X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fremote.cgi;h=1b3dfed70a881dd3a358327a0666c9945e549d78;hp=c7b44bf7900f8ecef14203d5670ecddb62de84df;hb=5b4464a94478059ceebf266bc31dee4a4ba18fac;hpb=ca4c317c04d0c03a8fbecf6c7e5e120c83807c13 diff --git a/html/cgi-bin/remote.cgi b/html/cgi-bin/remote.cgi index c7b44bf790..1b3dfed70a 100644 --- a/html/cgi-bin/remote.cgi +++ b/html/cgi-bin/remote.cgi @@ -1,13 +1,23 @@ #!/usr/bin/perl -# -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The SmoothWall Team -# -# $Id: remote.cgi,v 1.6.2.8 2005/02/22 22:21:56 gespinasse Exp $ -# +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2014 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### use strict; @@ -15,18 +25,26 @@ use strict; #use warnings; #use CGI::Carp 'fatalsToBrowser'; +use IO::Socket; + require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/geoip-functions.pl"; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; +my %color = (); +my %mainsettings = (); my %remotesettings=(); my %checked=(); my $errormessage=''; +my $counter = 0; + +&General::readhash("${General::swroot}/main/settings", \%mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); &Header::showhttpheaders(); $remotesettings{'ENABLE_SSH'} = 'off'; -$remotesettings{'ENABLE_SSH_PROTOCOL1'} = 'off'; $remotesettings{'ENABLE_SSH_PORTFW'} = 'off'; $remotesettings{'ACTION'} = ''; &Header::getcgihash(\%remotesettings); @@ -54,22 +72,26 @@ if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTI &General::log($Lang::tr{'ssh is disabled'}); unlink "${General::swroot}/remote/enablessh"; } - - if ($remotesettings{'ENABLE_SSH_PROTOCOL1'} eq 'on') + + if ($remotesettings{'SSH_PORT'} eq 'on') { - &General::log($Lang::tr{'ssh1 enabled'}); + &General::log("SSH Port 22"); } else { - &General::log($Lang::tr{'ssh1 disabled'}); + &General::log("SSH Port 222"); } -if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ){ - system('/usr/local/bin/sshctrl','tempstart','900') == 0 - or $errormessage = "$Lang::tr{'bad return code'} " . $?/256; - } -elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){ - system('/usr/local/bin/sshctrl','tempstart','1800') == 0 - or $errormessage = "$Lang::tr{'bad return code'} " . $?/256; + +if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){ + if ($remotesettings{'ENABLE_SSH'} eq 'off') + { + system ('/usr/bin/touch', "${General::swroot}/remote/enablessh"); + system('/usr/local/bin/sshctrl'); + } + if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;} + elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;} + + system("/usr/local/bin/sshctrl tempstart $counter >/dev/null"); } else { system('/usr/local/bin/sshctrl') == 0 @@ -87,9 +109,6 @@ else { $checked{'ENABLE_SSH'}{'off'} = ''; $checked{'ENABLE_SSH'}{'on'} = ''; $checked{'ENABLE_SSH'}{$remotesettings{'ENABLE_SSH'}} = "checked='checked'"; -$checked{'ENABLE_SSH_PROTOCOL1'}{'off'} = ''; -$checked{'ENABLE_SSH_PROTOCOL1'}{'on'} = ''; -$checked{'ENABLE_SSH_PROTOCOL1'}{$remotesettings{'ENABLE_SSH_PROTOCOL1'}} = "checked='checked'"; $checked{'ENABLE_SSH_PORTFW'}{'off'} = ''; $checked{'ENABLE_SSH_PORTFW'}{'on'} = ''; $checked{'ENABLE_SSH_PORTFW'}{$remotesettings{'ENABLE_SSH_PORTFW'}} = "checked='checked'"; @@ -99,7 +118,9 @@ $checked{'ENABLE_SSH_PASSWORDS'}{$remotesettings{'ENABLE_SSH_PASSWORDS'}} = "che $checked{'ENABLE_SSH_KEYS'}{'off'} = ''; $checked{'ENABLE_SSH_KEYS'}{'on'} = ''; $checked{'ENABLE_SSH_KEYS'}{$remotesettings{'ENABLE_SSH_KEYS'}} = "checked='checked'"; - +$checked{'SSH_PORT'}{'off'} = ''; +$checked{'SSH_PORT'}{'on'} = ''; +$checked{'SSH_PORT'}{$remotesettings{'SSH_PORT'}} = "checked='checked'"; &Header::openpage($Lang::tr{'remote access'}, 1, ''); @@ -107,24 +128,19 @@ $checked{'ENABLE_SSH_KEYS'}{$remotesettings{'ENABLE_SSH_KEYS'}} = "checked='chec if ($errormessage) { &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; + print "$errormessage \n"; &Header::closebox(); } print "
\n"; -&Header::openbox('100%', 'left', 'SSH:'); +&Header::openbox('100%', 'left', $Lang::tr{'ssh'}); print < $Lang::tr{'ssh access'} - -   - - $Lang::tr{'ssh1 support'} -   @@ -141,7 +157,12 @@ print <$Lang::tr{'ssh keys'} -
+   + + $Lang::tr{'ssh port'} + + + @@ -153,22 +174,62 @@ END print "\n"; -&Header::openbox('100%', 'left', $Lang::tr{'ssh host keys'}); +&Header::openbox('100%', 'center', $Lang::tr{'ssh host keys'}); -print "\n"; +print "
\n"; print < - - + + + + + + + + + END ; &viewkey("/etc/ssh/ssh_host_key.pub","RSA1"); &viewkey("/etc/ssh/ssh_host_rsa_key.pub","RSA2"); &viewkey("/etc/ssh/ssh_host_dsa_key.pub","DSA"); +&viewkey("/etc/ssh/ssh_host_ecdsa_key.pub","ECDSA"); +&viewkey("/etc/ssh/ssh_host_ed25519_key.pub","ED25519"); -print "
$Lang::tr{'ssh key'}$Lang::tr{'ssh fingerprint'}$Lang::tr{'ssh key size'}
$Lang::tr{'ssh key'}$Lang::tr{'type'}$Lang::tr{'ssh fingerprint'}$Lang::tr{'ssh key size'}
\n"; +print "\n\n"; + +&Header::closebox(); + +&Header::openbox('100%', 'center', $Lang::tr{'ssh active sessions'}); + +print < + + + + $Lang::tr{'ssh username'} + + + $Lang::tr{'ssh login time'} + + + $Lang::tr{'ip address'} + + + $Lang::tr{'country'} + + + $Lang::tr{'rdns'} + + + + +END + +&printactivelogins(); + +print "\n\n"; &Header::closebox(); @@ -187,6 +248,57 @@ sub viewkey my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`); my $keysize = &Header::cleanhtml($temp[0],"y"); my $fingerprint = &Header::cleanhtml($temp[1],"y"); - print "$key ($name)$fingerprint$keysize\n"; + print "$key$name$fingerprint$keysize\n"; } } + +sub printactivelogins() +{ + # print active SSH logins (grep outpout of "who -s") + my $command = "who -s"; + my @output = `$command`; + chomp(@output); + + my $id = 0; + + if ( scalar(@output) == 0 ) + { + # no logins appeared + my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'}; + print "$Lang::tr{'ssh no active logins'}\n"; + } else { + # list active logins... + + foreach my $line (@output) + { + my @arry = split(/\ +/, $line); + + my $username = @arry[0]; + my $logintime = join(' ', @arry[2..4]); + my $remoteip = @arry[5]; + $remoteip =~ s/[()]//g; + + # display more information about that IP adress... + my $ccode = &GeoIP::lookup($remoteip); + my $flag_icon = &GeoIP::get_flag_icon($ccode); + + # get rDNS... + my $iaddr = inet_aton($remoteip); + my $rdns = gethostbyaddr($iaddr, AF_INET); + if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }; + + my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'}; + + print < + $username + $logintime + $remoteip + $ccode + $rdns + +END +; + } + } +}