Browse code

add feature to disable SSH password login

Bernd Wurst authored on30/07/2020 10:30:34
Showing3 changed files
... ...
@@ -51,8 +51,8 @@ if ($role & ROLE_CUSTOMER) {
51 51
     $customer = $_SESSION['customerinfo'];
52 52
 }
53 53
 
54
-$form = '
55
-
54
+$form = '';
55
+$form .= '
56 56
 <h5>Name (E-Mail-Absender, ...)</h5>
57 57
 <div style="margin-left: 2em;"> 
58 58
   <p><input type="radio" name="defaultname" id="defaultname" value="1" '.$defaultname.'/> <label for="defaultname">Kundenname: <strong>'.$customer['name'].'</strong></label></p>
... ...
@@ -60,6 +60,22 @@ $form = '
60 60
 </div>
61 61
 ';
62 62
 
63
+$defaultpwlogin = 'checked';
64
+$defaultnopwlogin = '';
65
+
66
+if ($account['passwordlogin'] == 0) {
67
+    $defaultpwlogin = '';
68
+    $defaultnopwlogin = 'checked';
69
+}
70
+
71
+$form .= '
72
+<h5>Passwort-Login</h5>
73
+<div style="margin-left: 2em;"> 
74
+  <p><input type="radio" name="passwordlogin" id="passwordlogin_ja" value="1" '.$defaultpwlogin.'/> <label for="passwordlogin_ja">SSH-Login mit Passwort erlauben</label></p>
75
+  <p><input type="radio" name="passwordlogin" id="passwordlogin_nein" value="0" '.$defaultnopwlogin.'/> <label for="passwordlogin_nein">SSH-Login nur mit SSH-Key ermglichen</label></p>
76
+</div>
77
+';
78
+
63 79
 if ($role & ROLE_CUSTOMER) {
64 80
     $form .= '
65 81
 <h5>Speicherplatz</h5>
... ...
@@ -78,7 +78,7 @@ function get_account_details($uid, $customerno=0)
78 78
         $customerno = $_SESSION['customerinfo']['customerno'];
79 79
     }
80 80
     $args = array(":uid" => $uid, ":customerno" => $customerno);
81
-    $result = db_query("SELECT uid,username,name,shell,server,quota,erstellungsdatum FROM system.useraccounts WHERE kunde=:customerno AND uid=:uid", $args);
81
+    $result = db_query("SELECT uid,username,name,shell,server,quota,erstellungsdatum,passwordlogin FROM system.useraccounts WHERE kunde=:customerno AND uid=:uid", $args);
82 82
     if ($result->rowCount() == 0) {
83 83
         system_failure("Cannot find the requestes useraccount (for this customer).");
84 84
     }
... ...
@@ -114,9 +114,10 @@ function set_account_details($account)
114 114
                 ":shell" => filter_input_oneline($account['shell']),
115 115
                 ":quota" => $account['quota'],
116 116
                 ":uid" => $account['uid'],
117
-                ":customerno" => $customerno);
117
+                ":customerno" => $customerno,
118
+                ":passwordlogin" => $account['passwordlogin']);
118 119
 
119
-    db_query("UPDATE system.useraccounts SET name=:fullname, quota=:quota, shell=:shell WHERE kunde=:customerno AND uid=:uid", $args);
120
+    db_query("UPDATE system.useraccounts SET name=:fullname, quota=:quota, shell=:shell, passwordlogin=:passwordlogin WHERE kunde=:customerno AND uid=:uid", $args);
120 121
     logger(LOG_INFO, "modules/systemuser/include/useraccounts", "systemuser", "updated details for uid {$args[":uid"]}");
121 122
 }
122 123
 
... ...
@@ -95,6 +95,10 @@ else
95 95
         $account['name'] = filter_input_oneline($_POST['fullname']);
96 96
     }
97 97
 
98
+    if (isset($_POST['passwordlogin'])) {
99
+        $account['passwordlogin'] = (int) $_POST['passwordlogin'];
100
+    }
101
+
98 102
     $shells = available_shells();
99 103
     if (isset($shells[$_POST['shell']])) {
100 104
         $account['shell'] = $_POST['shell'];