Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

2026-04-17 06:23:00 +02:00 · 2019-04-11 07:31:11 +02:00
parent a2907cdd9f ee82349a0e
commit d27675b081
6 changed files with 40 additions and 19 deletions
--- a/config/rootfiles/core/131/filelists/files
+++ b/config/rootfiles/core/131/filelists/files
@@ -15,8 +15,10 @@ srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/logs.cgi/ids.dat
 srv/web/ipfire/cgi-bin/logs.cgi/log.dat
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/remote.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
 usr/local/bin/ipsec-interfaces
+usr/local/bin/sshctrl
 usr/local/bin/suricatactrl
 usr/local/bin/update-ids-ruleset
 usr/sbin/convert-snort
--- a/config/suricata/convert-snort
+++ b/config/suricata/convert-snort
@@ -231,6 +231,9 @@ if (-f $snort_rules_tarball) {
 } else {
 	# Check if enought disk space is available.
 	if(&IDS::checkdiskspace()) {
+		# Print error message.
+		print "Could not download ruleset - Not enough free diskspace available.\n";
+	} else {
 		# Call the download function and grab the new ruleset.
 		&IDS::downloadruleset();
 	}
@@ -250,7 +253,24 @@ if (-f $IDS::rulestarball) {
 }

 #
-## Step 8: Grab used ruleset files from snort config file and convert
+## Step 8: Generate file for the HOME Net.
+#
+
+# Call subfunction to generate the file.
+&IDS::generate_home_net_file();
+
+#
+## Step 9: Setup automatic ruleset updates.
+#
+
+# Check if a ruleset is configured.
+if($rulessettings{"RULES"}) {
+	# Call suricatactrl and setup the periodic update mechanism.
+	&IDS::call_suricatactrl("cron", $rulessettings{'AUTOUPDATE_INTERVAL'});
+}
+
+#
+## Step 10: Grab used ruleset files from snort config file and convert
 ##         them into the new format.
 #

@@ -295,23 +315,6 @@ close(SNORTCONF);
 # Pass the array of enabled rule files to the subfunction and write the file.
 &IDS::write_used_rulefiles_file(@enabled_rule_files);

-#
-## Step 9: Generate file for the HOME Net.
-#
-
-# Call subfunction to generate the file.
-&IDS::generate_home_net_file();
-
-#
-## Step 10: Setup automatic ruleset updates.
-#
-
-# Check if a ruleset is configured.
-if($rulessettings{"RULES"}) {
-	# Call suricatactrl and setup the periodic update mechanism.
-	&IDS::call_suricatactrl("cron", $rulessettings{'AUTOUPDATE_INTERVAL'});
-}
-
 #
 ## Step 11: Start the IDS if enabled.
 #
--- a/html/cgi-bin/remote.cgi
+++ b/html/cgi-bin/remote.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2014  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2019  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -105,6 +105,7 @@ else {
 # used
 	$remotesettings{'ENABLE_SSH_PASSWORDS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
 	$remotesettings{'ENABLE_SSH_KEYS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_KEYS'};
+	$remotesettings{'SSH_AGENT_FORWARDING'} = 'off' unless exists $remotesettings{'SSH_AGENT_FORWARDING'};

 $checked{'ENABLE_SSH'}{'off'} = '';
 $checked{'ENABLE_SSH'}{'on'} = '';
@@ -121,6 +122,9 @@ $checked{'ENABLE_SSH_KEYS'}{$remotesettings{'ENABLE_SSH_KEYS'}} = "checked='chec
 $checked{'SSH_PORT'}{'off'} = '';
 $checked{'SSH_PORT'}{'on'} = '';
 $checked{'SSH_PORT'}{$remotesettings{'SSH_PORT'}} = "checked='checked'";
+$checked{'SSH_AGENT_FORWARDING'}{'off'} = '';
+$checked{'SSH_AGENT_FORWARDING'}{'on'} = '';
+$checked{'SSH_AGENT_FORWARDING'}{$remotesettings{'SSH_AGENT_FORWARDING'}} = "checked='checked'";

 &Header::openpage($Lang::tr{'remote access'}, 1, '');

@@ -161,6 +165,11 @@ print <<END
 	<td><input type='checkbox' name='SSH_PORT' $checked{'SSH_PORT'}{'on'} /></td>
 	<td width='100%' class='base'>$Lang::tr{'ssh port'}</td>
 </tr>
+<tr>
+	<td>&nbsp;</td>
+	<td><input type='checkbox' name='SSH_AGENT_FORWARDING' $checked{'SSH_AGENT_FORWARDING'}{'on'} /></td>
+	<td width='100%' class='base'>$Lang::tr{'ssh agent forwarding'}</td>
+</tr>
 <tr>
 	<td align='right' colspan='3'>
 	<input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart15'}' />
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -2187,6 +2187,7 @@
 'ssh access' => 'SSH-Zugriff',
 'ssh access tip' => 'IPFire SSH läuft nicht auf dem Standardport 22!',
 'ssh active sessions' => 'Aktive Benutzeranmeldungen',
+'ssh agent forwarding' => 'Weiterleitung des SSH-Agenten (Agent Forwarding) zulassen',
 'ssh fingerprint' => 'Fingerabdruck',
 'ssh host keys' => 'SSH Host Schlüssel',
 'ssh is disabled' => 'Secure Shell ist deaktiviert.  Halte an.',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2230,6 +2230,7 @@
 'ssh access' => 'SSH Access',
 'ssh access tip' => 'IPFire SSH is not using default port 22!',
 'ssh active sessions' => 'Active logins',
+'ssh agent forwarding' => 'Enable SSH agent forwarding',
 'ssh fingerprint' => 'Fingerprint',
 'ssh host keys' => 'SSH Host Keys',
 'ssh is disabled' => 'SSH is disabled.  Stopping.',
--- a/src/misc-progs/sshctrl.c
+++ b/src/misc-progs/sshctrl.c
@@ -76,6 +76,11 @@ int main(int argc, char *argv[])
 				else
 						strlcat(command, "s/^Port .*$/Port 222/", STRING_SIZE - 1 );

+				if(findkey(kv, "SSH_AGENT_FORWARDING", buffer) && !strcmp(buffer,"on"))
+						strlcat(command, "s/^AllowAgentForwarding .*$/AllowAgentForwarding yes/;", STRING_SIZE - 1 );
+				else
+						strlcat(command, "s/^AllowAgentForwarding .*$/AllowAgentForwarding no/;", STRING_SIZE - 1 );
+
 				freekeyvalues(kv);

 				snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd );