├── VERSION
├── .gitmodules
├── data
├── templates
│ ├── us
│ │ └── TOS.txt
│ └── fr
│ │ └── TOS.txt
├── sshgate.conf
└── sshgate.setup
├── tests
├── sshgate.test.conf
├── coverage
├── usergroup.testcase
├── user.testcase
├── access.testcase
├── target.testcase
└── test.sh
├── bin
├── archive-log.sh
├── core
│ ├── help.func
│ ├── target-known_hosts.func
│ ├── usergroup.func
│ ├── sshgate.core
│ ├── target-sshkey.func
│ ├── record.func
│ ├── target-access.func
│ ├── target.func
│ ├── target-ssh.func
│ └── user.func
├── sshgate-bridge
└── sshgate-cli
├── README
└── COPYING
/VERSION:
--------------------------------------------------------------------------------
1 | 0.3-beta
2 |
--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "lib"]
2 | path = lib
3 | url = git://github.com/Tauop/ScriptHelper.git
4 |
--------------------------------------------------------------------------------
/data/templates/us/TOS.txt:
--------------------------------------------------------------------------------
1 | *******************************************************************************
2 | All actions you perform on servers, which you connect with the gateway sshGate
3 | to, are recorded. By the way, sshGate administrators are able to diagnose a
4 | problem on a server, and find which command results in the malfunction.
5 | *******************************************************************************
6 |
7 | Do you accept those Term of Service (TOS) ?
8 |
--------------------------------------------------------------------------------
/data/templates/fr/TOS.txt:
--------------------------------------------------------------------------------
1 | *******************************************************************************
2 | Toutes les actions que vous réalisez sur les serveurs sur lesquels vous vous
3 | connectez avec la passerelle sshGate sont enregistrées. Cela permet notamment
4 | aux administrateurs de la passerelle sshGate de pouvoir diagnostiquer un
5 | problème sur un serveur, et de trouver la mauvaise manipulation dont le
6 | dysfonctionnement résulte.
7 |
8 | Pour toute information sur vos droits et les traitements automatiques
9 | réalisées, vous pouvez consulter la note de service "CNIL", notre responsable
10 | juridique ou les délégués du personnel.
11 |
12 | *******************************************************************************
13 |
14 | Acceptez-vous ces Conditions Générale d'Utilisation (CGU) ?
15 |
--------------------------------------------------------------------------------
/tests/sshgate.test.conf:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright (c) 2010 Linagora
3 | # Patrick Guiran .
18 | #
19 |
20 | SSHGATE_VERSION='%% __SSHGATE_VERSION__ %%' # set by build.sh
21 | SSHGATE_BUILD='%% __SSHGATE_BUILD__ %%' # set by build.sh
22 |
23 | # where is installed sshGate ?
24 | SSHGATE_DIRECTORY='/opt/sshgate'
25 |
26 | # local unix account for using sshgate
27 | SSHGATE_GATE_ACCOUNT='sshgate'
28 | SSHGATE_ALLOW_REMOTE_COMMAND='Y'
29 | SSHGATE_USE_REMOTE_ADMIN_CLI='Y'
30 | SSHGATE_USERS_MUST_ACCEPT_TOS='Y'
31 |
32 | # editor to use when editing files
33 | SSHGATE_EDITOR='vim'
34 |
35 | # default path where files where sent to the target host
36 | SSHGATE_TARGETS_SCP_PATH='~'
37 |
38 | # default user to use when login to a target host
39 | SSHGATE_TARGETS_DEFAULT_SSH_LOGIN='root'
40 |
41 | # to activate recap email sending
42 | SSHGATE_MAIL_SEND='N'
43 | SSHGATE_MAIL_TO='sshgate@linagora.com'
44 | SSHGATE_MAIL_SUBJECT='[sshGate] modifications report'
45 |
--------------------------------------------------------------------------------
/data/sshgate.conf:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright (c) 2010 Linagora
3 | # Patrick Guiran .
18 | #
19 |
20 | SSHGATE_VERSION='%% __SSHGATE_VERSION__ %%' # set by build.sh
21 | SSHGATE_BUILD='%% __SSHGATE_BUILD__ %%' # set by build.sh
22 |
23 | # where is installed sshGate ? /!\ can't be modified after installation /!\
24 | SSHGATE_DIRECTORY='/opt/sshgate'
25 |
26 | # where sshGate can get ScriptHelper ? /!\ can't be modified after installation /!\
27 | SCRIPT_HELPER_DIRECTORY='/opt/sshgate/bin/lib'
28 |
29 | # local unix account for using sshgate /!\ can't be modified after installation /!\
30 | SSHGATE_GATE_ACCOUNT='sshgate'
31 |
32 | SSHGATE_ALLOW_REMOTE_COMMAND='Y'
33 | SSHGATE_USE_REMOTE_ADMIN_CLI='Y'
34 | SSHGATE_SUDO_WITH_NOPASSWORD='Y'
35 | SSHGATE_USERS_MUST_ACCEPT_TOS='Y'
36 |
37 | # editor to use when editing files. leave it empty to use ${EDITOR}
38 | SSHGATE_EDITOR=''
39 |
40 | # default path where files where sent to the target host
41 | SSHGATE_TARGETS_SCP_PATH='~'
42 |
43 | # default user to use when login to a target host
44 | SSHGATE_TARGETS_DEFAULT_SSH_LOGIN='root'
45 |
46 | SSHGATE_DEFAULT_LANGUAGE='us'
47 |
48 | # to activate recap email sending
49 | SSHGATE_MAIL_SEND='N'
50 | SSHGATE_MAIL_TO='you@yourdomain.tld'
51 | SSHGATE_MAIL_SUBJECT='[sshGate] modifications report'
52 |
--------------------------------------------------------------------------------
/bin/archive-log.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) 2010 Linagora
4 | # Patrick Guiran
5 | # http://github.com/Tauop/sshGate
6 | #
7 | # sshGate is free software, you can redistribute it and/or modify
8 | # it under the terms of the GNU General Public License as
9 | # published by the Free Software Foundation; either version 2 of
10 | # the License, or (at your option) any later version.
11 | #
12 | # sshGate is distributed in the hope that it will be useful,
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | # GNU General Public License for more details.
16 | #
17 | # You should have received a copy of the GNU Lesser General Public License
18 | # along with this program. If not, see .
19 | #
20 |
21 | if [ $# -eq 1 ]; then
22 | month_ago="$1"
23 | fi
24 |
25 | # load dependencies
26 | load() {
27 | local var= value= file=
28 |
29 | var="$1"; file="$2"
30 | value=$( eval "echo \"\${${var}:-}\"" )
31 |
32 | [ -n "${value}" ] && return 1;
33 | if [ -f "${file}" ]; then
34 | . "${file}"
35 | else
36 | echo "ERROR: Unable to load ${file}"
37 | exit 2
38 | fi
39 | return 0;
40 | }
41 |
42 |
43 | load SSHGATE_DIRECTORY '/etc/sshgate.conf'
44 | load SCRIPT_HELPER_DIRECTORY '/etc/ScriptHelper.conf'
45 |
46 | load __SSHGATE_SETUP__ "${SSHGATE_DIRECTORY}/data/sshgate.setup"
47 | load __LIB_RANDOM__ "${SCRIPT_HELPER_DIRECTORY}/random.lib.sh"
48 |
49 | archive="${SSHGATE_DIR_ARCHIVE}/$( date +%Y%m --date "-${month_ago} month" )_log.tar"
50 | tmp_file="/tmp/files.$(RANDOM)"
51 |
52 | find "${SSHGATE_DIR_LOGS_TARGETS}" -name "$( date +%Y%m --date "-${month_ago} month" )*" > "${tmp_file}"
53 | find "${SSHGATE_DIR_LOGS_TARGETS}" -name 'global.log' >> "${tmp_file}"
54 |
55 | tar cf "${archive}" "${SSHGATE_DIR_LOGS}/sshgate.log"
56 | cat "${tmp_file}" | xargs tar rf "${archive}"
57 | gzip "${archive}"
58 |
59 | #cat "${tmp_file}" | xargs rm -f
60 | #rm -f "${SSHGATE_DIR_LOGS}/sshgate.log"
61 | rm -f "${tmp_file}"
62 |
63 | exit 0;
64 |
--------------------------------------------------------------------------------
/tests/coverage:
--------------------------------------------------------------------------------
1 | can't be tested :
2 | - usergroup access notify
3 | - target [@] access info
4 |
5 | user.testcase :
6 | - user list
7 | - user add mail
8 | - user del
9 | - user build auth_keys
10 | - user display conf
11 | - user set conf
12 | - user del conf
13 | - user edit sshkey
14 | - user display sshkey
15 | - user update auth_keys
16 |
17 | target.testcase
18 | - target list
19 | - target add [@]
20 | - target add [@] with proxy [@]
21 | - target add [@] via [@]
22 | - target del
23 | - target alias list
24 | - target ssh test all
25 | - target ssh install all key
26 | - target ssh edit config
27 | - target ssh display config
28 | - target ssh update known_hosts
29 | - target rename
30 | - target realname
31 | - target add alias
32 | - target del alias
33 | - target list alias
34 | - target display conf
35 | - target set conf
36 | - target del conf
37 | - target ssh test
38 | - target ssh list logins
39 | - target ssh add login
40 | - target ssh del login
41 | - target [@] ssh edit config
42 | - target [@] ssh display config
43 | - target [@] ssh display full config
44 | - target ssh display key
45 | - target ssh edit key
46 | - target ssh install key
47 | - target ssh use default key
48 | - target ssh update known_hosts
49 |
50 | usergroup.testcase
51 | - user list usergroups
52 | - usergroup add
53 | - usergroup del
54 | - usergroup list users
55 | - usergroup add user
56 | - usergroup del user
57 | - usergroup list targets
58 | - usergroup access info
59 |
60 | access.testcase
61 | - user list targets
62 | - user has access
63 | - user access info
64 | - user access notify
65 | - target [@] access list users
66 | - target [@] access add user
67 | - target [@] access del user
68 | - target [@] access list usergroups
69 | - target [@] access add usergroup
70 | - target [@] access del usergroup
71 |
--------------------------------------------------------------------------------
/tests/usergroup.testcase:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright (c) 2010 Linagora
3 | # Patrick Guiran
4 | # http://github.com/Tauop/ScriptHelper
5 | #
6 | # ScriptHelper is free software, you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as
8 | # published by the Free Software Foundation; either version 2 of
9 | # the License, or (at your option) any later version.
10 | #
11 | # ScriptHelper is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU Lesser General Public License
17 | # along with this program. If not, see .
18 | #
19 | # --------------------------------------------------------------------------
20 |
21 | mDOTHIS 'Generate usergroup tests'
22 |
23 | cat >"${expected_test_file}" < usergroup list
25 |
26 | sshGate > user add pguiran mail pguiran@linagora.com
27 | $(cat "${sshkey_pub_test_file}" | while read line ; do echo "<<-${line}"; done; echo "->>" )
28 | sshGate > user add scourtois mail simon@courtois.fr
29 | $(cat "${sshkey_pub_test_file}" | while read line ; do echo "<<-${line}"; done; echo "->>" )
30 | sshGate > user list
31 | pguiran
32 | scourtois
33 | sshGate > usergroup add OSSA
34 | sshGate > usergroup add LRS
35 | sshGate > usergroup list
36 | LRS
37 | OSSA
38 | sshGate > usergroup LRS
39 | sshGate [usergroup LRS]> add user pguiran
40 | sshGate [usergroup LRS]> add user scourtois
41 | sshGate [usergroup LRS]> quit
42 | sshGate > usergroup OSSA add user scourtois
43 | sshGate > usergroup OSSA add user pguiran
44 | sshGate > usergroup OSSA list users
45 | pguiran
46 | scourtois
47 | sshGate > usergroup OSSA del user scourtois
48 | sshGate > usergroup OSSA list users
49 | pguiran
50 | sshGate > usergroup LRS list users
51 | pguiran
52 | scourtois
53 | sshGate > user pguiran list usergroups
54 | LRS
55 | OSSA
56 | sshGate > user scourtois list usergroups
57 | LRS
58 | sshGate > usergroup del OSSA
59 | sshGate > user pguiran list usergroups
60 | LRS
61 | sshGate > usergroup list
62 | LRS
63 | sshGate > usergroup LRS list users
64 | pguiran
65 | scourtois
66 | sshGate > user del scourtois
67 | sshGate > usergroup LRS list users
68 | pguiran
69 | sshGate > exit
70 | EOF
71 |
72 | grep -E '^(<<=|<<-|->>|sshGate [^>]*>)' < "${expected_test_file}" \
73 | | sed -e 's/^sshGate [^>]*> //' > "${input_test_file}"
74 |
75 | tmp_file="${expected_test_file}.$(RANDOM)"
76 | grep -v -E '^(<<=|<<-|->>)' < "${expected_test_file}" > "${tmp_file}"
77 | mv "${tmp_file}" "${expected_test_file}"
78 |
79 | mOK
80 |
81 | # --------------------------------------------------------------------------
82 | mDOTHIS 'Launch usergroup tests'
83 | ASK_SET_AUTOANSWER_FILE "${input_test_file}"
84 | ( CLI_RUN > "${output_test_file}" )
85 | result_diff=$( diff -au "${expected_test_file}" "${output_test_file}" )
86 | if [ $? -eq 0 ]; then
87 | mOK
88 | else
89 | echo "Test Failed"
90 | echo "=========================================================="
91 | echo "${result_diff}"
92 | echo "=========================================================="
93 | fi
94 |
--------------------------------------------------------------------------------
/data/sshgate.setup:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright (c) 2010 Linagora
3 | # Patrick Guiran .
