showpubkeys.php3 8.57 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3 4 5 6
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
#
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
include("defs.php3");
include("showstuff.php3");

#
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
$isadmin = ISADMIN($uid);

#
# Verify form arguments.
# 
if (!isset($target_uid) ||
    strcmp($target_uid, "") == 0) {
    $target_uid = $uid;
}

#
# Check to make sure thats this is a valid UID.
#
if (! TBCurrentUser($target_uid)) {
    USERERROR("The user $target_uid is not a valid user", 1);
}

#
# Verify that this uid is a member of one of the projects that the
# target_uid is in. Must have proper permission in that group too. 
#
if (!$isadmin &&
    strcmp($uid, $target_uid)) {

    if (! TBUserInfoAccessCheck($uid, $target_uid, $TB_USERINFO_READINFO)) {
	USERERROR("You do not have permission to view ${user}'s keys!", 1);
    }
}

function SPITFORM($formfields, $errors)
{
46
    global $isadmin, $usr_keyfile_name, $target_uid, $BOSSNODE;
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71

    #
    # Standard Testbed Header, now that we know what we want to say.
    #
    if (strcmp($uid, $target_uid)) {
	PAGEHEADER("SSH Public Keys for user: $target_uid");
    }
    else {
	PAGEHEADER("My SSH Public Keys");
    }

    #
    # Get the list and show it.
    #
    $query_result =
	DBQueryFatal("select * from user_pubkeys where uid='$target_uid'");

    if (mysql_num_rows($query_result)) {
	echo "<table align=center border=1 cellpadding=2 cellspacing=2>\n";

	echo "<center>
                Current ssh public keys for user $target_uid.
              </center><br>\n";

	echo "<tr>
Chad Barb's avatar
Chad Barb committed
72 73
                 <th>Delete?</th>
                 <th>Key</th>
74 75 76 77 78 79
              </tr>\n";

	while ($row = mysql_fetch_array($query_result)) {
	    $comment = $row[comment];
	    $pubkey  = $row[pubkey];
	    $date    = $row[stamp];
80 81 82 83 84 85
	    $fnote   = "";

	    if (strstr($comment, $BOSSNODE)) {
		$fnote = "[<b>1</b>]";
	    }
	    $chunky  = chunk_split("$pubkey $fnote", 75, "<br>\n");
86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101

	    echo "<tr>
                     <td align=center>
                       <A href='deletepubkey.php3?target_uid=$target_uid" .
	                  "&key=$comment'><img alt=X src=redball.gif></A>
                     </td>
                     <td>$chunky</td>
                  </tr>\n";
	}
	echo "</table>\n";
    }
    else {
	echo "<center>
             There are no public keys on file for user $target_uid!
             </center>\n";
    }
102 103 104 105 106
    echo "<blockquote><blockquote><blockquote>
          <ol>
            <li> Please do not delete your Emulab generated public key.
          </ol>
          </blockquote></blockquote></blockquote>\n";
107 108 109

    echo "<br><hr size=4>\n";
    echo "<center>
110 111
          Enter ssh (protocol 1 or 2) public keys for user
                    ${target_uid}[<b>1,2</b>].
112 113 114
          </center><br>\n";

    if ($errors) {
115 116
	echo "<table class=stealth
                     align=center border=0 cellpadding=0 cellspacing=2>
117
              <tr>
118
                 <td class=stealth align=center colspan=3>
119 120 121 122 123 124 125 126
                   <font size=+1 color=red>
                      Oops, please fix the following errors!
                   </font>
                 </td>
              </tr>\n";

	while (list ($name, $message) = each ($errors)) {
	    echo "<tr>
127 128 129 130 131
                     <td class=stealth align=right>
                           <font color=red>$name:</font></td>
                     <td class=stealth>&nbsp</td>
                     <td class=stealth align=left>
                           <font color=red>$message</font></td>
132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158
                  </tr>\n";
	}
	echo "</table><br>\n";
    }

    echo "<table align=center border=1> 
          <form enctype=multipart/form-data
                action=showpubkeys.php3?target_uid=$target_uid method=post>\n";

    #
    # SSH public key
    # 
    echo "<tr>
              <td rowspan><center>Upload (4K max)[<b>3,4</b>]<br>
                              <b>Or</b><br>
                           Insert Key
                          </center></td>

              <td rowspan>
                  <input type=hidden name=MAX_FILE_SIZE value=4096>
	          <input type=file
                         name=usr_keyfile
	                 size=50>
                  <br>
                  <br>
	          <input type=text
                         name=\"formfields[usr_key]\"
159
                         value=\"$formfields[usr_key]\"
160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186
	                 size=50
	                 maxlength=1024>
              </td>
          </tr>\n";

