diff options
author | Simon Rettberg | 2020-11-16 14:12:14 +0100 |
---|---|---|
committer | Simon Rettberg | 2020-11-16 14:12:14 +0100 |
commit | c89a5a97944d83d021708d20424e7de3dd261ff7 (patch) | |
tree | 7366d725636e2b67cc58cd68c00df08112af4ba4 /src/main/java | |
parent | [RecompressArchive] Properly implement duplicate filename detection (diff) | |
download | tmlite-bwlp-c89a5a97944d83d021708d20424e7de3dd261ff7.tar.gz tmlite-bwlp-c89a5a97944d83d021708d20424e7de3dd261ff7.tar.xz tmlite-bwlp-c89a5a97944d83d021708d20424e7de3dd261ff7.zip |
[SshConfigGenerator] Adapt to changed config from slx-admin
Diffstat (limited to 'src/main/java')
-rw-r--r-- | src/main/java/org/openslx/taskmanager/tasks/SshdConfigGenerator.java | 73 |
1 files changed, 60 insertions, 13 deletions
diff --git a/src/main/java/org/openslx/taskmanager/tasks/SshdConfigGenerator.java b/src/main/java/org/openslx/taskmanager/tasks/SshdConfigGenerator.java index fff70ca..cb66038 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/SshdConfigGenerator.java +++ b/src/main/java/org/openslx/taskmanager/tasks/SshdConfigGenerator.java @@ -14,12 +14,23 @@ import com.google.gson.annotations.Expose; public class SshdConfigGenerator extends AbstractTask { + + private static enum PasswordLogin + { + NO, USER_ONLY, YES + }; + + private static enum AllowUsers + { + ROOT_ONLY, USER_ONLY, ALL + } + @Expose private int listenPort = 0; @Expose - private String allowPasswordLogin = "no"; + private PasswordLogin allowPasswordLogin; @Expose - private String publicKey = ""; + private AllowUsers allowedUsersLogin; @Expose private String filename = null; @@ -29,14 +40,18 @@ public class SshdConfigGenerator extends AbstractTask protected boolean initTask() { this.setStatusObject( status ); - if ( !Util.isAllowedDir( this.filename ) ) + if ( !Util.isAllowedDir( this.filename ) ) { status.error = "Invalid directory for " + this.filename; - if ( allowPasswordLogin == null || ( !allowPasswordLogin.equals( "yes" ) && !allowPasswordLogin.equals( "no" ) ) ) - status.error = "Invalid value for allowPasswordLogin: " + allowPasswordLogin; - if ( listenPort > 65535 || listenPort < 1 ) + } + if ( allowPasswordLogin == null ) { + status.error = "Invalid value for allowPasswordLogin"; + } + if ( allowedUsersLogin == null ) { + status.error = "Invalid value for allowedUsersLogin"; + } + if ( listenPort > 65535 || listenPort < 1 ) { status.error = "Invalid value for listenPort: " + listenPort; - if ( publicKey != null && !publicKey.isEmpty() && !publicKey.matches( "^[a-z0-9\\-]+ [A-Za-z0-9=/\\+]+ .*" ) ) - status.error = "Invalid public key: '" + publicKey + "'"; + } return status.error == null; } @@ -53,8 +68,44 @@ public class SshdConfigGenerator extends AbstractTask status.error = e.toString(); return false; } + String allowPassword; + String allowRoot; + switch ( allowPasswordLogin ) { + default: + case NO: + allowPassword = "no"; + allowRoot = "prohibit-password"; + break; + case USER_ONLY: + allowPassword = "yes"; + allowRoot = "prohibit-password"; + break; + case YES: + allowPassword = "yes"; + allowRoot = "yes"; + break; + } + String allowUsers; + String denyUsers = "demo"; + switch ( allowedUsersLogin ) { + case ALL: + allowUsers = "*"; + break; + default: + case ROOT_ONLY: + allowUsers = "root"; + break; + case USER_ONLY: + allowUsers = "*"; + denyUsers += " root"; + allowRoot = "no"; + break; + } template = template.replace( "%PORT%", Integer.toString( this.listenPort ) ); - template = template.replace( "%PASSWORDLOGIN%", allowPasswordLogin ); + template = template.replace( "%ALLOW_PASSWORD%", allowPassword ); + template = template.replace( "%ALLOW_ROOT%", allowRoot ); + template = template.replace( "%ALLOW_USERS%", allowUsers ); + template = template.replace( "%DENY_USERS%", denyUsers ); try { outArchive = Archive.createTarArchive( this.filename ); } catch ( IOException e ) { @@ -62,10 +113,6 @@ public class SshdConfigGenerator extends AbstractTask return false; } boolean ok = Archive.tarCreateFileFromString( outArchive, "/etc/ssh/sshd_config", template, 0644 ); - if ( publicKey != null && !publicKey.isEmpty() ) { - String name = "sshd_conf_mod-" + publicKey.hashCode() + "-" + System.currentTimeMillis() + ".pub"; - ok |= Archive.tarCreateFileFromString( outArchive, "/root/.ssh/authorized_keys.d/" + name, publicKey, 0600 ); - } ok |= Archive.tarCreateSymlink( outArchive, "../sshd.service", "/etc/systemd/system/network.target.wants/sshd.service" ); if ( !ok ) { status.error = "Could not create module archive contents"; |