Index: /branches/rel_ag_9_4_5/webui/proxy/new/inc/language/chinese.php
===================================================================
--- /branches/rel_ag_9_4_5/webui/proxy/new/inc/language/chinese.php (revision 20488)
+++ /branches/rel_ag_9_4_5/webui/proxy/new/inc/language/chinese.php (working copy)
@@ -2774,9 +2774,14 @@
'license_server_email_addr' => 'Administrator Email Address',
'license_server_confirm_delete' => 'Are you sure you want to clear Activation Server configuration?\n\nThis may cause the system to be disabled due to lack of communication with the Activation Server.',
- // ADMIN TOOLS -> SYSTEM MANAGEMENT -> Health Check
- // Heading text, labels, etc.
- 'system_healthcheck' => 'System Health Check',
+ // ADMIN TOOLS -> SYSTEM MANAGEMENT -> SSH Settings
+ // Heading text, labels, etc.
+ 'ssh_cipher_suite' => 'SSH 密码套件',
+ 'ssh_cipher_suite_alert' => '请至少选择一个密码套件',
+
+ // ADMIN TOOLS -> SYSTEM MANAGEMENT -> Health Check
+ // Heading text, labels, etc.
+ 'system_healthcheck' => 'System Health Check',
// ADMIN TOOLS -> CONFIG MANAGEMENT -> View -> Running Config, Startup Config, Local 文件s
// Heading text, labels, etc.
Index: /branches/rel_ag_9_4_5/webui/proxy/new/inc/language/default.php
===================================================================
--- /branches/rel_ag_9_4_5/webui/proxy/new/inc/language/default.php (revision 20488)
+++ /branches/rel_ag_9_4_5/webui/proxy/new/inc/language/default.php (working copy)
@@ -4790,6 +4790,7 @@
'aaa_http_challenge_resp_msg' => '** Note: To edit the Subsequent Challenge Configuration, just double click the cell. To remove the Subsequent Challenge Configuration, just clear the cell. To save the Subsequent Challenge Configuration, just click the blank area.',
'aaa_http_challenge_require_request_condition' => 'Challenge Condition',
'aaa_http_challenge_require_request_condition_note' => '* Note: Edit this area to set a challenge condition based upon which to select the HTTP authentication challenge template. The format is: "<an_xx>=yy".',
-
+ 'ssh_cipher_suite' => 'SSH Cipher Suite',
+ 'ssh_cipher_suite_alert' => 'Please select at least one cipher suite.',
);
?>
Index: /branches/rel_ag_9_4_5/webui/proxy/new/inc/language/japanese.php
===================================================================
--- /branches/rel_ag_9_4_5/webui/proxy/new/inc/language/japanese.php (revision 20488)
+++ /branches/rel_ag_9_4_5/webui/proxy/new/inc/language/japanese.php (working copy)
@@ -2766,6 +2766,11 @@
'license_server_confirm_delete' => 'Are you sure you want to clear Activation Server configuration?\n\nThis may cause the system to be disabled due to lack of communication with the Activation Server.',
'system_healthcheck' => 'System Health Check',
+ // ADMIN TOOLS -> SYSTEM MANAGEMENT -> SSH Settings
+ // Heading text, labels, etc.
+ 'ssh_cipher_suite' => 'SSH 暗号化スイート',
+ 'ssh_cipher_suite_alert' => '少なくとも1つ以上の暗号化スイートを選択してください。',
+
// ADMIN TOOLS -> CONFIG MANAGEMENT -> View -> Running Config, Startup Config, Local Files
// Heading text, labels, etc.
'cm_view_running_config' => '稼働中設定',
Index: /branches/rel_ag_9_4_5/webui/proxy/new/inc/language/traditional_chinese.php
===================================================================
--- /branches/rel_ag_9_4_5/webui/proxy/new/inc/language/traditional_chinese.php (revision 20488)
+++ /branches/rel_ag_9_4_5/webui/proxy/new/inc/language/traditional_chinese.php (working copy)
@@ -2774,9 +2774,14 @@
'license_server_email_addr' => 'Administrator Email Address',
'license_server_confirm_delete' => 'Are you sure you want to clear Activation Server configuration?\n\nThis may cause the system to be disabled due to lack of communication with the Activation Server.',
- // ADMIN TOOLS -> SYSTEM MANAGEMENT -> Health Check
- // Heading text, labels, etc.
- 'system_healthcheck' => 'System Health Check',
+ // ADMIN TOOLS -> SYSTEM MANAGEMENT -> SSH Settings
+ // Heading text, labels, etc.
