mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-10 19:15:54 +02:00
66c3619872
Bumping across one of our scripts with very long trailing whitespaces, I thought it might be a good idea to clean these up. Doing so, some missing or inconsistent licence headers were fixed. There is no need in shipping all these files en bloc, as their functionality won't change. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
150 lines
5.0 KiB
C
150 lines
5.0 KiB
C
/* SmoothWall helper program - sshctrl
|
|
*
|
|
* This program is distributed under the terms of the GNU General Public
|
|
* Licence. See the file COPYING for details.
|
|
*
|
|
* (c) Mark Wormgoor, 2001
|
|
* Simple program intended to be installed setuid(0) that can be used for
|
|
* restarting SSHd.
|
|
*
|
|
* $Id: sshctrl.c,v 1.3 2003/12/11 10:57:34 riddles Exp $
|
|
*
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
#include <sys/types.h>
|
|
#include <fcntl.h>
|
|
#include <signal.h>
|
|
#include <errno.h>
|
|
#include "libsmooth.h"
|
|
#include "setuid.h"
|
|
|
|
#define BUFFER_SIZE 1024
|
|
|
|
char command[BUFFER_SIZE];
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
if (argc < 2) {
|
|
int fd, config_fd, rc, pid;
|
|
char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '";
|
|
struct keyvalue *kv = NULL;
|
|
|
|
if (!(initsetuid()))
|
|
exit(1);
|
|
|
|
kv = initkeyvalues();
|
|
if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings")){
|
|
fprintf(stderr, "Cannot read remote access settings\n");
|
|
exit(1);
|
|
}
|
|
|
|
/* By using O_CREAT with O_EXCL open() will fail if the file already exists,
|
|
* this prevents 2 copies of sshctrl both trying to edit the config file
|
|
* at once. It also prevents race conditions, but these shouldn't be
|
|
* possible as /etc/ssh/ should only be writable by root anyhow
|
|
*/
|
|
|
|
if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 ){
|
|
perror("Unable to open new config file");
|
|
freekeyvalues(kv);
|
|
exit(1);
|
|
}
|
|
|
|
strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 );
|
|
|
|
if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off"))
|
|
strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;" "s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;", STRING_SIZE - 1 );
|
|
else
|
|
strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;" "s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;", STRING_SIZE - 1 );
|
|
|
|
if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off"))
|
|
strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 );
|
|
else
|
|
strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 );
|
|
|
|
if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on"))
|
|
strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/;" "s/^PermitOpen .*$/PermitOpen any/;", STRING_SIZE - 1 );
|
|
else
|
|
strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/;" "s/^PermitOpen .*$/PermitOpen none/;", STRING_SIZE - 1 );
|
|
|
|
if(findkey(kv, "SSH_PORT", buffer) && !strcmp(buffer,"on"))
|
|
strlcat(command, "s/^Port .*$/Port 22/;", STRING_SIZE - 1 );
|
|
else
|
|
strlcat(command, "s/^Port .*$/Port 222/;", STRING_SIZE - 1 );
|
|
|
|
if(findkey(kv, "SSH_AGENT_FORWARDING", buffer) && !strcmp(buffer,"on"))
|
|
strlcat(command, "s/^AllowAgentForwarding .*$/AllowAgentForwarding yes/;", STRING_SIZE - 1 );
|
|
else
|
|
strlcat(command, "s/^AllowAgentForwarding .*$/AllowAgentForwarding no/;", STRING_SIZE - 1 );
|
|
|
|
freekeyvalues(kv);
|
|
|
|
snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd );
|
|
strlcat(command, buffer, STRING_SIZE - 1);
|
|
|
|
if((rc = unpriv_system(command,99,99)) != 0){
|
|
fprintf(stderr, "sed returned bad exit code: %d\n", rc);
|
|
close(config_fd);
|
|
unlink("/etc/ssh/sshd_config.new");
|
|
exit(1);
|
|
}
|
|
|
|
close(config_fd);
|
|
if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0){
|
|
perror("Unable to replace old config file");
|
|
unlink("/etc/ssh/sshd_config.new");
|
|
exit(1);
|
|
}
|
|
|
|
memset(buffer, 0, STRING_SIZE);
|
|
|
|
if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1){
|
|
if (read(fd, buffer, STRING_SIZE - 1) == -1)
|
|
fprintf(stderr, "Couldn't read from pid file\n");
|
|
else{
|
|
pid = atoi(buffer);
|
|
if (pid <= 1)
|
|
fprintf(stderr, "Bad pid value\n");
|
|
else{
|
|
if (kill(pid, SIGTERM) == -1)
|
|
fprintf(stderr, "Unable to send SIGTERM\n");
|
|
else
|
|
unlink("/var/run/sshd.pid");
|
|
}
|
|
}
|
|
close(fd);
|
|
}
|
|
else{
|
|
if (errno != ENOENT){
|
|
perror("Unable to open pid file");
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1){
|
|
close(fd);
|
|
safe_system("/usr/sbin/sshd");
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
else if (strcmp(argv[1], "tempstart") == 0) {
|
|
if (!is_valid_argument_num(argv[2])) {
|
|
fprintf(stderr, "Invalid time '%s'\n", argv[2]);
|
|
exit(2);
|
|
}
|
|
|
|
safe_system("/usr/local/bin/sshctrl");
|
|
sleep(5);
|
|
unlink("/var/ipfire/remote/enablessh");
|
|
safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
|
|
safe_system("chown nobody.nobody /var/ipfire/remote/settings");
|
|
snprintf(command, BUFFER_SIZE-1, "sleep %s && /usr/local/bin/sshctrl &", argv[2]);
|
|
safe_system(command);
|
|
}
|
|
}
|