18 | #
19 |
20 | # for tests
21 | if [ -n "${SSHGATE_CONFIGURATION}" ]; then
22 | . "${SSHGATE_CONFIGURATION}"
23 | fi
24 |
25 | if [ -z "${SSHGATE_DIRECTORY:-}" ]; then
26 | if [ -r /etc/sshgate.conf ]; then
27 | . /etc/sshgate.conf
28 | else
29 | echo "ERROR: can't load sshGate configuration file"
30 | fi
31 | fi
32 |
33 | if [ "${__SSHGATE_SETUP__:-}" != 'Loaded' ]; then
34 | __SSHGATE_SETUP__='Loaded'
35 |
36 | # remove trailing /
37 | SSHGATE_DIRECTORY="${SSHGATE_DIRECTORY%%/}"
38 |
39 | SET_GLOBAL () {
40 | local value=
41 | value=$( eval echo "\${${1}}" )
42 | [ -z "${value}" ] && eval "$1=\"$2\""
43 | }
44 |
45 | # directories of sshgates
46 | SET_GLOBAL SSHGATE_DIR_DATA "${SSHGATE_DIRECTORY}/data"
47 | SET_GLOBAL SSHGATE_DIR_TEMPLATES "${SSHGATE_DIR_DATA}/templates"
48 | SET_GLOBAL SSHGATE_DIR_BIN "${SSHGATE_DIRECTORY}/bin"
49 | SET_GLOBAL SSHGATE_DIR_CORE "${SSHGATE_DIR_BIN}/core"
50 | SET_GLOBAL SSHGATE_DIR_TEST "${SSHGATE_DIR_BIN}/tests"
51 | SET_GLOBAL SSHGATE_DIR_USERS "${SSHGATE_DIRECTORY}/users"
52 | SET_GLOBAL SSHGATE_DIR_TARGETS "${SSHGATE_DIRECTORY}/targets"
53 | SET_GLOBAL SSHGATE_DIR_USERS_GROUPS "${SSHGATE_DIRECTORY}/users.groups"
54 | SET_GLOBAL SSHGATE_DIR_LOGS "${SSHGATE_DIRECTORY}/logs"
55 | SET_GLOBAL SSHGATE_DIR_LOGS_TARGETS "${SSHGATE_DIR_LOGS}/targets-logs"
56 | SET_GLOBAL SSHGATE_DIR_LOGS_USERS "${SSHGATE_DIR_LOGS}/users-logs"
57 | SET_GLOBAL SSHGATE_DIR_ARCHIVE "${SSHGATE_DIRECTORY}/archives"
58 |
59 | SET_GLOBAL SSHGATE_EDITOR "${SSHGATE_EDITOR:-${EDITOR}}"
60 |
61 | SSHGATE_TARGET_PRIVATE_SSHKEY_FILENAME='sshkey.priv'
62 | SSHGATE_TARGET_PUBLIC_SSHKEY_FILENAME='sshkey.pub'
63 |
64 | SET_GLOBAL SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE \
65 | "${SSHGATE_DIR_DATA}/${SSHGATE_TARGET_PRIVATE_SSHKEY_FILENAME}"
66 | SET_GLOBAL SSHGATE_TARGET_DEFAULT_PUBLIC_SSHKEY_FILE \
67 | "${SSHGATE_DIR_DATA}/${SSHGATE_TARGET_PUBLIC_SSHKEY_FILENAME}"
68 |
69 | SSHGATE_TARGETS_USER_ACCESS_FILENAME='access.users'
70 | SSHGATE_TARGETS_USERGROUP_ACCESS_FILENAME='access.groups'
71 | SSHGATE_TARGETS_SSH_CONFIG_FILENAME='ssh_conf'
72 | SSHGATE_TARGETS_SSH_LOGINS_FILENAME='ssh_logins.list'
73 |
74 | # logs files
75 | SET_GLOBAL SSHGATE_LOGS_CURRENT_SESSION_FILE "${SSHGATE_DIR_LOGS}/current_session.log"
76 | SET_GLOBAL SSHGATE_GLOBAL_SESSION_LOG_FILE "${SSHGATE_DIR_LOGS}/sessions.log"
77 |
78 | SET_GLOBAL SSHGATE_TOS_FILENAME "TOS.txt"
79 |
80 | fi # __SSHGATE_SETUP__
81 |
--------------------------------------------------------------------------------
/tests/user.testcase:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright (c) 2010 Linagora
3 | # Patrick Guiran
4 | # http://github.com/Tauop/ScriptHelper
5 | #
6 | # ScriptHelper is free software, you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as
8 | # published by the Free Software Foundation; either version 2 of
9 | # the License, or (at your option) any later version.
10 | #
11 | # ScriptHelper is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU Lesser General Public License
17 | # along with this program. If not, see .
18 | #
19 | # --------------------------------------------------------------------------
20 |
21 | mDOTHIS 'Generate user tests'
22 |
23 | cat >"${expected_test_file}" < user list
25 |
26 | sshGate > user add pguiran mail pguiran@linagora.com
27 | $(cat "${sshkey_pub_test_file}" | while read line ; do echo "<<-${line}"; done; echo "->>" )
28 | sshGate > user list
29 | pguiran
30 | sshGate > user list *gui*
31 | pguiran
32 | sshGate > user add scourtois mail simon@courtois.fr
33 | $(echo "<<-lol"; echo "<<-rolf"; echo "->>" )
34 | sshGate > user scourtois display sshkey
35 | # public sshkey scourtois
36 | lol
37 | rolf
38 | sshGate > user scourtois edit sshkey
39 | $(cat "${sshkey_pub_test_file}" | while read line ; do echo "<<-${line}"; done; echo "->>" )
40 | sshGate > user scourtois update auth_keys
41 | sshGate > user list sco*
42 | scourtois
43 | sshGate > user pguiran display conf
44 | MAIL="pguiran@linagora.com"
45 | sshGate > user scourtois
46 | sshGate [user scourtois]> set conf MAIL scourtois@linagora.com
47 | sshGate [user scourtois]> set conf IS_ADMIN true
48 | sshGate [user scourtois]> display conf
49 | MAIL="scourtois@linagora.com"
50 | IS_ADMIN="true"
51 | sshGate [user scourtois]> set conf IS_ADMIN
52 | sshGate [user scourtois]> display conf
53 | MAIL="scourtois@linagora.com"
54 | sshGate [user scourtois]> set conf IS_ADMIN false
55 | sshGate [user scourtois]> display conf
56 | MAIL="scourtois@linagora.com"
57 | IS_ADMIN="false"
58 | sshGate [user scourtois]> del conf IS_ADMIN
59 | sshGate [user scourtois]> display conf
60 | MAIL="scourtois@linagora.com"
61 | sshGate [user scourtois]> quit
62 | sshGate > user del scourtois
63 | sshGate > user list
64 | pguiran
65 | sshGate > user build auth_keys
66 | sshGate > exit
67 | EOF
68 |
69 | grep -E '^(<<=|<<-|->>|sshGate [^>]*>)' < "${expected_test_file}" \
70 | | sed -e 's/^sshGate [^>]*> //; s/^<<=//;' > "${input_test_file}"
71 |
72 | tmp_file="${expected_test_file}.$(RANDOM)"
73 | grep -v -E '^(<<=|<<-|->>)' < "${expected_test_file}" > "${tmp_file}"
74 | mv "${tmp_file}" "${expected_test_file}"
75 |
76 | mOK
77 |
78 | # --------------------------------------------------------------------------
79 | mDOTHIS 'Launch user tests'
80 | ASK_SET_AUTOANSWER_FILE "${input_test_file}"
81 | ( CLI_RUN > "${output_test_file}" )
82 | result_diff=$( diff -au "${expected_test_file}" "${output_test_file}" )
83 | if [ $? -eq 0 ]; then
84 | mOK
85 | else
86 | echo "Test Failed"
87 | echo "=========================================================="
88 | echo "${result_diff}"
89 | echo "=========================================================="
90 | fi
91 |
--------------------------------------------------------------------------------
/bin/core/help.func:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright (c) 2010 Linagora
3 | # Patrick Guiran
4 | # http://github.com/Tauop/sshGate
5 | #
6 | # sshGate is free software, you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as
8 | # published by the Free Software Foundation; either version 2 of
9 | # the License, or (at your option) any later version.
10 | #
11 | # sshGate is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU Lesser General Public License
17 | # along with this program. If not, see .
18 | #
19 | # README ---------------------------------------------------------------------
20 | #
21 | # Collection of all sshgate's help related functions
22 | #
23 | # ----------------------------------------------------------------------------
24 |
25 | if [ "${__SSHGATE_CORE__}" != 'Loaded' ]; then
26 | echo "ERROR: Only sshgate.core can load user.func."; exit 1;
27 | fi
28 |
29 | if [ "${__HELP_FUNC__:-}" != 'Loaded' ]; then
30 | __HELP_FUNC__='Loaded'
31 |
32 | SSHGATE_GET_HELP() {
33 | local type="$1" cli_command="$2" func= help= help_menu= sed_code=
34 | if [ "${type}" = 'command' ]; then
35 | help="$4"
36 | if [ -z "${help}" ]; then
37 | func="${3%% *}"
38 | sed_code="${sed_code} /usage: ${func} / { :next n; s/^ *# *desc: *\(.*\) *$/\1/p; t; b next; };"
39 | sed_code="${sed_code} /usage: ${func}\$/ { :next n; s/^ *# *desc: *\(.*\) *$/\1/p; t; b next; };"
40 | help=$( find "${SSHGATE_DIR_CORE}/" -type f -exec cat {} \; | sed -n -e "${sed_code}" )
41 | fi
42 | printf "%s\t%s\t%s" "${type}" "${cli_command}" "${help}"
43 | else
44 | help="$3"
45 | if [ -n "${help}" ]; then
46 | cli_command=$( private_PURIFY_CLI_COMMAND "${cli_command}" )
47 | help_menu=$( echo "${cli_command}" | sed -e 's/?//g;s/ */ /g;' )
48 | printf "%s\t%s\t%s\t%s" "${type}" "${help_menu}" "${cli_command}" "${help}"
49 | fi
50 | fi
51 |
52 | return 0;
53 | }
54 |
55 | SSHGATE_DISPLAY_HELP() {
56 | local line= cmd= help=
57 | grep $'^menu\t' < "${__CLI_HELP_FILE__}" \
58 | | cut -d $'\t' -f 2,4 | tr $'\t' ':' \
59 | | ( while read line ; do
60 | cmd="${line%:*}"
61 | help="${line#${cmd}:}"
62 | printf " %-20s\t-- %s\n" "${cmd}" "${help}"
63 | done;
64 | printf " %-20s\t-- %s \n" "all" "Display all commands"
65 | ) | sort -u
66 | return 0
67 | }
68 |
69 | SSHGATE_DISPLAY_HELP_FOR() {
70 | local cli_cmd= line= cmd= help=
71 |
72 | cli_cmd=$( grep $'^menu\t' < "${__CLI_HELP_FILE__}" \
73 | | cut -d $'\t' -f 2,3 | tr $'\t' ':' \
74 | | grep "^$*:" | head -n 1 | cut -d ':' -f2 )
75 | cli_cmd=$( echo "${cli_cmd}[: ]" | sed -e 's/?/[^ ]*/g')
76 |
77 | grep $'^command' < "${__CLI_HELP_FILE__}" \
78 | | cut -d $'\t' -f 2- | tr $'\t' ':' \
79 | | grep "^${cli_cmd}" \
80 | | while read line ; do
81 | [ -z "${line}" ] && continue;
82 | cmd="${line%:*}"
83 | help="${line#"${cmd}":}"
84 | printf " %-20s\t-- %s\n" "${cmd}" "${help}"
85 | done
86 | return 0
87 | }
88 |
89 | fi # if [ "${__HELP_FUNC__}" != 'Loaded' ]; then
90 |
--------------------------------------------------------------------------------
/README:
--------------------------------------------------------------------------------
1 | == Welcome to sshGate server ==
2 |
3 | sshGate is a tool which helps to configure an OpenSSH server in order to have
4 | a SSH proxy. sshGate uses the double SSH method to be able to connect to
5 | a target host. In fact, sshGate has private ssh-keys of target hosts, makes
6 | ACL checks and can log what users do on a given target host.
7 |
8 | /-------> target host N
9 | /--------> . . .
10 | user ----> sshGate ----> target host 1
11 | |-> ACL
12 | |-> targets private sshkeys
13 | |-> users public sshkeys
14 |
15 | sshGate is under GPLv2 license.
16 |
17 | Server project is located at http://github.com/Tauop/sshGate
18 | Client project is located at http://github.com/Tauop/sshGate-client
19 | ScriptHelper project is located at http://github.com/Tauop/ScriptHelper
20 |
21 |
22 | == Install & Upgrade ==
23 |
24 | If you crab the source for github.com, you need to build a sshGate-server tarball.
25 | For more information : https://github.com/Tauop/sshGate/wiki/BuildPackages
26 |
27 | Just run the ./install.sh script and answer to questions.
28 | It you make a upgrade, the installed configuration can be re-used, and
29 | data migration can be performed.
30 |
31 | For more information : https://github.com/Tauop/sshGate/wiki/ServerInstallation
32 |
33 | == Documentation ==
34 |
35 | The project documentation is available on the github wiki at http://github.com/Tauop/sshGate/wiki
36 |
37 |
38 | == Configuration ==
39 |
40 | After installation, sshGate configuration can be changed through the sshgate-configure script,
41 | or you can change settings values in the /etc/sshgate.conf files. This configuration file sets
42 | main settings, and can override internal settings too.
43 |
44 | Main settings :
45 | - SSHGATE_VERSION : version of sshGate (do not edit)
46 | - SSHGATE_BUILD : the build number of sshGate (internal use - do not edit)
47 | - SSHGATE_DIRECTORY : root directory of sshGate program
48 | - SCRIPT_HELPER_DIRECTORY : ScriptHelper dependance directory
49 | - SSHGATE_GATE_ACCOUNT : the unix account used by sshGate
50 | - SSHGATE_ALLOW_REMOTE_COMMAND : Do we allow remote command like "sshg 'cmd list targets'" ? default: Y
51 | - SSHGATE_USE_REMOTE_ADMIN_CLI : Do we allow remote administration CLI ? default: Y
52 | - SSHGATE_USERS_MUST_ACCEPT_TOS : Do users have to accept TOS at the first connection ? default: Y
53 | - SSHGATE_EDITOR : editor program to use by sshGate. default: ${EDITOR}
54 | - SSHGATE_TARGETS_SCP_PATH : default SCP path when it's not specified. default: ~/
55 | - SSHGATE_TARGET_DEFAULT_SSH_LOGIN : default ssh login to use when connecting to target host. default: root
56 | - SSHGATE_DEFAULT_LANGUAGE : The default language of sshGate users
57 | - SSHGATE_MAIL_SEND : Is sshGate mail notification activated ? default: N
58 | - SSHGATE_MAIL_TO : mail to this mail adresse if [SSHGATE_MAIL_SEND] is 'Y'
59 | - SSHGATE_MAIL_SUBJECT : E-mail subject to use
60 |
61 | other settings which can be override in /etc/sshgate.conf
62 | - SSHGATE_DIR_DATA : sshGate data root directory
63 | - SSHGATE_DIR_TEMPLATES : Directory containing multi-language templates
64 | - SSHGATE_DIR_BIN : binaries of sshGate. default = [SSHGATE_DIRECTORY]/bin
65 | - SSHGATE_DIR_CORE : all sshGate 'func' and 'core' files (internal sshGate library)
66 | - SSHGATE_DIR_TEST : sshGate test files
67 | - SSHGATE_DIR_USERS : users data (ssh keys and properties)
68 | - SSHGATE_DIR_TARGETS : targets data (ssh keys, properties, access, logins, ...)
