]>
Commit | Line | Data |
---|---|---|
1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | |
2 | <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr"> | |
3 | <head> | |
4 | <title>ImmaeEu Account</title> | |
5 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> | |
6 | <meta name="viewport" content="width=device-width, initial-scale=1" /> | |
7 | <link rel="stylesheet" href="https://assets.immae.eu/skeleton/2.0.4/skeleton.min.css" integrity="sha256-2YQRJMXD7pIAPHiXr0s+vlRWA7GYJEK0ARns7k2sbHY=" crossorigin="anonymous" /> | |
8 | <style type="text/css"> | |
9 | body { | |
10 | font-family: Verdana,Arial,Courier New; | |
11 | margin: auto; | |
12 | } | |
13 | table#ssh_keys_list textarea { | |
14 | width: 100%; | |
15 | height: 100%; | |
16 | } | |
17 | table#ssh_keys_list tbody tr.sshkeyrow { | |
18 | height: 130px; | |
19 | } | |
20 | table#ssh_keys_list tbody tr.headrow th { | |
21 | border-bottom: 0px !important; | |
22 | padding-bottom: 0px !important; | |
23 | } | |
24 | table#ssh_keys_list tbody tr.mainrow td:not(.delete-button) { | |
25 | border-bottom: 0px !important; | |
26 | padding-bottom: 0px !important; | |
27 | } | |
28 | table#ssh_keys_list td.sshkey { | |
29 | min-width: 600px; | |
30 | height: 100%; | |
31 | padding-top: 0px !important; | |
32 | } | |
33 | ||
34 | table#ssh_keys_list td.comment { | |
35 | min-width: 160px; | |
36 | } | |
37 | ||
38 | </style> | |
39 | </head> | |
40 | <body> | |
41 | <div class="container"> | |
42 | <h1>Gestion des clés SSH</h1> | |
43 | <?php | |
44 | ||
45 | $connection = NULL; | |
46 | ||
47 | session_start(); | |
48 | ||
49 | // Liste des applications gérées | |
50 | const apps = [ | |
51 | 'git', | |
52 | 'pub', | |
53 | 'ftp', | |
54 | 'ssh', | |
55 | 'forward', | |
56 | ]; | |
57 | ||
58 | function checkSshKey($sshKey) | |
59 | { | |
60 | $exploded = explode(' ', $sshKey); | |
61 | if (count($exploded) != 2) { | |
62 | return false; | |
63 | } | |
64 | if (!in_array($exploded[0], array('ssh-rsa', 'ssh-ed25519'))) { | |
65 | return false; | |
66 | } | |
67 | $decoded = base64_decode($exploded[1], true); | |
68 | if ($decoded === FALSE) { | |
69 | return false; | |
70 | } | |
71 | $decoded = preg_replace("/[^\w\-]/","", (string) $decoded); | |
72 | if (substr($decoded, 0, strlen($exploded[0])) !== $exploded[0]) { | |
73 | return false; | |
74 | } | |
75 | ||
76 | return true; | |
77 | } | |
78 | ||
79 | function isUserLogged() | |
80 | { | |
81 | return (isset($_SESSION["login"]) && doConnect() !== NULL); | |
82 | } | |
83 | ||
84 | function doConnect() | |
85 | { | |
86 | global $connection; | |
87 | $server = "ldaps://ldap.immae.eu"; | |
88 | ||
89 | if ($connection === NULL) { | |
90 | $connection = ldap_connect($server); | |
91 | ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3); | |
92 | if (isset($_SESSION["user_dn"]) && isset($_SESSION["password"])) { | |
93 | if (ldap_bind($connection, $_SESSION["user_dn"], $_SESSION["password"]) === false) { | |
94 | $connection = NULL; | |
95 | unset($_SESSION["user_dn"]); | |
96 | unset($_SESSION["password"]); | |
97 | unset($_SESSION["login"]); | |
98 | } | |
99 | } | |
100 | } | |
101 | ||
102 | return $connection; | |
103 | } | |
104 | ||
105 | function checkLogin($user, $password) | |
106 | { | |
107 | $con = doConnect(); | |
108 | ||
109 | $user_dn = "uid=$user,ou=users,dc=immae,dc=eu"; | |
110 | ||
111 | if (ldap_bind($con, $user_dn, $password) === false) { | |
112 | return false; | |
113 | } | |
114 | $_SESSION["user_dn"] = $user_dn; | |
115 | $_SESSION["password"] = $password; | |
116 | ||
117 | $user_search = ldap_search($con,"dc=immae,dc=eu","(uid=$user)"); | |
118 | $auth_entry = ldap_first_entry($con, $user_search); | |
