]>
Commit | Line | Data |
---|---|---|
1 | #!/usr/bin/perl | |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | use strict; | |
23 | ||
24 | # enable only the following on debugging purpose | |
25 | #use warnings; | |
26 | #use CGI::Carp 'fatalsToBrowser'; | |
27 | ||
28 | use IO::Socket; | |
29 | ||
30 | require '/var/ipfire/general-functions.pl'; | |
31 | require "${General::swroot}/geoip-functions.pl"; | |
32 | require "${General::swroot}/lang.pl"; | |
33 | require "${General::swroot}/header.pl"; | |
34 | ||
35 | my %color = (); | |
36 | my %mainsettings = (); | |
37 | my %remotesettings=(); | |
38 | my %checked=(); | |
39 | my $errormessage=''; | |
40 | my $counter = 0; | |
41 | ||
42 | &General::readhash("${General::swroot}/main/settings", \%mainsettings); | |
43 | &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); | |
44 | ||
45 | &Header::showhttpheaders(); | |
46 | ||
47 | $remotesettings{'ENABLE_SSH'} = 'off'; | |
48 | $remotesettings{'ENABLE_SSH_PORTFW'} = 'off'; | |
49 | $remotesettings{'ACTION'} = ''; | |
50 | &Header::getcgihash(\%remotesettings); | |
51 | ||
52 | if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'})) && $remotesettings{'ACTION'} ne "" ) | |
53 | { | |
54 | # not existing here indicates the box is unticked | |
55 | $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'}; | |
56 | $remotesettings{'ENABLE_SSH_KEYS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_KEYS'}; | |
57 | ||
58 | ||
59 | &General::writehash("${General::swroot}/remote/settings", \%remotesettings); | |
60 | if ($remotesettings{'ENABLE_SSH'} eq 'on') | |
61 | { | |
62 | &General::log($Lang::tr{'ssh is enabled'}); | |
63 | if ($remotesettings{'ENABLE_SSH_PASSWORDS'} eq 'off' | |
64 | and $remotesettings{'ENABLE_SSH_KEYS'} eq 'off') | |
65 | { | |
66 | $errormessage = $Lang::tr{'ssh no auth'}; | |
67 | } | |
68 | system ('/usr/bin/touch', "${General::swroot}/remote/enablessh"); | |
69 | } | |
70 | else | |
71 | { | |
72 | &General::log($Lang::tr{'ssh is disabled'}); | |
73 | unlink "${General::swroot}/remote/enablessh"; | |
74 | } | |
75 | ||
76 | if ($remotesettings{'SSH_PORT'} eq 'on') | |
77 | { | |
78 | &General::log("SSH Port 22"); | |
79 | } | |
80 | else | |
81 | { | |
82 | &General::log("SSH Port 222"); | |
83 | } | |
84 | ||
85 | if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){ | |
86 | if ($remotesettings{'ENABLE_SSH'} eq 'off') | |
87 | { | |
88 | system ('/usr/bin/touch', "${General::swroot}/remote/enablessh"); | |
89 | system('/usr/local/bin/sshctrl'); | |
90 | } | |
91 | if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;} | |
92 | elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;} | |
93 | ||
94 | system("/usr/local/bin/sshctrl tempstart $counter >/dev/null"); | |
95 | } | |
96 | else { | |
97 | system('/usr/local/bin/sshctrl') == 0 | |
98 | or $errormessage = "$Lang::tr{'bad return code'} " . $?/256; | |
99 | } | |
100 | } | |
101 | ||
102 | &General::readhash("${General::swroot}/remote/settings", \%remotesettings); | |
103 | ||
104 | # not existing here means they're undefined and the default value should be | |
105 | # used | |
106 | $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'}; | |
107 | $remotesettings{'ENABLE_SSH_KEYS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_KEYS'}; | |
108 | ||
109 | $checked{'ENABLE_SSH'}{'off'} = ''; | |
110 | $checked{'ENABLE_SSH'}{'on'} = ''; | |
111 | $checked{'ENABLE_SSH'}{$remotesettings{'ENABLE_SSH'}} = "checked='checked'"; | |