69 | - SSHGATE_DIR_USERS_GROUPS : usergroups data
70 | - SSHGATE_DIR_LOGS : logs root directory
71 | - SSHGATE_DIR_LOGS_TARGETS : targets logs directory
72 | - SSHGATE_DIR_LOGS_USERS : users logs directory
73 | - SSHGATE_DIR_ARCHIVE : logs archives directory
74 | - SSHGATE_TARGET_PRIVATE_SSHKEY_FILENAME : filename of the target private ssh key
75 | - SSHGATE_TARGET_PUBLIC_SSHKEY_FILENAME : filename of the target public ssh key
76 | - SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE : path to the default target private ssh key file
77 | - SSHGATE_TARGET_DEFAULT_PUBLIC_SSHKEY_FILE : path to the default target public ssh key file
78 | - SSHGATE_TARGETS_USER_ACCESS_FILENAME : name of the target users access file
79 | - SSHGATE_TARGETS_USERGROUP_ACCESS_FILENAME : name of the target usergroup access file
80 | - SSHGATE_TARGETS_SSH_CONFIG_FILENAME : name of the target ssh configuration file
81 | - SSHGATE_TARGETS_SSH_LOGINS_FILENAME : name of the target ssh login list file
82 | - SSHGATE_LOGS_CURRENT_SESSION_FILE : path to the current session log file
83 | - SSHGATE_TOS_FILENAME : name of the file containing TOS
84 |
--------------------------------------------------------------------------------
/tests/access.testcase:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright (c) 2010 Linagora
3 | # Patrick Guiran
4 | # http://github.com/Tauop/ScriptHelper
5 | #
6 | # ScriptHelper is free software, you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as
8 | # published by the Free Software Foundation; either version 2 of
9 | # the License, or (at your option) any later version.
10 | #
11 | # ScriptHelper is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU Lesser General Public License
17 | # along with this program. If not, see .
18 | #
19 | # --------------------------------------------------------------------------
20 |
21 | mDOTHIS 'Generate access tests'
22 |
23 | hostname=$( hostname | tr '[:upper:]' '[:lower:]' )
24 | alias="${hostname}2"
25 | ip=$( hostname -i )
26 |
27 | cat >"${expected_test_file}" < target add ${hostname}
29 | Use the sshGate default sshkey for this target host [Y] ? Y
30 | <<=Y
31 | sshGate > target add ${ip}
32 | Use the sshGate default sshkey for this target host [Y] ? N
33 | <<=N
34 | $(cat "${sshkey_priv_test_file}" | while read line ; do echo "<<-${line}"; done; echo "->>" )
35 | sshGate > target ${hostname} add alias ${alias}
36 | sshGate > target ${hostname} ssh add login root
37 | sshGate > target ${ip} ssh add login tauop
38 | sshGate > user add pguiran mail pguiran@linagora.com
39 | $(cat "${sshkey_pub_test_file}" | while read line ; do echo "<<-${line}"; done; echo "->>" )
40 | sshGate > user add scourtois mail simon@courtois.fr
41 | $(cat "${sshkey_pub_test_file}" | while read line ; do echo "<<-${line}"; done; echo "->>" )
42 | sshGate > usergroup add LRS
43 | sshGate > usergroup add OSSA
44 | sshGate > usergroup LRS add user pguiran
45 | sshGate > usergroup LRS add user scourtois
46 | sshGate > usergroup OSSA add user pguiran
47 | sshGate > target ${hostname} access add user pguiran
48 | sshGate > target ${hostname} access add user scourtois
49 | sshGate > target root@${hostname} access add user scourtois
50 | sshGate > target ${hostname} access add usergroup LRS
51 | sshGate > target root@${hostname} access add usergroup OSSA
52 | sshGate > target ${ip} access add user scourtois
53 | sshGate > target tauop@${ip} access add usergroup OSSA
54 | sshGate > target ${hostname} access list users
55 | pguiran
56 | scourtois
57 | sshGate > target root@${hostname} access list users
58 | pguiran
59 | scourtois
60 | sshGate > target ${alias} access list users
61 | pguiran
62 | scourtois
63 | sshGate > target ${ip} access list users
64 | scourtois
65 | sshGate > target tauop@${ip} access list users
66 | pguiran
67 | sshGate > target ${hostname} access list usergroups
68 | LRS
69 | sshGate > target root@${hostname} access list usergroups
70 | OSSA
71 | sshGate > target root@${hostname} access list usergroups
72 | OSSA
73 | sshGate > target tauop@${ip} access list usergroups
74 | OSSA
75 | sshGate > target ${hostname} access info
76 | scourtois ---> root@${hostname}
77 | pguiran,scourtois ---> ${user_unix_test_account}@${hostname}
78 | pguiran --- usergroup(OSSA) ---> root@${hostname}
79 | pguiran,scourtois --- usergroup(LRS) ---> ${user_unix_test_account}@${hostname}
80 | sshGate > user pguiran access info
81 | pguiran ---> ${user_unix_test_account}@${hostname}
82 | pguiran --- usergroup(LRS) ---> ${user_unix_test_account}@${hostname}
83 | pguiran --- usergroup(OSSA) ---> tauop@${ip}
84 | pguiran --- usergroup(OSSA) ---> root@${hostname}
85 | sshGate > usergroup LRS access info
86 | pguiran,scourtois --- usergroup(LRS) ---> ${user_unix_test_account}@${hostname}
87 | sshGate > usergroup OSSA access info
88 | pguiran --- usergroup(OSSA) ---> root@${hostname},tauop@${ip}
89 | sshGate > usergroup LRS list targets
90 | ${user_unix_test_account}@${hostname}
91 | sshGate > usergroup OSSA list targets
92 | root@${hostname}
93 | tauop@${ip}
94 | sshGate > user pguiran has access ${user_unix_test_account}@${hostname}
95 | true
96 | sshGate > user scourtois has access root@${hostname}
97 | true
98 | sshGate > target root@${hostname} access del usergroup OSSA
99 | sshGate > target ${ip} access del user scourtois
100 | sshGate > target ${hostname} access info
101 | scourtois ---> root@${hostname}
102 | pguiran,scourtois ---> ${user_unix_test_account}@${hostname}
103 | pguiran,scourtois --- usergroup(LRS) ---> ${user_unix_test_account}@${hostname}
104 | sshGate > user scourtois list targets
105 | root@${hostname}
106 | ${user_unix_test_account}@${hostname}
107 | sshGate > target ${ip} access list users
108 | sshGate > usergroup del LRS
109 | sshGate > target ${hostname} access info
110 | scourtois ---> root@${hostname}
111 | pguiran,scourtois ---> ${user_unix_test_account}@${hostname}
112 | sshGate > user del scourtois
113 | sshGate > target ${hostname} access info
114 | pguiran ---> ${user_unix_test_account}@${hostname}
115 | sshGate > exit
116 | EOF
117 |
118 | grep -E '^(<<=|<<-|->>|sshGate [^>]*>)' < "${expected_test_file}" \
119 | | sed -e 's/^sshGate [^>]*> //; s/^<<=//;' > "${input_test_file}"
120 |
121 | tmp_file="${expected_test_file}.$(RANDOM)"
122 | grep -v -E '^(<<=|<<-|->>)' < "${expected_test_file}" > "${tmp_file}"
123 | mv "${tmp_file}" "${expected_test_file}"
124 |
125 | mOK
126 |
127 | # --------------------------------------------------------------------------
128 | mDOTHIS 'Launch access tests'
129 | ASK_SET_AUTOANSWER_FILE "${input_test_file}"
130 | ( CLI_RUN > "${output_test_file}"
4 | # http://github.com/Tauop/sshGate
5 | #
6 | # sshGate is free software, you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as
8 | # published by the Free Software Foundation; either version 2 of
9 | # the License, or (at your option) any later version.
10 | #
11 | # sshGate is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU Lesser General Public License
17 | # along with this program. If not, see .
18 | #
19 | # README ---------------------------------------------------------------------
20 | #
21 | # Collection of misc functions
22 | #
23 | # ----------------------------------------------------------------------------
24 |
25 | if [ "${__SSHGATE_CORE__}" != 'Loaded' ]; then
26 | echo "ERROR: Only sshgate.core can load user.func."; exit 1;
27 | fi
28 |
29 | if [ "${__TARGET_KNOWN_HOSTS_FUNC__:-}" != 'Loaded' ]; then
30 | __TARGET_KNOWN_HOSTS_FUNC__='Loaded'
31 |
32 | # usage: private_TARGET_KNOWN_HOSTS_ADD [ ]
33 | # desc: force re-write of sshgate account ~/.ssh/authorized_keys2 file
34 | # note: if is not specified, determine it with SSHGATE_ACCOUNT_HOMEDIR
35 | private_TARGET_KNOWN_HOSTS_ADD () {
36 | local target= target_port= target_real= target_ssh_config= file= proxy=
37 |
38 | if [ $# -ne 1 -a $# -ne 2 ]; then
39 | BAD_ARGUMENTS ; return 1;
40 | fi
41 |
42 | target_real=$( TARGET_REAL "$1" )
43 | if [ -z "${target_real}" ]; then
44 | ERROR "Target host '${target}' doesn't exist"; return 1;
45 | fi
46 |
47 | [ $# -eq 2 ] && file="$2"
48 | [ -z "${file}" ] && file="$(SSHGATE_ACCOUNT_HOMEDIR)/.ssh/known_hosts"
49 | [ ! -f "${file}" ] && touch "${file}"
50 |
51 | target_ssh_config="${SSHGATE_DIR_TARGETS}/${target_real}/${SSHGATE_TARGETS_SSH_CONFIG_FILENAME}.$( GET_LOGIN "${target}" )"
52 | if [ -r "${target_ssh_config}" ]; then
53 | target_port=$( < "${target_ssh_config}" grep 'Port' | sed -e 's/^[^0-9]*\([0-9]*\)[^0-9]*$/\1/' )
54 | fi
55 | target_port="${target_port:-22}"
56 |
57 | proxy=$( TARGET_GET_CONF "${target_real}" SSH_PROXY )
58 | if [ -z "${proxy}" ]; then
59 | ssh-keyscan -H -p "${target_port}" -t dsa,rsa "${target_real}" 2>/dev/null >> "${file}"
60 | [ $? -ne 0 ] && return 1
61 | else
62 | TARGET_SSH_RUN_COMMAND "${proxy}" \
63 | "ssh-keyscan -H -p ${target_port} -t dsa,rsa '${target_real}' 2>/dev/null;" >> "${file}"
64 | [ $? -ne 0 ] && return 1
65 | fi
66 |
67 | chown "${SSHGATE_GATE_ACCOUNT}" "${file}"
68 | return 0;
69 | }
70 |
71 | # usage: private_TARGET_KNOWN_HOSTS_DEL [ ]
72 | # desc: delete the public host sshkey of the from the known_hosts file
73 | # note: if is not specified, determine it with SSHGATE_ACCOUNT_HOMEDIR
74 | private_TARGET_KNOWN_HOSTS_DEL() {
75 | local target= target_real= target_login= file= target_ssh_config= target_port= proxy=
76 | if [ $# -eq 0 -o $# -gt 2 ]; then
77 | BAD_ARGUMENTS ; return 1;
78 | fi
79 |
80 | target="$1"
81 | [ $# -eq 2 ] && file="$2"
82 |
83 | target_login=$( GET_LOGIN "${target}" )
84 | target_real=$( TARGET_REAL "${target}" )
85 | if [ -z "${target_real}" ]; then
86 | ERROR "Target host '${target}' doesn't exist"; return 1;
87 | fi
88 |
89 | [ -z "${file}" ] && file="$(SSHGATE_ACCOUNT_HOMEDIR)/.ssh/known_hosts"
90 | [ ! -f "${file}" ] && return 0;
91 |
92 | target_ssh_config="${SSHGATE_DIR_TARGETS}/${target_real}/${SSHGATE_TARGETS_SSH_CONFIG_FILENAME}.${target_login}"
93 | if [ -r "${target_ssh_config}" ]; then
94 | target_port=$( < "${target_ssh_config}" grep 'Port' | sed -e 's/^[^0-9]*\([0-9]*\)[^0-9]*$/\1/' )
95 | fi
96 | target_port="${target_port:-22}"
97 |
98 | proxy=$( TARGET_GET_CONF "${target_real}" SSH_PROXY )
99 | if [ -z "${proxy}" ]; then
100 | ssh-keygen -R "${target_real}" -f "${file}" 2>/dev/null
101 | [ $? -ne 0 ] && return 1
102 | rm -f "${file}.old" 2>/dev/null
103 | [ -e "${file}" ] && chown "${SSHGATE_GATE_ACCOUNT}" "${file}"
104 | else
105 | TARGET_SSH_RUN_COMMAND "${proxy}" \
106 | "ssh-keyscan -R '${target_real}' -f '${file}' 2>/dev/null;
107 | rm -f '${file}.old' 2>/dev/null;
108 | [ -e '${file}' ] && chown '${SSHGATE_GATE_ACCOUNT}' '${file}'"
109 | [ $? -ne 0 ] && return 1
110 | fi
111 | return 0;
112 | }
113 |
114 | # usage: private_TARGET_SSH_BUILD_KNOWN_HOSTS
115 | # desc: force re-write of sshgate account ~/.ssh/known_hosts file
116 | # important: need to be root
117 | private_TARGET_SSH_BUILD_KNOWN_HOSTS () {
118 | local home_dir= target= alias=
119 | home_dir=$( SSHGATE_ACCOUNT_HOMEDIR )
120 | if [ -z "${home_dir}" ]; then
121 | ERROR "Can't find home directory of ${SSHGATE_GATE_ACCOUNT} user"
122 | return 1;
123 | fi
124 |
125 | echo -n '' > "${home_dir}/.ssh/known_hosts"
126 | for target in $( TARGETS_LIST ); do
127 | target=$( GET_HOST "${target}" )
128 | echo -n "- ${target} ... "
129 | private_TARGET_KNOWN_HOSTS_ADD "${target}" "${home_dir}/.ssh/known_hosts"
130 | if [ $? -ne 0 ]; then
131 | # don't try for ip and alias if we failed here
132 | echo 'KO'
133 | continue
134 | fi
135 | echo 'OK'
136 | done
137 |
138 | return 0;
139 | }
140 |
141 | # usage: TARGET_SSH_UPDATE_KNOWN_HOSTS []
142 | # desc: update known_hosts file entry for all hosts or
143 | TARGET_SSH_UPDATE_KNOWN_HOSTS () {
144 | if [ $# -gt 1 ]; then
145 | BAD_ARGUMENTS ; return 1;
146 | fi
147 |
148 | if [ $# -eq 1 ]; then
149 | private_TARGET_KNOWN_HOSTS_DEL "$1" \
150 | && private_TARGET_KNOWN_HOSTS_ADD "$1" \
151 | && return 0;
152 | else
153 | private_TARGET_SSH_BUILD_KNOWN_HOSTS "$1" && return 0
154 | fi
155 |
156 | return 1; # error
157 | }
158 |
159 | fi # end of: if [ "${__TARGET_KNOWN_HOSTS_FUNC__:-}" != 'Loaded' ]; then
160 |
--------------------------------------------------------------------------------
/bin/core/usergroup.func:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright (c) 2010 Linagora
3 | # Patrick Guiran
4 | # http://github.com/Tauop/sshGate
5 | #
6 | # sshGate is free software, you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as
8 | # published by the Free Software Foundation; either version 2 of
9 | # the License, or (at your option) any later version.
