From 11f83050571302e20e7be42d17a0d8a733f40b78 Mon Sep 17 00:00:00 2001 From: Kage Date: Sat, 6 May 2017 13:12:18 +0000 Subject: [PATCH 1/3] Updating SSH Key page to allow for minimum bit level, and adding some better wording --- conf/config.inc.php | 13 +++++++++++++ index.php | 8 ++++++++ lang/en.inc.php | 10 ++++++++-- pages/changesshkey.php | 22 ++++++++++++++++++++-- 4 files changed, 49 insertions(+), 4 deletions(-) diff --git a/conf/config.inc.php b/conf/config.inc.php index 778d6169..e76a0402 100644 --- a/conf/config.inc.php +++ b/conf/config.inc.php @@ -123,6 +123,19 @@ # Allow changing of sshPublicKey? $change_sshkey = false; +# Minimum bit setting +# Set to 0 for no minimum +$sshkey_min_bits = 2048; +# Show SSH key policy constraints message: +# always +# never +# onerror +$sshkey_show_policy = "onerror"; +# Position of SSH key policy constraints message: +# above - the form +# below - the form +$sshkey_show_policy_pos = "above"; + # What attribute should be changed by the changesshkey action? $change_sshkey_attribute = "sshPublicKey"; diff --git a/index.php b/index.php index d3d249fb..684d836e 100644 --- a/index.php +++ b/index.php @@ -133,6 +133,14 @@ if (!isset($pwd_show_policy_pos)) { $pwd_show_policy_pos = "above"; } +# SSH key policy array +$sshkey_policy_config = array( + "sshkey_show_policy" => $sshkey_show_policy, + "sshkey_min_bits" => $sshkey_min_bits, +); + +if (!isset($sshkey_show_policy_pos)) { $sshkey_show_policy_pos = "above"; } + #============================================================================== # Email Config #============================================================================== diff --git a/lang/en.inc.php b/lang/en.inc.php index bce04d2c..e24427ea 100644 --- a/lang/en.inc.php +++ b/lang/en.inc.php @@ -50,6 +50,8 @@ $messages['mindigit'] = "Your password does not have enough digits"; $messages['minspecial'] = "Your password does not have enough special characters"; $messages['sameasold'] = "Your new password is identical to your old password"; +$messages['keyinvalid'] = "SSH key is invalid"; +$messages['keytoosmall'] = "SSH key bit size is too small"; $messages['policy'] = "Your password must conform to the following constraints:"; $messages['policyminlength'] = "Minimum length:"; $messages['policymaxlength'] = "Maximum length:"; @@ -57,6 +59,8 @@ $messages['policyminupper'] = "Minimum number of uppercase characters:"; $messages['policymindigit'] = "Minimum number of digits:"; $messages['policyminspecial'] = "Minimum number of special characters:"; +$messages['sshkeypolicy'] = "Your SSH key must conform to the following constraints:"; +$messages['sshkeypolicyminbits'] = "Minimum bit size of SSH key:"; $messages['forbiddenchars'] = "You password contains forbidden characters"; $messages['policyforbiddenchars'] = "Forbidden characters:"; $messages['policynoreuse'] = "Your new password may not be the same as your old password"; @@ -80,7 +84,7 @@ $messages['changehelptoken'] = "Email a password reset link"; $messages['changehelpsms'] = "Reset