diff options
| author | Simon Rettberg | 2020-11-16 14:03:21 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2020-11-16 14:03:21 +0100 |
| commit | 11c488215620d12c1f79fc9b05deb9928d2cab39 (patch) | |
| tree | d6d546f5c1729325482976587a232e1e7a0378fc /modules-available/sysconfig/install.inc.php | |
| parent | [statistics] Honor filters for clients with special mode (diff) | |
| download | slx-admin-11c488215620d12c1f79fc9b05deb9928d2cab39.tar.gz slx-admin-11c488215620d12c1f79fc9b05deb9928d2cab39.tar.xz slx-admin-11c488215620d12c1f79fc9b05deb9928d2cab39.zip | |
[sysconfig] SSH: Split pubkey and rest of config, add more options
Now we can have exactly one SSH-Config per sysconfig, which avoids
confusion due to config mismatch regarding "allow pw" and "port".
The install include takes care of splitting the key into a new module
for existing modules, but doesn't remove duplicate SshConfig modules
from sysconfigs, as this might lead to additional confusion. Next time
the user edits a sysconfig, they are forced to pick exactly one
SshConfig module.
The "allow password login" option was extended to allow password login
for non-root users only in addition to simply being "yes" or "no".
There's an additional option that can entirely limit the group of users
allowed to log in via SSH.
Diffstat (limited to 'modules-available/sysconfig/install.inc.php')
| -rw-r--r-- | modules-available/sysconfig/install.inc.php | 44 |
1 files changed, 41 insertions, 3 deletions
diff --git a/modules-available/sysconfig/install.inc.php b/modules-available/sysconfig/install.inc.php index ace5361b..fe6a8c09 100644 --- a/modules-available/sysconfig/install.inc.php +++ b/modules-available/sysconfig/install.inc.php @@ -120,17 +120,55 @@ if (!tableHasColumn('configtgz', 'warnings')) { } // ----- rebuild configs ------ -// TEMPORARY HACK; Rebuild configs.. move somewhere else? +// PERMANENT HACK; Rebuild configs.. move somewhere else? Module::isAvailable('sysconfig'); $list = ConfigModule::getAll(); +$parentTask = null; +$configList = []; if ($list === false) { - EventLog::warning('Could not regenerate AD/LDAP configs - please do so manually'); + EventLog::warning('Could not regenerate configs - please do so manually'); } else { foreach ($list as $ad) { + if ($ad->moduleType() === 'SshConfig') { + // 2020-11-12: Split SshConfig into SshConfig and SshKey + $pubkey = $ad->getData('publicKey'); + if ($pubkey !== false && !empty($pubkey)) { + error_log('Legacy module with pubkey ' . $ad->id()); + $key = ConfigModule::getInstance('SshKey'); + if ($key !== false) { + $key->setData('publicKey', $pubkey); + if ($key->insert($ad->title())) { + // Insert worked, remove key from old module, add this module to the same configs + $task = $key->generate(false, $parentTask); + if ($task !== false) { + $parentTask = $task; + } + error_log('Inserted new module with id ' . $key->id()); + $ad->setData('publicKey', false); + $ad->update(); + $configs = ConfigTgz::getAllForModule($ad->id()); + foreach ($configs as $config) { + // Add newly created key-only module to all configs + $new = array_merge($config->getModuleIds(), [$key->id()]); + error_log(implode(',', $config->getModuleIds()) . ' -> ' . implode(',', $new)); + $config->update('', $new); + $configList[] = $config; + } + } + } + } + } if ($ad->needRebuild()) { - $ad->generate(false); + $update[] = UPDATE_DONE; + $task = $ad->generate(false, $parentTask); + if ($task !== false) { + $parentTask = $task; + } } } + foreach ($configList as $config) { + $config->generate(false, 0, $parentTask); + } } // Create response for browser |