###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
use IO::Socket;
require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/geoip-functions.pl";
+require "${General::swroot}/location-functions.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
my $counter = 0;
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
&Header::showhttpheaders();
{
$errormessage = $Lang::tr{'ssh no auth'};
}
- system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+ &General::system('/usr/bin/touch', "${General::swroot}/remote/enablessh");
}
else
{
&General::log($Lang::tr{'ssh is disabled'});
unlink "${General::swroot}/remote/enablessh";
}
-
+
if ($remotesettings{'SSH_PORT'} eq 'on')
{
&General::log("SSH Port 22");
{
&General::log("SSH Port 222");
}
-
+
if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
if ($remotesettings{'ENABLE_SSH'} eq 'off')
{
- system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
- system('/usr/local/bin/sshctrl');
+ &General::system('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+ &General::system('/usr/local/bin/sshctrl');
}
if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;}
elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;}
-
+
system("/usr/local/bin/sshctrl tempstart $counter >/dev/null");
}
else {
# used
$remotesettings{'ENABLE_SSH_PASSWORDS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
$remotesettings{'ENABLE_SSH_KEYS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_KEYS'};
+ $remotesettings{'SSH_AGENT_FORWARDING'} = 'off' unless exists $remotesettings{'SSH_AGENT_FORWARDING'};
$checked{'ENABLE_SSH'}{'off'} = '';
$checked{'ENABLE_SSH'}{'on'} = '';
$checked{'SSH_PORT'}{'off'} = '';
$checked{'SSH_PORT'}{'on'} = '';
$checked{'SSH_PORT'}{$remotesettings{'SSH_PORT'}} = "checked='checked'";
+$checked{'SSH_AGENT_FORWARDING'}{'off'} = '';
+$checked{'SSH_AGENT_FORWARDING'}{'on'} = '';
+$checked{'SSH_AGENT_FORWARDING'}{$remotesettings{'SSH_AGENT_FORWARDING'}} = "checked='checked'";
&Header::openpage($Lang::tr{'remote access'}, 1, '');
<td><input type='checkbox' name='ENABLE_SSH' $checked{'ENABLE_SSH'}{'on'} /></td>
<td class='base' colspan='2'>$Lang::tr{'ssh access'}</td>
</tr>
+<tr>
+ <td> </td>
+ <td><input type='checkbox' name='SSH_AGENT_FORWARDING' $checked{'SSH_AGENT_FORWARDING'}{'on'} /></td>
+ <td width='100%' class='base'>$Lang::tr{'ssh agent forwarding'}</td>
+</tr>
<tr>
<td> </td>
<td><input type='checkbox' name='ENABLE_SSH_PORTFW' $checked{'ENABLE_SSH_PORTFW'}{'on'} /></td>
&Header::openbox('100%', 'center', $Lang::tr{'ssh host keys'});
-print "<table class='tbl'>\n";
+print "<table class='tbl' width='100%'>\n";
print <<END
<thead>
&Header::openbox('100%', 'center', $Lang::tr{'ssh active sessions'});
print <<END;
- <table class="tbl" width='66%'>
+ <table class="tbl" width="100%">
<thead>
<tr>
<th align="center">
if ( -e $key )
{
- my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`);
+ # Use safe system_output function to call ssh-keygen and get the output from the tool.
+ my @ssh_keygen = &General::system_output("/usr/bin/ssh-keygen", "-l", "-f", "$key");
+
+ my @temp = split(/ /, $ssh_keygen[0]);
my $keysize = &Header::cleanhtml($temp[0],"y");
my $fingerprint = &Header::cleanhtml($temp[1],"y");
print "<tr><td><code>$key</code></td><td align='center'>$name</td><td><code>$fingerprint</code></td><td align='center'>$keysize</td></tr>\n";
sub printactivelogins()
{
# print active SSH logins (grep outpout of "who -s")
- my $command = "who -s";
- my @output = `$command`;
+ my @output = &General::system_output("who", "-s");
chomp(@output);
my $id = 0;
if ( scalar(@output) == 0 )
{
# no logins appeared
- my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
+ my $table_colour = ($id++ % 2) ? $color{'color20'} : $color{'color22'};
print "<tr bgcolor='$table_colour'><td colspan='5'>$Lang::tr{'ssh no active logins'}</td></tr>\n";
} else {
# list active logins...
-
foreach my $line (@output)
{
my @arry = split(/\ +/, $line);
$remoteip =~ s/[()]//g;
# display more information about that IP adress...
- my $ccode = &GeoIP::lookup($remoteip);
- my $flag_icon = &GeoIP::get_flag_icon($ccode);
+ my $ccode = &Location::Functions::lookup_country_code($remoteip);
+ my $flag_icon = &Location::Functions::get_flag_icon($ccode);
# get rDNS...
my $iaddr = inet_aton($remoteip);
my $rdns = gethostbyaddr($iaddr, AF_INET);
- if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; };
+ if (!$rdns) { $rdns = $Lang::tr{'ptr lookup failed'}; };
- my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
+ my $table_colour = ($id++ % 2) ? $color{'color20'} : $color{'color22'};
print <<END;
<tr bgcolor='$table_colour'>