your password with a SMS"; $messages['changehelpsshkey'] = "Change your SSH Key"; -$messages['changesshkeyhelp'] = "Enter your password and new SSH key."; +$messages['changesshkeyhelp'] = "Enter your password and new SSH public key."; $messages['resetmessage'] = "Hello {login},\n\nClick here to reset your password:\n{url}\n\nIf you didn't request a password reset, please ignore this email."; $messages['resetsubject'] = "Reset your password"; $messages['sendtokenhelp'] = "Enter your user name and your email address to reset your password. When you receive the email, click the link inside to complete the password reset."; @@ -112,6 +116,8 @@ $messages['smsuserfound'] = "Check that user information are correct and press Send to get SMS token"; $messages['smstoken'] = "SMS token"; $messages['sshkey'] = "SSH Key"; +$messages['sshpubkey'] = "SSH Public Key"; +$messages['sshkeyexample'] = "SSH Key (must start with: ssh-rsa AAAA...)"; $messages['nophpmbstring'] = "You should install PHP mbstring"; $messages['menuquestions'] = "Question"; $messages['menutoken'] = "Email"; @@ -120,7 +126,7 @@ $messages['nophpxml'] = "You should install PHP XML to use this tool"; $messages['tokenattempts'] = "Invalid token, try again"; $messages['emptychangeform'] = "Change your password"; -$messages['emptysshkeychangeform'] = "Change your SSH Key"; +$messages['emptysshkeychangeform'] = "Change your SSH public key"; $messages['emptysendtokenform'] = "Email a password reset link"; $messages['emptyresetbyquestionsform'] = "Reset your password"; $messages['emptysetquestionsform'] = "Set your password reset questions"; diff --git a/pages/changesshkey.php b/pages/changesshkey.php index 11bb1bd3..9cb5fe61 100644 --- a/pages/changesshkey.php +++ b/pages/changesshkey.php @@ -155,6 +155,12 @@ } +#============================================================================== +# Check SSH key +#============================================================================== +if ( $result === "" ) { + $result = check_sshkey( $sshkey, $sshkey_policy_config ); +} #============================================================================== # Change sshPublicKey @@ -183,6 +189,12 @@ } ?> + +
@@ -204,11 +216,11 @@
- +
- +
@@ -230,6 +242,12 @@ + + Date: Sat, 6 May 2017 13:59:39 +0000 Subject: [PATCH 2/3] Updating languages for SSH key changes --- lang/ca.inc.php | 7 ++++++- lang/cn.inc.php | 7 ++++++- lang/cs.inc.php | 7 ++++++- lang/de.inc.php | 7 ++++++- lang/el.inc.php | 7 ++++++- lang/es.inc.php | 7 ++++++- lang/fr.inc.php | 6 ++++++ lang/hu.inc.php | 7 ++++++- lang/it.inc.php | 6 ++++++ lang/ja.inc.php | 7 ++++++- lang/nl.inc.php | 7 ++++++- lang/pl.inc.php | 7 ++++++- lang/pt-BR.inc.php | 7 ++++++- lang/pt-PT.inc.php | 7 ++++++- lang/ru.inc.php | 7 ++++++- lang/sk.inc.php | 7 ++++++- lang/sl.inc.php | 7 ++++++- lang/sv.inc.php | 7 ++++++- lang/tr.inc.php | 7 ++++++- lang/uk.inc.php | 7 ++++++- lang/zh-CN.inc.php | 7 ++++++- 21 files changed, 126 insertions(+), 19 deletions(-) mode change 100755 => 100644 lang/de.inc.php diff --git a/lang/ca.inc.php b/lang/ca.inc.php index d5b66b42..484256a1 100644 --- a/lang/ca.inc.php +++ b/lang/ca.inc.php @@ -131,5 +131,10 @@ $messages['changehelpsshkey'] = "Canviar la clau d'SSH"; $messages['changesshkeyhelp'] = "Introduïu la contrasenya i la clau SSH."; $messages['changesshkeymessage'] = "Hola {login},\n\nLa claus SSH s'ha canviat.