Adding base logic for managing ssh keys

includes/config.ini.example

@@ -1,4 +1,6 @@
 [ldap_server]
 hostname = "example.com"
 port = "389"
-basedn = "ou=people,dc=example,dc=com"
+basedn = "ou=people,dc=example,dc=com"
+binddn = "cn=admin,dc=example,dc=com"
+bindpw = "SECRET"

public/index.php

@@ -2,6 +2,7 @@
 require_once '../vendor/autoload.php';
 
 require_once __DIR__ . '/../src/controllers/user.php';
+require_once __DIR__ . '/../src/controllers/ssh.php';
 
 function get_view($view_name) {
     try {
@@ -23,6 +24,10 @@ $dispatcher = FastRoute\simpleDispatcher(function(FastRoute\RouteCollector $r) {
     $r->addRoute('GET', '/changepassword', 'form_password');
     $r->addRoute('POST', '/changepassword', 'change_password');
     $r->addRoute('GET', '/signout', 'signout');
+    $r->addRoute('GET', '/ssh', 'form_ssh');
+    $r->addRoute('GET', '/getsshkeys', 'get_ssh_keys');
+    $r->addRoute('POST', '/addsshkey', 'add_ssh_key');
+    $r->addRoute('POST', '/delsshkey', 'del_ssh_key');
 });
 
 // Fetch method and URI from somewhere

src/controllers/ssh.php

@@ -0,0 +1,21 @@
+<?php
+require_once '../src/models/ssh.php';
+
+function form_ssh() {
+    session_start();
+
+    if (!isset($_SESSION['user'])) {
+        header('Location: signin');
+        exit();
+    }
+
+    if (!$_SESSION['SSH_KEYS']) {
+        header ('Location: home');
+        exit();
+    }
+
+    $template = get_view("sshhomepage");
+
+    echo $template->render();
+    //unset($_SESSION['message']);
+}

src/controllers/user.php

@@ -108,13 +108,16 @@ function auth() {
 
     $id = htmlspecialchars($_POST['id']);
 
-    if (!UserModel\auth($id, $_POST['password'])) {
-        $_SESSION['message'] = "Wrong username or password";
+    $auth_res = UserModel\auth($id, $_POST['password']);
+
+    if (!$auth_res[0]) {
+        $_SESSION['message'] = $auth_res[1];
         header('Location: /');
         exit();
     }
 
     $_SESSION['user'] = $id;
+    $_SESSION['SSH_KEYS'] = $auth_res[1]['SSH_KEYS'];
     header('Location: home');
     exit();
 }

src/models/ssh.php

@@ -0,0 +1,3 @@
+<?php
+
+namespace SshModel;

src/models/user.php

@@ -2,6 +2,41 @@
 
 namespace UserModel;
 
+function get_user_infos($id) {
+    $ini = parse_ini_file('../includes/config.ini');
+    try {
+        $ldapconn = ldap_connect($ini['hostname'], $ini['port']);
+        ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
+        ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
+    } catch (Exception $e) {
+        die ('ERROR: ' . $e->getMessage());
+    }
+
+    if (!$ldapconn) {
+        return false;
+    }
+
+    $ldapbind = @ldap_bind($ldapconn, $ini["binddn"], $ini["bindpw"]);
+    if (!$ldapbind) {
+        return false;
+    }
+
+    // Check if user can store ssh keys
+    $filter = "(&(uid=" . $id . ")(objectClass=ldapPublicKey))";
+    $attributes = array("ldapPublicKey");
+    
+    $res = ldap_search($ldapconn, $ini["basedn"], $filter, $attributes);
+    $info = ldap_get_entries($ldapconn, $res);
+
+    if ($info["count"] > 0) {
+        $ssh_keys = true;
+    } else {
+        $ssh_keys = false;
+    }
+
+    return array("SSH_KEYS" => $ssh_keys);
+}
+
 function auth($id, $passwd) {
     $ini = parse_ini_file('../includes/config.ini');
     try {
@@ -13,12 +48,18 @@ function auth($id, $passwd) {
     }
     
     if ($ldapconn) {
+
         $ldapbind = @ldap_bind($ldapconn, "uid=" . ldap_escape($id) . ',' . $ini["basedn"], $passwd);
-        if ($ldapbind) {
-            return true;
-        } else {
-            return false;
+
+        $user_infos = get_user_infos($id);
+        if (!$user_infos) {
+            return array(false, "A problem occured getting your account informations, contact admins");
         }
+        if (!$ldapbind) {
+            return array(false, "Wrong username or password");
+        }
+
+        return array(true, $user_infos);
     }   
 }
 

templates/home.html.twig

@@ -8,6 +8,9 @@
         <ul>
             <li><a href="changepassword">Change password</a></li>
             <li><a href="signout">Sign out</a></li>
+            {% if session.SSH_KEYS %}
+            <li><a href="ssh">Manage SSH Keys</a></li>
+            {% endif %}
         </ul>
     </body>
 </html>

templates/sshhomepage.html.twig

@@ -0,0 +1 @@
+It works!