119 | ||
120 | return true; | |
121 | } | |
122 | ||
123 | function getLdapInfo() | |
124 | { | |
125 | $con = doConnect(); | |
126 | if (!isset($_SESSION["user_dn"])) { | |
127 | $sortieLdap = []; | |
128 | } else { | |
129 | $user_read = ldap_read($con, $_SESSION["user_dn"], "(objectclass=*)", array("uid","immaeSshKey")); | |
130 | $user_entry = ldap_first_entry($con, $user_read); | |
131 | $sortieLdap = ldap_get_values($con, $user_entry, "immaeSshKey"); | |
132 | unset($sortieLdap["count"]); | |
133 | } | |
134 | ||
135 | $keys = []; | |
136 | foreach ($sortieLdap as $line) { | |
137 | $exploded = explode(' ', $line); | |
138 | ||
139 | $apps = explode('|', $exploded[0]); | |
140 | $publicKey = $exploded[1] . ' ' . $exploded[2]; | |
141 | ||
142 | unset($exploded[0]); | |
143 | unset($exploded[1]); | |
144 | unset($exploded[2]); | |
145 | ||
146 | $comment = implode(' ', $exploded); | |
147 | ||
148 | $keys[] = [ | |
149 | 'apps' => $apps, | |
150 | 'public_key' => $publicKey, | |
151 | 'comment' => $comment, | |
152 | ]; | |
153 | } | |
154 | ||
155 | return $keys; | |
156 | } | |
157 | ||
158 | function pushLdapInfos($keys) | |
159 | { | |
160 | $con = doConnect(); | |
161 | if (!isset($_SESSION["user_dn"])) | |
162 | return false; | |
163 | ||
164 | return ldap_mod_replace($con, $_SESSION["user_dn"], array("immaeSshKey" => $keys)); | |
165 | } | |
166 | ||
167 | ||
168 | // Script | |
169 | if (isset($_POST['deconnexion'])) { | |
170 | $_SESSION = []; | |
171 | } | |
172 | ||
173 | if (isset($_POST['sauvegarder'])) { | |
174 | $editedKeys = []; | |
175 | $errors = false; | |
176 | $keysToSave = []; | |
177 | foreach($_POST['keys'] as $id => $key) { | |
178 | $editedKeys[$id] = $key; | |
179 | if (!checkSshKey($key['public_key'])) { | |
180 | $editedKeys[$id]['error'] = true; | |
181 | $errors = true; | |
182 | } | |
183 | ||
184 | if (!isset($key['apps'])) { | |
185 | $editedKeys[$id]['apps'] = $key['apps'] = []; | |
186 | ||
187 | } | |
188 | foreach ($key['apps'] as $app) { | |
189 | if (!in_array($app, apps)) { | |
190 | die("integrity"); | |
191 | } | |
192 | } | |
193 | ||
194 | if (!isset($editedKeys[$id]['error']) || $editedKeys[$id]['error'] !== true) { | |
195 | $keysToSave[] = implode('|', $key['apps']) . ' ' . $key['public_key'] . ' ' . $key['comment']; | |
196 | } | |
197 | } | |
198 | ||
199 | if (!$errors) { | |
200 | $successSave = pushLdapInfos($keysToSave); | |
201 | } | |
202 | } | |
203 | ||
204 | $loginErrors = ""; | |
205 | if (isset($_POST['login'])) { | |
206 | if (empty($_POST['username']) || empty($_POST['password'])) { | |
207 | $loginErrors = "Le nom d'utilisateur et le mot de passe sont requis."; | |
208 | } elseif (!checkLogin($_POST['username'], $_POST['password'])) { | |
209 | $loginErrors = "Identifiants incorrects."; | |
210 | } else { | |
211 | $_SESSION['login'] = $_POST['username']; | |
212 | } | |
213 | } | |
214 | ||
215 | if (isUserLogged()) : | |
216 | $keys = isset($editedKeys) ? $editedKeys : getLdapInfo(); | |
217 | ?> | |
218 | <p>Connecté en tant que <b><?= $_SESSION['login']; ?></b></p> | |
219 | ||
220 | <form method="post"> | |
221 | <input type="submit" name="deconnexion" value="Déconnexion"> | |
222 | </form> | |
223 | ||
224 | <?php if (isset($successSave) && $successSave === true) : ?> | |
225 | <p style="color: green;">Clés enregistrées avec succès.</p> | |
226 | <?php endif; ?> | |
227 | ||
228 | <form method="post"> | |
229 | <table id="ssh_keys_list"> | |
230 | <tbody> | |
231 | <?php | |
232 | foreach ($keys as $id => $sshKey) : | |
233 | ?> | |
234 | <tr class="headrow"> | |
235 | <th>Description</th> | |
236 | <?php foreach (apps as $app) : ?> | |
