From 11c488215620d12c1f79fc9b05deb9928d2cab39 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 16 Nov 2020 14:03:21 +0100
Subject: [sysconfig] SSH: Split pubkey and rest of config, add more options

Now we can have exactly one SSH-Config per sysconfig, which avoids
confusion due to config mismatch regarding "allow pw" and "port".
The install include takes care of splitting the key into a new module
for existing modules, but doesn't remove duplicate SshConfig modules
from sysconfigs, as this might lead to additional confusion. Next time
the user edits a sysconfig, they are forced to pick exactly one
SshConfig module.

The "allow password login" option was extended to allow password login
for non-root users only in addition to simply being "yes" or "no".
There's an additional option that can entirely limit the group of users
allowed to log in via SSH.
---
 .../sysconfig/addmodule_sshkey.inc.php             | 72 ++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 modules-available/sysconfig/addmodule_sshkey.inc.php

(limited to 'modules-available/sysconfig/addmodule_sshkey.inc.php')

diff --git a/modules-available/sysconfig/addmodule_sshkey.inc.php b/modules-available/sysconfig/addmodule_sshkey.inc.php
new file mode 100644
index 00000000..b5ab4ad6
--- /dev/null
+++ b/modules-available/sysconfig/addmodule_sshkey.inc.php
@@ -0,0 +1,72 @@
+<?php
+
+/*
+ * Wizard for configuring the sshd (client side).
+ */
+
+class SshKey_Start extends AddModule_Base
+{
+
+	protected function renderInternal()
+	{
+		if ($this->edit !== false) {
+			$data = $this->edit->getData(false) + array(
+					'title' => $this->edit->title(),
+					'edit' => $this->edit->id(),
+				);
+		} else {
+			$data = array();
+		}
+		Render::addDialog(Dictionary::translateFile('config-module', 'sshkey_title'), false, 'sshkey-start', $data + array(
+				'step' => 'SshKey_Finish',
+			));
+	}
+
+}
+
+class SshKey_Finish extends AddModule_Base
+{
+
+	protected function preprocessInternal()
+	{
+		$title = Request::post('title');
+		if (empty($title)) {
+			Message::addError('missing-title');
+			return;
+		}
+		// Seems ok, create entry
+		if ($this->edit === false) {
+			$module = ConfigModule::getInstance('SshKey');
+		} else {
+			$module = $this->edit;
+		}
+		if ($module === false) {
+			Message::addError('main.error-read', 'sshkey.inc.php');
+			Util::redirect('?do=SysConfig&action=addmodule&step=SshKey_Start');
+		}
+		if (!$module->setData('publicKey', Request::post('publicKey'))) {
+			Message::addError('main.value-invalid', 'pubkey', Request::post('publicKey'));
+			Util::redirect('?do=SysConfig&action=addmodule&step=SshKey_Start');
+		}
+		if ($this->edit !== false) {
+			$ret = $module->update($title);
+		} else {
+			$ret = $module->insert($title);
+		}
+		if (!$ret) {
+			Util::redirect('?do=SysConfig&action=addmodule&step=SshKey_Start');
+		} elseif (!$module->generate($this->edit === false, NULL, 200)) {
+			Util::redirect('?do=SysConfig&action=addmodule&step=SshKey_Start');
+		}
+		// Yay
+		if ($this->edit !== false) {
+			Message::addSuccess('module-edited');
+		} else {
+			Message::addSuccess('module-added');
+			AddModule_Base::setStep('AddModule_Assign', $module->id());
+			return;
+		}
+		Util::redirect('?do=SysConfig');
+	}
+
+}
-- 
cgit v1.2.3-55-g7522