10 | #
11 | # sshGate is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU Lesser General Public License
17 | # along with this program. If not, see .
18 | #
19 | # README ---------------------------------------------------------------------
20 | #
21 | # Collection of all users' group related functions
22 | #
23 | # ----------------------------------------------------------------------------
24 |
25 | if [ "${__SSHGATE_CORE__}" != 'Loaded' ]; then
26 | echo "ERROR: Only sshgate.core can load user.func."; exit 1;
27 | fi
28 |
29 | if [ "${__USERGROUP_FUNC__:-}" != 'Loaded' ]; then
30 | __USERGROUP_FUNC__='Loaded'
31 |
32 | # usage: USERGROUPS_LIST
33 | # desc: List all users groups
34 | # note: users' group name are separated by '\n'
35 | USERGROUPS_LIST () {
36 | local res= find_opt=
37 | [ $# -eq 1 ] && find_opt="-iname '$1'"
38 | res=$( eval "find '${SSHGATE_DIR_USERS_GROUPS}' -mindepth 1 -type f ${find_opt} -printf '%P\n'" )
39 | echo "${res}" | sort -u
40 | return 0;
41 | }
42 |
43 | # usage: USERGROUP_ADD
44 | # desc: Create a users group
45 | USERGROUP_ADD () {
46 | local usergroup=
47 |
48 | if [ $# -ne 1 ]; then
49 | BAD_ARGUMENTS ; return 1;
50 | fi
51 |
52 | usergroup="$1"
53 | if [ -z "${usergroup}" ]; then
54 | BAD_ARGUMENTS ; return 1;
55 | fi
56 | if [ -f "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}" ]; then
57 | ERROR "User group '${usergroup}' already exists" ; return 1
58 | fi
59 |
60 | touch "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}"
61 | private_MAIL_APPEND "User Group ${usergroup} added"
62 |
63 | return 0;
64 | }
65 |
66 | # usage: USERGROUP_DEL
67 | # desc: Delete a users group
68 | USERGROUP_DEL () {
69 | local usergroup=
70 | if [ $# -ne 1 ]; then
71 | BAD_ARGUMENTS ; return 1;
72 | fi
73 |
74 | usergroup="$1"
75 | if [ ! -f "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}" -o -z "${usergroup}" ]; then
76 | ERROR "User group '${usergroup}' doesn't exist" ; return 1
77 | fi
78 |
79 | for target in $( USERGROUP_LIST_TARGETS "${usergroup}" ); do
80 | TARGET_ACCESS_DEL_USERGROUP "${target}" "${usergroup}"
81 | done
82 |
83 | rm -f "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}"
84 | private_MAIL_APPEND "User Group ${usergroup} removed"
85 |
86 | return 0
87 | }
88 |
89 | # usage: USERGROUP_LIST_USERS
90 | # desc: List users of a group
91 | # note: user names are separated by \n
92 | USERGROUP_LIST_USERS () {
93 | local usergroup=
94 | if [ $# -ne 1 ]; then
95 | BAD_ARGUMENTS ; return 1;
96 | fi
97 |
98 | usergroup="$1"
99 | if [ ! -f "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}" -o -z "${usergroup}" ]; then
100 | ERROR "User group '${usergroup}' doesn't exist" ; return 1;
101 | fi
102 |
103 | cat "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}" | sort -u
104 | return 0;
105 | }
106 |
107 | # usage: USERGROUP_ADD_USER
108 | # desc: Add an user into a group
109 | USERGROUP_ADD_USER () {
110 | local usergroup= user=
111 | if [ $# -ne 2 ]; then
112 | BAD_ARGUMENTS ; return 1;
113 | fi
114 |
115 | usergroup="$1"; user="$2";
116 | if [ ! -f "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}" -o -z "${usergroup}" ]; then
117 | ERROR "User group '${usergroup}' doesn't exist" ; return 1;
118 | fi
119 | if [ ! -f "${SSHGATE_DIR_USERS}/${user}" -o -z "${user}" ]; then
120 | ERROR "User '${user}' doesn't exist" ; return 1;
121 | fi
122 |
123 | private_ACL_FILE_ADD "${user}" "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}"
124 | private_MAIL_APPEND "User ${user} added to User Group ${usergroup}"
125 |
126 | return 0;
127 | }
128 |
129 | # usage: USERGROUP_DEL_USER
130 | # desc: Remove an user from a group
131 | USERGROUP_DEL_USER () {
132 | local usergroup= user=
133 | if [ $# -ne 2 ]; then
134 | BAD_ARGUMENTS ; return 1;
135 | fi
136 |
137 | usergroup="$1"; user="$2"
138 | if [ ! -f "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}" -o -z "${usergroup}" ]; then
139 | ERROR "User group '${usergroup}' doesn't exist" ; return 1;
140 | fi
141 | if [ ! -f "${SSHGATE_DIR_USERS}/${user}" -o -z "${user}" ]; then
142 | ERROR "User '${user}' doesn't exist" ; return 1;
143 | fi
144 |
145 | private_ACL_FILE_DEL "${user}" "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}"
146 | private_MAIL_APPEND "User ${user} removed from User Group ${usergroup}"
147 |
148 | return 0;
149 | }
150 |
151 | # usage: USERGROUP_LIST_TARGETS
152 | # desc: List targets which usergroup has access to
153 | USERGROUP_LIST_TARGETS () {
154 | local usergroup= target=
155 | if [ $# -ne 1 ]; then
156 | BAD_ARGUMENTS ; return 1;
157 | fi
158 |
159 | usergroup="$1"
160 | if [ ! -f "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}" -o -z "${usergroup}" ]; then
161 | ERROR "User group '${usergroup}' doesn't exist" ; return 1;
162 | fi
163 |
164 | for target in $( find "${SSHGATE_DIR_TARGETS}" \
165 | -name "${SSHGATE_TARGETS_USERGROUP_ACCESS_FILENAME}*" \
166 | -exec grep -l "^${usergroup}\$" {} \; | sort -u ); do
167 | target=$( echo "${target}" | sed -e "s|^.*/\([^/]*\)/${SSHGATE_TARGETS_USERGROUP_ACCESS_FILENAME}.\(.*\)$|\2@\1|" )
168 | echo "${target}"
169 | done | sort -u
170 | return 0;
171 | }
172 |
173 | # usage: USERGROUP_ACCESS_INFO
174 | # desc: List all target whose users of the group have access to
175 | USERGROUP_ACCESS_INFO () {
176 | local usergroup= users= targets=
177 | if [ $# -ne 1 ]; then
178 | BAD_ARGUMENTS ; return 1;
179 | fi
180 |
181 | usergroup="$1"
182 | if [ ! -f "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}" -o -z "${usergroup}" ]; then
183 | ERROR "User group '${usergroup}' doesn't exist" ; return 1;
184 | fi
185 |
186 | users=$( USERGROUP_LIST_USERS "${usergroup}" ); users=$( echo -n "${users}" | tr $'\n' ',' )
187 | targets=$( USERGROUP_LIST_TARGETS "${usergroup}" ); targets=$( echo -n "${targets}" | tr $'\n' ',' )
188 | echo " ${users} --- usergroup(${usergroup}) ---> ${targets}"
189 |
190 | return 0;
191 | }
192 |
193 | # usage: USERGROUP_ACCESS_NOTIFY
194 | # desc: Notify all users of the usergroup about their access list (via mail)
195 | USERGROUP_ACCESS_NOTIFY () {
196 | local usergroup= user=
197 | if [ $# -ne 1 ]; then
198 | BAD_ARGUMENTS ; return 1;
199 | fi
200 |
201 | usergroup="$1"
202 | if [ ! -f "${SSHGATE_DIR_USERS_GROUPS}/${usergroup}" -o -z "${usergroup}" ]; then
203 | ERROR "User group '${usergroup}' doesn't exist" ; return 1;
204 | fi
205 |
206 | for user in $( USERGROUP_LIST_USERS "${usergroup}" ); do
207 | USER_ACCESS_NOTIFY "${user}"
208 | done
209 |
210 | return 0;
211 | }
212 |
213 | fi # if [ "${__USERGROUP_FUNC__}" != 'Loaded' ]; then
214 |
--------------------------------------------------------------------------------
/bin/sshgate-bridge:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) 2010 Linagora
4 | # Patrick Guiran
5 | # http://github.com/Tauop/sshGate
6 | #
7 | # sshGate is free software, you can redistribute it and/or modify
8 | # it under the terms of the GNU General Public License as
9 | # published by the Free Software Foundation; either version 2 of
10 | # the License, or (at your option) any later version.
11 | #
12 | # sshGate is distributed in the hope that it will be useful,
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | # GNU General Public License for more details.
16 | #
17 | # You should have received a copy of the GNU Lesser General Public License
18 | # along with this program. If not, see .
19 | #
20 | # ----------------------------------------------------------------------------
21 | # VARIABLES used
22 | # - SSH_ORIGINAL_COMMAND : variable given by sshd, which contain the original
23 | # ssh command.
24 | # - SSHKEY_USER : the login of the connected user
25 | # - SFTP_SERVER : contant which containt the path to the sftp-server binary
26 | # - TARGET_HOST : target host of the sshg call
27 | # - TARGET_HOST_COMMAND : ssh command which will be exec on the ${TARGET_HOST}
28 | # - TARGET_LOGIN : login to use when connecting to the ${TARGET_HOST}
29 | # - ORIGINAL_TARGET_HOST : copy of TARGET_HOST used by error messages
30 | # ----------------------------------------------------------------------------
31 |
32 | if [ $# -ne 1 -o -z "${1:-}" ]; then
33 | echo "your SSH KEY is not well configured. Please contact the sshGate administrator."