\n\nSi no va iniciar aquest canvi, poseu-vos en contacte amb l'administrador immediatament."; - +$messages['keyinvalid'] = "clau SSH no és vàlid"; +$messages['keytoosmall'] = "SSH mida de bits clau és massa petita"; +$messages['sshkeypolicy'] = "La seva clau SSH s'ha d'ajustar a les següents limitacions:"; +$messages['sshkeypolicyminbits'] = "mida de bits mínima de clau SSH:"; +$messages['sshpubkey'] = "SSH de clau pública"; +$messages['sshkeyexample'] = "Claus SSH (ha de començar amb: AAAA ssh-rsa ...)"; ?> diff --git a/lang/cn.inc.php b/lang/cn.inc.php index 9317e2e6..439063bc 100644 --- a/lang/cn.inc.php +++ b/lang/cn.inc.php @@ -127,5 +127,10 @@ $messages['sshkeyrequired'] = "需要SSH密钥"; $messages['changesshkeymessage'] = "您好{login},\n\n您的SSH金钥已变更。\n\n如果您没有启动这项变更,请立即与您的管理员联络。"; $messages['changesshkeyhelp'] = "输入您的密码和新的SSH密钥。"; - +$messages['keyinvalid'] = "SSH密鑰無效"; +$messages['keytoosmall'] = "SSH密鑰位的大小太小"; +$messages['sshkeypolicy'] = "您的SSH密鑰必須符合以下約束:"; +$messages['sshkeypolicyminbits'] = "SSH密鑰的最小位大小:"; +$messages['sshpubkey'] = "SSH公鑰"; +$messages['sshkeyexample'] = "SSH密鑰(必須以:ssh-rsa AAAA ...)"; ?> diff --git a/lang/cs.inc.php b/lang/cs.inc.php index df8d0633..689f2acc 100644 --- a/lang/cs.inc.php +++ b/lang/cs.inc.php @@ -127,5 +127,10 @@ $messages['sshkeyerror'] = "SSH klíč byl odmítnut v adresáři LDAP"; $messages['sshkey'] = "SSH klíč"; $messages['menusshkey'] = "SSH klíč"; - +$messages['keyinvalid'] = "Klíč SSH je neplatný"; +$messages['keytoosmall'] = "Velikost bitů klíče SSH je příliš malá"; +$messages['sshkeypolicy'] = "Váš klíč SSH musí splňovat následující omezení:"; +$messages['sshkeypolicyminbits'] = "Minimální velikost bitového klíče SSH:"; +$messages['sshpubkey'] = "SSH veřejný klíč"; +$messages['sshkeyexample'] = "Klíč SSH (musí začínat s: ssh-rsa AAAA ...)"; ?> diff --git a/lang/de.inc.php b/lang/de.inc.php old mode 100755 new mode 100644 index 241b4b1a..34df86fc --- a/lang/de.inc.php +++ b/lang/de.inc.php @@ -129,5 +129,10 @@ $messages['changesshkeymessage'] = "Hallo {login}, \n\nDer SSH-Schlüssel wurde geändert.\n\nWenn Sie diese Änderung nicht eingeleitet haben, wenden Sie sich bitte umgehend an Ihren Administrator."; $messages['menusshkey'] = "SSH Schlüssel"; $messages['changesshkeysubject'] = "Ihr SSH-Schlüssel wurde geändert"; - +$messages['keyinvalid'] = "SSH-Schlüssel ist ungültig"; +$messages['keytoosmall'] = "SSH-Key-Bit-Größe ist zu klein"; +$messages['sshkeypolicy'] = "Ihr SSH-Schlüssel muss den folgenden Einschränkungen entsprechen:"; +$messages['sshkeypolicyminbits'] = "Minimale Bitgröße der SSH-Taste:"; +$messages['sshpubkey'] = "SSH Öffentlicher Schlüssel"; +$messages['sshkeyexample'] = "SSH Key (muss mit: ssh-rsa AAAA beginnen ...)"; ?