From a0e6cea771422cd3b725fd8fdd59cb6cca378389 Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Tue, 26 Mar 2019 19:52:36 +0100
Subject: [PATCH] Add SSH LSaddon

---
 debian/control                                |   2 +-
 .../conf/LSaddons/config.LSaddons.ssh.php     |  31 +++
 public_html/includes/addons/LSaddons.ssh.php  | 263 ++++++++++++++++++
 3 files changed, 295 insertions(+), 1 deletion(-)
 create mode 100644 public_html/conf/LSaddons/config.LSaddons.ssh.php
 create mode 100644 public_html/includes/addons/LSaddons.ssh.php

diff --git a/debian/control b/debian/control
index c8d085d0..0ea3bea9 100644
--- a/debian/control
+++ b/debian/control
@@ -7,7 +7,7 @@ Maintainer: Benjamin Renard <brenard@easter-eggs.com>
 Package: ldapsaisie
 Architecture: all
 Depends: apache2 | httpd, php-ldap | php5-ldap, php-fpm | libapache2-mod-php5 | libapache2-mod-php | php5-cli | php-cli, smarty | smarty3, php-net-ldap2, php-net-ftp, php-mail, php-file-csv-datasource
-Recommends: php-mbstring
+Recommends: php-mbstring, php-phpseclib
 Description:  web based interface for managing LDAP servers content
  LdapSaisie is a Web application developed to manage LDAP directory.
  It has been written in PHP / JavaScript and is published under the
diff --git a/public_html/conf/LSaddons/config.LSaddons.ssh.php b/public_html/conf/LSaddons/config.LSaddons.ssh.php
new file mode 100644
index 00000000..115c17c6
--- /dev/null
+++ b/public_html/conf/LSaddons/config.LSaddons.ssh.php
@@ -0,0 +1,31 @@
+<?php
+/*******************************************************************************
+ * Copyright (C) 2007 Easter-eggs
+ * http://ldapsaisie.labs.libre-entreprise.org
+ *
+ * Author: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+******************************************************************************/
+
+/*
+ ************************************************
+ * Données de configuration pour le support FTP *
+ ************************************************
+ */
+
+// PhpSecLib autoload file path
+define('PHPSECLIB_AUTOLOAD','/usr/share/php/phpseclib/autoload.php');
+
diff --git a/public_html/includes/addons/LSaddons.ssh.php b/public_html/includes/addons/LSaddons.ssh.php
new file mode 100644
index 00000000..dbcdcf9f
--- /dev/null
+++ b/public_html/includes/addons/LSaddons.ssh.php
@@ -0,0 +1,263 @@
+<?php
+/*******************************************************************************
+ * Copyright (C) 2007 Easter-eggs
+ * http://ldapsaisie.labs.libre-entreprise.org
+ *
+ * Author: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+******************************************************************************/
+
+use phpseclib\Net\SSH2;
+use phpseclib\Net\SFTP;
+use phpseclib\Crypt\RSA;
+
+// Messages d'erreur
+
+// Support
+LSerror :: defineError('SSH_SUPPORT_01',
+  _("SSH Support : PhpSecLib is missing.")
+);
+
+LSerror :: defineError('SSH_SUPPORT_02',
+  _("SSH Support : The constant %{const} is not defined.")
+);
+
+
+// Autres erreurs
+LSerror :: defineError('SSH_01',
+  _("SSH : Invalid connection paramater : %{param} parameter is missing.")
+);
+LSerror :: defineError('SSH_02',
+  _("SSH : Authentication key file not found (or not accessible, file path : '%{path}')")
+);
+LSerror :: defineError('SSH_03',
+  _("SSH : Fail to load authentication key (%{path}).")
+);
+LSerror :: defineError('SSH_04',
+  _("SSH Support : Unable to connect to SSH Server (%{host}:%{port}).")
+);
+LSerror :: defineError('SSH_05',
+  _("SSH Support : Unable to make directory %{dir} on the remote server.")
+);
+LSerror :: defineError('SSH_06',
+  _("SSH Support : Unable to delete directory %{dir} on the remote server.")
+);
+LSerror :: defineError('SSH_07',
+  _("SSH Support : Unable to rename folder from %{old} to %{new} on the remote server.")
