-#!/usr/bin/perl\r
-#\r
-# SmoothWall CGIs\r
-#\r
-# This code is distributed under the terms of the GPL\r
-#\r
-# (c) The SmoothWall Team\r
-#\r
-# $Id: remote.cgi,v 1.6.2.8 2005/02/22 22:21:56 gespinasse Exp $\r
-#\r
-\r
-use strict;\r
-\r
-# enable only the following on debugging purpose\r
-#use warnings;\r
-#use CGI::Carp 'fatalsToBrowser';\r
-\r
-require 'CONFIG_ROOT/general-functions.pl';\r
-require "${General::swroot}/lang.pl";\r
-require "${General::swroot}/header.pl";\r
-\r
-my %remotesettings=();\r
-my %checked=();\r
-my $errormessage='';\r
-\r
-&Header::showhttpheaders();\r
-\r
-$remotesettings{'ENABLE_SSH'} = 'off';\r
-$remotesettings{'ENABLE_SSH_PROTOCOL1'} = 'off';\r
-$remotesettings{'ENABLE_SSH_PORTFW'} = 'off';\r
-$remotesettings{'ACTION'} = '';\r
-&Header::getcgihash(\%remotesettings);\r
-\r
-if ($remotesettings{'ACTION'} eq $Lang::tr{'save'})\r
-{\r
- # not existing here indicates the box is unticked\r
- $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};\r
- $remotesettings{'ENABLE_SSH_KEYS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_KEYS'};\r
-\r
-\r
- &General::writehash("${General::swroot}/remote/settings", \%remotesettings);\r
- if ($remotesettings{'ENABLE_SSH'} eq 'on')\r
- {\r
- &General::log($Lang::tr{'ssh is enabled'});\r
- if ($remotesettings{'ENABLE_SSH_PASSWORDS'} eq 'off'\r
- and $remotesettings{'ENABLE_SSH_KEYS'} eq 'off')\r
- {\r
- $errormessage = $Lang::tr{'ssh no auth'};\r
- }\r
- system ('/bin/touch', "${General::swroot}/remote/enablessh");\r
- }\r
- else\r
- {\r
- &General::log($Lang::tr{'ssh is disabled'});\r
- unlink "${General::swroot}/remote/enablessh";\r
- }\r
-\r
- if ($remotesettings{'ENABLE_SSH_PROTOCOL1'} eq 'on')\r
- {\r
- &General::log($Lang::tr{'ssh1 enabled'});\r
- }\r
- else\r
- {\r
- &General::log($Lang::tr{'ssh1 disabled'});\r
- }\r
-\r
- system('/usr/local/bin/restartssh') == 0\r
- or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;\r
-}\r
-\r
-&General::readhash("${General::swroot}/remote/settings", \%remotesettings);\r
-\r
-# not existing here means they're undefined and the default value should be\r
-# used\r
- $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};\r
- $remotesettings{'ENABLE_SSH_KEYS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_KEYS'};\r
-\r
-$checked{'ENABLE_SSH'}{'off'} = '';\r
-$checked{'ENABLE_SSH'}{'on'} = '';\r
-$checked{'ENABLE_SSH'}{$remotesettings{'ENABLE_SSH'}} = "checked='checked'";\r
-$checked{'ENABLE_SSH_PROTOCOL1'}{'off'} = '';\r
-$checked{'ENABLE_SSH_PROTOCOL1'}{'on'} = '';\r
-$checked{'ENABLE_SSH_PROTOCOL1'}{$remotesettings{'ENABLE_SSH_PROTOCOL1'}} = "checked='checked'";\r
-$checked{'ENABLE_SSH_PORTFW'}{'off'} = '';\r
-$checked{'ENABLE_SSH_PORTFW'}{'on'} = '';\r
-$checked{'ENABLE_SSH_PORTFW'}{$remotesettings{'ENABLE_SSH_PORTFW'}} = "checked='checked'";\r
-$checked{'ENABLE_SSH_PASSWORDS'}{'off'} = '';\r
-$checked{'ENABLE_SSH_PASSWORDS'}{'on'} = '';\r
-$checked{'ENABLE_SSH_PASSWORDS'}{$remotesettings{'ENABLE_SSH_PASSWORDS'}} = "checked='checked'";\r
-$checked{'ENABLE_SSH_KEYS'}{'off'} = '';\r
-$checked{'ENABLE_SSH_KEYS'}{'on'} = '';\r
-$checked{'ENABLE_SSH_KEYS'}{$remotesettings{'ENABLE_SSH_KEYS'}} = "checked='checked'";\r
-\r
-\r
-&Header::openpage($Lang::tr{'remote access'}, 1, '');\r
-\r
-&Header::openbigbox('100%', 'left', '', $errormessage);\r
-\r
-if ($errormessage) {\r
- &Header::openbox('100%', 'left', $Lang::tr{'error messages'});\r
- print "<FONT CLASS='base'>$errormessage </FONT>\n";\r
- &Header::closebox();\r
-}\r
-\r
-print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";\r
