Skip to content

Commit 28a1b86

Browse files
author
laking
committed
Update on certificte ssh-rsa authentication. Under construction are the shell plugins.
1 parent 892f21a commit 28a1b86

6 files changed

Lines changed: 23 additions & 28 deletions

File tree

install/sql/incremental/upd_0008.sql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
-- database patch for rsa-key based shell access.
2-
ALTER TABLE `sys_user` ADD `id_rsa` VARCHAR( 2000 ) NOT NULL ;
3-
ALTER TABLE `sys_user` ADD `ssh_rsa` VARCHAR( 600 ) NOT NULL ;
2+
ALTER TABLE `client` ADD `id_rsa` VARCHAR( 2000 ) NOT NULL ;
3+
ALTER TABLE `client` ADD `ssh_rsa` VARCHAR( 600 ) NOT NULL ;
44
ALTER TABLE `shell_user` ADD `ssh_rsa` VARCHAR( 600 ) NOT NULL ;

install/sql/ispconfig3.sql

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,8 @@ CREATE TABLE `client` (
112112
`template_master` int(11) unsigned NOT NULL default '0',
113113
`template_additional` varchar(255) NOT NULL default '',
114114
`created_at` bigint(20) DEFAULT NULL,
115+
`id_rsa` VARCHAR( 2000 ) NOT NULL default '',
116+
`ssh_rsa` VARCHAR( 600 ) NOT NULL default '',
115117
PRIMARY KEY (`client_id`)
116118
) ENGINE=MyISAM AUTO_INCREMENT=1;
117119

@@ -1071,8 +1073,7 @@ CREATE TABLE `sys_user` (
10711073
`groups` varchar(255) NOT NULL default '',
10721074
`default_group` int(11) unsigned NOT NULL default '0',
10731075
`client_id` int(11) unsigned NOT NULL default '0',
1074-
`id_rsa` VARCHAR( 2000 ) NOT NULL default '',
1075-
`ssh_rsa` VARCHAR( 600 ) NOT NULL default '',
1076+
10761077
PRIMARY KEY (`userid`)
10771078
) ENGINE=MyISAM AUTO_INCREMENT=1;
10781079

interface/web/client/client_edit.php

Lines changed: 5 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -152,15 +152,12 @@ function onAfterInsert() {
152152

153153
//Generate ssh-rsa-keys
154154
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
155-
156-
$privatekey = file_get_contents('/tmp/id_rsa');
157-
$publickey = file_get_contents('/tmp/id_rsa.pub');
158-
155+
$app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".file_get_contents('/tmp/id_rsa.pub')."' WHERE client_id = ".$this->id;
159156
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
160-
157+
161158
// Create the controlpaneluser for the client
162-
$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id,id_rsa,ssh_rsa)
163-
VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.",'$privatekey','$publickey')";
159+
$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
160+
VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
164161
$app->db->query($sql);
165162

166163
//* If the user who inserted the client is a reseller (not admin), we will have to add this new client group
@@ -170,7 +167,7 @@ function onAfterInsert() {
170167
$app->db->query("UPDATE client SET parent_client_id = ".intval($_SESSION['s']['user']['client_id'])." WHERE client_id = ".$this->id);
171168
}
172169

173-
$app->db->query("UPDATE client SET created_at = ".time()." WHERE client_id = ".$this->id);
170+
174171

175172
/* If there is a client-template, process it */
176173
applyClientTemplates($this->id);

interface/web/tools/form/user_settings.tform.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,7 @@
139139
'formtype' => 'TEXT',
140140
'default' => '',
141141
'datasource' => array ( 'type' => 'SQL',
142-
'querystring' => 'SELECT id_rsa FROM sys_user WHERE {AUTHSQL}',
142+
'querystring' => 'SELECT id_rsa FROM client WHERE {AUTHSQL}',
143143
'valuefield'=> 'id_rsa'
144144
),
145145
'value' => ''
@@ -149,7 +149,7 @@
149149
'formtype' => 'TEXT',
150150
'default' => '',
151151
'datasource' => array ( 'type' => 'SQL',
152-
'querystring' => 'SELECT ssh_rsa FROM sys_user WHERE {AUTHSQL}',
152+
'querystring' => 'SELECT ssh_rsa FROM client WHERE {AUTHSQL}',
153153
'valuefield'=> 'ssh_rsa'
154154
),
155155
'value' => ''

server/plugins-available/shelluser_base_plugin.inc.php

Lines changed: 9 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -195,13 +195,17 @@ function delete($event_name,$data) {
195195
}
196196

197197
function _setup_ssh_rsa() {
198-
198+
//global $app, $conf;
199+
//$app->uses('system');
200+
// Okay, here we have a question, .. how to determine the client id
201+
//$var = "Var:".intval($this->app->system->getuid($this->data['new']['puser']));
202+
//exec("echo $var >> /tmp/debug");
203+
/*
199204
// ssh-rsa authentication variables
200205
$sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
201206
$usrdir = escapeshellcmd($this->data['new']['dir']);
202207
$sshdir = escapeshellcmd($this->data['new']['dir']).'/.ssh';
203208
$sshkeys= escapeshellcmd($this->data['new']['dir']).'/.ssh/authorized_keys';
204-
global $app;
205209
206210
// determine the client id
207211
$id = $this->data['new']['sys_groupid'];
@@ -213,19 +217,12 @@ function _setup_ssh_rsa() {
213217
214218
// If this user has no key yet, generate a pair
215219
if ($userkey == '')
216-
{
220+
{
217221
//Generate ssh-rsa-keys
218222
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
219-
220-
$privatekey = file_get_contents('/tmp/id_rsa');
221-
$publickey = file_get_contents('/tmp/id_rsa.pub');
222-
223+
$app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".file_get_contents('/tmp/id_rsa.pub')."' WHERE client_id = ".$this->id;
223224
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
224225
225-
// Set the missing keypair
226-
$app->db->query("UPDATE sys_user SET id_rsa='$privatekey' ,ssh_rsa='$publickey' WHERE client_id = ".$id);
227-
$userkey = $publickey;
228-
229226
$this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);
230227
231228
};
@@ -248,7 +245,7 @@ function _setup_ssh_rsa() {
248245
// set proper file permissions
249246
exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
250247
exec("chmod 600 '$sshkeys'");
251-
248+
*/
252249
$this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);
253250
}
254251

server/plugins-available/shelluser_jailkit_plugin.inc.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -272,7 +272,7 @@ function _add_jailkit_user()
272272
chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['pgroup']);
273273

274274
$this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);
275-
275+
/*
276276
// ssh-rsa authentication variables
277277
$sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
278278
$usrdir = escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome;
@@ -327,7 +327,7 @@ function _add_jailkit_user()
327327
exec("chmod 600 '$sshkeys'");
328328
329329
$this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);
330-
330+
*/
331331
}
332332

333333
//* Update the website root directory permissions depending on the security level

0 commit comments

Comments
 (0)