+ 'ssh_cipher_suite' => 'SSH 密碼套件',
+ 'ssh_cipher_suite_alert' => '請至少選擇一個密碼套件。',
+
+ // ADMIN TOOLS -> SYSTEM MANAGEMENT -> Health Check
+ // Heading text, labels, etc.
+ 'system_healthcheck' => 'System Health Check',
// ADMIN TOOLS -> CONFIG MANAGEMENT -> View -> Running Config, Startup Config, Local 文件s
// Heading text, labels, etc.
Index: /branches/rel_ag_9_4_5/webui/proxy/new/incGlobal/adminTools/sysMgmt/class.cliWrap_gSysMgmtACSSH.php
===================================================================
--- /branches/rel_ag_9_4_5/webui/proxy/new/incGlobal/adminTools/sysMgmt/class.cliWrap_gSysMgmtACSSH.php (revision 20488)
+++ /branches/rel_ag_9_4_5/webui/proxy/new/incGlobal/adminTools/sysMgmt/class.cliWrap_gSysMgmtACSSH.php (working copy)
@@ -133,7 +133,7 @@
// The current SSH server host keys will be lost and you will need to update your SSH client configuration. Do you want to continue[Yes/(No)]:SSH server host keys are regenerated.
// ------------------------------------------------------------
case ($this->classId . '_gACSSHRegenKeys'):
- $t_errStr = cli::cmd('ssh regenerate keys' . "\n" . 'Yes');
+ $t_errStr = cli::cmd('ssh regenerate keys' . "\n" . 'Yes');
//$t_errStr = 'The current SSH server host keys will be lost and you will need to update your SSH client configuration. Do you want to continue[Yes/(No)]:SSH server host keys are regenerated.';
if (!empty($t_errStr)) {
$out_msg = '';
@@ -145,7 +145,7 @@
// cli cmd wants to put out a reminder msg. So, print it out here.
$this->jsOnLoadEnd .= 'showSPMessage("status", "' . language::translate('status_operation_successful') . '\n\n' . (urldecode(str_replace(array('%0A', '%0D'), array('\n','\n'), urlencode(addslashes($t_errStr))))) .'");';
}
- else {
+ else {
// cli cmd failed.
$this->jsOnLoadEnd .= 'g_errStr += "' . language::translate('alert_messageAlertFromSP') . '\n\n' . (urldecode(str_replace(array('%0A', '%0D'), array('\n','\n'), urlencode(addslashes($t_errStr))))) . '";';
}
@@ -210,6 +210,18 @@
$this->jsOnLoadEnd .= 'g_errStr += "' . language::translate('alert_messageAlertFromSP') . '\n\n' . (urldecode(str_replace(array('%0A', '%0D'), array('\n','\n'), urlencode(addslashes(cli::get_reason_info($t_errStr)))))) . '";';
}
break;
+ case ($this->classId . '_gACSSHCipherSaveChange'):
+ if (isset($_POST[$this->classId . '_ac_ssh_cipher_str'])) {
+ $cipher_str = $_POST[$this->classId . '_ac_ssh_cipher_str'];
+ if ($cipher_str !== '') {
+ $t_errStr = cli::exec('ssh ciphersuite "' . $cipher_str . '"');
+ }
+ if (!($t_errStr->result)) {
+ // cli cmd failed.