-\r
-&Header::openbox('100%', 'left', 'SSH:');\r
-print <<END\r
-<table width='100%'>\r
-<tr>\r
- <td><input type='checkbox' name='ENABLE_SSH' $checked{'ENABLE_SSH'}{'on'} /></td>\r
- <td class='base' colspan='2'>$Lang::tr{'ssh access'}</td>\r
-</tr>\r
-<tr>\r
- <td> </td>\r
- <td><input type='checkbox' name='ENABLE_SSH_PROTOCOL1' $checked{'ENABLE_SSH_PROTOCOL1'}{'on'} /></td>\r
- <td width='100%' class='base'>$Lang::tr{'ssh1 support'}</td>\r
-</tr>\r
-<tr>\r
- <td> </td>\r
- <td><input type='checkbox' name='ENABLE_SSH_PORTFW' $checked{'ENABLE_SSH_PORTFW'}{'on'} /></td>\r
- <td width='100%' class='base'>$Lang::tr{'ssh portfw'}</td>\r
-</tr>\r
-<tr>\r
- <td> </td>\r
- <td><input type='checkbox' name='ENABLE_SSH_PASSWORDS' $checked{'ENABLE_SSH_PASSWORDS'}{'on'} /></td>\r
- <td width='100%' class='base'>$Lang::tr{'ssh passwords'}</td>\r
-</tr>\r
-<tr>\r
- <td> </td>\r
- <td><input type='checkbox' name='ENABLE_SSH_KEYS' $checked{'ENABLE_SSH_KEYS'}{'on'} /></td>\r
- <td width='100%' class='base'>$Lang::tr{'ssh keys'}</td>\r
-</tr>\r
-<tr>\r
- <td colspan='3' align='center'><hr /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>\r
-</tr>\r
-</table>\r
-END\r
-;\r
-&Header::closebox();\r
-\r
-print "</form>\n";\r
-\r
-&Header::openbox('100%', 'left', $Lang::tr{'ssh host keys'});\r
-\r
-print "<table>\n";\r
-\r
-print <<END\r
-<tr><td class='boldbase'><b>$Lang::tr{'ssh key'}</b></td>\r
- <td class='boldbase'><b>$Lang::tr{'ssh fingerprint'}</b></td>\r
- <td class='boldbase'><b>$Lang::tr{'ssh key size'}</b></td></tr>\r
-END\r
-;\r
-\r
-&viewkey("/etc/ssh/ssh_host_key.pub","RSA1");\r
-&viewkey("/etc/ssh/ssh_host_rsa_key.pub","RSA2");\r
-&viewkey("/etc/ssh/ssh_host_dsa_key.pub","DSA");\r
-\r
-print "</table>\n";\r
-\r
-&Header::closebox();\r
-\r
-&Header::closebigbox();\r
-\r
-&Header::closepage();\r
-\r
-\r
-sub viewkey\r
-{\r
- my $key = $_[0];\r
- my $name = $_[1];\r
-\r
- if ( -e $key )\r
- {\r
- my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`);\r
- my $keysize = &Header::cleanhtml($temp[0],"y");\r
- my $fingerprint = &Header::cleanhtml($temp[1],"y");\r
- print "<tr><td>$key ($name)</td><td><code>$fingerprint</code></td><td align='center'>$keysize</td></tr>\n";\r
- }\r
-}\r
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+use IO::Socket;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/location-functions.pl";
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %color = ();
+my %mainsettings = ();
+my %remotesettings=();
+my %checked=();
+my $errormessage='';
+my $counter = 0;
+
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
+
+&Header::showhttpheaders();
+
+$remotesettings{'ENABLE_SSH'} = 'off';
+$remotesettings{'ENABLE_SSH_PORTFW'} = 'off';
+$remotesettings{'ACTION'} = '';
+&Header::getcgihash(\%remotesettings);
+
+if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'})) && $remotesettings{'ACTION'} ne "" )
+{
+ # not existing here indicates the box is unticked
+ $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
+ $remotesettings{'ENABLE_SSH_KEYS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_KEYS'};
+
+
+ &General::writehash("${General::swroot}/remote/settings", \%remotesettings);
+ if ($remotesettings{'ENABLE_SSH'} eq 'on')
+ {
+ &General::log($Lang::tr{'ssh is enabled'});
+ if ($remotesettings{'ENABLE_SSH_PASSWORDS'} eq 'off'
+ and $remotesettings{'ENABLE_SSH_KEYS'} eq 'off')
+ {
+ $errormessage = $Lang::tr{'ssh no auth'};
+ }
+ system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+ }
+ else
+ {
+ &General::log($Lang::tr{'ssh is disabled'});
