diff options
| author | Simon Rettberg | 2020-11-16 14:03:21 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2020-11-16 14:03:21 +0100 |
| commit | 11c488215620d12c1f79fc9b05deb9928d2cab39 (patch) | |
| tree | d6d546f5c1729325482976587a232e1e7a0378fc /modules-available/sysconfig/inc/configmodule/sshconfig.inc.php | |
| parent | [statistics] Honor filters for clients with special mode (diff) | |
| download | slx-admin-11c488215620d12c1f79fc9b05deb9928d2cab39.tar.gz slx-admin-11c488215620d12c1f79fc9b05deb9928d2cab39.tar.xz slx-admin-11c488215620d12c1f79fc9b05deb9928d2cab39.zip | |
[sysconfig] SSH: Split pubkey and rest of config, add more options
Now we can have exactly one SSH-Config per sysconfig, which avoids
confusion due to config mismatch regarding "allow pw" and "port".
The install include takes care of splitting the key into a new module
for existing modules, but doesn't remove duplicate SshConfig modules
from sysconfigs, as this might lead to additional confusion. Next time
the user edits a sysconfig, they are forced to pick exactly one
SshConfig module.
The "allow password login" option was extended to allow password login
for non-root users only in addition to simply being "yes" or "no".
There's an additional option that can entirely limit the group of users
allowed to log in via SSH.
Diffstat (limited to 'modules-available/sysconfig/inc/configmodule/sshconfig.inc.php')
| -rw-r--r-- | modules-available/sysconfig/inc/configmodule/sshconfig.inc.php | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/modules-available/sysconfig/inc/configmodule/sshconfig.inc.php b/modules-available/sysconfig/inc/configmodule/sshconfig.inc.php index 9975f789..b5ab20e4 100644 --- a/modules-available/sysconfig/inc/configmodule/sshconfig.inc.php +++ b/modules-available/sysconfig/inc/configmodule/sshconfig.inc.php @@ -5,7 +5,7 @@ ConfigModule::registerModule( Dictionary::translateFileModule('sysconfig', 'config-module', 'sshconfig_title'), // Title Dictionary::translateFileModule('sysconfig', 'config-module', 'sshconfig_description'), // Description Dictionary::translateFileModule('sysconfig', 'config-module', 'group_sshconfig'), // Group - false, // Only one per config? + true, // Only one per config? 500 ); @@ -23,7 +23,6 @@ class ConfigModule_SshConfig extends ConfigModule 'failOnParentFail' => false, 'parent' => $parent ); - // Create config module, which will also check if the pubkey is valid return Taskmanager::submit('SshdConfigGenerator', $config); } @@ -34,25 +33,40 @@ class ConfigModule_SshConfig extends ConfigModule protected function validateConfig() { - return isset($this->moduleData['publicKey']) && isset($this->moduleData['allowPasswordLogin']) && isset($this->moduleData['listenPort']); + // UPGRADE + if (isset($this->moduleData['allowPasswordLogin']) && !isset($this->moduleData['allowedUsersLogin'])) { + $this->moduleData['allowPasswordLogin'] = strtoupper($this->moduleData['allowPasswordLogin']); + if (!in_array($this->moduleData['allowPasswordLogin'], ['NO', 'USER_ONLY', 'YES'])) { + $this->moduleData['allowPasswordLogin'] = 'NO'; + } + $this->moduleData['allowedUsersLogin'] = 'ALL'; + } + return isset($this->moduleData['allowPasswordLogin']) && isset($this->moduleData['allowedUsersLogin']) + && isset($this->moduleData['listenPort']); } public function setData($key, $value) { switch ($key) { case 'publicKey': - break; + if ($value === false) { + error_log('Unsetting publicKey'); + unset($this->moduleData[$key]); + return true; + } + return false; case 'allowPasswordLogin': - if ($value === true || $value === 'yes') - $value = 'yes'; - elseif ($value === false || $value === 'no') - $value = 'no'; - else + if (!in_array($value, ['NO', 'USER_ONLY', 'YES'])) + return false; + break; + case 'allowedUsersLogin'; + if (!in_array($value, ['ROOT_ONLY', 'USER_ONLY', 'ALL'])) return false; break; case 'listenPort': if (!is_numeric($value) || $value < 1 || $value > 65535) return false; + $value = (int)$value; break; default: return false; |