> diff --git a/lang/el.inc.php b/lang/el.inc.php index cbb85969..0164fd38 100644 --- a/lang/el.inc.php +++ b/lang/el.inc.php @@ -127,5 +127,10 @@ $messages['menusshkey'] = "SSH Key"; $messages['changehelpsshkey'] = "Αλλάξτε SSH Key σας"; $messages['sshkey'] = "SSH Key"; - +$messages['keyinvalid'] = "Το κλειδί SSH δεν είναι έγκυρο"; +$messages['keytoosmall'] = "Το μέγεθος του κομματιού του κλειδιού SSH είναι πολύ μικρό"; +$messages['sshkeypolicy'] = "Το κλειδί SSH πρέπει να συμμορφώνεται με τους ακόλουθους περιορισμούς:"; +$messages['sshkeypolicyminbits'] = "Ελάχιστο μέγεθος bit του κλειδιού SSH:"; +$messages['sshpubkey'] = "SSH δημόσιο κλειδί"; +$messages['sshkeyexample'] = "Κλειδί SSH (πρέπει να ξεκινήσετε με: ssh-rsa AAAA ...)"; ?> diff --git a/lang/es.inc.php b/lang/es.inc.php index e1cb92cb..c975850b 100644 --- a/lang/es.inc.php +++ b/lang/es.inc.php @@ -128,5 +128,10 @@ $messages['emptysshkeychangeform'] = "Cambiar su clave SSH"; $messages['changesshkeyhelp'] = "Introduzca su contraseña y la nueva clave SSH."; $messages['sshkeyerror'] = "La clave SSH fue rechazada por el directorio LDAP"; - +$messages['keyinvalid'] = "La clave SSH no es válida"; +$messages['keytoosmall'] = "Tamaño de bit de clave SSH es demasiado pequeño"; +$messages['sshkeypolicy'] = "Su clave SSH debe cumplir con las siguientes restricciones:"; +$messages['sshkeypolicyminbits'] = "Tamaño de bit mínimo de la clave SSH:"; +$messages['sshpubkey'] = "Clave pública SSH"; +$messages['sshkeyexample'] = "Clave SSH (debe comenzar con: ssh-rsa AAAA ...)"; ?> diff --git a/lang/fr.inc.php b/lang/fr.inc.php index 22ad1da3..20a32de7 100644 --- a/lang/fr.inc.php +++ b/lang/fr.inc.php @@ -127,4 +127,10 @@ $messages['emptysshkeychangeform'] = "Changer votre clé SSH"; $messages['changesshkeyhelp'] = "Entrez votre mot de passe et la nouvelle clé SSH."; $messages['sshkeyerror'] = "La clé SSH a été refusée par le répertoire LDAP"; +$messages['keyinvalid'] = "La clé SSH est invalide"; +$messages['keytoosmall'] = "La taille de bit de la clé SSH est trop petite"; +$messages['sshkeypolicy'] = "Votre clé SSH doit être conforme aux contraintes suivantes:"; +$messages['sshkeypolicyminbits'] = "Taille de bit minimum de la clé SSH:"; +$messages['sshpubkey'] = "Clé publique SSH"; +$messages['sshkeyexample'] = "Clé SSH (doit commencer par: ssh-rsa AAAA ...)"; ?> diff --git a/lang/hu.inc.php b/lang/hu.inc.php index b38cbdb5..4b3cd05b 100644 --- a/lang/hu.inc.php +++ b/lang/hu.inc.php @@ -127,5 +127,10 @@ $messages['emptysshkeychangeform'] = "Változás az SSH kulcs"; $messages['changesshkeyhelp'] = "Írja be a jelszót és az új SSH kulcs."; $messages['sshkeyerror'] = "SSH kulcs elutasította az LDAP címtár"; - +$messages['keyinvalid'] = "Az SSH kulcs érvénytelen"; +$messages['keytoosmall'] = "Az SSH kulcs bitmérete túl kicsi"; +$messages['sshkeypolicy'] = "Az SSH kulcsnak meg kell felelnie az alábbi korlátozásoknak:"; +$messages['sshkeypolicyminbits'] = "Az SSH kulcs legkisebb bites mérete:"; +$messages['sshpubkey'] = "SSH nyilvános kulcs"; +$messages['sshkeyexample'] = "SSH kulcs (meg kell kezdeni: ssh-rsa AAAA ...)"; ?