112 | $checked{'ENABLE_SSH_PORTFW'}{'off'} = ''; | |
113 | $checked{'ENABLE_SSH_PORTFW'}{'on'} = ''; | |
114 | $checked{'ENABLE_SSH_PORTFW'}{$remotesettings{'ENABLE_SSH_PORTFW'}} = "checked='checked'"; | |
115 | $checked{'ENABLE_SSH_PASSWORDS'}{'off'} = ''; | |
116 | $checked{'ENABLE_SSH_PASSWORDS'}{'on'} = ''; | |
117 | $checked{'ENABLE_SSH_PASSWORDS'}{$remotesettings{'ENABLE_SSH_PASSWORDS'}} = "checked='checked'"; | |
118 | $checked{'ENABLE_SSH_KEYS'}{'off'} = ''; | |
119 | $checked{'ENABLE_SSH_KEYS'}{'on'} = ''; | |
120 | $checked{'ENABLE_SSH_KEYS'}{$remotesettings{'ENABLE_SSH_KEYS'}} = "checked='checked'"; | |
121 | $checked{'SSH_PORT'}{'off'} = ''; | |
122 | $checked{'SSH_PORT'}{'on'} = ''; | |
123 | $checked{'SSH_PORT'}{$remotesettings{'SSH_PORT'}} = "checked='checked'"; | |
124 | ||
125 | &Header::openpage($Lang::tr{'remote access'}, 1, ''); | |
126 | ||
127 | &Header::openbigbox('100%', 'left', '', $errormessage); | |
128 | ||
129 | if ($errormessage) { | |
130 | &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); | |
131 | print "<font class='base'>$errormessage </font>\n"; | |
132 | &Header::closebox(); | |
133 | } | |
134 | ||
135 | print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n"; | |
136 | ||
137 | &Header::openbox('100%', 'left', $Lang::tr{'ssh'}); | |
138 | print <<END | |
139 | <table width='100%'> | |
140 | <tr> | |
141 | <td><input type='checkbox' name='ENABLE_SSH' $checked{'ENABLE_SSH'}{'on'} /></td> | |
142 | <td class='base' colspan='2'>$Lang::tr{'ssh access'}</td> | |
143 | </tr> | |
144 | <tr> | |
145 | <td> </td> | |
146 | <td><input type='checkbox' name='ENABLE_SSH_PORTFW' $checked{'ENABLE_SSH_PORTFW'}{'on'} /></td> | |
147 | <td width='100%' class='base'>$Lang::tr{'ssh portfw'}</td> | |
148 | </tr> | |
149 | <tr> | |
150 | <td> </td> | |
151 | <td><input type='checkbox' name='ENABLE_SSH_PASSWORDS' $checked{'ENABLE_SSH_PASSWORDS'}{'on'} /></td> | |
152 | <td width='100%' class='base'>$Lang::tr{'ssh passwords'}</td> | |
153 | </tr> | |
154 | <tr> | |
155 | <td> </td> | |
156 | <td><input type='checkbox' name='ENABLE_SSH_KEYS' $checked{'ENABLE_SSH_KEYS'}{'on'} /></td> | |
157 | <td width='100%' class='base'>$Lang::tr{'ssh keys'}</td> | |
158 | </tr> | |
159 | <tr> | |
160 | <td> </td> | |
161 | <td><input type='checkbox' name='SSH_PORT' $checked{'SSH_PORT'}{'on'} /></td> | |
162 | <td width='100%' class='base'>$Lang::tr{'ssh port'}</td> | |
163 | </tr> | |
164 | <tr> | |
165 | <td align='right' colspan='3'> | |
166 | <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart15'}' /> | |
167 | <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart30'}' /> | |
168 | <input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td> | |
169 | </tr> | |
170 | </table> | |
171 | END | |
172 | ; | |
173 | &Header::closebox(); | |
174 | ||
175 | print "</form>\n"; | |
176 | ||
177 | &Header::openbox('100%', 'center', $Lang::tr{'ssh host keys'}); | |
178 | ||
179 | print "<table class='tbl'>\n"; | |
180 | ||
181 | print <<END | |
182 | <thead> | |
183 | <tr> | |
184 | <th align="center"><strong>$Lang::tr{'ssh key'}</strong></th> | |
185 | <th align="center"><strong>$Lang::tr{'type'}</strong></th> | |
186 | <th align="center"><strong>$Lang::tr{'ssh fingerprint'}</strong></th> | |
187 | <th align="center"><strong>$Lang::tr{'ssh key size'}</strong></th> | |
188 | </tr> | |
189 | </thead> | |
190 | <tbody> | |
191 | END | |
192 | ; | |
193 | ||
194 | &viewkey("/etc/ssh/ssh_host_key.pub","RSA1"); | |
