]>
Commit | Line | Data |
---|---|---|
70db8683 CS |
1 | /* SmoothWall helper program - restartssh |
2 | * | |
3 | * This program is distributed under the terms of the GNU General Public | |
4 | * Licence. See the file COPYING for details. | |
5 | * | |
6 | * (c) Mark Wormgoor, 2001 | |
7 | * Simple program intended to be installed setuid(0) that can be used for | |
8 | * restarting SSHd. | |
9 | * | |
10 | * $Id: restartssh.c,v 1.3 2003/12/11 10:57:34 riddles Exp $ | |
11 | * | |
12 | */ | |
13 | ||
14 | #include <stdio.h> | |
15 | #include <stdlib.h> | |
16 | #include <unistd.h> | |
17 | #include <string.h> | |
18 | #include <sys/types.h> | |
19 | #include <fcntl.h> | |
20 | #include <signal.h> | |
21 | #include <errno.h> | |
22 | #include "libsmooth.h" | |
23 | #include "setuid.h" | |
24 | ||
25 | int main(int argc, char *argv[]) | |
26 | { | |
27 | if (strcmp(argv[1], "tempstart15") == 0) { | |
28 | safe_system("/usr/local/bin/restartssh"); | |
b0835162 | 29 | sleep(5); |
70db8683 CS |
30 | unlink("/var/ipfire/remote/enablessh"); |
31 | safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings"); | |
32 | safe_system("sleep 900 && /usr/local/bin/restartssh &"); | |
33 | } | |
34 | else if (strcmp(argv[1], "tempstart30") == 0) { | |
35 | safe_system("/usr/local/bin/restartssh"); | |
b0835162 | 36 | sleep(5); |
70db8683 CS |
37 | unlink("/var/ipfire/remote/enablessh"); |
38 | safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings"); | |
39 | safe_system("sleep 1800 && /usr/local/bin/restartssh &"); | |
40 | } else { | |
41 | int fd, config_fd, rc, pid; | |
42 | char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '"; | |
43 | struct keyvalue *kv = NULL; | |
44 | ||
45 | if (!(initsetuid())) | |
46 | exit(1); | |
47 | ||
48 | kv = initkeyvalues(); | |
49 | if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings")) | |
50 | { | |
51 | fprintf(stderr, "Cannot read remote access settings\n"); | |
52 | exit(1); | |
53 | } | |
54 | ||
55 | /* By using O_CREAT with O_EXCL open() will fail if the file already exists, | |
56 | * this prevents 2 copies of restartssh both trying to edit the config file | |
57 | * at once. It also prevents race conditions, but these shouldn't be | |
58 | * possible as /etc/ssh/ should only be writable by root anyhow | |
59 | */ | |
60 | ||
61 | if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 ) | |
62 | { | |
63 | perror("Unable to open new config file"); | |
64 | freekeyvalues(kv); | |
65 | exit(1); | |
66 | } | |
67 | ||
68 | if(findkey(kv, "ENABLE_SSH_PROTOCOL1", buffer) && !strcmp(buffer,"on")) | |
69 | strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE - 1 ); | |
70 | else | |
71 | strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 ); | |
72 | ||
73 | if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off")) | |
74 | strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;" | |
75 | "s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;", | |
76 | STRING_SIZE - 1 ); | |
77 | else | |
78 | strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;" | |
79 | "s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;", | |
80 | STRING_SIZE - 1 ); | |
81 | ||
82 | if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off")) | |
83 | strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 ); | |
84 | else | |
85 | strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 ); | |
86 | ||
87 | if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on")) | |
88 | strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE - 1 ); | |
89 | else | |
90 | strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE - 1 ); | |
91 | ||
92 | freekeyvalues(kv); | |
93 | ||
94 | snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd ); | |
95 | strlcat(command, buffer, STRING_SIZE - 1); | |
96 | ||
97 | if((rc = unpriv_system(command,99,99)) != 0) | |
98 | { | |
99 | fprintf(stderr, "sed returned bad exit code: %d\n", rc); | |
100 | close(config_fd); | |
101 | unlink("/etc/ssh/sshd_config.new"); | |
102 | exit(1); | |
103 | } | |
104 | close(config_fd); | |
105 | if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0) | |
106 | { | |
107 | perror("Unable to replace old config file"); | |
108 | unlink("/etc/ssh/sshd_config.new"); | |
109 | exit(1); | |
110 | } | |
111 | ||
112 | memset(buffer, 0, STRING_SIZE); | |
113 | ||
114 | if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1) | |
115 | { | |
116 | if (read(fd, buffer, STRING_SIZE - 1) == -1) | |
117 | fprintf(stderr, "Couldn't read from pid file\n"); | |
118 | else | |
119 | { | |
120 | pid = atoi(buffer); | |
121 | if (pid <= 1) | |
122 | fprintf(stderr, "Bad pid value\n"); | |
123 | else | |
124 | { | |
125 | if (kill(pid, SIGTERM) == -1) | |
126 | fprintf(stderr, "Unable to send SIGTERM\n"); | |
127 | else | |
128 | unlink("/var/run/sshd.pid"); | |
129 | } | |
130 | } | |
131 | close(fd); | |
132 | } | |
133 | else | |
134 | { | |
135 | if (errno != ENOENT) | |
136 | { | |
137 | perror("Unable to open pid file"); | |
138 | exit(1); | |
139 | } | |
140 | } | |
141 | ||
142 | if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1) | |
143 | { | |
144 | close(fd); | |
145 | safe_system("/usr/sbin/sshd"); | |
146 | } | |
147 | ||
148 | return 0; | |
149 | } | |
150 | } |