+ $this->jsOnLoadEnd .= 'g_errStr += "' . language::translate('alert_messageAlertFromSP') . '\n\n' . (urldecode(str_replace(array('%0A', '%0D'), array('\n','\n'), urlencode(addslashes(cli::get_reason_info($t_errStr)))))) . '";';
+ }
+ }
+ break;
default:
break;
}
@@ -243,6 +255,7 @@
// ssh on
// ------------------------------------------------------------
$t_cliResp = cli::cmd_direct('show ssh conf');
+
$resp = explode("\n", $t_cliResp);
if (strlen($resp[0]) == 0) {
$t_ssh_enable = FALSE;
@@ -266,12 +279,37 @@
$this->old_ipv6_addr = $match_ssh_ipv6[1];
}
}
-
+
+ $t_ssh_cipher_aes128ctr = false;
+ $t_ssh_cipher_aes192ctr = false;
+ $t_ssh_cipher_aes256ctr = false;
+
+ foreach ($resp as $data) {
+ if (preg_match('/^ssh ciphersuite\s+"?([a-zA-Z0-9\-,]+)"?/i', $data, $match_cipher)) {
+ $cipher_str = strtolower($match_cipher[1]);
+ $ciphers = explode(',', $cipher_str);
+ foreach ($ciphers as $cipher) {
+ $cipher = trim($cipher);
+ switch ($cipher) {
+ case 'aes128-ctr':
+ $t_ssh_cipher_aes128ctr = true;
+ break;
+ case 'aes192-ctr':
+ $t_ssh_cipher_aes192ctr = true;
+ break;
+ case 'aes256-ctr':
+ $t_ssh_cipher_aes256ctr = true;
+ break;
+ }
+ }
+ }
+ }
+
// ------------------------------------------------------------
// Call content function based on user's current mode
// ------------------------------------------------------------
$this->mainContent .= anLib_htmlCode::pageSectionStart('ac_ssh_config', 1, $this->htmlSectionHeaderBtns);
-
+
$this->mainContent .= anLib_htmlCode::cliWrap_startTable();
switch ($this->viewMode) {
@@ -323,6 +361,18 @@
true);
$this->mainContent .= anLib_htmlCode::cliWrap_rowFootnoteBox('_ac_ssh_idle_mode_note', $this, array(array('footnote', language::translate('ac_ssh_idle_mode_note'))));
+ $disableCipher = $this->viewMode ? '' : 'disabled';
+ // If SSH is disabled, disable the cipher suite checkboxes
+ $this->mainContent .= '| ' . language::translate('ssh_cipher_suite') . ': | ';
+ $this->mainContent .= ' ';
+ $this->mainContent .= ' ';
+ $this->mainContent .= ' ';
+ $this->mainContent .= '';
+ $this->mainContent .= ' |
';
+ $this->mainContent .= ' | ';
+ $this->mainContent .= ''. language::translate('ssh_cipher_suite_alert') .'';
+ $this->mainContent .= ' |
';
+
break;
case CLI_HIDE:
default:
@@ -367,10 +417,10 @@
showSaveBtns();
formAction_add(\'' . $this->classId . '_gACSSHIdletime\');
}
-
+
function gACSshRegenKeys() {
if ( confirmAction("' . language::translate('ac_ssh_confirm_gen') . '") ) {
- if (document.forms["form_mainView"].actionStr.value == "") {
+ if (document.forms["form_mainView"].actionStr.value == "") {
document.forms["form_mainView"].target = "mainView";
document.forms["form_mainView"].actionStr.value = "' . $this->classId . '_gACSSHRegenKeys";
document.forms["form_mainView"].submit();
@@ -384,9 +434,57 @@
}
}
+ var initCipherState = {};
+ function recordCipherInitState() {
+ initCipherState = {
+ c1: document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes128ctr").checked,
+ c2: document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes192ctr").checked,
+ c3: document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes256ctr").checked
+ };
+ }
+
+ function cipherSuiteChangedAndUpdate() {
+ var c1 = document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes128ctr").checked;
+ var c2 = document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes192ctr").checked;
+ var c3 = document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes256ctr").checked;
+ var alertSpan = document.getElementById("' . $this->classId . '_cipher_alert");
+
+ if (!c1 && !c2 && !c3) {
+ alertSpan.style.display = "inline";
+ hideSaveBtns();
+ } else {
+ alertSpan.style.display = "none";
+ }
+
+ var changed = (c1 !== initCipherState.c1) || (c2 !== initCipherState.c2) || (c3 !== initCipherState.c3);
+ if (changed && (c1 || c2 || c3)) {
+ changeSSHMode();
+ }
+
+ var vals = [];
+ if(c1) vals.push("aes128-ctr");
+ if(c2) vals.push("aes192-ctr");
+ if(c3) vals.push("aes256-ctr");
+ var cipherStrElem = document.getElementById("' . $this->classId . '_ac_ssh_cipher_str");
+ var oldVal = cipherStrElem.value;
+ var newVal = vals.join(",");
+ cipherStrElem.value = newVal;
+
+ if (oldVal !== newVal) {
+ formAction_add("' . $this->classId . '_gACSSHCipherSaveChange");
+ }
+ }
+
+ document.addEventListener("DOMContentLoaded", function() {
+ recordCipherInitState();
+ document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes128ctr").addEventListener("change", cipherSuiteChangedAndUpdate);
+ document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes192ctr").addEventListener("change", cipherSuiteChangedAndUpdate);
+ document.getElementById("' . $this->classId . '_ac_ssh_cipher_aes256ctr").addEventListener("change", cipherSuiteChangedAndUpdate);
+ cipherSuiteChangedAndUpdate();
+ });
+
';
}
-
/********************************************************************
*
* Add supporting javascript code to be executed at the beginning