Index: /branches/rel_ag_9_4_5/webui/proxy/new/incGlobal/adminTools/sysMgmt/class.cliWrap_gSysMgmtACSSH.php
===================================================================
--- /branches/rel_ag_9_4_5/webui/proxy/new/incGlobal/adminTools/sysMgmt/class.cliWrap_gSysMgmtACSSH.php (revision 20488)
+++ /branches/rel_ag_9_4_5/webui/proxy/new/incGlobal/adminTools/sysMgmt/class.cliWrap_gSysMgmtACSSH.php (working copy)
@@ -133,7 +133,7 @@
// The current SSH server host keys will be lost and you will need to update your SSH client configuration. Do you want to continue[Yes/(No)]:SSH server host keys are regenerated.
// ------------------------------------------------------------
case ($this->classId . '_gACSSHRegenKeys'):
- $t_errStr = cli::cmd('ssh regenerate keys' . "\n" . 'Yes');
+ $t_errStr = cli::cmd('ssh regenerate keys' . "\n" . 'Yes');
//$t_errStr = 'The current SSH server host keys will be lost and you will need to update your SSH client configuration. Do you want to continue[Yes/(No)]:SSH server host keys are regenerated.';
if (!empty($t_errStr)) {
$out_msg = '';
@@ -145,7 +145,7 @@
// cli cmd wants to put out a reminder msg. So, print it out here.
$this->jsOnLoadEnd .= 'showSPMessage("status", "' . language::translate('status_operation_successful') . '\n\n' . (urldecode(str_replace(array('%0A', '%0D'), array('\n','\n'), urlencode(addslashes($t_errStr))))) .'");';
}
- else {
+ else {
// cli cmd failed.
$this->jsOnLoadEnd .= 'g_errStr += "' . language::translate('alert_messageAlertFromSP') . '\n\n' . (urldecode(str_replace(array('%0A', '%0D'), array('\n','\n'), urlencode(addslashes($t_errStr))))) . '";';
}
@@ -210,6 +210,18 @@
$this->jsOnLoadEnd .= 'g_errStr += "' . language::translate('alert_messageAlertFromSP') . '\n\n' . (urldecode(str_replace(array('%0A', '%0D'), array('\n','\n'), urlencode(addslashes(cli::get_reason_info($t_errStr)))))) . '";';
}
break;
+ case ($this->classId . '_gACSSHCipherSaveChange'):
+ if (isset($_POST[$this->classId . '_ac_ssh_cipher_str'])) {
+ $cipher_str = $_POST[$this->classId . '_ac_ssh_cipher_str'];
+ if ($cipher_str !== '') {
+ $t_errStr = cli::exec('ssh ciphersuite "' . $cipher_str . '"');
+ }
+ if (!($t_errStr->result)) {
+ // cli cmd failed.
+ $this->jsOnLoadEnd .= 'g_errStr += "' . language::translate('alert_messageAlertFromSP') . '\n\n' . (urldecode(str_replace(array('%0A', '%0D'), array('\n','\n'), urlencode(addslashes(cli::get_reason_info($t_errStr)))))) . '";';
+ }
+ }
+ break;
default:
break;
}
@@ -243,6 +255,7 @@
// ssh on
// ------------------------------------------------------------
$t_cliResp = cli::cmd_direct('show ssh conf');
+
$resp = explode("\n", $t_cliResp);
if (strlen($resp[0]) == 0) {
$t_ssh_enable = FALSE;
@@ -266,12 +279,29 @@
$this->old_ipv6_addr = $match_ssh_ipv6[1];
}
}
-
+
+ $t_ssh_cipher_aes128ctr = false;
+ $t_ssh_cipher_aes192ctr = false;
+ $t_ssh_cipher_aes256ctr = false;
+
+ foreach ($resp as $data) {
+ if (preg_match('/^ssh ciphersuite\s+"?([a-zA-Z0-9\-,]+)"?/i', $data, $match_cipher)) {
+ $cipher_str = strtolower($match_cipher[1]);
+ $ciphers = explode(',', $cipher_str);
+ foreach ($ciphers as $cipher) {
+ $cipher = trim($cipher);
+ if ($cipher === 'aes128-ctr') $t_ssh_cipher_aes128ctr = true;
+ if ($cipher === 'aes192-ctr') $t_ssh_cipher_aes192ctr = true;
+ if ($cipher === 'aes256-ctr') $t_ssh_cipher_aes256ctr = true;
+ }
+ }
+ }
+
// ------------------------------------------------------------
// Call content function based on user's current mode
// ------------------------------------------------------------