195 | &viewkey("/etc/ssh/ssh_host_rsa_key.pub","RSA2"); | |
196 | &viewkey("/etc/ssh/ssh_host_dsa_key.pub","DSA"); | |
197 | &viewkey("/etc/ssh/ssh_host_ecdsa_key.pub","ECDSA"); | |
198 | &viewkey("/etc/ssh/ssh_host_ed25519_key.pub","ED25519"); | |
199 | ||
200 | print "</tbody>\n</table>\n"; | |
201 | ||
202 | &Header::closebox(); | |
203 | ||
204 | &Header::openbox('100%', 'center', $Lang::tr{'ssh active sessions'}); | |
205 | ||
206 | print <<END; | |
207 | <table class="tbl" width='66%'> | |
208 | <thead> | |
209 | <tr> | |
210 | <th align="center"> | |
211 | <strong>$Lang::tr{'ssh username'}</strong> | |
212 | </th> | |
213 | <th align="center"> | |
214 | <strong>$Lang::tr{'ssh login time'}</strong> | |
215 | </th> | |
216 | <th align="center"> | |
217 | <strong>$Lang::tr{'ip address'}</strong> | |
218 | </th> | |
219 | <th align="center"> | |
220 | <strong>$Lang::tr{'country'}</strong> | |
221 | </th> | |
222 | <th align="center"> | |
223 | <strong>$Lang::tr{'rdns'}</strong> | |
224 | </th> | |
225 | </tr> | |
226 | </thead> | |
227 | <tbody> | |
228 | END | |
229 | ||
230 | &printactivelogins(); | |
231 | ||
232 | print "</tbody>\n</table>\n"; | |
233 | ||
234 | &Header::closebox(); | |
235 | ||
236 | &Header::closebigbox(); | |
237 | ||
238 | &Header::closepage(); | |
239 | ||
240 | ||
241 | sub viewkey | |
242 | { | |
243 | my $key = $_[0]; | |
244 | my $name = $_[1]; | |
245 | ||
246 | if ( -e $key ) | |
247 | { | |
248 | my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`); | |
249 | my $keysize = &Header::cleanhtml($temp[0],"y"); | |
250 | my $fingerprint = &Header::cleanhtml($temp[1],"y"); | |
251 | print "<tr><td><code>$key</code></td><td align='center'>$name</td><td><code>$fingerprint</code></td><td align='center'>$keysize</td></tr>\n"; | |
252 | } | |
253 | } | |
254 | ||
255 | sub printactivelogins() | |
256 | { | |
257 | # print active SSH logins (grep outpout of "who -s") | |
258 | my $command = "who -s"; | |
259 | my @output = `$command`; | |
260 | chomp(@output); | |
261 | ||
262 | my $id = 0; | |
263 | ||
264 | if ( scalar(@output) == 0 ) | |
265 | { | |
266 | # no logins appeared | |
267 | my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'}; | |
268 | print "<tr bgcolor='$table_colour'><td colspan='5'>$Lang::tr{'ssh no active logins'}</td></tr>\n"; | |
269 | } else { | |
270 | # list active logins... | |
271 | ||
272 | foreach my $line (@output) | |
273 | { | |
274 | my @arry = split(/\ +/, $line); | |
275 | ||
276 | my $username = @arry[0]; | |
277 | my $logintime = join(' ', @arry[2..4]); | |
278 | my $remoteip = @arry[5]; | |
279 | $remoteip =~ s/[()]//g; | |
280 | ||
281 | # display more information about that IP adress... | |
282 | my $ccode = &GeoIP::lookup($remoteip); | |
283 | my $flag_icon = &GeoIP::get_flag_icon($ccode); | |
284 | ||
285 | # get rDNS... | |
286 | my $iaddr = inet_aton($remoteip); | |
287 | my $rdns = gethostbyaddr($iaddr, AF_INET); | |
288 | if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }; | |
289 | ||
290 | my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'}; | |
291 | ||
292 | print <<END; | |
293 | <tr bgcolor='$table_colour'> | |
294 | <td>$username</td> | |
295 | <td>$logintime</td> | |
296 | <td align='center'><a href='ipinfo.cgi?ip=$remoteip'>$remoteip</a></td> | |
297 | <td align='center'><a href='country.cgi#$ccode'><img src='$flag_icon' border='0' alt='$ccode' title='$ccode' /></a></td> | |
298 | <td>$rdns</td> | |
299 | </tr> | |
300 | END | |
301 | ; | |
302 | } | |
303 | } | |
304 | } |