From: opensides Date: Sat, 27 Oct 2007 13:43:00 +0000 (+0000) Subject: First import of ssh code, moving from gosa-25 branch X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=3d0b232bf0f6866252de008263b0c1589dad51af;p=gosa.git First import of ssh code, moving from gosa-25 branch git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5-plugins@7678 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/ssh/doc/README.ssh b/ssh/doc/README.ssh new file mode 100644 index 000000000..414102876 --- /dev/null +++ b/ssh/doc/README.ssh @@ -0,0 +1,29 @@ +To use the ssh connectivity extension + +1) Add the openssh-lpk_openldap.schema from contrib/openldap/ to your schema + directory + +# Not yet active +# +#2) Add the following entry in connectivity for ssh keys management of users +# +# + +3) Add the following entry in termtabs for ssh keys management of terminal + + + +4) Add the following entry in worktabs for the ssh keys management of workstations + + + +5) Add the following entry in servtabs for ssh keys management of servers + + + +6) if you want your ssh server to directly fetch key from the ldap, you need + a patched ssh with http://dev.inversepath.com/trac/openssh-lpk + + +Mortier Benoit +OpenSides July 2007 diff --git a/ssh/schema/openssh-lpk_openldap.schema b/ssh/schema/openssh-lpk_openldap.schema new file mode 100644 index 000000000..409e3f5a7 --- /dev/null +++ b/ssh/schema/openssh-lpk_openldap.schema @@ -0,0 +1,29 @@ +# +# LDAP Public Key Patch schema for use with openssh-ldappubkey +# Author: Eric AUGE +# +# Based on the proposal of : Mark Ruijter +# +# Modfied july 2007 to accept key from host +# +# Benoit Mortier +# + +# octetString SYNTAX +attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' + DESC 'MANDATORY: OpenSSH Public key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) + +# printableString SYNTAX yes|no +objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY + DESC 'MANDATORY: OpenSSH LPK objectclass' + MUST ( sshPublicKey $ uid ) + ) + +# printableString SYNTAX yes|no +objectclass ( 1.3.6.1.4.1.24552.500.1.1.3.0 NAME 'HostldapPublicKey' SUP top AUXILIARY + DESC 'MANDATORY: OpenSSH LPK objectclass' + MUST ( sshPublicKey $ cn ) + ) + diff --git a/ssh/src/srv/class_servSsh.inc b/ssh/src/srv/class_servSsh.inc new file mode 100644 index 000000000..1037fb4d4 --- /dev/null +++ b/ssh/src/srv/class_servSsh.inc @@ -0,0 +1,191 @@ +attributes as $val) { + $name = preg_replace('/_/', '-', $val); + if (isset($this->attrs["$name"][0])) { + $this->$val = $this->attrs["$name"][0]; + } + } + + $this->is_account = false; + $this->initially_was_account = false; + + if(isset($this->attrs['sshPublicKey'])) { + $this->is_account = true; + $this->initially_was_account = true; + } + + + } + + function execute() + { + /* Call parent execute */ + plugin::execute(); + + /* Fill templating stuff + */ + $smarty= get_smarty(); + $display= ""; + + /* Do we need to flip is_account state? + */ + if (isset($_POST['modify_state'])){ + + /* Only change account state if allowed */ + if($this->is_account && $this->acl == "#all#"){ + $this->is_account= !$this->is_account; + $this->is_modified = true; + }elseif(!$this->is_account && chkacl($this->acl,"create") == ""){ + $this->is_account= !$this->is_account; + $this->is_modified = true; + } + } + + if ($this->is_account){ + $display= $this->show_header(_("Remove SSH keys"), + _("This server has SSH features enabled. You can disable them by clicking below.")); + } else { + $display= $this->show_header(_("Add SSH keys"), + _("This server has SSH features disabled. You can enable them by clicking below.")); + return ($display); + } + + /* Load attributes */ + foreach($this->attributes as $attr){ + $smarty->assign("$attr", $this->$attr); + $smarty->assign($attr."ACL", chkacl($this->acl, "$attr")); + } + + + $smarty->assign("sshPublicKeyACL",chkacl($this->acl,"sshPublicKey")); + + /* Display tempalte + */ + //$smarty->assign("ZoneList",$ZoneList->DrawList()); + $display.= $smarty->fetch(get_template_path('servssh.tpl', TRUE)); + return($display); + + } + + function remove_from_parent() + { + /* Cancel if there's nothing to do here */ + if (!$this->initially_was_account){ + return; + } + + plugin::remove_from_parent(); + + $ldap= $this->config->get_ldap_link(); + + $ldap->cd($this->dn); + $this->cleanup(); + + $ldap->modify ($this->attrs); + + show_ldap_error($ldap->get_error(), _("Removing SSH key failed")); + + /* Optionally execute a command after we're done */ +// $this->handle_post_events('remove',array("uid" => $this->uid)); + } + + + /* Save data to object */ + function save_object() + { + plugin::save_object(); + } + + /* Check values */ + function check() + { + /* Call common method to give check the hook */ + $message = plugin::check(); + + /* Check for empty or not */ + if(empty($this->sshPublicKey)){ + $message[]= _("Value specified as 'SSH Key' is not valid."); + } + + return($message); + } + + /* Save to LDAP */ + function save() + { + + plugin::save(); + + + foreach($this->attributes as $attr){ + if(chkacl($this->acl,$attr)!=""){ + unset($this->attrs[$attr]); + } + } + + + /* Write back to ldap */ + $ldap= $this->config->get_ldap_link(); + $ldap->cd($this->dn); + $this->cleanup(); + $ldap->modify ($this->attrs); + + show_ldap_error($ldap->get_error(), _("Saving SSH key failed")); + + /* Optionally execute a command after we're done */ + if ($this->initially_was_account == $this->is_account){ + if ($this->is_modified){ + $this->handle_post_events("modify",array("uid" => $this->uid)); + } + } else { + $this->handle_post_events("add",array("uid" => $this->uid)); + } + } + +} + +// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: +?> diff --git a/ssh/src/srv/servssh.tpl b/ssh/src/srv/servssh.tpl new file mode 100644 index 000000000..fed48d2aa --- /dev/null +++ b/ssh/src/srv/servssh.tpl @@ -0,0 +1,23 @@ + + + + + + +
+ + + +
+ +
+
+ + + + +