34 | exit 1
35 | fi
36 |
37 | # GLOBAL configuration -------------------------------------------------------
38 | SSHKEY_USER="$1"
39 |
40 | # Load libraries -------------------------------------------------------------
41 | load() {
42 | local var= value= file=
43 |
44 | var="$1"; file="$2"
45 | value=$( eval "echo \"\${${var}:-}\"" )
46 |
47 | [ -n "${value}" ] && return 1;
48 | if [ -f "${file}" ]; then
49 | . "${file}"
50 | else
51 | echo "ERROR: Unable to load ${file}"
52 | exit 2
53 | fi
54 | return 0;
55 | }
56 |
57 | load SSHGATE_DIRECTORY '/etc/sshgate.conf'
58 | load SCRIPT_HELPER_DIRECTORY '/etc/scripthealper.conf'
59 |
60 | load __SSHGATE_SETUP__ "${SSHGATE_DIRECTORY}/data/sshgate.setup"
61 | load __SSHGATE_CORE__ "${SSHGATE_DIR_CORE}/sshgate.core"
62 | load __LIB_ASK__ "${SCRIPT_HELPER_DIRECTORY}/ask.lib.sh"
63 | load __LIB_RECORD__ "${SCRIPT_HELPER_DIRECTORY}/record.lib.sh"
64 |
65 | # little function ------------------------------------------------------------
66 | mQUOTE() { printf "%s" "$1" | sed -e "s/^ *'//;s/' *$//;s/'/\\\'/g;s/^/'/;s/$/'/;"; }
67 |
68 |
69 | # determine action type (ssh or scp) and build TARGET_HOST -------------------
70 | if [ "${SSH_ORIGINAL_COMMAND}" != "${SSH_ORIGINAL_COMMAND#/usr/libexec/openssh/sftp-server }" \
71 | -o "${SSH_ORIGINAL_COMMAND}" != "${SSH_ORIGINAL_COMMAND#scp }" ]; then
72 | # SSH_ORIGNAL_COMMAND ends with the name of the target host
73 | TARGET_HOST=${SSH_ORIGINAL_COMMAND##* }
74 |
75 | if [ "${TARGET_HOST%%/*}" != "${TARGET_HOST}" ]; then
76 | SSH_ORIGINAL_COMMAND=${SSH_ORIGINAL_COMMAND%% ${TARGET_HOST}}
77 | target_files=${TARGET_HOST#*/}
78 | TARGET_HOST=${TARGET_HOST%%/*}
79 | if [ -z "${target_files}" -o "${target_files#/}" = "${target_files}" ]; then
80 | target_files="~/${target_files}"
81 | fi
82 | SSH_ORIGINAL_COMMAND="${SSH_ORIGINAL_COMMAND} ${target_files}"
83 | else
84 | SSH_ORIGINAL_COMMAND="${SSH_ORIGINAL_COMMAND%% ${TARGET_HOST}}"
85 | SSH_ORIGINAL_COMMAND="${SSH_ORIGINAL_COMMAND} ${TARGET_SCP_DIR}"
86 | fi
87 | action_type='scp'
88 | else
89 | # SSH_ORIGINAL_COMMAND starts with the name of the target host
90 | TARGET_HOST="${SSH_ORIGINAL_COMMAND%% *}"
91 | TARGET_HOST_COMMAND="${SSH_ORIGINAL_COMMAND##${TARGET_HOST}}"
92 | TARGET_HOST_COMMAND="${TARGET_HOST_COMMAND## }"
93 | action_type='ssh'
94 | fi
95 |
96 | # public commands ------------------------------------------------------------
97 | if [ "${SSHGATE_ALLOW_REMOTE_COMMAND}" = 'Y' -a "${action_type}" = 'ssh' ]; then
98 | if [ "${TARGET_HOST}" = 'cmd' -o "${TARGET_HOST}" = 'cli' ]; then
99 | # inpired from ScriptHelper/cli.lib.sh
100 | # we don't want sshgate-bridge to be dependant on ScriptHelper
101 | BUILD_SED_CODE () {
102 | local sed_cmd=
103 | for word in $( echo "$1" | tr ' ' $'\n' ); do
104 | [ "${word}" = '?' ] && word="\([^ ]*\)"
105 | sed_cmd="${sed_cmd} *${word}"
106 | done
107 | echo -n "s|^${sed_cmd} *$|$2|p; t;"
108 | }
109 | is_admin=$( USER_GET_CONF "${SSHKEY_USER}" IS_ADMIN )
110 | code=
111 | code="${code} $(BUILD_SED_CODE 'cmd list targets' 'USER_LIST_TARGETS ${SSHKEY_USER}' )"
112 | code="${code} $(BUILD_SED_CODE 'cmd list targets ?' 'USER_LIST_TARGETS \1' )"
113 | code="${code} $(BUILD_SED_CODE 'cmd user sshkey ?' 'USER_SSHKEY_DISPLAY \1' )"
114 | code="${code} $(BUILD_SED_CODE 'cmd target sshkey ?' 'TARGET_SSHKEY_DISPLAY \1' )"
115 | if [ "${SSHGATE_USE_REMOTE_ADMIN_CLI}" = 'Y' -a "${is_admin}" = 'true' ]; then
116 | code="${code} $(BUILD_SED_CODE 'cli' "sudo ${SSHGATE_DIR_BIN}/sshgate-cli -u '${SSHKEY_USER}'")"
117 | fi
118 | code="${code} a \ echo 'ERROR: unknown command' "
119 | eval $( echo "${SSH_ORIGINAL_COMMAND}" | sed -n -e "$code" )
120 | exit 0;
121 | fi
122 | fi
123 |
124 | # check usage condition ------------------------------------------------------
125 | if [ "${SSHGATE_USERS_MUST_ACCEPT_TOS}" = 'Y' ]; then
126 | USER_ACCEPTED_TOS "${SSHKEY_USER}" || exit 1
127 | fi
128 |
129 |
130 | # If user don't specify a target host, ask for the target host ---------------
131 | if [ -z "${TARGET_HOST}" ]; then
132 | echo "NOTICE: No target host given"
133 | read -p "Target host ? " TARGET_HOST
134 | TARGET_HOST=${TARGET_HOST%% *}
135 | fi
136 |
137 | # Determine information for connecting to the host ---------------------------
138 | ORIGINAL_TARGET_HOST="${TARGET_HOST}"
139 | TARGET_LOGIN=$( GET_LOGIN "${TARGET_HOST}" )
140 | TARGET_HOST=$( GET_HOST "${TARGET_HOST}" )
141 |
142 | TARGET_HOST=$( TARGET_REAL "${TARGET_HOST}" )
143 | if [ -z "${TARGET_HOST}" ]; then
144 | echo "ERROR: Unknown host ${ORIGINAL_TARGET_HOST}."
145 | exit 1;
146 | fi
147 |
148 | # check ACL ------------------------------------------------------------------
149 | if [ $( HAS_ACCESS "${SSHKEY_USER}" "${ORIGINAL_TARGET_HOST}" ) = 'false' ]; then
150 | echo "ERROR: The '${ORIGINAL_TARGET_HOST}' doesn't exist or you don't have access to it (or with login '${TARGET_LOGIN}')"
151 | exit 1
152 | fi
153 |
154 | # Do the stuff ;-) -----------------------------------------------------------
155 | CURRENT_TIMESTAMP=$( date +%s )
156 | SESSION_START "${CURRENT_TIMESTAMP}" "$$" "${SSHKEY_USER}" "${TARGET_HOST}" "${action_type}" "${SSH_ORIGINAL_COMMAND}"
157 |
158 | SSH_CONFIG_FILE=
159 |
160 | if [ "${action_type:-}" = 'ssh' ]; then
161 | SESSION_RECORD_FILE=$( SESSION_TARGET_GET_RECORD_FILE "${CURRENT_TIMESTAMP}" "${SSHKEY_USER}" "${TARGET_HOST}" )
162 | SSH_CONFIG_FILE=$( TARGET_SSH_GET_CONFIG "${TARGET_HOST}" "${TARGET_LOGIN}" )
163 |
164 | RECORD --file "${SESSION_RECORD_FILE}" "ssh -F $( mQUOTE "${SSH_CONFIG_FILE}" ) ${TARGET_HOST} -- $( mQUOTE "${TARGET_HOST_COMMAND}" )"
165 | RETURN_VALUE=$?
166 | else
167 | SSH_CONFIG_FILE=$( TARGET_SSH_GET_CONFIG "${TARGET_HOST}" "${TARGET_LOGIN}" )
168 |
169 | ssh -F "${SSH_CONFIG_FILE}" ${TARGET_HOST} -- "${SSH_ORIGINAL_COMMAND}"
170 | RETURN_VALUE=$?
171 | fi
172 |
173 | rm -f "${SSH_CONFIG_FILE}"
174 |
175 | CURRENT_TIMESTAMP=$( date +%s )
176 | SESSION_END "${CURRENT_TIMESTAMP}" "$$" "${SSHKEY_USER}" "${TARGET_HOST}" "${SESSION_RECORD_FILE:-}"
177 |
178 | exit ${RETURN_VALUE}
179 |
--------------------------------------------------------------------------------
/bin/core/sshgate.core:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright (c) 2010 Linagora
3 | # Patrick Guiran
4 | # http://github.com/Tauop/sshGate
5 | #
6 | # sshGate is free software, you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as
8 | # published by the Free Software Foundation; either version 2 of
9 | # the License, or (at your option) any later version.
10 | #
11 | # sshGate is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU Lesser General Public License
17 | # along with this program. If not, see .
18 | #
19 | # README ---------------------------------------------------------------------
20 | #
21 | # Collection of all need functions to deal with sshgate administrations.
22 | #
23 | # ----------------------------------------------------------------------------
24 |
25 | if [ "${__SSHGATE_CORE__:-}" != 'Loaded' ]; then
26 | __SSHGATE_CORE__='Loaded'
27 |
28 | load() {
29 | local var= value= file=
30 |
31 | var="$1"; file="$2"
32 | value=$( eval "echo \"\${${var}:-}\"" )
33 |
34 | [ -n "${value}" ] && return 1;
35 | if [ -f "${file}" ]; then
36 | . "${file}"
37 | else
38 | echo "ERROR: Unable to load ${file}"
39 | exit 2
40 | fi
41 | return 0;
42 | }
43 | load SSHGATE_DIRECTORY '/etc/sshgate.conf'
44 |
45 | load __SSHGATE_SETUP__ "${SSHGATE_DIRECTORY}/data/sshgate.setup"
46 | load __LIB_RANDOM__ "${SCRIPT_HELPER_DIRECTORY}/random.lib.sh"
47 | load __LIB_MESSAGE__ "${SCRIPT_HELPER_DIRECTORY}/message.lib.sh"
48 | load __LIB_CONF__ "${SCRIPT_HELPER_DIRECTORY}/conf.lib.sh"
49 | load __LIB_ASK__ "${SCRIPT_HELPER_DIRECTORY}/ask.lib.sh"
50 | load __LIB_MUTEX__ "${SCRIPT_HELPER_DIRECTORY}/mutex.lib.sh"
51 |
52 | # load sub-core libraries
53 | load __USER_FUNC__ "${SSHGATE_DIR_CORE}/user.func"
54 | load __TARGET_FUNC__ "${SSHGATE_DIR_CORE}/target.func"
55 | load __TARGET_SSH_FUNC__ "${SSHGATE_DIR_CORE}/target-ssh.func"
56 | load __TARGET_SSHKEY_FUNC__ "${SSHGATE_DIR_CORE}/target-sshkey.func"
57 | load __TARGET_ACCESS_FUNC__ "${SSHGATE_DIR_CORE}/target-access.func"
58 | load __TARGET_KNOWN_HOSTS_FUNC__ "${SSHGATE_DIR_CORE}/target-known_hosts.func"
59 | load __USERGROUP_FUNC__ "${SSHGATE_DIR_CORE}/usergroup.func"
60 | load __RECORD_FUNC__ "${SSHGATE_DIR_CORE}/record.func"
61 |
62 | ERROR () {
63 | echo "ERROR: $*" 1>&2;
64 | }
65 |
66 | BAD_ARGUMENTS () {
67 | ERROR "Bad arguments";
68 | }
69 |
70 | # usage: private_ACL_FILE_ADD
71 | private_ACL_FILE_ADD () {
72 | [ ! -f "$2" ] && touch "$2" # to avoid bugs
73 | grep "^$1\$" < "$2" >/dev/null 2>/dev/null
74 | [ $? -ne 0 ] && echo "$1" >> "$2"
75 | }
76 |
77 | # usage: private_ACL_FILE_DEL
78 | private_ACL_FILE_DEL () {
79 | local random=$( RANDOM )
80 | [ ! -f "$2" ] && return 0; # to avoir bugs
81 | grep -v "^$1\$" < "$2" > "/tmp/file.${random}"
82 | mv "/tmp/file.${random}" "$2"
83 | }
84 |
85 | # usage: private_MAIL_APPEND
86 | private_MAIL_APPEND () {
87 | [ "${__LIB_MAIL__:-}" = 'Loaded' -a "${SSHGATE_MAIL_SEND:-}" = 'Y' ] && MAIL_APPEND "$*"
88 | }
89 |
90 | # usage: SSHGATE_ACCOUNT_HOMEDIR
91 | # desc: Echo-return the home directory of the SSHGATE_GATE_ACCOUNT user
92 | SSHGATE_ACCOUNT_HOMEDIR() {
93 | < /etc/passwd grep "^${SSHGATE_GATE_ACCOUNT}:" | cut -d':' -f6
94 | }
95 |
96 | # usage: GET_LOGIN
97 | # desc: Echo-return the login from a connection string
98 | # note: if the string doesn't contain the login :
99 | # - we try to get the DEFAULT_SSH_LOGIN of the host
100 | # - otherwise ${SSHGATE_TARGETS_DEFAULT_SSH_LOGIN}, if contain in login list of the host
101 | # - otherwise the first login available for the host
102 | # - empty string ( ERROR )
103 | GET_LOGIN () {
104 | local string="$1" login= target= login_list=
105 |
106 | # the login is present in the connection string
107 | if [ "${string}" != "${string%%@*}" ]; then
108 | echo "${string%%@*}";
109 | return 0;
110 | fi
111 |
112 | target=$( TARGET_REAL "${string}" )
113 | if [ -n "${target}" ]; then
114 | login=$( TARGET_GET_CONF "${target}" DEFAULT_SSH_LOGIN )
115 | if [ -z "${login}" ]; then
116 | login=$( TARGET_SSH_LIST_LOGINS "${target}" | grep "${SSHGATE_TARGETS_DEFAULT_SSH_LOGIN}" )
117 | fi
118 | fi
119 | [ -n "${login}" ] && echo "${login}" || echo "${SSHGATE_TARGETS_DEFAULT_SSH_LOGIN}"
120 |
121 | return 0;
122 | }
123 |
124 | # usage: GET_HOST
125 | # desc: Echo-return the host from a connection string
126 | GET_HOST () {
127 | echo "${1#*@}"| tr '[:upper:]' '[:lower:]'; return 0;
128 | }
129 |
130 | # usage: HAS_ACCESS [@]
131 | # desc: Tell if a user has access to a taret host
132 | # note: Echo-return 'true' if the user is allowed to access to the target host, 'false' otherwise
133 | # note: if no is given, use ${SSHGATE_TARGETS_DEFAULT_SSH_LOGIN}
134 | HAS_ACCESS () {
135 | local user= target= login= is_admin= is_restricted=
136 |
137 | if [ $# -ne 2 ]; then
138 | BAD_ARGUMENTS ; return 1;
139 | fi
140 |
141 | user="$1"; target="$2"
142 | login=$( GET_LOGIN "${target}" )
143 |
144 | target=$( TARGET_REAL "${target}" )
145 | if [ -z "${user}" -o -z "${target}" ]; then
146 | echo 'false'; return 1;
147 | fi
148 |
149 | is_admin=$( USER_GET_CONF "${user}" IS_ADMIN )
150 | is_restricted=$( USER_GET_CONF "${user}" IS_RESTRICTED )
151 |
152 | if [ "${is_admin}" = 'true' -o "${is_restricted}" = 'false' ]; then
153 | TARGET_SSH_LIST_LOGINS "${target}" | grep "^${login}$" >/dev/null
154 | if [ $? -eq 0 ]; then
155 | echo 'true'; return 0;
156 | else
157 | echo 'false'; return 1;
158 | fi
159 | fi
160 |
161 | TARGET_ACCESS_LIST_USERS "${target}" "${login}" | grep "^${user}$" >/dev/null
162 | if [ $? -eq 0 ]; then
163 | echo 'true'; return 0;
164 | fi
165 | echo 'false'; return 1;
166 | }
167 |
168 | # usage: EDIT_FILE
169 | # desc: Open a file with ${SSHGATE_EDITOR} to be edit
170 | # return: 0 on success, otherwise 1
171 | # note: can failed if ${SSHGATE_EDITOR} is empty and ${EDITOR} is empty too
172 | EDIT_FILE() {
173 | local the_editor= file= good= message_done=
174 |
175 | if [ $# -ne 1 ]; then
176 | BAD_ARGUMENTS ; return 1;
177 | fi
178 |
179 | file="$1"
180 | if [ ! -f "${file}" ]; then
181 | ERROR "The file ${file} doesn't exist"; return 1;
182 | fi
183 |
184 | the_editor="${SSHGATE_EDITOR:-${EDITOR}}"
185 |
186 | # don't check for the binary existance if we are testing
187 | if [ "${SSHGATE_TEST:-}" != 'sshGateTest' ]; then
188 | message_done='false'
189 | while [ true ]; do
190 | which "${the_editor}" >/dev/null 2>/dev/null
191 | [ $? -eq 0 ] && break;
192 | BR
193 | WARNING "sshGate can't find a editor. Provide a editor to use for the moment."
