]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | /* SmoothWall helper program - restartssh\r |
2 | *\r | |
3 | * This program is distributed under the terms of the GNU General Public\r | |
4 | * Licence. See the file COPYING for details.\r | |
5 | *\r | |
6 | * (c) Mark Wormgoor, 2001\r | |
7 | * Simple program intended to be installed setuid(0) that can be used for\r | |
8 | * restarting SSHd. \r | |
9 | * \r | |
10 | * $Id: restartssh.c,v 1.3 2003/12/11 10:57:34 riddles Exp $\r | |
11 | * \r | |
12 | */\r | |
13 | \r | |
14 | #include <stdio.h>\r | |
15 | #include <stdlib.h>\r | |
16 | #include <unistd.h>\r | |
17 | #include <string.h>\r | |
18 | #include <sys/types.h>\r | |
19 | #include <fcntl.h>\r | |
20 | #include <signal.h>\r | |
21 | #include <errno.h>\r | |
22 | #include "libsmooth.h"\r | |
23 | #include "setuid.h"\r | |
24 | \r | |
25 | int main(void)\r | |
26 | {\r | |
27 | int fd, config_fd, rc, pid;\r | |
28 | char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '";\r | |
29 | struct keyvalue *kv = NULL;\r | |
30 | \r | |
31 | if (!(initsetuid()))\r | |
32 | exit(1);\r | |
33 | \r | |
34 | kv = initkeyvalues();\r | |
35 | if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings"))\r | |
36 | {\r | |
37 | fprintf(stderr, "Cannot read remote access settings\n");\r | |
38 | exit(1);\r | |
39 | }\r | |
40 | \r | |
41 | /* By using O_CREAT with O_EXCL open() will fail if the file already exists,\r | |
42 | * this prevents 2 copies of restartssh both trying to edit the config file\r | |
43 | * at once. It also prevents race conditions, but these shouldn't be\r | |
44 | * possible as /etc/ssh/ should only be writable by root anyhow\r | |
45 | */\r | |
46 | \r | |
47 | if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 )\r | |
48 | {\r | |
49 | perror("Unable to open new config file");\r | |
50 | freekeyvalues(kv);\r | |
51 | exit(1);\r | |
52 | }\r | |
53 | \r | |
54 | if(findkey(kv, "ENABLE_SSH_PROTOCOL1", buffer) && !strcmp(buffer,"on"))\r | |
55 | strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE - 1 );\r | |
56 | else\r | |
57 | strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 );\r | |
58 | \r | |
59 | if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off"))\r | |
60 | strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;"\r | |
61 | "s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;",\r | |
62 | STRING_SIZE - 1 );\r | |
63 | else\r | |
64 | strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;"\r | |
65 | "s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;",\r | |
66 | STRING_SIZE - 1 );\r | |
67 | \r | |
68 | if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off"))\r | |
69 | strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 );\r | |
70 | else\r | |
71 | strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 );\r | |
72 | \r | |
73 | if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on"))\r | |
74 | strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE - 1 );\r | |
75 | else\r | |
76 | strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE - 1 );\r | |
77 | \r | |
78 | freekeyvalues(kv);\r | |
79 | \r | |
80 | snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd );\r | |
81 | strlcat(command, buffer, STRING_SIZE - 1);\r | |
82 | \r | |
83 | if((rc = unpriv_system(command,99,99)) != 0)\r | |
84 | {\r | |
85 | fprintf(stderr, "sed returned bad exit code: %d\n", rc);\r | |
86 | close(config_fd);\r | |
87 | unlink("/etc/ssh/sshd_config.new");\r | |
88 | exit(1);\r | |
89 | }\r | |
90 | close(config_fd);\r | |
91 | if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0)\r | |
92 | {\r | |
93 | perror("Unable to replace old config file");\r | |
94 | unlink("/etc/ssh/sshd_config.new");\r | |
95 | exit(1);\r | |
96 | }\r | |
97 | \r | |
98 | memset(buffer, 0, STRING_SIZE);\r | |
99 | \r | |
100 | if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1)\r | |
101 | {\r | |
102 | if (read(fd, buffer, STRING_SIZE - 1) == -1)\r | |
103 | fprintf(stderr, "Couldn't read from pid file\n");\r | |
104 | else\r | |
105 | {\r | |
106 | pid = atoi(buffer);\r | |
107 | if (pid <= 1)\r | |
108 | fprintf(stderr, "Bad pid value\n");\r | |
109 | else\r | |
110 | {\r | |
111 | if (kill(pid, SIGTERM) == -1)\r | |
112 | fprintf(stderr, "Unable to send SIGTERM\n");\r | |
113 | else\r | |
114 | unlink("/var/run/sshd.pid");\r | |
115 | }\r | |
116 | }\r | |
117 | close(fd);\r | |
118 | }\r | |
119 | else\r | |
120 | {\r | |
121 | if (errno != ENOENT)\r | |
122 | {\r | |
123 | perror("Unable to open pid file");\r | |
124 | exit(1);\r | |
125 | }\r | |
126 | }\r | |
127 | \r | |
128 | if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1)\r | |
129 | {\r | |
130 | close(fd);\r | |
131 | safe_system("/usr/sbin/sshd");\r | |
132 | }\r | |
133 | \r | |
134 | return 0;\r | |
135 | }\r |