]>
git.ipfire.org Git - ipfire-2.x.git/blob - src/misc-progs/sshctrl.c
1 /* SmoothWall helper program - sshctrl
3 * This program is distributed under the terms of the GNU General Public
4 * Licence. See the file COPYING for details.
6 * (c) Mark Wormgoor, 2001
7 * Simple program intended to be installed setuid(0) that can be used for
10 * $Id: sshctrl.c,v 1.3 2003/12/11 10:57:34 riddles Exp $
18 #include <sys/types.h>
22 #include "libsmooth.h"
25 #define BUFFER_SIZE 1024
27 char command
[BUFFER_SIZE
];
29 int main(int argc
, char *argv
[])
32 int fd
, config_fd
, rc
, pid
;
33 char buffer
[STRING_SIZE
], command
[STRING_SIZE
] = "/bin/sed -e '";
34 struct keyvalue
*kv
= NULL
;
40 if (!readkeyvalues(kv
, CONFIG_ROOT
"/remote/settings")){
41 fprintf(stderr
, "Cannot read remote access settings\n");
45 /* By using O_CREAT with O_EXCL open() will fail if the file already exists,
46 * this prevents 2 copies of sshctrl both trying to edit the config file
47 * at once. It also prevents race conditions, but these shouldn't be
48 * possible as /etc/ssh/ should only be writable by root anyhow
51 if ((config_fd
= open( "/etc/ssh/sshd_config.new", O_WRONLY
|O_CREAT
|O_EXCL
, 0644 )) == -1 ){
52 perror("Unable to open new config file");
57 strlcat(command
, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE
- 1 );
59 if(findkey(kv
, "ENABLE_SSH_KEYS", buffer
) && !strcmp(buffer
,"off"))
60 strlcat(command
, "s/^RSAAuthentication .*$/RSAAuthentication no/;" "s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;", STRING_SIZE
- 1 );
62 strlcat(command
, "s/^RSAAuthentication .*$/RSAAuthentication yes/;" "s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;", STRING_SIZE
- 1 );
64 if(findkey(kv
, "ENABLE_SSH_PASSWORDS", buffer
) && !strcmp(buffer
,"off"))
65 strlcat(command
, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE
- 1 );
67 strlcat(command
, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE
- 1 );
69 if(findkey(kv
, "ENABLE_SSH_PORTFW", buffer
) && !strcmp(buffer
,"on"))
70 strlcat(command
, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/;", STRING_SIZE
- 1 );
72 strlcat(command
, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/;", STRING_SIZE
- 1 );
74 if(findkey(kv
, "SSH_PORT", buffer
) && !strcmp(buffer
,"on"))
75 strlcat(command
, "s/^Port .*$/Port 22/;", STRING_SIZE
- 1 );
77 strlcat(command
, "s/^Port .*$/Port 222/;", STRING_SIZE
- 1 );
79 if(findkey(kv
, "SSH_AGENT_FORWARDING", buffer
) && !strcmp(buffer
,"on"))
80 strlcat(command
, "s/^AllowAgentForwarding .*$/AllowAgentForwarding yes/;", STRING_SIZE
- 1 );
82 strlcat(command
, "s/^AllowAgentForwarding .*$/AllowAgentForwarding no/;", STRING_SIZE
- 1 );
86 snprintf(buffer
, STRING_SIZE
- 1, "' /etc/ssh/sshd_config >&%d", config_fd
);
87 strlcat(command
, buffer
, STRING_SIZE
- 1);
89 if((rc
= unpriv_system(command
,99,99)) != 0){
90 fprintf(stderr
, "sed returned bad exit code: %d\n", rc
);
92 unlink("/etc/ssh/sshd_config.new");
97 if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0){
98 perror("Unable to replace old config file");
99 unlink("/etc/ssh/sshd_config.new");
103 memset(buffer
, 0, STRING_SIZE
);
105 if ((fd
= open("/var/run/sshd.pid", O_RDONLY
)) != -1){
106 if (read(fd
, buffer
, STRING_SIZE
- 1) == -1)
107 fprintf(stderr
, "Couldn't read from pid file\n");
111 fprintf(stderr
, "Bad pid value\n");
113 if (kill(pid
, SIGTERM
) == -1)
114 fprintf(stderr
, "Unable to send SIGTERM\n");
116 unlink("/var/run/sshd.pid");
122 if (errno
!= ENOENT
){
123 perror("Unable to open pid file");
128 if ((fd
= open(CONFIG_ROOT
"/remote/enablessh", O_RDONLY
)) != -1){
130 safe_system("/usr/sbin/sshd");
135 else if (strcmp(argv
[1], "tempstart") == 0) {
136 safe_system("/usr/local/bin/sshctrl");
138 unlink("/var/ipfire/remote/enablessh");
139 safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
140 safe_system("chown nobody.nobody /var/ipfire/remote/settings");
141 snprintf(command
, BUFFER_SIZE
-1, "sleep %s && /usr/local/bin/sshctrl &", argv
[2]);
142 safe_system(command
);