> diff --git a/lang/it.inc.php b/lang/it.inc.php index fb807ccf..f6774f10 100644 --- a/lang/it.inc.php +++ b/lang/it.inc.php @@ -127,4 +127,10 @@ $messages['emptysshkeychangeform'] = "Cambia la tua chiave SSH"; $messages['changesshkeyhelp'] = "Inserire la password e la nuova chiave SSH."; $messages['sshkeyerror'] = "SSH Key è stata rifiutata dalla directory LDAP"; +$messages['keyinvalid'] = "La chiave SSH non è valida"; +$messages['keytoosmall'] = "La dimensione del bit di chiave SSH è troppo piccola"; +$messages['sshkeypolicy'] = "La chiave SSH deve essere conforme ai seguenti vincoli:"; +$messages['sshkeypolicyminbits'] = "Dimensione bit minima del tasto SSH:"; +$messages['sshpubkey'] = "SSH chiave pubblica"; +$messages['sshkeyexample'] = "SSH Key (deve iniziare con: ssh-rsa AAAA ...)"; ?> diff --git a/lang/ja.inc.php b/lang/ja.inc.php index 8b8ce00f..04692607 100644 --- a/lang/ja.inc.php +++ b/lang/ja.inc.php @@ -127,5 +127,10 @@ $messages['emptysshkeychangeform'] = "SSHキーを変更する"; $messages['changesshkeyhelp'] = "パスワードと新しいSSHキーを入力してください。"; $messages['sshkeyerror'] = "SSHキーがLDAPディレクトリによって拒否されました"; - +$messages['keyinvalid'] = "SSHキーが無効です"; +$messages['keytoosmall'] = "SSHキーのビットサイズが小さすぎます"; +$messages['sshkeypolicy'] = "あなたのSSH鍵は以下の制約に従わなければなりません:"; +$messages['sshkeypolicyminbits'] = "SSHキーの最小ビットサイズ:"; +$messages['sshpubkey'] = "SSH公開鍵"; +$messages['sshkeyexample'] = "SSHキー(:ssh-rsa AAAA ...で始まる必要があります)"; ?> diff --git a/lang/nl.inc.php b/lang/nl.inc.php index aea9989d..f843dc16 100644 --- a/lang/nl.inc.php +++ b/lang/nl.inc.php @@ -129,5 +129,10 @@ $messages['emptysshkeychangeform'] = "Verander je SSH Key"; $messages['changesshkeyhelp'] = "Voer uw wachtwoord in en nieuwe SSH sleutel."; $messages['sshkeyerror'] = "SSH Key werd geweigerd door de LDAP-directory"; - +$messages['keyinvalid'] = "SSH-sleutel is ongeldig"; +$messages['keytoosmall'] = "SSH-sleutelbitsgrootte is te klein"; +$messages['sshkeypolicy'] = "Uw SSH-sleutel moet voldoen aan de volgende beperkingen:"; +$messages['sshkeypolicyminbits'] = "Minimum bitmaat van SSH-sleutel:"; +$messages['sshpubkey'] = "SSH Public Key"; +$messages['sshkeyexample'] = "SSH Key (moet beginnen met: ssh-rsa AAAA ...)"; ?> diff --git a/lang/pl.inc.php b/lang/pl.inc.php index 7dd9bad7..e8d1fc57 100644 --- a/lang/pl.inc.php +++ b/lang/pl.inc.php @@ -129,5 +129,10 @@ $messages['emptysshkeychangeform'] = "Zmień swój klucz SSH"; $messages['changesshkeyhelp'] = "Wprowadź swoje hasło i nowy klucz SSH."; $messages['sshkeyerror'] = "SSH Key został odrzucony przez katalogu LDAP"; - +$messages['keyinvalid'] = "Klucz SSH jest nieprawidłowy"; +$messages['keytoosmall'] = "Rozmiar bitów klucza SSH jest za mały"; +$messages['sshkeypolicy'] = "Klucz SSH musi odpowiadać następującym ograniczeniom:"; +$messages['sshkeypolicyminbits'] = "Minimalna wielkość bitowa klucza SSH:"; +$messages['sshpubkey'] = "Klucz publiczny SSH"; +$messages['sshkeyexample'] = "Klucz SSH (musi zaczynać się od: ssh-rsa AAAA ...)"; ?