    #
    # Verify with password.
    #
    if (!$isadmin) {
	echo "<tr>
                  <td>Password[<b>5</b>]:</td>
                  <td class=left>
                      <input type=password
                             name=\"formfields[password]\"
                             size=8></td>
              </tr>\n";
    }

    echo "<tr>
              <td colspan=2 align=center>
                 <b><input type=submit name=submit value='Add New Keys'></b>
              </td>
          </tr>\n";

    echo "</form>
          </table>\n";

187
    echo "<blockquote><blockquote><blockquote>
188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204
          <ol>
            <li> Please consult our
                 <a href = 'docwrapper.php3?docname=security.html#SSH'>
                 security policies</a> for information
                 regarding ssh public keys.
            <li> You should not hand edit your your authorized_keys file on
                 Emulab (.ssh/authorized_keys) since modifications via this
                 page will overwrite the file.
            <li> Note to <a href=http://www.opera.com><b>Opera 5</b></a> users:
                 The file upload mechanism is broken in Opera, so you cannot
                 specify a local file for upload. Instead, please paste your
                 key in.
            <li> Typically, the file you want to upload is your
                 identity.pub, contained in your .ssh directory.
            <li> As a security precaution, you must supply your password
                 when adding new ssh public keys. 
          </ol>
205
          </blockquote></blockquote></blockquote>\n";
206 207 208 209 210 211 212 213

    echo "<font color=red>NOTE:</font> We use the
          <a href=www.openssh.org>OpenSSH</a> key format, which has a slightly
          different protocol 2 public key format than some of the commercial 
          vendors such as <a href=www.ssh.com>SSH Communications</a>. If you
          use one of these commercial vendors, then please upload the public
          key file and we will convert it for you. <i>Please do not paste
          it in.</i>\n";
214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234
}

#
# On first load, display a form of current values.
#
if (! isset($submit) || isset($finished)) {
    $defaults = array();
    
    SPITFORM($defaults, 0);
    PAGEFOOTER();
    return;
}

#
# Otherwise, must validate and redisplay if errors
#
$errors = array();

if (isset($formfields[usr_key]) &&
    strcmp($formfields[usr_key], "")) {

235 236 237
    #
    # This is passed off to the shell, so taint check it.
    # 
238
    if (! preg_match("/^[-\w\s\.\@\+\/\=]*$/", $formfields[usr_key])) {
239 240 241
	$errors["PubKey"] = "Invalid characters";
    }
    else {
242 243 244 245 246 247
        #
        # Replace any embedded newlines first.
        #
	$formfields[usr_key] = ereg_replace("[\n]", "", $formfields[usr_key]);
	$usr_key = $formfields[usr_key];
	$addpubkeyargs = "-k $uid '$usr_key' ";
248 249 250 251 252 253 254 255 256 257
    }
}

#
# If usr provided a file for the key, it overrides the paste in text.
#
if (isset($usr_keyfile) &&
    strcmp($usr_keyfile, "") &&
    strcmp($usr_keyfile, "none")) {

258 259
    if (! stat($usr_keyfile)) {
	$errors["PubKey File"] = "No such file";
260
    }
261 262 263
    else {
	$addpubkeyargs = "$uid $usr_keyfile";
	chmod($usr_keyfile, 0640);	
264 265 266 267
    }
}

#
268 269 270
# Must verify passwd to add keys.
#
if (isset($addpubkeyargs)) {
271 272 273 274 275 276 277 278 279
    if (! $isadmin) {
	if (!isset($formfields[password]) ||
	    strcmp($formfields[password], "") == 0) {
	    $errors["Password"] = "Must supply a verification password";
	}
	elseif (VERIFYPASSWD($target_uid, $formfields[password]) != 0) {
	    $errors["Password"] = "Incorrect password";
	}
    }
280 281 282 283
}
else {
    $errors["Missing Args"] = "Please supply a key or a keyfile";
}
284

285 286 287 288 289 290
# Spit the errors
if (count($errors)) {
    SPITFORM($formfields, $errors);
    PAGEFOOTER();
    return;
}
291

292 293 294 295 296 297 298 299 300
#
# Okay, first run the script in verify mode to see if the key is
# parsable. If it is, then do it for real.
#
if (ADDPUBKEY($uid, "webaddpubkey -n $addpubkeyargs")) {
    $errors["Pubkey Format"] = "Could not be parsed. Is it a public key?";
    SPITFORM($formfields, $errors);
    PAGEFOOTER();
    return;
301
}
302 303 304 305 306 307
ADDPUBKEY($uid, "webaddpubkey -a $addpubkeyargs");

#
# mkacct updates the user pubkeys in ~ssh/authorized_keys.
# 
SUEXEC($uid, $TBADMINGROUP, "webmkacct -a $target_uid", 0);
308 309 310

header("Location: showpubkeys.php3?target_uid=$target_uid&finished=1");
?>