194 | if [ "${message_done}" = 'false' ]; then
195 | NOTICE "Ask the sshGate super-administrator (root unix account) to configure"
196 | MESSAGE "sshGate via sshgate-configure or configure your \${EDITOR} environment variable"
197 | BR
198 | message_done='true'
199 | fi
200 | ASK the_editor "Editor to use for now : "
201 | done
202 | fi
203 |
204 | eval "${the_editor} '${file}'"
205 | return $?
206 | }
207 |
208 | fi # __SSHGATE_CORE__
209 |
--------------------------------------------------------------------------------
/tests/target.testcase:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright (c) 2010 Linagora
3 | # Patrick Guiran
4 | # http://github.com/Tauop/ScriptHelper
5 | #
6 | # ScriptHelper is free software, you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as
8 | # published by the Free Software Foundation; either version 2 of
9 | # the License, or (at your option) any later version.
10 | #
11 | # ScriptHelper is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU Lesser General Public License
17 | # along with this program. If not, see .
18 | #
19 | # --------------------------------------------------------------------------
20 |
21 | mDOTHIS 'Generate target tests'
22 |
23 | hostname=$( hostname | tr '[:upper:]' '[:lower:]' )
24 | alias="${hostname}2"
25 | ip=$( hostname -i )
26 |
27 | cat >"${expected_test_file}" < target list
29 |
30 | sshGate > target add ${hostname}
31 | Use the sshGate default sshkey for this target host [Y] ? Y
32 | <<=Y
33 | sshGate > target add ${ip}
34 | Use the sshGate default sshkey for this target host [Y] ? N
35 | <<=N
36 | $(cat "${sshkey_priv_test_file}" | while read line ; do echo "<<-${line}"; done; echo "->>" )
37 | sshGate > target list
38 | ${ip}
39 | ${hostname}
40 | sshGate > target list ${hostname%??}*
41 | ${hostname}
42 | sshGate > target alias list
43 | sshGate > target ${hostname} add alias ${alias}
44 | sshGate > target alias list ${hostname}
45 | ${alias}
46 | sshGate > target alias list
47 | ${alias}
48 | sshGate > target ${hostname} list alias
49 | ${alias}
50 | sshGate > target ${alias} realname
51 | ${hostname}
52 | sshGate > target ${hostname} del alias ${alias}
53 | sshGate > target ${hostname} list alias
54 | sshGate > target ${ip} rename ${alias}
55 | Target renamed : ${ip} -> ${alias}
56 | Target alias '${ip}' created
57 | sshGate > target alias list
58 | ${ip}
59 | sshGate > target ${hostname} display conf
60 | NOTICE: Target host '${hostname}' has no configuration file
61 | sshGate > target ${ip} set conf DEFAULT_SSH_LOGIN ${user_unix_test_account}
62 | sshGate > target ${alias} display conf
63 | DEFAULT_SSH_LOGIN="${user_unix_test_account}"
64 | sshGate > target ${hostname}
65 | sshGate [target ${hostname}]> set conf DEFAULT_SSH_LOGIN ${user_unix_test_account}
66 | sshGate [target ${hostname}]> ssh test
67 | - ${user_unix_test_account}@${hostname} ... OK
68 | sshGate [target ${hostname}]> ssh add login root
69 | sshGate [target ${hostname}]> ssh list logins
70 | root
71 | ${user_unix_test_account}
72 | sshGate [target ${hostname}]> quit
73 | sshGate > target ssh test all
74 | = Test all targets ssh connectivity =
75 | - root@${hostname} ... KO
76 | Permission denied (publickey,password).
77 | - ${user_unix_test_account}@${hostname} ... OK
78 | - ${user_unix_test_account}@${alias} ... KO
79 | ssh: Could not resolve hostname ${alias}: Name or service not known
80 | sshGate > target ${hostname} ssh edit key
81 | Use the sshGate default sshkey for this target host [Y] ? Y
82 | <<=Y
83 | sshGate > target ${hostname} ssh edit key
84 | Use the sshGate default sshkey for this target host [Y] ? N
85 | <<=N
86 | $(cat "${sshkey_priv_test_file}" | while read line ; do echo "<<-${line}"; done; echo "->>" )
87 | sshGate > target ${hostname} ssh display key
88 | # public sshkey of ${hostname}
89 | $( cat "${sshkey_pub_test_file}" )
90 | sshGate > target ${hostname} ssh use default key
91 | sshGate > target ${hostname} ssh display key
92 | # public sshkey of ${hostname}
93 | $( cat "${SSHGATE_TARGET_DEFAULT_PUBLIC_SSHKEY_FILE}" )
94 | sshGate > target ${user_unix_test_account}@${hostname} ssh install key
95 | sshGate > target ssh update known_hosts
96 | - ${hostname} ... OK
97 | - ${hostname}2 ... KO
98 | sshGate > target ${hostname} ssh update known_hosts
99 | sshGate > target ssh display config
100 | sshGate > target ssh edit config
101 | <<-User root
102 | ->>
103 | WARNING: ssh options 'User' was removed from editable configuration file. It's not allowed or deal by sshGate
104 | sshGate > target ssh display config
105 | sshGate > target ssh edit config
106 | <<-ConnectTimeout 10
107 | ->>
108 | sshGate > target ssh display config
109 | ConnectTimeout 10
110 | sshGate > target root@${hostname} ssh edit config
111 | <<-ConnectTimeout 30
112 | <<-ForwardX11 yes
113 | ->>
114 | sshGate > target root@${hostname} ssh display config
115 | ConnectTimeout 30
116 | ForwardX11 yes
117 | sshGate > target root@${hostname} ssh display full config
118 | Host *
119 | IdentityFile ${SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE}
120 | IdentitiesOnly yes
121 | PasswordAuthentication no
122 | StrictHostKeyChecking yes
123 | HashKnownHosts no
124 | UserKnownHostsFile $(SSHGATE_ACCOUNT_HOMEDIR)/.ssh/known_hosts
125 | ConnectTimeout 10
126 |
127 | Host ${hostname}
128 | IdentityFile ${SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE}
129 | IdentitiesOnly yes
130 | PasswordAuthentication no
131 | StrictHostKeyChecking yes
132 | User root
133 | ConnectTimeout 30
134 | ForwardX11 yes
135 | sshGate > target ${hostname} set conf SSH_PROXY ${user_unix_test_account}@${alias}
136 | sshGate > target ${hostname} display conf
137 | DEFAULT_SSH_LOGIN="${user_unix_test_account}"
138 | SSH_PROXY="${user_unix_test_account}@${alias}"
139 | sshGate > target root@${hostname} ssh display full config
140 | Host *
141 | IdentityFile ${SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE}
142 | IdentitiesOnly yes
143 | PasswordAuthentication no
144 | StrictHostKeyChecking yes
145 | HashKnownHosts no
146 | UserKnownHostsFile $(SSHGATE_ACCOUNT_HOMEDIR)/.ssh/known_hosts
147 | ConnectTimeout 10
148 |
149 | Host ${alias}
150 | IdentityFile ${SSHGATE_DIR_TARGETS}/${alias}/sshkey.priv
151 | IdentitiesOnly yes
152 | PasswordAuthentication no
153 | StrictHostKeyChecking yes
154 | User ${user_unix_test_account}
155 |
156 | Host ${hostname}
157 | IdentityFile ${SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE}
158 | IdentitiesOnly yes
159 | PasswordAuthentication no
160 | StrictHostKeyChecking yes
161 | User root
162 | ProxyCommand ssh -F ssh_conf_file ${user_unix_test_account}@${alias} nc %h %p
163 | ConnectTimeout 30
164 | ForwardX11 yes
165 | sshGate > target ${hostname} del conf SSH_PROXY
166 | sshGate > target ${hostname} display conf
167 | DEFAULT_SSH_LOGIN="${user_unix_test_account}"
168 | sshGate > target ${hostname} ssh del login root
169 | sshGate > target ${hostname} ssh list logins
170 | ${user_unix_test_account}
171 | sshGate > target del ${ip}
172 | sshGate > target alias list
173 | sshGate > target list
174 | ${hostname}
175 | sshGate > target ssh install all key
176 | = Install sshkey on all targets =
177 | . ${user_unix_test_account}@${hostname} ... OK
178 | sshGate > target add ${ip} with proxy ${hostname}
179 | Use the sshGate default sshkey for this target host [Y] ? Y
180 | <<=Y
181 | sshGate > exit
182 | EOF
183 |
184 | grep -E '^(<<=|<<-|->>|sshGate [^>]*>)' < "${expected_test_file}" \
185 | | sed -e 's/^sshGate [^>]*> //; s/^<<=//;' > "${input_test_file}"
186 |
187 | tmp_file="${expected_test_file}.$(RANDOM)"
188 | grep -v -E '^(<<=|<<-|->>)' < "${expected_test_file}" > "${tmp_file}"
189 | mv "${tmp_file}" "${expected_test_file}"
190 |
191 | mOK
192 |
193 | # --------------------------------------------------------------------------
194 | mDOTHIS 'Launch target tests'
195 | ASK_SET_AUTOANSWER_FILE "${input_test_file}"
196 | ( CLI_RUN > "${output_test_file}"
4 | # http://github.com/Tauop/sshGate
5 | #
6 | # sshGate is free software, you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as
8 | # published by the Free Software Foundation; either version 2 of
9 | # the License, or (at your option) any later version.
10 | #
11 | # sshGate is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU Lesser General Public License
17 | # along with this program. If not, see .
18 | #
19 | # README ---------------------------------------------------------------------
20 | #
21 | # Collection of all sshkey of target related functions
22 | #
23 | # ----------------------------------------------------------------------------
24 |
25 | if [ "${__SSHGATE_CORE__}" != 'Loaded' ]; then
26 | echo "ERROR: Only sshgate.core can load user.func."; exit 1;
27 | fi
28 |
29 | if [ "${__TARGET_SSHKEY_FUNC__:-}" != 'Loaded' ]; then
30 | __TARGET_SSHKEY_FUNC__='Loaded'
31 |
32 | # usage: TARGET_SSHKEY_EDIT
33 | # desc: edit the private sshkey of a target
34 | TARGET_SSHKEY_EDIT () {
35 | local target= privkey= pubkey= tmpfile=
36 |
37 | if [ $# -ne 1 ]; then
38 | BAD_ARGUMENTS ; return 1;
39 | fi
40 |
41 | target=$( TARGET_REAL "$1" )
42 | if [ -z "${target}" ]; then
43 | ERROR "Target host '${target}' doesn't exist"; return 1
44 | fi
45 |
46 | privkey="${SSHGATE_DIR_TARGETS}/${target}/${SSHGATE_TARGET_PRIVATE_SSHKEY_FILENAME}"
47 | pubkey="${SSHGATE_DIR_TARGETS}/${target}/${SSHGATE_TARGET_PUBLIC_SSHKEY_FILENAME}"
48 | tmpfile="/tmp/file.$(RANDOM)"
49 |
50 | ASK --yesno reply 'Use the sshGate default sshkey for this target host [Y] ? '
51 | if [ "${reply}" = 'Y' ]; then
52 | rm -f "${privkey}" "${pubkey}" >/dev/null 2>/dev/null
53 | return 0;
54 | fi
55 |
56 | touch "${privkey}" "${pubkey}" "${tmpfile}" 2>/dev/null
57 | if [ $? -ne 0 ]; then
58 | ERROR "Can't write sshkey files"; return 1;
59 | fi
60 |
61 | echo "# Put the private sshkey for '${target}' here. Then save & quit from the editor" >> "${tmpfile}"
62 | echo "# line begins by '#' will be removed" >> "${tmpfile}"
63 | EDIT_FILE "${tmpfile}"
64 | if [ $? -ne 0 ]; then
65 | ERROR "Can't edit sshkey file"; return 1;
66 | fi
67 |
68 | grep -v '^#' < "${tmpfile}" > "${privkey}"
69 | chown "${SSHGATE_GATE_ACCOUNT}" "${privkey}"
70 | chmod 400 "${privkey}"
71 |
72 | # try to generate the public key, to check that the key doesn't have passphrase
73 | ssh-keygen -y -N '' -f "${privkey}" > "${tmpfile}"
74 | if [ $? -ne 0 ]; then
75 | rm -rf "${tmpfile}" "${privkey}" "${pubkey}"
76 | ERROR "Unable to generate public ssh key." ; return 1;
77 | fi
78 |
79 | tr -d $'\n' < "${tmpfile}" > "${pubkey}"
80 | echo " sshGate key" >> "${pubkey}"
81 |
82 | chown "${SSHGATE_GATE_ACCOUNT}" "${pubkey}"
83 |
84 | rm -f "${tmpfile}"
85 | return 0;
86 | }
87 |
88 | # usage: DISPLAY_TARGET_PUBLIC_SSHKEY
89 | # desc: Display public sshkey of a target
90 | TARGET_SSHKEY_DISPLAY () {
91 | local target=
92 | if [ $# -ne 1 ]; then
93 | BAD_ARGUMENTS ; return 1;
94 | fi
95 | target=$( TARGET_REAL "$1" )
96 | if [ -z "${target}" ]; then
97 | ERROR "Target host '${target}' doesn't exist"; return 1;
98 | fi
99 | echo "# public sshkey of ${target}"
100 | cat $( private_TARGET_PUBLIC_SSHKEY_FILE "${target}" )
101 | return 0;
102 | }
103 |
104 | # usage: TARGET_SSHKEY_USE_DEFAULT
105 | # desc: Set default sshkey for a target host
106 | # note: you may have access to the with the sshkey of the
107 | # root account, or with the your sshkey and sshagent forwarding.
