ghzhost
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎bin/v-add-user-ssh-key‎
Lines changed: 65 additions & 0 deletions b/‎bin/v-add-user-ssh-key‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎bin/v-delete-user-ssh-key‎
Lines changed: 54 additions & 0 deletions b/‎bin/v-delete-user-ssh-key‎
Lines changed: 54 additions & 0 deletions
diff --git a/‎bin/v-list-user-ssh-key‎
Lines changed: 111 additions & 0 deletions b/‎bin/v-list-user-ssh-key‎
Lines changed: 111 additions & 0 deletions
diff --git a/‎web/add/key/index.php‎
Lines changed: 109 additions & 0 deletions b/‎web/add/key/index.php‎
Lines changed: 109 additions & 0 deletions
diff --git a/‎web/delete/key/index.php‎
Lines changed: 34 additions & 0 deletions b/‎web/delete/key/index.php‎
Lines changed: 34 additions & 0 deletions
@@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file.
 - Added support for resolving ip addresses based on geoip database for Awstats
 - Added Roundcube plugins newmail_notifier and zipdownload.
 - Added HELO support for multiple domains and IPs.
+- Add the possibility to manage ssh keys in the backend.
 
 ### Bugfixes
 - Do not allow to show apache2 server-status page from public.
 
@@ -0,0 +1,65 @@
+#!/bin/bash
+# info: add ssh key
+# options: USER key
+#
+# Function check if $user/.ssh/authorized_keys exists and create it
+# After that it append the new key(s)
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+
+# Argument definition
+user=$1
+key=$2
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+# Additional argument formatting
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+is_format_valid 'user'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Reading user values
+source $USER_DATA/user.conf
+#check if file exits
+AUTHKEY_FILE=$HOMEDIR/$user/.ssh/authorized_keys
+if [ ! -f "$AUTHKEY_FILE" ]; then
+    touch "$AUTHKEY_FILE"
+    chown ${user}: "${AUTHKEY_FILE}"
+fi
+TEMP=$(mktemp)
+echo "$key" >> "$TEMP"
+ssh-keygen -l -f "$TEMP"
+if [ ! $? -eq 0 ]; then
+    rm "$TEMP"
+    exit
+fi
+rm "$TEMP"
+#append key to file
+echo "$key" >> "$AUTHKEY_FILE"
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Logging
+log_history "added ssh-key $user"
+log_event "$OK" "$ARGUMENTS"
+
+exit
@@ -0,0 +1,54 @@
+#!/bin/bash
+# info: add ssh key
+# options: USER key
+#
+# Function check if $user/.ssh/authorized_keys exists and create it
+# After that it append the new key(s)
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+keyid=$2
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+# Additional argument formatting
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+is_format_valid 'user'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+source $USER_DATA/user.conf
+
+FILE=$HOMEDIR/$user/.ssh/authorized_keys
+if [ ! -f "$FILE" ]; then
+    exit;
+fi
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+sed -i "/${keyid}/d" "$FILE"
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Logging
+log_history "DELETE ssh-key $user"
+log_event "$OK" "$ARGUMENTS"
+
+exit
@@ -0,0 +1,111 @@
+#!/bin/bash
+# info: add ssh key
+# options: USER 
+#
+# Lists $user/.ssh/authorized_keys
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+
+# Argument definition
+user=$1
+
+format=${2-shell}
+
+# Includes
+source $HESTIA/func/main.sh
+
+# JSON list function
+json_list() {
+    IFS=$'\n'
+    i=1
+    objects=$(echo "$keys" |wc -l)
+    echo "{"
+        for str in $keys; do
+        KEY=$(echo $str | awk '{print $(NF-1)}')
+        ID=$(echo $str | awk '{print $NF}')
+        echo -n '    "'$ID'": {
+        "ID": "'$ID'",
+        "KEY": "'$KEY'"
+        }'
+        if [ "$i" -lt "$objects" ]; then
+            echo ','
+        else
+            echo
+        fi
+        ((i++))
+        done		
+        echo "}"   
+}
+
+shell_list() {
+    IFS=$'\n'
+    echo "ID~KEY"
+    echo "----~----~---"
+    for str in $keys; do
+        KEY=$(echo $str | awk '{print $(NF-1)}')
+        ID=$(echo $str | awk '{print $NF}')
+        echo "$ID~$KEY"
+        done
+}
+
+# PLAIN list function
+plain_list() {
+    IFS=$'\n'
+    for str in $keys; do
+        KEY=$(echo $str | awk '{print $(NF-1)}')
+        ID=$(echo $str | awk '{print $NF}')
+        echo -e "$ID\t$KEY"
+    done
+}
+
+# CSV list function
+csv_list() {
+    IFS=$'\n'
+    echo "ID,KEY"
+    for str in $keys; do
+        KEY=$(echo $str | awk '{print $(NF-1)}')
+        ID=$(echo $str | awk '{print $NF}')
+        echo "\"$ID\",\"$KEY\""
+    done
+}
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+is_format_valid 'user'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+#check if file exsists
+
+if [ ! -f "$HOMEDIR/$user/.ssh/authorized_keys" ]; then
+    exit
+fi
+# Parsing backup config
+#cat "$HOMEDIR/$user/.ssh/authorized_keys"
+keys=$(cat "$HOMEDIR/$user/.ssh/authorized_keys")
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list |column -t ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Logging
+
+exit
@@ -0,0 +1,109 @@
+<?php
+error_reporting(E_ALL);
+$TAB = 'USER';
+
+// Main include
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
+//check for valid format ssh key. Doesn't check it is working!