> diff --git a/lang/pt-BR.inc.php b/lang/pt-BR.inc.php index b9d2dd83..8dd3eb8b 100644 --- a/lang/pt-BR.inc.php +++ b/lang/pt-BR.inc.php @@ -127,5 +127,10 @@ $messages['emptysshkeychangeform'] = "Alterar a chave SSH"; $messages['changesshkeyhelp'] = "Digite sua senha e a nova chave SSH."; $messages['sshkeyerror'] = "A chave SSH foi recusada pelo diretório LDAP"; - +$messages['keyinvalid'] = "A chave SSH é inválida"; +$messages['keytoosmall'] = "O tamanho da chave SSH é muito pequeno"; +$messages['sshkeypolicy'] = "Sua chave SSH deve estar em conformidade com as seguintes restrições:"; +$messages['sshkeypolicyminbits'] = "Tamanho mínimo de bits da chave SSH:"; +$messages['sshpubkey'] = "Chave pública SSH"; +$messages['sshkeyexample'] = "Chave SSH (deve começar com: ssh-rsa AAAA ...)"; ?> diff --git a/lang/pt-PT.inc.php b/lang/pt-PT.inc.php index 2feb208a..c2bfaf4b 100644 --- a/lang/pt-PT.inc.php +++ b/lang/pt-PT.inc.php @@ -127,5 +127,10 @@ $messages['emptysshkeychangeform'] = "Alterar a chave SSH"; $messages['changesshkeyhelp'] = "Digite sua senha e a nova chave SSH."; $messages['sshkeyerror'] = "A chave SSH foi recusada pelo diretório LDAP"; - +$messages['keyinvalid'] = "A chave SSH é inválida"; +$messages['keytoosmall'] = "O tamanho da chave SSH é muito pequeno"; +$messages['sshkeypolicy'] = "Sua chave SSH deve estar em conformidade com as seguintes restrições:"; +$messages['sshkeypolicyminbits'] = "Tamanho mínimo de bits da chave SSH:"; +$messages['sshpubkey'] = "Chave pública SSH"; +$messages['sshkeyexample'] = "Chave SSH (deve começar com: ssh-rsa AAAA ...)"; ?> diff --git a/lang/ru.inc.php b/lang/ru.inc.php index 379820a4..6a83fbbf 100644 --- a/lang/ru.inc.php +++ b/lang/ru.inc.php @@ -127,5 +127,10 @@ $messages['emptysshkeychangeform'] = "Изменение ключа SSH"; $messages['changesshkeyhelp'] = "Введите свой пароль и новый ключ SSH."; $messages['sshkeyerror'] = "Ключ SSH был отклонен каталогом LDAP"; - +$messages['keyinvalid'] = "Ключ SSH недействителен."; +$messages['keytoosmall'] = "Размер ключа SSH слишком мал"; +$messages['sshkeypolicy'] = "Ключ SSH должен соответствовать следующим ограничениям:"; +$messages['sshkeypolicyminbits'] = "Минимальный размер ключа SSH:"; +$messages['sshpubkey'] = "Открытый ключ SSH"; +$messages['sshkeyexample'] = "Ключ SSH (должен начинаться с: ssh-rsa AAAA ...)"; ?> diff --git a/lang/sk.inc.php b/lang/sk.inc.php index 020e316b..e3bc707a 100644 --- a/lang/sk.inc.php +++ b/lang/sk.inc.php @@ -127,5 +127,10 @@ $messages['emptysshkeychangeform'] = "Zmeňte svoj SSH kľúč"; $messages['changesshkeyhelp'] = "Zadajte heslo a nové SSH kľúč."; $messages['sshkeyerror'] = "SSH kľúč bol odmietnutý v adresári LDAP"; - +$messages['keyinvalid'] = "Kľúč SSH je neplatný"; +$messages['keytoosmall'] = "Veľkosť bitového kľúča SSH je príliš malá"; +$messages['sshkeypolicy'] = "Váš kľúč SSH musí spĺňať nasledujúce obmedzenia:"; +$messages['sshkeypolicyminbits'] = "Minimálna veľkosť bitov SSH kľúča:"; +$messages['sshpubkey'] = "SSH verejný kľúč"; +$messages['sshkeyexample'] = "SSH kľúč (musí začínať s: ssh-rsa AAAA ...)"; ?