108 | TARGET_SSHKEY_USE_DEFAULT () {
109 | local target=
110 | if [ $# -ne 1 ]; then
111 | BAD_ARGUMENTS ; return 1;
112 | fi
113 |
114 | target=$( TARGET_REAL "$1" )
115 | if [ -z "${target}" ]; then
116 | ERROR "Target host '${target}' doesn't exist" ; return 1;
117 | fi
118 |
119 | sshkey_file=$( private_TARGET_PUBLIC_SSHKEY_FILE "${target}" )
120 | [ "${sshkey_file}" != "${SSHGATE_TARGET_DEFAULT_PUBLIC_SSHKEY_FILE}" ] && rm -f "${sshkey_file}"
121 |
122 | sshkey_file=$( private_TARGET_PRIVATE_SSHKEY_FILE "${target}" )
123 | [ "${sshkey_file}" != "${SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE}" ] && rm -f "${sshkey_file}"
124 |
125 | return 0;
126 | }
127 |
128 | # usage: TARGET_SSHKEY_INSTALL [@]
129 | # usage: TARGET_SSHKEY_INSTALL []
130 | # desc: Try to install public sshkey on all targets
131 | # note: you may have access to the with the sshkey of the
132 | # root account, or with the your sshkey and sshagent forwarding.
133 | # note: if isn't specified, use the target's default ssh login
134 | TARGET_SSHKEY_INSTALL () {
135 | local target= login= sshkey_file= ssh_conf_file=
136 | if [ $# -ne 1 -a $# -ne 2 ]; then
137 | BAD_ARGUMENTS ; return 1;
138 | fi
139 |
140 | if [ $# -eq 1 ]; then
141 | target=$( GET_HOST "$1" )
142 | login=$( GET_LOGIN "$1" )
143 | else
144 | target="$1"; login="$2"
145 | fi
146 |
147 | target=$( TARGET_REAL "${target}" )
148 | if [ -z "${target}" ]; then
149 | ERROR "Target host '${target}' doesn't exist" ; return 1;
150 | fi
151 |
152 | sshkey_file=$( private_TARGET_PUBLIC_SSHKEY_FILE "${target}" )
153 | if [ -z "${sshkey_file}" ]; then
154 | ERROR "Unable to find private ssh key of '${target}'" ; return 1;
155 | fi
156 |
157 | cat "${sshkey_file}" \
158 | | TARGET_SSH_RUN_COMMAND "${login}@${target}" "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys"
159 | if [ $? -ne 0 ]; then
160 | echo "NOTICE: Public ssh key of '${target}' can't be installed on '${login}@${target}'. Install it manually"
161 | fi
162 |
163 | return 0
164 | }
165 |
166 | # usage: TARGET_SSHKEY_INSTALL_ALL
167 | # desc: Try to install the public sshkey on the target
168 | # note: you may have access to the with the sshkey of the
169 | # root account, or with the your sshkey and sshagent forwarding.
170 | TARGET_SSHKEY_INSTALL_ALL () {
171 | echo "= Install sshkey on all targets ="
172 | for target in $( TARGETS_LIST ); do
173 | for login in $( TARGET_SSH_LIST_LOGINS "${target}" ); do
174 | echo -n ". ${login}@${target} ... "
175 | TARGET_SSHKEY_INSTALL "${login}@${target}"
176 | [ $? -eq 0 ] && echo 'OK' || echo 'KO'
177 | done
178 | done
179 | return 0;
180 | }
181 |
182 | # usage: private_TARGET_PRIVATE_SSHKEY_FILE
183 | # desc: echo-return the path to the private ssh key of the target host
184 | private_TARGET_PRIVATE_SSHKEY_FILE () {
185 | local target= f=
186 | if [ $# -ne 1 ]; then
187 | BAD_ARGUMENTS ; return 1;
188 | fi
189 | target="$1"
190 | f="${SSHGATE_DIR_TARGETS}/${target}/${SSHGATE_TARGET_PRIVATE_SSHKEY_FILENAME}"
191 | [ ! -r "$f" -o -z "${target}" ] && f="${SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE}"
192 | echo "$f"
193 | }
194 |
195 | # usage: private_TARGET_PUBLIC_SSHKEY_FILE
196 | # desc: echo-return the path to the public ssh key of the target host
197 | private_TARGET_PUBLIC_SSHKEY_FILE () {
198 | local target= f=
199 | if [ $# -ne 1 ]; then
200 | BAD_ARGUMENTS ; return 1;
201 | fi
202 | target="$1"
203 | f="${SSHGATE_DIR_TARGETS}/${target}/${SSHGATE_TARGET_PUBLIC_SSHKEY_FILENAME}"
204 | [ ! -r "$f" -o -z "${target}" ] && f="${SSHGATE_TARGET_DEFAULT_PUBLIC_SSHKEY_FILE}"
205 | echo "$f"
206 | }
207 |
208 | fi # end of: if [ "${__TARGET_SSHKEY_FUNC__:-}" != 'Loaded' ]; then
209 |
--------------------------------------------------------------------------------
/tests/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) 2010 Linagora
4 | # Patrick Guiran
5 | # http://github.com/Tauop/ScriptHelper
6 | #
7 | # ScriptHelper is free software, you can redistribute it and/or modify
8 | # it under the terms of the GNU General Public License as
9 | # published by the Free Software Foundation; either version 2 of
10 | # the License, or (at your option) any later version.
11 | #
12 | # ScriptHelper is distributed in the hope that it will be useful,
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | # GNU General Public License for more details.
16 | #
17 | # You should have received a copy of the GNU Lesser General Public License
18 | # along with this program. If not, see .
19 | #
20 |
21 | load() {
22 | local var= value= file=
23 |
24 | var="$1"; file="$2"
25 | value=$( eval "echo \"\${${var}:-}\"" )
26 |
27 | [ -n "${value}" ] && return 1;
28 | if [ -f "${file}" ]; then
29 | . "${file}"
30 | else
31 | echo "ERROR: Unable to load ${file}"
32 | exit 2
33 | fi
34 | return 0;
35 | }
36 |
37 | load SSHGATE_DIRECTORY '/etc/sshgate.conf'
38 | load __SSHGATE_SETUP__ "${SSHGATE_DIRECTORY}/data/sshgate.setup"
39 |
40 |
41 | testcases=$( find "${SSHGATE_DIR_BIN}/tests/" -type f -iname "*.testcase" -printf "%P\n" \
42 | | sed -e 's/^\(.*\)[.]testcase$/\1/' )
43 |
44 | usage () {
45 | testcases=$( echo -n "${testcases}" | tr $'\n' ',' | sed -e 's/,/, /g' )
46 | echo "Usage: $0 "
47 | echo " : all, ${testcases}" | fold -s
48 | exit 1
49 | }
50 |
51 | if [ $# -ne 1 ]; then
52 | echo 'ERROR: Bad arguments'
53 | usage
54 | fi
55 |
56 | TEST_CASE="$1"
57 | TEST_CASE_DIR="${SSHGATE_DIR_BIN}/tests"
58 |
59 | if [ "${TEST_CASE}" != 'all' ]; then
60 | TEST_CASE="${TEST_CASE_DIR}/${TEST_CASE}.testcase"
61 |
62 | if [ ! -r "${TEST_CASE}" ]; then
63 | echo 'ERROR: unknown test-case'
64 | usage
65 | fi
66 | fi
67 |
68 | # don't use function.lib.sh functions !
69 | mDOTHIS() { echo -n "- $* ... "; }
70 | mOK() { echo 'OK'; }
71 |
72 | # tell sshGate module we are making tests :-)
73 | SSHGATE_TEST='sshGateTest'
74 |
75 | # --------------------------------------------------------------------------
76 | mDOTHIS 'Loading sshGate core'
77 | load __SSHGATE_CLI__ "${SSHGATE_DIR_BIN}/sshgate-cli"
78 | load __LIB_RANDOM__ "${SCRIPT_HELPER_DIRECTORY}/random.lib.sh"
79 | mOK
80 |
81 | # --------------------------------------------------------------------------
82 | mDOTHIS 'Setup sshGate data directory'
83 | # get from sshgate.conf
84 | SSHGATE_DIRECTORY="/tmp/sshgate.$(RANDOM)"
85 | SSHGATE_DIR_DATA="${SSHGATE_DIRECTORY}/data"
86 | SSHGATE_DIR_BIN="${SSHGATE_DIRECTORY}/bin"
87 | SSHGATE_DIR_CORE="${SSHGATE_DIRECTORY}/core"
88 | SSHGATE_DIR_USERS="${SSHGATE_DIRECTORY}/users"
89 | SSHGATE_DIR_TARGETS="${SSHGATE_DIRECTORY}/targets"
90 | SSHGATE_DIR_USERS_GROUPS="${SSHGATE_DIRECTORY}/users.groups"
91 | SSHGATE_DIR_LOGS="${SSHGATE_DIRECTORY}/logs"
92 | SSHGATE_DIR_LOGS_TARGETS="${SSHGATE_DIR_LOGS}/targets-logs"
93 | SSHGATE_DIR_LOGS_USERS="${SSHGATE_DIR_LOGS}/users-logs"
94 | SSHGATE_DIR_ARCHIVE="${SSHGATE_DIRECTORY}/archives"
95 | SSHGATE_LOGS_CURRENT_SESSION_FILE="${SSHGATE_DIR_LOGS}/current_session.log"
96 |
97 | # get from install.sh
98 | MK () { [ ! -d "$1/" ] && mkdir -p "$1"; }
99 | MK "${SSHGATE_DIRECTORY}"
100 | MK "${SSHGATE_DIR_DATA}"
101 | MK "${SSHGATE_DIR_BIN}"
102 | MK "${SSHGATE_DIR_CORE}"
103 | MK "${SSHGATE_DIR_USERS}"
104 | MK "${SSHGATE_DIR_TARGETS}"
105 | MK "${SSHGATE_DIR_USERS_GROUPS}"
106 | MK "${SSHGATE_DIR_LOGS_TARGETS}"
107 | MK "${SSHGATE_DIR_LOGS_USERS}"
108 | MK "${SSHGATE_DIR_ARCHIVE}"
109 | mOK
110 |
111 | # --------------------------------------------------------------------------
112 | mDOTHIS 'Generate temporary test file'
113 | input_test_file="/tmp/test_sshgate_input.$(RANDOM)"
114 | output_test_file="/tmp/test_sshgate_output.$(RANDOM)"
115 | expected_test_file="/tmp/test_sshgate_expected.$(RANDOM)"
116 | sshkey_priv_test_file="/tmp/test_sshgate_sshkey.$(RANDOM)"
117 | sshkey_pub_test_file="${sshkey_priv_test_file}.pub"
118 | sshkey_priv_unix_test_file="/tmp/test_sshgate_sshkey_unix.$(RANDOM)"
119 | sshkey_pub_unix_test_file="${sshkey_priv_unix_test_file}.pub"
120 | mOK
121 |
122 | # --------------------------------------------------------------------------
123 | mDOTHIS 'Generate temporary sshkey test file'
124 | # generate fake ssh keys pair without passphrase
125 | ssh-keygen -C "sshGate key" -t rsa -b 1024 -N '' -f "${sshkey_priv_test_file}" >/dev/null
126 | ssh-keygen -C "user@key" -t rsa -b 1024 -N '' -f "${sshkey_priv_unix_test_file}" >/dev/null
127 | chmod 400 "${sshkey_priv_test_file}"
128 | chmod 400 "${sshkey_priv_unix_test_file}"
129 | mOK
130 |
131 | # --------------------------------------------------------------------------
132 | mDOTHIS 'Create and setup temporary Unix account'
133 | sshgate_unix_test_account="sshgate$(RANDOM)"
134 | useradd --home "/home/${sshgate_unix_test_account}" "${sshgate_unix_test_account}"
135 | mkdir -p "/home/${sshgate_unix_test_account}/.ssh/"
136 | cp "${sshkey_pub_unix_test_file}" "/home/${sshgate_unix_test_account}/.ssh/authorized_keys2"
137 | chown -R "${sshgate_unix_test_account}" "/home/${sshgate_unix_test_account}"
138 |
139 | user_unix_test_account="user$(RANDOM)"
140 | useradd --home "/home/${user_unix_test_account}" "${user_unix_test_account}"
141 | mkdir -p "/home/${user_unix_test_account}/.ssh/"
142 | cp "${sshkey_pub_unix_test_file}" "/home/${user_unix_test_account}/.ssh/authorized_keys2"
143 | chown -R "${user_unix_test_account}" "/home/${user_unix_test_account}"
144 |
145 | # change sshGate settings
146 | SSHGATE_GATE_ACCOUNT="${sshgate_unix_test_account}"
147 | SSHGATE_TARGETS_DEFAULT_SSH_LOGIN="${user_unix_test_account}"
148 |
149 | # need to read lines prefixed by "<<-" from ${expected_test_file}/${input_test_file}.
