From 11c488215620d12c1f79fc9b05deb9928d2cab39 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 16 Nov 2020 14:03:21 +0100
Subject: [sysconfig] SSH: Split pubkey and rest of config, add more options

Now we can have exactly one SSH-Config per sysconfig, which avoids
confusion due to config mismatch regarding "allow pw" and "port".
The install include takes care of splitting the key into a new module
for existing modules, but doesn't remove duplicate SshConfig modules
from sysconfigs, as this might lead to additional confusion. Next time
the user edits a sysconfig, they are forced to pick exactly one
SshConfig module.

The "allow password login" option was extended to allow password login
for non-root users only in addition to simply being "yes" or "no".
There's an additional option that can entirely limit the group of users
allowed to log in via SSH.
---
 modules-available/sysconfig/install.inc.php | 44 +++++++++++++++++++++++++++--
 1 file changed, 41 insertions(+), 3 deletions(-)

(limited to 'modules-available/sysconfig/install.inc.php')

diff --git a/modules-available/sysconfig/install.inc.php b/modules-available/sysconfig/install.inc.php
index ace5361b..fe6a8c09 100644
--- a/modules-available/sysconfig/install.inc.php
+++ b/modules-available/sysconfig/install.inc.php
@@ -120,17 +120,55 @@ if (!tableHasColumn('configtgz', 'warnings')) {
 }
 
 // ----- rebuild configs ------
-// TEMPORARY HACK; Rebuild configs.. move somewhere else?
+// PERMANENT HACK; Rebuild configs.. move somewhere else?
 Module::isAvailable('sysconfig');
 $list = ConfigModule::getAll();
+$parentTask = null;
+$configList = [];
 if ($list === false) {
-	EventLog::warning('Could not regenerate AD/LDAP configs - please do so manually');
+	EventLog::warning('Could not regenerate configs - please do so manually');
 } else {
 	foreach ($list as $ad) {
+		if ($ad->moduleType() === 'SshConfig') {
+			// 2020-11-12: Split SshConfig into SshConfig and SshKey
+			$pubkey = $ad->getData('publicKey');
+			if ($pubkey !== false && !empty($pubkey)) {
+				error_log('Legacy module with pubkey ' . $ad->id());
+				$key = ConfigModule::getInstance('SshKey');
+				if ($key !== false) {
+					$key->setData('publicKey', $pubkey);
+					if ($key->insert($ad->title())) {
+						// Insert worked, remove key from old module, add this module to the same configs
+						$task = $key->generate(false, $parentTask);
+						if ($task !== false) {
+							$parentTask = $task;
+						}
+						error_log('Inserted new module with id ' . $key->id());
+						$ad->setData('publicKey', false);
+						$ad->update();
+						$configs = ConfigTgz::getAllForModule($ad->id());
+						foreach ($configs as $config) {
+							// Add newly created key-only module to all configs
+							$new = array_merge($config->getModuleIds(), [$key->id()]);
+							error_log(implode(',', $config->getModuleIds()) . ' -> ' . implode(',', $new));
+							$config->update('', $new);
+							$configList[] = $config;
+						}
+					}
+				}
+			}
+		}
 		if ($ad->needRebuild()) {
-			$ad->generate(false);
+			$update[] = UPDATE_DONE;
+			$task = $ad->generate(false, $parentTask);
+			if ($task !== false) {
+				$parentTask = $task;
+			}
 		}
 	}
+	foreach ($configList as $config) {
+		$config->generate(false, 0, $parentTask);
+	}
 }
 
 // Create response for browser
-- 
cgit v1.2.3-55-g7522