> diff --git a/lang/sl.inc.php b/lang/sl.inc.php index cf39262f..f23c68ca 100644 --- a/lang/sl.inc.php +++ b/lang/sl.inc.php @@ -127,5 +127,10 @@ $messages['emptysshkeychangeform'] = "Spreminjanje SSH ključ"; $messages['changesshkeyhelp'] = "Vnesite geslo in nov ključ SSH."; $messages['sshkeyerror'] = "SSH Ključna je bila zavrnjena z imeniku LDAP"; - +$messages['keyinvalid'] = "ključ SSH je neveljaven"; +$messages['keytoosmall'] = "SSH ključ bit velikost je premajhna"; +$messages['sshkeypolicy'] = "Vaš SSH ključ mora biti v skladu z naslednjimi omejitvami:"; +$messages['sshkeypolicyminbits'] = "Minimalna velikost malo ključa SSH:"; +$messages['sshpubkey'] = "SSH javnih ključev"; +$messages['sshkeyexample'] = "SSH Key (mora začeti z: ssh-RSA AAAA ...)"; ?> diff --git a/lang/sv.inc.php b/lang/sv.inc.php index d740e4a9..b93c88db 100644 --- a/lang/sv.inc.php +++ b/lang/sv.inc.php @@ -127,5 +127,10 @@ $messages['emptysshkeychangeform'] = "Ändra din SSH Key"; $messages['changesshkeyhelp'] = "Ange ditt lösenord och ny SSH-nyckel."; $messages['sshkeyerror'] = "SSH Key avslogs av LDAP-katalogen"; - +$messages['keyinvalid'] = "SSH-tangenten är ogiltig"; +$messages['keytoosmall'] = "SSH-nyckelbitstorleken är för liten"; +$messages['sshkeypolicy'] = "Din SSH-nyckel måste överensstämma med följande begränsningar:"; +$messages['sshkeypolicyminbits'] = "Minsta bitstorlek för SSH-nyckel:"; +$messages['sshpubkey'] = "SSH Public Key"; +$messages['sshkeyexample'] = "SSH-nyckel (måste börja med: ssh-rsa AAAA ...)"; ?> diff --git a/lang/tr.inc.php b/lang/tr.inc.php index 71d9a8e8..4c8a7ca1 100644 --- a/lang/tr.inc.php +++ b/lang/tr.inc.php @@ -127,5 +127,10 @@ $messages['emptysshkeychangeform'] = "SSH Anahtarınızı Değiştirin"; $messages['changesshkeyhelp'] = "Parolanızı ve yeni SSH anahtarınızı girin."; $messages['sshkeyerror'] = "SSH Anahtarı LDAP dizini tarafından reddedildi"; - +$messages['keyinvalid'] = "SSH anahtarı geçersiz"; +$messages['keytoosmall'] = "SSH anahtar biti boyutu çok küçük"; +$messages['sshkeypolicy'] = "SSH anahtarınızın aşağıdaki sınırlamalara uyması gerekir:"; +$messages['sshkeypolicyminbits'] = "SSH anahtarının minimum bit boyutu:"; +$messages['sshpubkey'] = "SSH Genel Anahtarı"; +$messages['sshkeyexample'] = "SSH Anahtarı (başlama: ssh-rsa AAAA ...)"; ?> diff --git a/lang/uk.inc.php b/lang/uk.inc.php index 6f87307d..aef6c081 100644 --- a/lang/uk.inc.php +++ b/lang/uk.inc.php @@ -128,5 +128,10 @@ $messages['emptysshkeychangeform'] = "Змінити ключ SSH"; $messages['changesshkeyhelp'] = "Введіть свій пароль і новий ключ SSH."; $messages['sshkeyerror'] = "SSH Key була відхилена каталогом LDAP"; - +$messages['keyinvalid'] = "ключ SSH є недійсним"; +$messages['keytoosmall'] = "SSH біт ключа розмір занадто малий"; +$messages['sshkeypolicy'] = "Ваш ключ SSH повинен відповідати наступним обмеженням:"; +$messages['sshkeypolicyminbits'] = "Мінімальний розмір біт ключа SSH:"; +$messages['sshpubkey'] = "SSH Public Key"; +$messages['sshkeyexample'] = "SSH ключ (повинен починатися з: SSH-АААА ... RSA)"; ?