+ unlink "${General::swroot}/remote/enablessh";
+ }
+
+ if ($remotesettings{'SSH_PORT'} eq 'on')
+ {
+ &General::log("SSH Port 22");
+ }
+ else
+ {
+ &General::log("SSH Port 222");
+ }
+
+if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
+ if ($remotesettings{'ENABLE_SSH'} eq 'off')
+ {
+ system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+ system('/usr/local/bin/sshctrl');
+ }
+ if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;}
+ elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;}
+
+ system("/usr/local/bin/sshctrl tempstart $counter >/dev/null");
+ }
+else {
+ system('/usr/local/bin/sshctrl') == 0
+ or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
+ }
+}
+
+&General::readhash("${General::swroot}/remote/settings", \%remotesettings);
+
+# not existing here means they're undefined and the default value should be
+# used
+ $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
+ $remotesettings{'ENABLE_SSH_KEYS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_KEYS'};
+ $remotesettings{'SSH_AGENT_FORWARDING'} = 'off' unless exists $remotesettings{'SSH_AGENT_FORWARDING'};
+
+$checked{'ENABLE_SSH'}{'off'} = '';
+$checked{'ENABLE_SSH'}{'on'} = '';
+$checked{'ENABLE_SSH'}{$remotesettings{'ENABLE_SSH'}} = "checked='checked'";
+$checked{'ENABLE_SSH_PORTFW'}{'off'} = '';
+$checked{'ENABLE_SSH_PORTFW'}{'on'} = '';
+$checked{'ENABLE_SSH_PORTFW'}{$remotesettings{'ENABLE_SSH_PORTFW'}} = "checked='checked'";
+$checked{'ENABLE_SSH_PASSWORDS'}{'off'} = '';
+$checked{'ENABLE_SSH_PASSWORDS'}{'on'} = '';
+$checked{'ENABLE_SSH_PASSWORDS'}{$remotesettings{'ENABLE_SSH_PASSWORDS'}} = "checked='checked'";
+$checked{'ENABLE_SSH_KEYS'}{'off'} = '';
+$checked{'ENABLE_SSH_KEYS'}{'on'} = '';
+$checked{'ENABLE_SSH_KEYS'}{$remotesettings{'ENABLE_SSH_KEYS'}} = "checked='checked'";
+$checked{'SSH_PORT'}{'off'} = '';
+$checked{'SSH_PORT'}{'on'} = '';
+$checked{'SSH_PORT'}{$remotesettings{'SSH_PORT'}} = "checked='checked'";
+$checked{'SSH_AGENT_FORWARDING'}{'off'} = '';
+$checked{'SSH_AGENT_FORWARDING'}{'on'} = '';
+$checked{'SSH_AGENT_FORWARDING'}{$remotesettings{'SSH_AGENT_FORWARDING'}} = "checked='checked'";
+
+&Header::openpage($Lang::tr{'remote access'}, 1, '');
+
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<font class='base'>$errormessage </font>\n";
+ &Header::closebox();
+}
+
+print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
+
+&Header::openbox('100%', 'left', $Lang::tr{'ssh'});
+print <<END
+<table width='100%'>
+<tr>
+ <td><input type='checkbox' name='ENABLE_SSH' $checked{'ENABLE_SSH'}{'on'} /></td>
+ <td class='base' colspan='2'>$Lang::tr{'ssh access'}</td>
+</tr>
+<tr>
+ <td> </td>
+ <td><input type='checkbox' name='SSH_AGENT_FORWARDING' $checked{'SSH_AGENT_FORWARDING'}{'on'} /></td>
+ <td width='100%' class='base'>$Lang::tr{'ssh agent forwarding'}</td>
+</tr>
+<tr>
+ <td> </td>
+ <td><input type='checkbox' name='ENABLE_SSH_PORTFW' $checked{'ENABLE_SSH_PORTFW'}{'on'} /></td>
+ <td width='100%' class='base'>$Lang::tr{'ssh portfw'}</td>
+</tr>
+<tr>
+ <td> </td>
+ <td><input type='checkbox' name='ENABLE_SSH_PASSWORDS' $checked{'ENABLE_SSH_PASSWORDS'}{'on'} /></td>
+ <td width='100%' class='base'>$Lang::tr{'ssh passwords'}</td>
+</tr>
+<tr>
+ <td> </td>
+ <td><input type='checkbox' name='ENABLE_SSH_KEYS' $checked{'ENABLE_SSH_KEYS'}{'on'} /></td>
+ <td width='100%' class='base'>$Lang::tr{'ssh keys'}</td>
+</tr>
+<tr>
+ <td> </td>
+ <td><input type='checkbox' name='SSH_PORT' $checked{'SSH_PORT'}{'on'} /></td>
+ <td width='100%' class='base'>$Lang::tr{'ssh port'}</td>
+</tr>