+//https://gist.github.com/jupeter/3248095    
+function validateKey($value)
+{
+    $key_parts = explode(' ', $value, 3);
+    if (count($key_parts) < 2) {
+        return false;
+    }
+    if (count($key_parts) > 3) {
+        return false;
+    }
+    
+    $algorithm = $key_parts[0];
+    $key = $key_parts[1];
+    
+    if (!in_array($algorithm, array('ssh-rsa', 'ssh-dss'))) {
+        return false;
+    }
+    
+    $key_base64_decoded = base64_decode($key, true);
+    if ($key_base64_decoded == FALSE) {
+        return false;
+    }
+    
+    $check = base64_decode(substr($key,0,16));
+    $check = preg_replace("/[^\w\-]/","", $check);
+        
+    if((string) $check !== (string) $algorithm) {
+        return false;
+    }
+    return true;
+}
+
+// Check POST request
+if (!empty($_POST['ok'])) {
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+    
+    if (empty($_POST['v_key'])){ 
+        $_SESSION['error_msg'] = __('Field SSH_KEY can not be blank.');
+    }
+    
+    if(!$_SESSION['error_msg']){
+        switch ($_POST['v_key']){
+            default: 
+            //key if key already exisits
+            exec (HESTIA_CMD . "v-list-user-ssh-key ".$user." json", $output, $return_var);
+            $data = json_decode(implode('', $output), true);
+            $keylist = array();
+            foreach($data as $key => $value){
+                $idlist[] = trim($data[$key]['ID']);
+                $keylist[] = trim($data[$key]['KEY']);
+            }
+        
+            if(!validateKey($_POST['v_key'])){
+                $_SESSION['error_msg']  = __('SSH KEY is invalid');
+                break;
+            }
+    
+            $v_key_parts = explode(' ',$_POST['v_key']);
+            $key_id = trim($v_key_parts[2]);
+            if($v_key_parts[2] == ''){
+                $_SESSION['error_msg']  = __('SSH KEY is invalid');
+                break;
+            }
+    
+            //for deleting / revoking key the last part user@domain is used therefore needs to be unique
+            //maybe consider adding random generated message or even an human read able string set by user?
+            if(in_array($v_key_parts[2], $idlist)){
+                $_SESSION['error_msg']  =  __('SSH KEY already exists');
+                break;
+            }
+            if(in_array($v_key_parts[1], $keylist)){
+                $_SESSION['error_msg']  =  __('SSH KEY already exists');
+                break;
+            }
+            $v_key = escapeshellarg(trim($_POST['v_key']));
+        }
+    }
+        
+    if (empty($_SESSION['error_msg'])) {
+        exec (HESTIA_CMD."v-add-user-ssh-key ".$user." ".$v_key, $output, $return_var);
+        check_return_code($return_var,$output);
+    }
+
+    unset($output);
+
+    // Flush field values on success
+    if (empty($_SESSION['error_msg'])) {
+    $_SESSION['ok_msg'] = __('SSH KEY created');
+    }
+
+}
+
+render_page($user, $TAB, 'add_key');
+
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);    
@@ -0,0 +1,34 @@
+<?php
+// Init
+error_reporting(NULL);
+ob_start();
+session_start();
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
+if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
+    $user=$_GET['user'];;
+}
+
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
+if (!empty($_GET['key'])) {
+    $v_key = escapeshellarg(trim($_GET['key']));
+    $v_key = str_replace('/','\\/', $v_key);
+    exec (HESTIA_CMD."v-delete-user-ssh-key ".$user." ".$v_key);
+    check_return_code($return_var,$output);
+}
+
+unset($output);
+
+//die();
+$back = $_SESSION['back'];
+if (!empty($back)) {
+    header("Location: ".$back);
+    exit;
+}
+header("Location: /list/key/");
+exit;