[ipfire-2.x.git] / src / misc-progs / restartssh.c

/* SmoothWall helper program - restartssh
 *
 * This program is distributed under the terms of the GNU General Public
 * Licence.  See the file COPYING for details.
 *
 * (c) Mark Wormgoor, 2001
 * Simple program intended to be installed setuid(0) that can be used for
 * restarting SSHd. 
 * 
 * $Id: restartssh.c,v 1.3 2003/12/11 10:57:34 riddles Exp $
 * 
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <fcntl.h>
#include <signal.h>
#include <errno.h>
#include "libsmooth.h"
#include "setuid.h"

int main(int argc, char *argv[])
{
	if (strcmp(argv[1], "tempstart15") == 0) {
		      safe_system("/usr/local/bin/restartssh");
          sleep(5);
					unlink("/var/ipfire/remote/enablessh");
					safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
		      safe_system("sleep 900 && /usr/local/bin/restartssh &");
	}
  else if (strcmp(argv[1], "tempstart30") == 0) {
		      safe_system("/usr/local/bin/restartssh");
          sleep(5);
					unlink("/var/ipfire/remote/enablessh");
					safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
		      safe_system("sleep 1800 && /usr/local/bin/restartssh &");
	} else {
	int fd, config_fd, rc, pid;
	char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '";
	struct keyvalue *kv = NULL;

	if (!(initsetuid()))
		exit(1);

	kv = initkeyvalues();
	if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings"))
	{
		fprintf(stderr, "Cannot read remote access settings\n");
		exit(1);
	}

	/* By using O_CREAT with O_EXCL open() will fail if the file already exists,
	 * this prevents 2 copies of restartssh both trying to edit the config file
	 * at once. It also prevents race conditions, but these shouldn't be
	 * possible as /etc/ssh/ should only be writable by root anyhow
	 */

	if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 )
	{
		perror("Unable to open new config file");
		freekeyvalues(kv);
		exit(1);
	}

	if(findkey(kv, "ENABLE_SSH_PROTOCOL1", buffer) && !strcmp(buffer,"on"))
		strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE - 1 );
	else
		strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 );

	if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off"))
		strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;"
		                 "s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;",
		                  STRING_SIZE - 1 );
	else
		strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;"
		                 "s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;",
		                  STRING_SIZE - 1 );

	if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off"))
		strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 );
	else
		strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 );

	if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on"))
		strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE - 1 );
	else
		strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE - 1 );

	freekeyvalues(kv);

	snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd );
	strlcat(command, buffer, STRING_SIZE - 1);

	if((rc = unpriv_system(command,99,99)) != 0)
	{
		fprintf(stderr, "sed returned bad exit code: %d\n", rc);
		close(config_fd);
		unlink("/etc/ssh/sshd_config.new");
		exit(1);
	}
	close(config_fd);
	if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0)
	{
		perror("Unable to replace old config file");
		unlink("/etc/ssh/sshd_config.new");
		exit(1);
	}

	memset(buffer, 0, STRING_SIZE);

	if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1)
	{
		if (read(fd, buffer, STRING_SIZE - 1) == -1)
			fprintf(stderr, "Couldn't read from pid file\n");
		else
		{
			pid = atoi(buffer);
			if (pid <= 1)
				fprintf(stderr, "Bad pid value\n");
			else
			{
				if (kill(pid, SIGTERM) == -1)
					fprintf(stderr, "Unable to send SIGTERM\n");
				else
					unlink("/var/run/sshd.pid");
			}
		}
		close(fd);
	}
	else
	{
		if (errno != ENOENT)
		{
			perror("Unable to open pid file");
			exit(1);
		}
	}

	if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1)
	{
		close(fd);
		safe_system("/usr/sbin/sshd");
	}

