Merge pull request hestiacp#1160 from hestiacp/staging/fixes

Staging/fixes

Author: ScIT-Raphael

CHANGELOG.md

@@ -42,6 +42,7 @@ All notable changes to this project will be documented in this file.
 - Fixed an issue with PHPMyAdmin button (#1078)
 - Changed WordPress name in Webapp installer (#1074)
 - Add a free disk space validation during backup routine (#1115)
+- Removed PHP validation SSH keys allowing support other types then RSA / DSA
 
 
 ## [1.2.3] - Service Release

func/upgrade.sh

@@ -246,7 +246,7 @@ upgrade_send_notification_to_panel () {
 upgrade_send_notification_to_email () {
     if [ "$UPGRADE_SEND_EMAIL" = "true" ]; then
         # Retrieve admin email address, sendmail path, and message temp file path
-        admin_email=$(v-list-user admin json | grep "CONTACT" | cut -d'"' -f4)
+        admin_email=$($HESTIA/bin/v-list-user admin json | grep "CONTACT" | cut -d'"' -f4)
         send_mail="$HESTIA/web/inc/mail-wrapper.php"
         message_tmp_file="/tmp/hestia-upgrade-complete.txt"
 

src/lxd_build_all.sh

@@ -14,7 +14,7 @@
 
 # Configs:
 oslist=('debian=9,10' 'ubuntu=16.04,18.04,20.04')
-branch='master'
+branch='main'
 
 
 function setup_container() {

src/lxd_compile.sh

@@ -1,10 +1,10 @@
 #!/bin/bash
 
-branch=${1-master}
+branch=${1-main}
 
 apt -y install curl wget
 
-curl https://raw.githubusercontent.com/hestiacp/hestiacp/master/src/hst_autocompile.sh > /tmp/hst_autocompile.sh
+curl https://raw.githubusercontent.com/hestiacp/hestiacp/main/src/hst_autocompile.sh > /tmp/hst_autocompile.sh
 chmod +x /tmp/hst_autocompile.sh
 
 mkdir -p /opt/hestiacp

web/add/key/index.php

@@ -5,39 +5,6 @@
 // Main include
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-//check for valid format ssh key. Doesn't check it is working!
-//https://gist.github.com/jupeter/3248095    
-function validateKey($value)
-{
-    $key_parts = explode(' ', $value, 3);
-    if (count($key_parts) < 2) {
-        return false;
-    }
-    if (count($key_parts) > 3) {
-        return false;
-    }
-    
-    $algorithm = $key_parts[0];
-    $key = $key_parts[1];
-    
-    if (!in_array($algorithm, array('ssh-rsa', 'ssh-dss'))) {
-        return false;
-    }
-    
-    $key_base64_decoded = base64_decode($key, true);
-    if ($key_base64_decoded == FALSE) {
-        return false;
-    }
-    
-    $check = base64_decode(substr($key,0,16));
-    $check = preg_replace("/[^\w\-]/","", $check);
-        
-    if((string) $check !== (string) $algorithm) {
-        return false;
-    }
-    return true;
-}
-
 // Check POST request
 if (!empty($_POST['ok'])) {
     // Check token
@@ -51,38 +18,30 @@ function validateKey($value)
     }
 
     if(!$_SESSION['error_msg']){
-        switch ($_POST['v_key']){
-            default: 
+        if($_POST){
             //key if key already exisits
             exec (HESTIA_CMD . "v-list-user-ssh-key ".$user." json", $output, $return_var);
             $data = json_decode(implode('', $output), true);
+            unset($output);
             $keylist = array();
             foreach($data as $key => $value){
                 $idlist[] = trim($data[$key]['ID']);
                 $keylist[] = trim($data[$key]['KEY']);
             }
-        
-            if(!validateKey($_POST['v_key'])){
-                $_SESSION['error_msg']  = _('SSH KEY is invalid');
-                break;
-            }
 
             $v_key_parts = explode(' ',$_POST['v_key']);
             $key_id = trim($v_key_parts[2]);
             if($v_key_parts[2] == ''){
                 $_SESSION['error_msg']  = _('SSH KEY is invalid');
-                break;
             }
 
             //for deleting / revoking key the last part user@domain is used therefore needs to be unique
             //maybe consider adding random generated message or even an human read able string set by user?
             if(in_array($v_key_parts[2], $idlist)){
                 $_SESSION['error_msg']  =  _('SSH KEY already exists');
-                break;
             }
             if(in_array($v_key_parts[1], $keylist)){
                 $_SESSION['error_msg']  =  _('SSH KEY already exists');
-                break;
             }
             $v_key = escapeshellarg(trim($_POST['v_key']));
         }
@@ -92,9 +51,7 @@ function validateKey($value)
         exec (HESTIA_CMD."v-add-user-ssh-key ".$user." ".$v_key, $output, $return_var);
         check_return_code($return_var,$output);
     }
-
     unset($output);
-
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
     $_SESSION['ok_msg'] = _('SSH KEY created');