$this->mainContent .= anLib_htmlCode::pageSectionStart('ac_ssh_config', 1, $this->htmlSectionHeaderBtns);
-
+
$this->mainContent .= anLib_htmlCode::cliWrap_startTable();
switch ($this->viewMode) {
@@ -323,6 +353,18 @@
true);
$this->mainContent .= anLib_htmlCode::cliWrap_rowFootnoteBox('_ac_ssh_idle_mode_note', $this, array(array('footnote', language::translate('ac_ssh_idle_mode_note'))));
+ $disableCipher = $this->viewMode ? '' : 'disabled';
+ // If SSH is disabled, disable the cipher suite checkboxes
+ $this->mainContent .= '| ' . 'SSH Cipher suite:' . ' | ';
+ $this->mainContent .= ' ';
+ $this->mainContent .= ' ';
+ $this->mainContent .= ' ';
+ $this->mainContent .= '';
+ $this->mainContent .= ' |
';
+ $this->mainContent .= ' | ';
+ $this->mainContent .= 'Please choose at least one cipher suite.';
+ $this->mainContent .= ' |
';
+
break;
case CLI_HIDE:
default:
@@ -367,10 +409,10 @@
showSaveBtns();
formAction_add(\'' . $this->classId . '_gACSSHIdletime\');
}
-
+
function gACSshRegenKeys() {
if ( confirmAction("' . language::translate('ac_ssh_confirm_gen') . '") ) {
- if (document.forms["form_mainView"].actionStr.value == "") {
+ if (document.forms["form_mainView"].actionStr.value == "") {
document.forms["form_mainView"].target = "mainView";
document.forms["form_mainView"].actionStr.value = "' . $this->classId . '_gACSSHRegenKeys";
document.forms["form_mainView"].submit();
@@ -384,9 +426,57 @@
}
}
+ var initCipherState = {};
+ function recordCipherInitState() {
+ initCipherState = {
+ c1: document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes128ctr").checked,
+ c2: document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes192ctr").checked,
+ c3: document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes256ctr").checked
+ };
+ }
+
+ function cipherSuiteChangedAndUpdate() {
+ var c1 = document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes128ctr").checked;
+ var c2 = document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes192ctr").checked;
+ var c3 = document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes256ctr").checked;
+ var alertSpan = document.getElementById("' . $this->classId . '_cipher_alert");
+
+ if (!c1 && !c2 && !c3) {
+ alertSpan.style.display = "inline";
+ hideSaveBtns();
+ } else {
+ alertSpan.style.display = "none";
+ }
+
+ var changed = (c1 !== initCipherState.c1) || (c2 !== initCipherState.c2) || (c3 !== initCipherState.c3);
+ if (changed && (c1 || c2 || c3)) {
+ changeSSHMode();
+ }
+
+ var vals = [];
+ if(c1) vals.push("aes128-ctr");
+ if(c2) vals.push("aes192-ctr");
+ if(c3) vals.push("aes256-ctr");
+ var cipherStrElem = document.getElementById("' . $this->classId . '_ac_ssh_cipher_str");
+ var oldVal = cipherStrElem.value;
+ var newVal = vals.join(",");
+ cipherStrElem.value = newVal;
+
+ if (oldVal !== newVal) {
+ formAction_add("' . $this->classId . '_gACSSHCipherSaveChange");
+ }
+ }
+
+ document.addEventListener("DOMContentLoaded", function() {
+ recordCipherInitState();
+ document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes128ctr").addEventListener("change", cipherSuiteChangedAndUpdate);
+ document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes192ctr").addEventListener("change", cipherSuiteChangedAndUpdate);
+ document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes256ctr").addEventListener("change", cipherSuiteChangedAndUpdate);
+ cipherSuiteChangedAndUpdate();
+ });
+
';
}
-
/********************************************************************
*
* Add supporting javascript code to be executed at the beginning