150 | # it ends when ASK read '->>' string
151 | SSHGATE_EDITOR='input="";
152 | while true; do
153 | ASK --no-print --no-echo --allow-empty input
154 | input="${input#"<<-"}"
155 | if [ "${input}" != "${input#"<<="}" ]; then
156 | echo "${input#"<<="}"; break;
157 | fi
158 | [ "${input}" != "->>" ] && echo "${input}"
159 | [ "${input}" = "->>" ] && break;
160 | done >>'
161 |
162 | # install unix user sshkey to sshGate default key so that we can call TARGET_ADD
163 | # and TARGET_SSHKEY_INSTALL without problems
164 | SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE="${SSHGATE_DIR_DATA}/${SSHGATE_TARGET_PRIVATE_SSHKEY_FILENAME}"
165 | SSHGATE_TARGET_DEFAULT_PUBLIC_SSHKEY_FILE="${SSHGATE_DIR_DATA}/${SSHGATE_TARGET_PUBLIC_SSHKEY_FILENAME}"
166 | cp "${sshkey_priv_unix_test_file}" "${SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE}"
167 | cp "${sshkey_pub_unix_test_file}" "${SSHGATE_TARGET_DEFAULT_PUBLIC_SSHKEY_FILE}"
168 | mOK
169 |
170 |
171 | # --------------------------------------------------------------------------
172 |
173 | if [ "${TEST_CASE}" != 'all' ]; then
174 | # Load the test-case
175 | . "${TEST_CASE}"
176 | else
177 | for test in ${testcases}; do
178 | mDOTHIS 'Reset temporary test file'
179 | echo -n '' > "${input_test_file}"
180 | echo -n '' > "${output_test_file}"
181 | echo -n '' > "${expected_test_file}"
182 | mOK
183 | mDOTHIS 'Reset sshGate data directories'
184 | rm -rf "${SSHGATE_DIRECTORY}"
185 | MK "${SSHGATE_DIRECTORY}"
186 | MK "${SSHGATE_DIR_DATA}"
187 | MK "${SSHGATE_DIR_BIN}"
188 | MK "${SSHGATE_DIR_CORE}"
189 | MK "${SSHGATE_DIR_USERS}"
190 | MK "${SSHGATE_DIR_TARGETS}"
191 | MK "${SSHGATE_DIR_USERS_GROUPS}"
192 | MK "${SSHGATE_DIR_LOGS}"
193 | MK "${SSHGATE_DIR_ARCHIVE}"
194 | cp "${sshkey_priv_unix_test_file}" "${SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE}"
195 | cp "${sshkey_pub_unix_test_file}" "${SSHGATE_TARGET_DEFAULT_PUBLIC_SSHKEY_FILE}"
196 | mOK
197 | TEST_CASE="${TEST_CASE_DIR}/${test}.testcase"
198 | . "${TEST_CASE}"
199 | done
200 | fi
201 |
202 | # --------------------------------------------------------------------------
203 | mDOTHIS 'Remove tests data'
204 | userdel "${sshgate_unix_test_account}"
205 | userdel "${user_unix_test_account}"
206 | [ -d "/home/${sshgate_unix_test_account}/" ] && rm -rf "/home/${sshgate_unix_test_account}"
207 | [ -d "/home/${user_unix_test_account}/" ] && rm -rf "/home/${user_unix_test_account}"
208 |
209 | mail_test_file=$( MAIL_GET_FILE )
210 | rm -f "${input_test_file}" "${output_test_file}" "${expected_test_file}"
211 | rm -f "${sshkey_priv_test_file}" "${sshkey_pub_test_file}"
212 | rm -f "${sshkey_priv_unix_test_file}" "${sshkey_pub_unix_test_file}"
213 | rm -f "${mail_test_file}"
214 | rm -rf "${SSHGATE_DIRECTORY}"
215 | mOK
216 | exit 0
217 |
--------------------------------------------------------------------------------
/bin/sshgate-cli:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright (c) 2010 Linagora
4 | # Patrick Guiran
5 | # http://github.com/Tauop/sshGate
6 | #
7 | # sshGate is free software, you can redistribute it and/or modify
8 | # it under the terms of the GNU General Public License as
9 | # published by the Free Software Foundation; either version 2 of
10 | # the License, or (at your option) any later version.
11 | #
12 | # sshGate is distributed in the hope that it will be useful,
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | # GNU General Public License for more details.
16 | #
17 | # You should have received a copy of the GNU Lesser General Public License
18 | # along with this program. If not, see .
19 | #
20 |
21 | load() {
22 | local var= value= file=
23 |
24 | var="$1"; file="$2"
25 | value=$( eval "echo \"\${${var}:-}\"" )
26 |
27 | [ -n "${value}" ] && return 1;
28 | if [ -f "${file}" ]; then
29 | . "${file}"
30 | else
31 | echo "ERROR: Unable to load ${file}"
32 | exit 2
33 | fi
34 | return 0;
35 | }
36 |
37 | load SSHGATE_DIRECTORY '/etc/sshgate.conf'
38 |
39 | load __SSHGATE_SETUP__ "${SSHGATE_DIRECTORY}/data/sshgate.setup"
40 | load __SSHGATE_CORE__ "${SSHGATE_DIR_CORE}/sshgate.core"
41 |
42 | # help is only needed for the CLI
43 | load __HELP_FUNC__ "${SSHGATE_DIR_CORE}/help.func"
44 |
45 | load __LIB_ASK__ "${SCRIPT_HELPER_DIRECTORY}/ask.lib.sh"
46 | load __LIB_MAIL__ "${SCRIPT_HELPER_DIRECTORY}/mail.lib.sh"
47 | load __LIB_CLI__ "${SCRIPT_HELPER_DIRECTORY}/cli.lib.sh"
48 |
49 |
50 | if [ "${SSHGATE_TEST:-}" != 'sshGateTest' ]; then
51 | # during test, don't check for user
52 | SSHKEY_USER=
53 | while true ; do
54 | [ $# -eq 0 ] && break;
55 | case $1 in
56 | -u ) shift; SSHKEY_USER="$1"; shift ;;
57 | * ) shift ;; # ignore
58 | esac
59 | done
60 |
61 | if [ -z "${SSHKEY_USER}" ]; then
62 | echo "ERROR: you have to specify a username to use sshgate CLI"
63 | echo "usage: $0 -u "
64 | exit 1
65 | fi
66 | fi # end of: if [ "${SSHGATE_TEST:-}" != 'sshGateTest' ]; then
67 |
68 | # don't want to add exec.lib.sh in dependencies :/
69 | user_id=`id -u`
70 | [ "${user_id}" != "0" ] \
71 | && KO "You must execute $0 with root privileges"
72 |
73 | CLI_REGISTER_HELP '/tmp/sshgate-cli-help.txt' \
74 | SSHGATE_GET_HELP \
75 | SSHGATE_DISPLAY_HELP \
76 | SSHGATE_DISPLAY_HELP_FOR
77 |
78 | CLI_REGISTER_MENU 'user' 'User related commands'
79 | CLI_REGISTER_COMMAND 'user list' 'USERS_LIST'
80 | CLI_REGISTER_COMMAND 'user list ' 'USERS_LIST \1'
81 | CLI_REGISTER_COMMAND 'user add mail ' 'USER_ADD \1 \2'
82 | CLI_REGISTER_COMMAND 'user del ' 'USER_DEL \1'
83 | CLI_REGISTER_COMMAND 'user build auth_keys' 'USERS_AUTH_KEYS_BUILD'
84 |
85 | CLI_REGISTER_MENU 'user '
86 | CLI_REGISTER_COMMAND 'user display conf' 'USER_DISPLAY_CONF \1'
87 | CLI_REGISTER_COMMAND 'user set conf ' 'USER_SET_CONF \1 \2 \3'
88 | CLI_REGISTER_COMMAND 'user del conf ' 'USER_SET_CONF \1 \2'
89 | CLI_REGISTER_COMMAND 'user list targets' 'USER_LIST_TARGETS \1'
90 | CLI_REGISTER_COMMAND 'user list usergroups' 'USER_LIST_USERGROUPS \1'
91 | CLI_REGISTER_COMMAND 'user has access [@]' 'HAS_ACCESS \1 \2'
92 | CLI_REGISTER_COMMAND 'user access info' 'USER_ACCESS_INFO \1'
93 | CLI_REGISTER_COMMAND 'user access notify' 'USER_ACCESS_NOTIFY \1'
94 | CLI_REGISTER_COMMAND 'user edit sshkey' 'USER_SSHKEY_EDIT \1'
95 | CLI_REGISTER_COMMAND 'user display sshkey' 'USER_SSHKEY_DISPLAY \1'
96 | CLI_REGISTER_COMMAND 'user update auth_keys' 'USER_AUTH_KEYS_UPDATE \1'
97 |
98 | CLI_REGISTER_MENU 'usergroup' 'Usergroup related commands'
99 | CLI_REGISTER_COMMAND 'usergroup list' 'USERGROUPS_LIST'
100 | CLI_REGISTER_COMMAND 'usergroup add ' 'USERGROUP_ADD \1'
101 | CLI_REGISTER_COMMAND 'usergroup del ' 'USERGROUP_DEL \1'
102 |
103 | CLI_REGISTER_MENU 'usergroup '
104 | CLI_REGISTER_COMMAND 'usergroup list users' 'USERGROUP_LIST_USERS \1'
105 | CLI_REGISTER_COMMAND 'usergroup add user ' 'USERGROUP_ADD_USER \1 \2'
106 | CLI_REGISTER_COMMAND 'usergroup del user ' 'USERGROUP_DEL_USER \1 \2'
107 | CLI_REGISTER_COMMAND 'usergroup list targets' 'USERGROUP_LIST_TARGETS \1'
108 | CLI_REGISTER_COMMAND 'usergroup access info' 'USERGROUP_ACCESS_INFO \1'
109 | CLI_REGISTER_COMMAND 'usergroup access notify' 'USERGROUP_ACCESS_NOTIFY \1'
110 |
111 | CLI_REGISTER_MENU 'target' 'Target related commands'
112 | CLI_REGISTER_COMMAND 'target list' 'TARGETS_LIST'
113 | CLI_REGISTER_COMMAND 'target list ' 'TARGETS_LIST \1'
114 | CLI_REGISTER_COMMAND 'target add [@]' 'TARGET_ADD \1'
115 | CLI_REGISTER_COMMAND 'target add [@] with proxy [@]' 'TARGET_ADD \1 \2'
116 | CLI_REGISTER_COMMAND 'target add [@] via [@]' 'TARGET_ADD \1 \2'
117 | CLI_REGISTER_COMMAND 'target del ' 'TARGET_DEL \1'
118 | CLI_REGISTER_COMMAND 'target alias list' 'TARGET_LIST_ALIASES'
119 | CLI_REGISTER_COMMAND 'target alias list ' 'TARGET_LIST_ALIASES \1'
120 |
121 | CLI_REGISTER_MENU 'target ssh' "Targets ssh related commands"
122 | CLI_REGISTER_COMMAND 'target ssh test all' 'TARGET_SSH_TEST_ALL'
123 | CLI_REGISTER_COMMAND 'target ssh install all key' 'TARGET_SSHKEY_INSTALL_ALL'
124 | CLI_REGISTER_COMMAND 'target ssh edit config' 'TARGET_SSH_EDIT_CONFIG all'
125 | CLI_REGISTER_COMMAND 'target ssh display config' 'TARGET_SSH_DISPLAY_GLOBAL_CONFIG'
126 | CLI_REGISTER_COMMAND 'target ssh update known_hosts' 'TARGET_SSH_UPDATE_KNOWN_HOSTS'
127 |
128 | CLI_REGISTER_MENU 'target '
129 | CLI_REGISTER_COMMAND 'target rename ' 'TARGET_RENAME \1 \2'
130 | CLI_REGISTER_COMMAND 'target realname' 'TARGET_REAL \1'
131 | CLI_REGISTER_COMMAND 'target add alias ' 'TARGET_ADD_ALIAS \1 \2'
132 | CLI_REGISTER_COMMAND 'target del alias ' 'TARGET_DEL_ALIAS \2'
133 | CLI_REGISTER_COMMAND 'target list alias' 'TARGET_LIST_ALIASES \1'
134 | CLI_REGISTER_COMMAND 'target display conf' 'TARGET_DISPLAY_CONF \1'
135 | CLI_REGISTER_COMMAND 'target set conf ' 'TARGET_SET_CONF \1 \2 \3'
136 | CLI_REGISTER_COMMAND 'target del conf ' 'TARGET_SET_CONF \1 \2'
137 |
138 | CLI_REGISTER_MENU 'target ssh' "Targets ssh related commands"
139 | CLI_REGISTER_COMMAND 'target ssh test' 'TARGET_SSH_TEST \1'
140 | CLI_REGISTER_COMMAND 'target ssh list logins' 'TARGET_SSH_LIST_LOGINS \1'
141 | CLI_REGISTER_COMMAND 'target ssh add login ' 'TARGET_SSH_ADD_LOGIN \1 \2'
142 | CLI_REGISTER_COMMAND 'target ssh del login ' 'TARGET_SSH_DEL_LOGIN \1 \2'
143 | CLI_REGISTER_COMMAND 'target [@] ssh edit config' 'TARGET_SSH_EDIT_CONFIG \1'
144 | CLI_REGISTER_COMMAND 'target [@] ssh display config' 'TARGET_SSH_DISPLAY_CONFIG \1'
145 | CLI_REGISTER_COMMAND 'target [@] ssh display full config' 'TARGET_SSH_DISPLAY_FULL_CONFIG \1'
146 |
147 | CLI_REGISTER_COMMAND 'target ssh display key' 'TARGET_SSHKEY_DISPLAY \1'
148 | CLI_REGISTER_COMMAND 'target ssh edit key' 'TARGET_SSHKEY_EDIT \1'
149 | CLI_REGISTER_COMMAND 'target ssh install key' 'TARGET_SSHKEY_INSTALL \1'
150 | CLI_REGISTER_COMMAND 'target ssh use default key' 'TARGET_SSHKEY_USE_DEFAULT \1'
151 | CLI_REGISTER_COMMAND 'target ssh update known_hosts' 'TARGET_SSH_UPDATE_KNOWN_HOSTS \1'
152 |
153 | CLI_REGISTER_MENU 'target [@] access' 'Targets access related commands'
154 | CLI_REGISTER_COMMAND 'target [@] access info' 'TARGET_ACCESS_INFO \1'
155 | CLI_REGISTER_COMMAND 'target [@] access list users' 'TARGET_ACCESS_LIST_USERS \1'
156 | CLI_REGISTER_COMMAND 'target [@] access add user ' 'TARGET_ACCESS_ADD_USER \1 \2'
157 | CLI_REGISTER_COMMAND 'target [@] access del user ' 'TARGET_ACCESS_DEL_USER \1 \2'
158 | CLI_REGISTER_COMMAND 'target [@] access list usergroups' 'TARGET_ACCESS_LIST_USERGROUPS \1'
159 | CLI_REGISTER_COMMAND 'target [@] access add usergroup ' 'TARGET_ACCESS_ADD_USERGROUP \1 \2'
160 | CLI_REGISTER_COMMAND 'target [@] access del usergroup ' 'TARGET_ACCESS_DEL_USERGROUP \1 \2'
161 |
162 | CLI_REGISTER_MENU 'session'
163 | CLI_REGISTER_COMMAND 'session list current' 'SESSION_DISPLAY_CONNECTED'
164 | #CLI_REGISTER_COMMAND 'session list last' 'SESSION_LIST_LAST'
165 | #CLI_REGISTER_COMMAND 'session list last ' 'SESSION_LIST_LAST \1'
166 | CLI_REGISTER_COMMAND 'session kill ' 'SESSION_KILL \1'
167 | #CLI_REGISTER_COMMAND 'session target list' 'SESSION_TARGET_LIST \1'
168 | #CLI_REGISTER_COMMAND 'session target