+<tr>
+ <td align='right' colspan='3'>
+ <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart15'}' />
+ <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart30'}' />
+ <input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+</tr>
+</table>
+END
+;
+&Header::closebox();
+
+print "</form>\n";
+
+&Header::openbox('100%', 'center', $Lang::tr{'ssh host keys'});
+
+print "<table class='tbl' width='100%'>\n";
+
+print <<END
+<thead>
+ <tr>
+ <th align="center"><strong>$Lang::tr{'ssh key'}</strong></th>
+ <th align="center"><strong>$Lang::tr{'type'}</strong></th>
+ <th align="center"><strong>$Lang::tr{'ssh fingerprint'}</strong></th>
+ <th align="center"><strong>$Lang::tr{'ssh key size'}</strong></th>
+ </tr>
+</thead>
+<tbody>
+END
+;
+
+&viewkey("/etc/ssh/ssh_host_key.pub","RSA1");
+&viewkey("/etc/ssh/ssh_host_rsa_key.pub","RSA2");
+&viewkey("/etc/ssh/ssh_host_dsa_key.pub","DSA");
+&viewkey("/etc/ssh/ssh_host_ecdsa_key.pub","ECDSA");
+&viewkey("/etc/ssh/ssh_host_ed25519_key.pub","ED25519");
+
+print "</tbody>\n</table>\n";
+
+&Header::closebox();
+
+&Header::openbox('100%', 'center', $Lang::tr{'ssh active sessions'});
+
+print <<END;
+ <table class="tbl" width="100%">
+ <thead>
+ <tr>
+ <th align="center">
+ <strong>$Lang::tr{'ssh username'}</strong>
+ </th>
+ <th align="center">
+ <strong>$Lang::tr{'ssh login time'}</strong>
+ </th>
+ <th align="center">
+ <strong>$Lang::tr{'ip address'}</strong>
+ </th>
+ <th align="center">
+ <strong>$Lang::tr{'country'}</strong>
+ </th>
+ <th align="center">
+ <strong>$Lang::tr{'rdns'}</strong>
+ </th>
+ </tr>
+ </thead>
+ <tbody>
+END
+
+&printactivelogins();
+
+print "</tbody>\n</table>\n";
+
+&Header::closebox();
+
+&Header::closebigbox();
+
+&Header::closepage();
+
+
+sub viewkey
+{
+ my $key = $_[0];
+ my $name = $_[1];
+
+ if ( -e $key )
+ {
+ my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`);
+ my $keysize = &Header::cleanhtml($temp[0],"y");
+ my $fingerprint = &Header::cleanhtml($temp[1],"y");
+ print "<tr><td><code>$key</code></td><td align='center'>$name</td><td><code>$fingerprint</code></td><td align='center'>$keysize</td></tr>\n";
+ }
+}
+
+sub printactivelogins()
+{
+ # print active SSH logins (grep outpout of "who -s")
+ my $command = "who -s";
+ my @output = `$command`;
+ chomp(@output);
+
+ my $id = 0;
+
+ if ( scalar(@output) == 0 )
+ {
+ # no logins appeared
+ my $table_colour = ($id++ % 2) ? $color{'color20'} : $color{'color22'};
+ print "<tr bgcolor='$table_colour'><td colspan='5'>$Lang::tr{'ssh no active logins'}</td></tr>\n";
+ } else {
+ # list active logins...
+ foreach my $line (@output)
+ {
+ my @arry = split(/\ +/, $line);
+
+ my $username = @arry[0];
+ my $logintime = join(' ', @arry[2..4]);
+ my $remoteip = @arry[5];
+ $remoteip =~ s/[()]//g;
+
+ # display more information about that IP adress...
+ my $ccode = &Location::Functions::lookup_country_code($remoteip);
+ my $flag_icon = &Location::Functions::get_flag_icon($ccode);
+
+ # get rDNS...
+ my $iaddr = inet_aton($remoteip);
+ my $rdns = gethostbyaddr($iaddr, AF_INET);
+ if (!$rdns) { $rdns = $Lang::tr{'ptr lookup failed'}; };
+
+ my $table_colour = ($id++ % 2) ? $color{'color20'} : $color{'color22'};
+
+ print <<END;
+ <tr bgcolor='$table_colour'>
+ <td>$username</td>
+ <td>$logintime</td>
+ <td align='center'><a href='ipinfo.cgi?ip=$remoteip'>$remoteip</a></td>
+ <td align='center'><a href='country.cgi#$ccode'><img src='$flag_icon' border='0' alt='$ccode' title='$ccode' /></a></td>
+ <td>$rdns</td>
+ </tr>
+END
+;
+ }
+ }
+}
projects / ipfire-2.x.git / blobdiff