237 | <th><?= $app ?></th> | |
238 | <?php endforeach; ?> | |
239 | <th></th> | |
240 | </tr> | |
241 | <tr class="mainrow"> | |
242 | <td class="comment"><textarea name="keys[<?= $id ?>][comment]"><?= $sshKey['comment'] ?></textarea></td> | |
243 | <?php | |
244 | foreach (apps as $app) : | |
245 | $checked = in_array($app, $sshKey['apps']); | |
246 | ?> | |
247 | <td><input type="checkbox" name="keys[<?= $id ?>][apps][]" value="<?= $app ?>"<?= $checked ? ' checked' : '' ?>></td> | |
248 | <?php endforeach; ?> | |
249 | <td class="delete-button" rowspan="2"><button class="delete">Suppr.</button></td> | |
250 | </tr> | |
251 | <tr class="sshkeyrow"> | |
252 | <td colspan="<?php echo 1+count(apps); ?>" class="sshkey"><textarea name="keys[<?= $id ?>][public_key]" <?php if (isset($sshKey['error']) && $sshKey['error'] === true) :?>style="color: red"<?php endif; ?>><?= $sshKey['public_key'] ?></textarea></td> | |
253 | </tr> | |
254 | <?php | |
255 | endforeach; | |
256 | ?> | |
257 | </tbody> | |
258 | </table> | |
259 | ||
260 | <button id="add">Ajouter</button> | |
261 | ||
262 | <hr> | |
263 | ||
264 | <input type="submit" value="Sauvegarder" name="sauvegarder"> | |
265 | </form> | |
266 | <script> | |
267 | function deleteLine(element) { | |
268 | element.addEventListener('click', function(e) { | |
269 | e.preventDefault(); | |
270 | e.target.closest('tr').remove(); | |
271 | }, false); | |
272 | } | |
273 | ||
274 | var suppr = document.getElementsByClassName('delete'); | |
275 | var add = document.getElementById('add'); | |
276 | var list = document.querySelector('#ssh_keys_list > tbody'); | |
277 | ||
278 | for (var i = 0; i < suppr.length; i++) { | |
279 | deleteLine(suppr[i]); | |
280 | } | |
281 | ||
282 | add.addEventListener('click', function (e) { | |
283 | e.preventDefault(); | |
284 | i++; | |
285 | ||
286 | var newLine = ` | |
287 | <tr class="headrow"> | |
288 | <th>Description</th> | |
289 | <?php foreach (apps as $app) : ?> | |
290 | <th><?= $app ?></th> | |
291 | <?php endforeach; ?> | |
292 | <th></th> | |
293 | </tr> | |
294 | <tr class="mainrow"> | |
295 | <td class="comment"><textarea name="keys[${i}][comment]"></textarea></td> | |
296 | `; | |
297 | ||
298 | ||
299 | <?php | |
300 | foreach (apps as $app) : | |
301 | ?> | |
302 | newLine += `<td><input type="checkbox" name="keys[${i}][apps][]" value="<?= $app ?>"></td>`; | |
303 | <?php endforeach; ?> | |
304 | ||
305 | newLine += `<td class="delete-button" rowspan="2"><button class="delete" id="delete-${i}">Suppr.</button></td> | |
306 | </tr>`; | |
307 | ||
308 | newLine += `<tr class="sshkeyrow"> | |
309 | <td colspan="<?php echo 1+count(apps); ?>" class="sshkey"><textarea name="keys[$[i}][public_key]"></textarea></td> | |
310 | </tr>`; | |
311 | ||
312 | ||
313 | list.insertAdjacentHTML('beforeend', newLine); | |
314 | ||
315 | deleteLine(document.getElementById("delete-" + i)); | |
316 | ||
317 | }, false) | |
318 | </script> | |
319 | <?php | |
320 | else: | |
321 | ?> | |
322 | <form action="" method="post"> | |
323 | <h2>Login</h2> | |
324 | ||
325 | <?php | |
326 | if (!empty($loginErrors)): | |
327 | ?> | |
328 | <p style="color: red;"><?= $loginErrors; ?></p> | |
329 | <?php | |
330 | endif; | |
331 | ?> | |
332 | ||
333 | <label for="username">Utilisateur :</label> | |
334 | <input type="text" id="username" name="username"/> | |
335 | ||
336 | <label for="password">Mot de passe :</label> | |
337 | <input type="password" id="password" name="password"/> | |
338 | ||
339 | <input type="submit" value="OK" name="login" /> | |
340 | </form> | |
341 | <?php | |
342 | endif; | |
343 | ?> | |
344 | </div> | |
345 | </body> | |
346 | </html> | |
347 | ||
348 |