1: | <?php |
2: | declare(strict_types=1); |
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: | |
11: | |
12: | |
13: | |
14: | |
15: | use Opcenter\Terminal; |
16: | |
17: | |
18: | |
19: | |
20: | |
21: | |
22: | class Ssh_Module extends Module_Skeleton implements \Module\Skeleton\Contracts\Hookable |
23: | { |
24: | const PAM_SVC_NAME = 'ssh'; |
25: | const DEPENDENCY_MAP = [ |
26: | 'siteinfo', |
27: | 'ipinfo', |
28: | 'ipinfo6', |
29: | 'users', |
30: | 'auth' |
31: | ]; |
32: | |
33: | |
34: | |
35: | |
36: | |
37: | |
38: | |
39: | public function __construct() |
40: | { |
41: | parent::__construct(); |
42: | $this->exportedFunctions = array( |
43: | '*' => PRIVILEGE_SITE, |
44: | 'enabled' => PRIVILEGE_SITE | PRIVILEGE_USER |
45: | ); |
46: | } |
47: | |
48: | public function deny_user(string $user): bool |
49: | { |
50: | return (new Util_Pam($this->getAuthContext()))->remove($user, self::PAM_SVC_NAME); |
51: | } |
52: | |
53: | public function permit_user(string $user): bool |
54: | { |
55: | if ($this->auth_is_demo()) { |
56: | return error('SSH disabled for demo account'); |
57: | } |
58: | |
59: | return (new Util_Pam($this->getAuthContext()))->add($user, self::PAM_SVC_NAME); |
60: | } |
61: | |
62: | public function _edit_user(string $userold, string $usernew, array $oldpwd) |
63: | { |
64: | if ($userold === $usernew) { |
65: | return; |
66: | } |
67: | |
68: | if (!$this->enabled() || !$this->user_enabled($userold)) { |
69: | return true; |
70: | } |
71: | |
72: | $pam = new Util_Pam($this->getAuthContext()); |
73: | $pam->remove($userold, self::PAM_SVC_NAME); |
74: | $pam->add($usernew, self::PAM_SVC_NAME); |
75: | |
76: | return true; |
77: | } |
78: | |
79: | public function enabled() |
80: | { |
81: | $check = (bool)$this->getServiceValue('ssh', 'enabled'); |
82: | if ($this->permission_level & PRIVILEGE_USER) { |
83: | $check = $check && $this->user_enabled($this->username); |
84: | } |
85: | |
86: | return $check; |
87: | } |
88: | |
89: | public function port_range(): array |
90: | { |
91: | if (!$this->getServiceValue('ssh', 'enabled') || !SSH_USER_DAEMONS) { |
92: | return array(); |
93: | } |
94: | |
95: | return Terminal::formatPortRange( |
96: | $this->getServiceValue('ssh', 'port_index', []) |
97: | ); |
98: | } |
99: | |
100: | public function user_enabled($user) |
101: | { |
102: | if (!$this->getConfig('ssh', 'enabled')) { |
103: | return warn('ssh not enabled on account'); |
104: | } |
105: | |
106: | return (new Util_Pam($this->getAuthContext()))->check($user, self::PAM_SVC_NAME); |
107: | } |
108: | |
109: | public function _housekeeping() |
110: | { |
111: | if (SSH_EMBED_TERMINAL && !APNSCPD_HEADLESS) { |
112: | dlog('Loading terminal...'); |
113: | Service_Terminal::autostart(); |
114: | } else { |
115: | Service_Terminal::stop(); |
116: | } |
117: | } |
118: | |
119: | public function _create() |
120: | { |
121: | |
122: | $conf = $this->getAuthContext()->getAccount()->new; |
123: | $admin = $conf['siteinfo']['admin_user']; |
124: | $pam = new Util_Pam($this->getAuthContext()); |
125: | if ($this->auth_is_demo() && $pam->check($admin, self::PAM_SVC_NAME)) { |
126: | $pam->remove($admin, self::PAM_SVC_NAME); |
127: | } |
128: | } |
129: | |
130: | public function _verify_conf(\Opcenter\Service\ConfigurationContext $ctx): bool |
131: | { |
132: | return true; |
133: | } |
134: | |
135: | public function _delete() |
136: | { |
137: | |
138: | } |
139: | |
140: | public function _edit() |
141: | { |
142: | |
143: | } |
144: | |
145: | public function _create_user(string $user) |
146: | { |
147: | |
148: | } |
149: | |
150: | public function _delete_user(string $user) |
151: | { |
152: | |
153: | } |
154: | |
155: | |
156: | } |