	return 0;
 }
}
Commit	Line	Data
70db8683 CS	1	/* SmoothWall helper program - restartssh
	2	*
	3	* This program is distributed under the terms of the GNU General Public
	4	* Licence. See the file COPYING for details.
	5	*
	6	* (c) Mark Wormgoor, 2001
	7	* Simple program intended to be installed setuid(0) that can be used for
	8	* restarting SSHd.
	9	*
	10	* $Id: restartssh.c,v 1.3 2003/12/11 10:57:34 riddles Exp $
	11	*
	12	*/
	13
	14	#include <stdio.h>
	15	#include <stdlib.h>
	16	#include <unistd.h>
	17	#include <string.h>
	18	#include <sys/types.h>
	19	#include <fcntl.h>
	20	#include <signal.h>
	21	#include <errno.h>
	22	#include "libsmooth.h"
	23	#include "setuid.h"
	24
	25	int main(int argc, char *argv[])
	26	{
	27	if (strcmp(argv[1], "tempstart15") == 0) {
	28	safe_system("/usr/local/bin/restartssh");
b0835162	29	sleep(5);
70db8683 CS	30	unlink("/var/ipfire/remote/enablessh");
	31	safe_system("cat /var/ipfire/remote/settings \| sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
	32	safe_system("sleep 900 && /usr/local/bin/restartssh &");
	33	}
	34	else if (strcmp(argv[1], "tempstart30") == 0) {
	35	safe_system("/usr/local/bin/restartssh");
b0835162	36	sleep(5);
70db8683 CS	37	unlink("/var/ipfire/remote/enablessh");
	38	safe_system("cat /var/ipfire/remote/settings \| sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
	39	safe_system("sleep 1800 && /usr/local/bin/restartssh &");
	40	} else {
	41	int fd, config_fd, rc, pid;
	42	char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '";
	43	struct keyvalue *kv = NULL;
	44
	45	if (!(initsetuid()))
	46	exit(1);
	47
	48	kv = initkeyvalues();
	49	if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings"))
	50	{
	51	fprintf(stderr, "Cannot read remote access settings\n");
	52	exit(1);
	53	}
	54
	55	/* By using O_CREAT with O_EXCL open() will fail if the file already exists,
	56	* this prevents 2 copies of restartssh both trying to edit the config file
	57	* at once. It also prevents race conditions, but these shouldn't be
	58	* possible as /etc/ssh/ should only be writable by root anyhow
	59	*/
	60
	61	if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY\|O_CREAT\|O_EXCL, 0644 )) == -1 )
	62	{
	63	perror("Unable to open new config file");
	64	freekeyvalues(kv);
	65	exit(1);
	66	}
	67
	68	if(findkey(kv, "ENABLE_SSH_PROTOCOL1", buffer) && !strcmp(buffer,"on"))
	69	strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE - 1 );
	70	else
	71	strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 );
	72
	73	if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off"))
	74	strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;"
	75	"s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;",
	76	STRING_SIZE - 1 );
	77	else
	78	strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;"
	79	"s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;",
	80	STRING_SIZE - 1 );
	81
	82	if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off"))
	83	strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 );
	84	else
	85	strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 );
	86
	87	if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on"))
	88	strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE - 1 );
	89	else
	90	strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE - 1 );
	91
	92	freekeyvalues(kv);
	93
	94	snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd );
	95	strlcat(command, buffer, STRING_SIZE - 1);
	96
	97	if((rc = unpriv_system(command,99,99)) != 0)
	98	{
	99	fprintf(stderr, "sed returned bad exit code: %d\n", rc);
	100	close(config_fd);
101	unlink("/etc/ssh/sshd_config.new");
102	exit(1);
103	}
104	close(config_fd);
105	if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0)
106	{
107	perror("Unable to replace old config file");
108	unlink("/etc/ssh/sshd_config.new");
109	exit(1);
110	}
111
112	memset(buffer, 0, STRING_SIZE);
113
114	if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1)
115	{
116	if (read(fd, buffer, STRING_SIZE - 1) == -1)
117	fprintf(stderr, "Couldn't read from pid file\n");
118	else
119	{
120	pid = atoi(buffer);
121	if (pid <= 1)
122	fprintf(stderr, "Bad pid value\n");
123	else
124	{
125	if (kill(pid, SIGTERM) == -1)
126	fprintf(stderr, "Unable to send SIGTERM\n");
127	else
128	unlink("/var/run/sshd.pid");
129	}
130	}
131	close(fd);
132	}
133	else
134	{
135	if (errno != ENOENT)
136	{
137	perror("Unable to open pid file");
138	exit(1);
139	}
140	}
141
142	if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1)
143	{
144	close(fd);
145	safe_system("/usr/sbin/sshd");
146	}
147
148	return 0;
149	}
150	}