+);
+
+ /**
+  * Check LdapSaisie SSH support
+  * 
+  * @author Benjamin Renard <brenard@easter-eggs.com>
+  *
+  * @retval boolean true if SSH is fully supported, false otherwise
+  */
+  function LSaddon_ssh_support() {
+    $retval=true;
+
+    // Check PhpSecLib library
+    if (!defined('PHPSECLIB_AUTOLOAD')) {
+      LSerror :: addErrorCode('SSH_SUPPORT_02','PHPSECLIB_AUTOLOAD');
+      $retval=false;
+    } else if(!LSsession::includeFile(PHPSECLIB_AUTOLOAD)) {
+      LSerror :: addErrorCode('SSH_SUPPORT_01');
+      $retval=false;
+    }
+
+    return $retval;
+  }
+
+
+
+ /**
+  * Connect to an SFTP server
+  * 
+  * @author Benjamin Renard <brenard@easter-eggs.com>
+  * 
+  * @param[in] $params array The SSH connexion parameters
+  * @param[in] $sftp boolean Enable SFTP mode (default : false)
+  *
+  * @retval mixed SSH2/SFTP object or false
+  */
+  function connectToSSH($params, $sftp=false) {
+    if (!isset($params['host'])) {
+      LSerror :: addErrorCode('SSH_01',"host");
+      return false;
+    }
+    $host = $params['host'];
+
+    if (!isset($params['user'])) {
+      LSerror :: addErrorCode('SSH_01',"user");
+      return false;
+    }
+    $user = $params['user'];
+
+    $port = (isset($params['port'])?$params['port']:22);
+    $timeout = (isset($params['timeout'])?$params['timeout']:22);
+
+    if (isset($params['auth_key'])) {
+      if (!isset($params['auth_key']['file_path'])) {
+        LSerror :: addErrorCode('SSH_01',"auth_key -> file_path");
+        return false;
+      }
+      $key_file_path = $params['auth_key']['file_path'];
+      if (!is_file($key_file_path) || !is_readable($key_file_path)) {
+        LSerror :: addErrorCode('SSH_02', $key_file_path);
+        return false;
+      }
+
+      $password = new RSA();
+
+      if (isset($params['auth_key']['password'])) {
+        $password -> setPassword($params['auth_key']['password']);
+      }
+
+      $key_content = file_get_contents($key_file_path);
+      if (!$password -> loadKey($key_content)) {
+        LSerror :: addErrorCode('SSH_03', $key_file_path);
+        return;
+      }
+    }
+    elseif (isset($params['password'])) {
+      $password = $params['password'];
+    }
+    else {
+      LSerror :: addErrorCode('SSH_01',"authentication");
+      return false;
+    }
+
+    if (isset($sftp))
+      $cnx = new SFTP($host, $port, $timeout);
+    else
+      $cnx = new SSH2($host, $port, $timeout);
+
+    if (!$cnx->login($user, $password)) {
+      LSerror :: addErrorCode('SSH_04', array('host' => $host, 'port' => $port));
+      return false; 
+    }
+
+    return $cnx;
+  }
+  
+ /**
+  * Create one or more directories throught SFTP
+  * 
+  * @author Benjamin Renard <brenard@easter-eggs.com>
+  * 
+  * @param[in] $connection_params array Connection parameters
+  * @param[in] $dirs array|string The directory/ies to add
+  * @param[in] $mode integer The directory/ies mode (default : default umask on the SSH server)
+  * @param[in] $recursive boolean Enable recursive mode (default : false)
+  * @param[in] $continue boolean Enable continue mode : do not on error (default : false)
+  *
+  * @retval boolean
+  */
+  function createDirsBySFTP($connection_params, $dirs, $chmod=-1, $recursive=false, $continue=false) {
+    $cnx = connectToSSH($connection_params, true);
+    if (! $cnx){
+      return;
+    }
+    if (!is_array($dirs)) {
+      $dirs = array($dirs);
+    }
+    $retval=true;
+    foreach($dirs as $dir) {
+      if (!$cnx -> mkdir($dir, $chmod, $recursive)) {
+        LSerror :: addErrorCode('SSH_05',$dir);
+        if (!$continue) return false;
+        $retval=false;
+      }
+    }
+    return $retval;
+  }
+
+ /**
+  * Delete one or more directories throught SFTP
+  * 
+  * @author Benjamin Renard <brenard@easter-eggs.com>
+  * 
+  * @param[in] $connection_params array Connection parameters
+  * @param[in] $dirs array|string The directory/ies to remove
+  * @param[in] $recursive boolean Enable recursive mode (default : false)
+  * @param[in] $continue boolean Enable continue mode : do not on error (default : false)
+  *
+  * @retval boolean
+  */
+  function removeDirsBySFTP($connection_params, $dirs, $recursive=false) {
+    $cnx = connectToSSH($connection_params, true);
+    if (! $cnx){
+      return;
+    }
+    if (!is_array($dirs)) {
+      $dirs = array($dirs);
+    }
+    $retval=true;
+    foreach($dirs as $dir) {
+      if (!$cnx -> delete($dir, $recursive)) {
+        LSerror :: addErrorCode('SSH_06',$dir);
+        if (!$continue) return false;
+        $retval=false;
+      }
+    }
+    return $retval;
+  }
+
+ /**
+  * Rename a directory throught SFTP
+  * 
+  * @author Benjamin Renard <brenard@easter-eggs.com>
+  * 
+  * @param[in] $connection_params array Connection parameters
+  * @param[in] $old  string The actual directory path to rename
+  * @param[in] $new  string The new directory path
+  *
+  * @retval boolean
+  */
+  function renameDirBySFTP($connection_params, $old, $new) {
+    $cnx = connectToSSH($connection_params, true);
+    if (! $cnx){
+      return;
+    }
+    if (!$cnx -> rename($old, $new)) {
+      LSerror :: addErrorCode('SSH_07',array('old' => $old,'new' => $new));
+      return;
+    }
+    return true;
+  }
+
+ /**
+  * Exec a command throught SSH
+  * 
+  * @author Benjamin Renard <brenard@easter-eggs.com>
+  * 
+  * @param[in] $connection_params array Connection parameters
+  * @param[in] $cmd  string The command to run on remote server
+  *
+  * @retval mixed False if connection fail and an array otherwise, with
+  *               exit code as first value and the command outup as second
+  *               one (stdout + stderr).
+  */
+  function execBySSH($connection_params, $cmd) {
+    $cnx = connectToSSH($connection_params);
+    if (! $cnx){
+      return;
+    }
+    $result = $cnx -> exec($cmd);
+    $exit_status = $cnx->getExitStatus();
+    return array($exit_status, $result);
+  }
+