> diff --git a/lang/zh-CN.inc.php b/lang/zh-CN.inc.php index 7e68cb6a..66e63b3b 100644 --- a/lang/zh-CN.inc.php +++ b/lang/zh-CN.inc.php @@ -127,5 +127,10 @@ $messages['emptysendsmsform'] = "Get a reset code"; $messages['sameaslogin'] = "您的新密码与您的用户名相同"; $messages['policydifflogin'] = "您的新密码不能与您的用户名相同"; - +$messages['keyinvalid'] = "SSH密钥无效"; +$messages['keytoosmall'] = "SSH密钥位的大小太小"; +$messages['sshkeypolicy'] = "您的SSH密钥必须符合以下约束:"; +$messages['sshkeypolicyminbits'] = "SSH密钥的最小位大小:"; +$messages['sshpubkey'] = "SSH公钥"; +$messages['sshkeyexample'] = "SSH密钥(必须以:ssh-rsa AAAA ...)"; ?> From 75dbea70b6e8ed76ab2651271712bc32715aaaaf Mon Sep 17 00:00:00 2001 From: Kage Date: Mon, 8 May 2017 19:18:11 +0000 Subject: [PATCH 3/3] Somehow I forgot the main part @_@ --- lib/functions.inc.php | 44 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/lib/functions.inc.php b/lib/functions.inc.php index c7270df6..172bb0d1 100644 --- a/lib/functions.inc.php +++ b/lib/functions.inc.php @@ -172,6 +172,27 @@ function show_policy( $messages, $pwd_policy_config, $result ) { echo "\n"; } +# Display SSH key policy bloc +# @return HTML code +function show_sshkey_policy( $messages, $sshkey_policy_config, $result ) { + extract( $sshkey_policy_config ); + + # Should we display it? + if ( !$sshkey_show_policy or $sshkey_show_policy === "never" ) { return; } + if ( $sshkey_show_policy === "onerror" ) { + if ( !preg_match( "/keyinvalid|keytoosmall/" , $result) ) { return; } + } + + # Display bloc + echo "
\n"; + echo "

".$messages["sshkeypolicy"]."

\n"; + echo "
    \n"; + if ( $sshkey_min_bits ) { echo "
  • ".$messages["sshkeypolicyminbits"] ." $sshkey_min_bits
    • \n"; } + echo "
\n"; + echo "
\n"; +} + + # Check password strength # @return result code function check_password_strength( $password, $oldpassword, $pwd_policy_config, $login ) { @@ -239,6 +260,29 @@ function check_password_strength( $password, $oldpassword, $pwd_policy_config, $ return $result; } +function check_sshkey( $ssh_pubkey, $sshkey_policy_config ) { + extract( $sshkey_policy_config ); + + # Split up the SSH key + $parts = explode(' ', $ssh_pubkey); + + # Check this gave us at least two parts, and SSH key type is valid + if (count($parts) < 2 || $parts[0] != 'ssh-rsa') { return "keyinvalid"; } + + # Unpack the SSH public key and get the bits from headers [19,22] + $hex = base64_decode($parts[1]); + $hexstr = unpack('H44', $hex); + $bits = ((hexdec(substr($hexstr[1], -8))-1)*8); + + # Length is a valid number? + if ($bits != 1024 && $bits != 2048 && $bits != 4096) { return "keyinvalid"; } + + # Length is at least our minimum size? + if ($sshkey_min_bits > $bits) { return "keytoosmall"; } + + return ""; +} + # Change password # @return result code function change_password( $ldap, $dn, $password, $ad_mode, $ad_options, $samba_mode, $samba_options, $shadow_options, $hash, $hash_options, $who_change_password, $oldpassword ) {