From: maniacikarus Date: Sat, 18 Aug 2007 19:10:10 +0000 (+0000) Subject: ARP Tabelle aus der DHCP CGI entfernt X-Git-Tag: v2.3-beta1~480 X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=70db86838b15e991225ae29ff6ce9d521d5c4023 ARP Tabelle aus der DHCP CGI entfernt Pakfire CGI nochmal korrigiert SSH Zugriff mit Timer gebaut git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@780 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- diff --git a/config/mpfire/mpfire.pl b/config/mpfire/mpfire.pl index aa6a51e16d..ded8b9b1c8 100644 --- a/config/mpfire/mpfire.pl +++ b/config/mpfire/mpfire.pl @@ -9,7 +9,7 @@ require "${General::swroot}/header.pl"; my $filename = ""; my %songs = ""; -my $debug = 1; +my $debug = 0; my $temp; if ($ARGV[0] eq 'scan') { diff --git a/doc/language_issues.de b/doc/language_issues.de index 9b77add02d..3f37f3d252 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -265,7 +265,6 @@ WARNING: translation string unused: ovpn_processprioVH WARNING: translation string unused: ovpnstatus log WARNING: translation string unused: ovpnsys log WARNING: translation string unused: package failed to install -WARNING: translation string unused: pakfire available addons WARNING: translation string unused: password contains illegal characters WARNING: translation string unused: password crypting key WARNING: translation string unused: passwords must be at least 6 characters in length diff --git a/doc/language_issues.en b/doc/language_issues.en index 509d00f8a6..59f1ba9f50 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -293,7 +293,6 @@ WARNING: translation string unused: ovpn_processprioVH WARNING: translation string unused: ovpnstatus log WARNING: translation string unused: ovpnsys log WARNING: translation string unused: package failed to install -WARNING: translation string unused: pakfire available addons WARNING: translation string unused: password contains illegal characters WARNING: translation string unused: password crypting key WARNING: translation string unused: passwords must be at least 6 characters in length diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi index 9357bff17e..9138337341 100644 --- a/html/cgi-bin/dhcp.cgi +++ b/html/cgi-bin/dhcp.cgi @@ -1014,33 +1014,6 @@ END &Header::closebox(); -&Header::openbox('100%', 'left', $Lang::tr{'arp table entries'}); -my @ip = qx(/sbin/ip neigh show | awk '{print \$1}'); -my @mac = qx(/sbin/ip neigh show | awk '{print \$5}'); - -print < - - - - -END -; -my $i=0; - -foreach my $ip(@ip) -{ - print""; - print""; - print""; -} - - -print"
$Lang::tr{'ip address'}$Lang::tr{'mac address'}Optionen
$ip@mac[$i]
"; - -&Header::closebox(); - - foreach my $itf (@ITFs) { if ($dhcpsettings{"ENABLE_${itf}"} eq 'on') { # display leases with a list of actions to do with the global select checkbox. diff --git a/html/cgi-bin/pakfire.cgi b/html/cgi-bin/pakfire.cgi index b10b5a7427..ca34292fec 100644 --- a/html/cgi-bin/pakfire.cgi +++ b/html/cgi-bin/pakfire.cgi @@ -188,7 +188,7 @@ system("pakfire update &>dev/null"); print < - $Lang::tr{'pakfire installed addons'}$Lang::tr{'pakfire installed addons'} + $Lang::tr{'pakfire available addons'}$Lang::tr{'pakfire installed addons'}
+
+
+
END diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 017634c614..e72edb92f8 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1460,6 +1460,8 @@ 'ssh no auth' => 'Sie haben keinerlei Authentifizierungverfahren zugelassen; dies wird Ihre Anmeldung verhindern', 'ssh passwords' => 'Passwortbasierte Authentifizierung zulassen', 'ssh portfw' => 'TCP-Weiterleitung zulassen', +'ssh tempstart15' => 'SSH-Zugriff für 15 Minuten', +'ssh tempstart30' => 'SSH-Zugriff für 30 Minuten', 'ssh1 disabled' => 'SSHv1 ist deaktiviert, ein Client der Version 2 wird benötigt.', 'ssh1 enabled' => 'SSHv1 ist aktiviert, Clients mit alten Versionen werden unterstützt.', 'ssh1 support' => 'Unterstützung für Version 1 des SSH-Protokolls (wird nur für alte Clients benötigt)', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index c4a91a064a..ab36808f6d 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1492,6 +1492,8 @@ 'ssh no auth' => 'You have not allowed any authentication methods; this will stop you logging in', 'ssh passwords' => 'Allow password based authentication', 'ssh portfw' => 'Allow TCP Forwarding', +'ssh tempstart15' => 'SSH Access for 15 Minutes', +'ssh tempstart30' => 'SSH Access for 30 Minutes', 'ssh1 disabled' => 'SSHv1 is disabled, a version 2 client will be required.', 'ssh1 enabled' => 'SSHv1 is enabled, old clients will be supported.', 'ssh1 support' => 'Support SSH protocol version 1 (required only for old clients)', diff --git a/src/misc-progs/restartssh.c b/src/misc-progs/restartssh.c index 13614014b2..531508affc 100644 --- a/src/misc-progs/restartssh.c +++ b/src/misc-progs/restartssh.c @@ -1,135 +1,150 @@ -/* SmoothWall helper program - restartssh - * - * This program is distributed under the terms of the GNU General Public - * Licence. See the file COPYING for details. - * - * (c) Mark Wormgoor, 2001 - * Simple program intended to be installed setuid(0) that can be used for - * restarting SSHd. - * - * $Id: restartssh.c,v 1.3 2003/12/11 10:57:34 riddles Exp $ - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "libsmooth.h" -#include "setuid.h" - -int main(void) -{ - int fd, config_fd, rc, pid; - char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '"; - struct keyvalue *kv = NULL; - - if (!