From 11c488215620d12c1f79fc9b05deb9928d2cab39 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 16 Nov 2020 14:03:21 +0100
Subject: [sysconfig] SSH: Split pubkey and rest of config, add more options

Now we can have exactly one SSH-Config per sysconfig, which avoids
confusion due to config mismatch regarding "allow pw" and "port".
The install include takes care of splitting the key into a new module
for existing modules, but doesn't remove duplicate SshConfig modules
from sysconfigs, as this might lead to additional confusion. Next time
the user edits a sysconfig, they are forced to pick exactly one
SshConfig module.

The "allow password login" option was extended to allow password login
for non-root users only in addition to simply being "yes" or "no".
There's an additional option that can entirely limit the group of users
allowed to log in via SSH.
---
 modules-available/sysconfig/addmodule_sshconfig.inc.php | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'modules-available/sysconfig/addmodule_sshconfig.inc.php')

diff --git a/modules-available/sysconfig/addmodule_sshconfig.inc.php b/modules-available/sysconfig/addmodule_sshconfig.inc.php
index 495ba2a9..4a75d77e 100644
--- a/modules-available/sysconfig/addmodule_sshconfig.inc.php
+++ b/modules-available/sysconfig/addmodule_sshconfig.inc.php
@@ -13,10 +13,14 @@ class SshConfig_Start extends AddModule_Base
 			$data = $this->edit->getData(false) + array(
 				'title' => $this->edit->title(),
 				'edit' => $this->edit->id(),
-				'apl' => $this->edit->getData('allowPasswordLogin') === 'yes'
+				'PWD_' . strtoupper($this->edit->getData('allowPasswordLogin')) . '_selected' => 'selected',
+				'USR_' . strtoupper($this->edit->getData('allowedUsersLogin')) . '_selected' => 'selected',
 			);
 		} else {
-			$data = array();
+			$data = array(
+				'PWD_NO_selected' => 'selected',
+				'USR_ROOT_ONLY_selected' => 'selected',
+			);
 		}
 		Render::addDialog(Dictionary::translateFile('config-module', 'sshconfig_title'), false, 'sshconfig-start', $data + array(
 			'step' => 'SshConfig_Finish',
@@ -44,7 +48,8 @@ class SshConfig_Finish extends AddModule_Base
 			Message::addError('main.error-read', 'sshconfig.inc.php');
 			Util::redirect('?do=SysConfig&action=addmodule&step=SshConfig_Start');
 		}
-		$module->setData('allowPasswordLogin', Request::post('allowPasswordLogin') === 'yes');
+		$module->setData('allowPasswordLogin', Request::post('allowPasswordLogin'));
+		$module->setData('allowedUsersLogin', Request::post('allowedUsersLogin'));
 		$port = Request::post('listenPort', '');
 		if ($port === '') {
 			$port = 22;
@@ -53,10 +58,7 @@ class SshConfig_Finish extends AddModule_Base
 			Message::addError('main.value-invalid', 'port', Request::post('listenPort'));
 			Util::redirect('?do=SysConfig&action=addmodule&step=SshConfig_Start');
 		}
-		if (!$module->setData('publicKey', Request::post('publicKey'))) {
-			Message::addError('main.value-invalid', 'pubkey', Request::post('publicKey'));
-			Util::redirect('?do=SysConfig&action=addmodule&step=SshConfig_Start');
-		}
+		$module->setData('publicKey', false);
 		if ($this->edit !== false)
 			$ret = $module->update($title);
 		else
-- 
cgit v1.2.3-55-g7522