssh_rsa() {
-
+			//global $app, $conf;
+			//$app->uses('system');
+			// Okay, here we have a question, .. how to determine the client id
+			//$var = "Var:".intval($this->app->system->getuid($this->data['new']['puser']));
+			//exec("echo $var >> /tmp/debug");
+			/*
 			// ssh-rsa authentication variables
 			$sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
 			$usrdir = escapeshellcmd($this->data['new']['dir']);
 			$sshdir = escapeshellcmd($this->data['new']['dir']).'/.ssh';
 			$sshkeys= escapeshellcmd($this->data['new']['dir']).'/.ssh/authorized_keys';
-			global $app;
 			
 			// determine the client id
 			$id = $this->data['new']['sys_groupid'];
@@ -213,19 +217,12 @@ function _setup_ssh_rsa() {
 			
 			// If this user has no key yet, generate a pair
 			if ($userkey == '') 
-			{
+			{		
 				//Generate ssh-rsa-keys
 				exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
-				
-				$privatekey = file_get_contents('/tmp/id_rsa');
-				$publickey  = file_get_contents('/tmp/id_rsa.pub');
-				
+				$app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".file_get_contents('/tmp/id_rsa.pub')."' WHERE client_id = ".$this->id;
 				exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
 				
-				// Set the missing keypair
-				$app->db->query("UPDATE sys_user SET id_rsa='$privatekey' ,ssh_rsa='$publickey' WHERE client_id = ".$id);
-				$userkey = $publickey;
-				
 				$this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);
 			
 			};
@@ -248,7 +245,7 @@ function _setup_ssh_rsa() {
 			// set proper file permissions
 			exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
 			exec("chmod 600 '$sshkeys'");
-			
+			*/
 			$this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);
 	}
 	
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -272,7 +272,7 @@ function _add_jailkit_user()
 			chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['pgroup']);
 				
 			$this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);
-			
+			/*
 			// ssh-rsa authentication variables
 			$sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
 			$usrdir = escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome;
@@ -327,7 +327,7 @@ function _add_jailkit_user()
 			exec("chmod 600 '$sshkeys'");
 			
 			$this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);
-
+			*/
 	}
 	
 	//* Update the website root directory permissions depending on the security level
