Openswan patch fuer Fehler im Realsetup

Remote CGI fuer ssh tempstart fertig
kleine Korrektur der sshctrl und syslogdctrl


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@849 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

html/cgi-bin/remote.cgi

@@ -22,6 +22,7 @@ require "${General::swroot}/header.pl";
 my %remotesettings=();
 my %checked=();
 my $errormessage='';
+my $counter = 0;
 
 &Header::showhttpheaders();
 
@@ -63,13 +64,16 @@ if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTI
 	{
 		&General::log($Lang::tr{'ssh1 disabled'});
 	}
-if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ){
-	system('/usr/local/bin/sshctrl','tempstart','900') == 0
-		or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
- }
-elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
-	system('/usr/local/bin/sshctrl','tempstart','1800') == 0
-		or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
+if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
+	if ($remotesettings{'ENABLE_SSH'} eq 'off')
+	{
+			system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+			system('/usr/local/bin/sshctrl');
+	}
+  if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;}
+  elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;}
+ 
+  system("/usr/local/bin/sshctrl tempstart $counter >/dev/null");
  }
 else {
 	system('/usr/local/bin/sshctrl') == 0

langs/de/cgi-bin/de.pl

@@ -1462,8 +1462,8 @@
 'ssh no auth' => 'Sie haben keinerlei Authentifizierungverfahren zugelassen; dies wird Ihre Anmeldung verhindern',
 'ssh passwords' => 'Passwortbasierte Authentifizierung zulassen',
 'ssh portfw' => 'TCP-Weiterleitung zulassen',
-'ssh tempstart15' => 'SSH-Zugriff für 15 Minuten',
-'ssh tempstart30' => 'SSH-Zugriff für 30 Minuten',
+'ssh tempstart15' => 'SSH-Deamon in 15 Minuten beenden',
+'ssh tempstart30' => 'SSH-Deamon in 30 Minuten beenden',
 'ssh1 disabled' => 'SSHv1 ist deaktiviert, ein Client der Version 2 wird benötigt.',
 'ssh1 enabled' => 'SSHv1 ist aktiviert, Clients mit alten Versionen werden unterstützt.',
 'ssh1 support' => 'Unterstützung für Version 1 des SSH-Protokolls (wird nur für alte Clients benötigt)',

langs/en/cgi-bin/en.pl

@@ -1494,8 +1494,8 @@
 'ssh no auth' => 'You have not allowed any authentication methods; this will stop you logging in',
 'ssh passwords' => 'Allow password based authentication',
 'ssh portfw' => 'Allow TCP Forwarding',
-'ssh tempstart15' => 'SSH Access for 15 Minutes',
-'ssh tempstart30' => 'SSH Access for 30 Minutes',
+'ssh tempstart15' => 'Stop SSH deamon in 15 minutes',
+'ssh tempstart30' => 'Stop SSH deamon in 30 minutes',
 'ssh1 disabled' => 'SSHv1 is disabled, a version 2 client will be required.',
 'ssh1 enabled' => 'SSHv1 is enabled, old clients will be supported.',
 'ssh1 support' => 'Support SSH protocol version 1 (required only for old clients)',

lfs/openswan

@@ -91,6 +91,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	ln -sf $(CONFIG_ROOT)/crls  /etc/ipsec.d/crls
 	
 	cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-startklips-1.patch
+	cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-realsetup-1.patch
 	
 	#@rm -rf $(DIR_APP)
 	@$(POSTBUILD)

src/misc-progs/sshctrl.c

@@ -130,6 +130,7 @@ int main(int argc, char *argv[])
 				sleep(5);
 				unlink("/var/ipfire/remote/enablessh");
 				safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
+        safe_system("chown nobody.nobody /var/ipfire/remote/settings");
 				snprintf(command, BUFFER_SIZE-1, "sleep %s && /usr/local/bin/sshctrl &", argv[2]);
 				safe_system(command);
 	}

src/misc-progs/syslogdctrl.c

@@ -112,7 +112,7 @@ int main(void)
    else
       snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@.\\+\\)$/#\\1/' /etc/syslog.conf >&%d", config_fd );
       
-      snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/*.\\/var\\/log\\/messages/%s \\/var\\/log\\/messages/' /etc/syslog.conf >&%d", varmessages, config_fd );
+      snprintf(buffer, STRING_SIZE - 1, "/bin/sed 's/*.\\/var\\/log\\/messages/%s           \\/var\\/log\\/messages/' /etc/syslog.conf >&%d", varmessages, config_fd );
 
    /* if the return code isn't 0 failsafe */
    if ((rc = unpriv_system(buffer,99,99)) != 0)

src/patches/openswan-2.4.9-realsetup-1.patch

@@ -0,0 +1,10 @@
+--- programs/_realsetup/_realsetup.in
++++ programs/_realsetup/_realsetup.in
+@@ -193,8 +193,8 @@
+ 
+ 	# preliminaries
+ 	perform rm -f $lock
+-	mkdir -p rundir > /dev/null 2>/dev/null
+-	mkdir -p subsysdir > /dev/null 2>/dev/null
++	mkdir -p $rundir > /dev/null 2>/dev/null
++	mkdir -p $subsysdir > /dev/null 2>/dev/null