(initsetuid())) - exit(1); - - kv = initkeyvalues(); - if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings")) - { - fprintf(stderr, "Cannot read remote access settings\n"); - exit(1); - } - - /* By using O_CREAT with O_EXCL open() will fail if the file already exists, - * this prevents 2 copies of restartssh both trying to edit the config file - * at once. It also prevents race conditions, but these shouldn't be - * possible as /etc/ssh/ should only be writable by root anyhow - */ - - if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 ) - { - perror("Unable to open new config file"); - freekeyvalues(kv); - exit(1); - } - - if(findkey(kv, "ENABLE_SSH_PROTOCOL1", buffer) && !strcmp(buffer,"on")) - strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE - 1 ); - else - strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 ); - - if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off")) - strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;" - "s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;", - STRING_SIZE - 1 ); - else - strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;" - "s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;", - STRING_SIZE - 1 ); - - if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off")) - strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 ); - else - strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 ); - - if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on")) - strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE - 1 ); - else - strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE - 1 ); - - freekeyvalues(kv); - - snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd ); - strlcat(command, buffer, STRING_SIZE - 1); - - if((rc = unpriv_system(command,99,99)) != 0) - { - fprintf(stderr, "sed returned bad exit code: %d\n", rc); - close(config_fd); - unlink("/etc/ssh/sshd_config.new"); - exit(1); - } - close(config_fd); - if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0) - { - perror("Unable to replace old config file"); - unlink("/etc/ssh/sshd_config.new"); - exit(1); - } - - memset(buffer, 0, STRING_SIZE); - - if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1) - { - if (read(fd, buffer, STRING_SIZE - 1) == -1) - fprintf(stderr, "Couldn't read from pid file\n"); - else - { - pid = atoi(buffer); - if (pid <= 1) - fprintf(stderr, "Bad pid value\n"); - else - { - if (kill(pid, SIGTERM) == -1) - fprintf(stderr, "Unable to send SIGTERM\n"); - else - unlink("/var/run/sshd.pid"); - } - } - close(fd); - } - else - { - if (errno != ENOENT) - { - perror("Unable to open pid file"); - exit(1); - } - } - - if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1) - { - close(fd); - safe_system("/usr/sbin/sshd"); - } - - return 0; -} +/* SmoothWall helper program - restartssh + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * (c) Mark Wormgoor, 2001 + * Simple program intended to be installed setuid(0) that can be used for + * restarting SSHd. + * + * $Id: restartssh.c,v 1.3 2003/12/11 10:57:34 riddles Exp $ + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include "libsmooth.h" +#include "setuid.h" + +int main(int argc, char *argv[]) +{ + if (strcmp(argv[1], "tempstart15") == 0) { + safe_system("/usr/local/bin/restartssh"); + sleep 5; + unlink("/var/ipfire/remote/enablessh"); + safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings"); + safe_system("sleep 900 && /usr/local/bin/restartssh &"); + } + else if (strcmp(argv[1], "tempstart30") == 0) { + safe_system("/usr/local/bin/restartssh"); + sleep 5; + unlink("/var/ipfire/remote/enablessh"); + safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings"); + safe_system("sleep 1800 && /usr/local/bin/restartssh &"); + } else { + int fd, config_fd, rc, pid; + char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '"; + struct keyvalue *kv = NULL; + + if (!(initsetuid())) + exit(1); + + kv = initkeyvalues(); + if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings")) + { + fprintf(stderr, "Cannot read remote access settings\n"); + exit(1); + } + + /* By using O_CREAT with O_EXCL open() will fail if the file already exists, + * this prevents 2 copies of restartssh both trying to edit the config file + * at once. It also prevents race conditions, but these shouldn't be + * possible as /etc/ssh/ should only be writable by root anyhow + */ + + if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 ) + { + perror("Unable to open new config file"); + freekeyvalues(kv); + exit(1); + } + + if(findkey(kv, "ENABLE_SSH_PROTOCOL1", buffer) && !strcmp(buffer,"on")) + strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE - 1 ); + else + strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 ); + + if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off")) + strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;" + "s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;", + STRING_SIZE - 1 ); + else + strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;" + "s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;", + STRING_SIZE - 1 ); + + if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off")) + strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 ); + else + strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 ); + + if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on")) + strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE - 1 ); + else + strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE - 1 ); + + freekeyvalues(kv); + + snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd ); + strlcat(command, buffer, STRING_SIZE - 1); + + if((rc = unpriv_system(command,99,99)) != 0) + { + fprintf(stderr, "sed returned bad exit code: %d\n", rc); + close(config_fd); + unlink("/etc/ssh/sshd_config.new"); + exit(1); + } + close(config_fd); + if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0) + { + perror("Unable to replace old config file"); + unlink("/etc/ssh/sshd_config.new"); + exit(1); + } + + memset(buffer, 0, STRING_SIZE); + + if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1) + { + if (read(fd, buffer, STRING_SIZE - 1) == -1) + fprintf(stderr, "Couldn't read from pid file\n"); + else + { + pid = atoi(buffer); + if (pid <= 1) + fprintf(stderr, "Bad pid value\n"); + else + { + if (kill(pid, SIGTERM) == -1) + fprintf(stderr, "Unable to send SIGTERM\n"); + else + unlink("/var/run/sshd.pid"); + } + } + close(fd); + } + else + { + if (errno != ENOENT) + { + perror("Unable to open pid file"); + exit(1); + } + } + + if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1) + { + close(fd); + safe_system("/usr/sbin/sshd"); + } + + return 0; + } +}