[people/pmueller/ipfire-2.x.git] / html / cgi-bin / remote.cgi

#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

use strict;

# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';

require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";

my %remotesettings=();
my %checked=();
my $errormessage='';
my $counter = 0;

&Header::showhttpheaders();

$remotesettings{'ENABLE_SSH'} = 'off';
$remotesettings{'ENABLE_SSH_PORTOCOL1'} = 'off';
$remotesettings{'ENABLE_SSH_PORTFW'} = 'off';
$remotesettings{'ACTION'} = '';
&Header::getcgihash(\%remotesettings);

if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'})) && $remotesettings{'ACTION'} ne "" )
{
	# not existing here indicates the box is unticked
	$remotesettings{'ENABLE_SSH_PASSWORDS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
	$remotesettings{'ENABLE_SSH_KEYS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_KEYS'};


	&General::writehash("${General::swroot}/remote/settings", \%remotesettings);
	if ($remotesettings{'ENABLE_SSH'} eq 'on')
	{
		&General::log($Lang::tr{'ssh is enabled'});
		if  ($remotesettings{'ENABLE_SSH_PASSWORDS'} eq 'off'
		 and $remotesettings{'ENABLE_SSH_KEYS'}      eq 'off')
		{
			$errormessage = $Lang::tr{'ssh no auth'};
		}
		system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
	}
	else
	{
		&General::log($Lang::tr{'ssh is disabled'});
		unlink "${General::swroot}/remote/enablessh";
	}

	if ($remotesettings{'ENABLE_SSH_PORTOCOL1'} eq 'on')
	{
		&General::log($Lang::tr{'ssh1 enabled'});
	}
	else
	{
		&General::log($Lang::tr{'ssh1 disabled'});
	}
	
	if ($remotesettings{'SSH_PORT'} eq 'on')
	{
		&General::log("SSH Port 22");
	}
	else
	{
		&General::log("SSH Port 222");
	}
	
if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
	if ($remotesettings{'ENABLE_SSH'} eq 'off')
	{
			system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
			system('/usr/local/bin/sshctrl');
	}
  if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;}
  elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;}
 
  system("/usr/local/bin/sshctrl tempstart $counter >/dev/null");
 }
else {
	system('/usr/local/bin/sshctrl') == 0
		or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
 }
}

&General::readhash("${General::swroot}/remote/settings", \%remotesettings);

# not existing here means they're undefined and the default value should be
# used
	$remotesettings{'ENABLE_SSH_PASSWORDS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
	$remotesettings{'ENABLE_SSH_KEYS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_KEYS'};

$checked{'ENABLE_SSH'}{'off'} = '';
$checked{'ENABLE_SSH'}{'on'} = '';
$checked{'ENABLE_SSH'}{$remotesettings{'ENABLE_SSH'}} = "checked='checked'";
$checked{'ENABLE_SSH_PORTOCOL1'}{'off'} = '';
$checked{'ENABLE_SSH_PORTOCOL1'}{'on'} = '';
$checked{'ENABLE_SSH_PORTOCOL1'}{$remotesettings{'ENABLE_SSH_PORTOCOL1'}} = "checked='checked'";
$checked{'ENABLE_SSH_PORTFW'}{'off'} = '';
$checked{'ENABLE_SSH_PORTFW'}{'on'} = '';
$checked{'ENABLE_SSH_PORTFW'}{$remotesettings{'ENABLE_SSH_PORTFW'}} = "checked='checked'";
$checked{'ENABLE_SSH_PASSWORDS'}{'off'} = '';
$checked{'ENABLE_SSH_PASSWORDS'}{'on'} = '';
$checked{'ENABLE_SSH_PASSWORDS'}{$remotesettings{'ENABLE_SSH_PASSWORDS'}} = "checked='checked'";
$checked{'ENABLE_SSH_KEYS'}{'off'} = '';
$checked{'ENABLE_SSH_KEYS'}{'on'} = '';
$checked{'ENABLE_SSH_KEYS'}{$remotesettings{'ENABLE_SSH_KEYS'}} = "checked='checked'";
$checked{'SSH_PORT'}{'off'} = '';
$checked{'SSH_PORT'}{'on'} = '';
$checked{'SSH_PORT'}{$remotesettings{'SSH_PORT'}} = "checked='checked'";

&Header::openpage($Lang::tr{'remote access'}, 1, '');

&Header::openbigbox('100%', 'left', '', $errormessage);

if ($errormessage) {
	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
	print "<FONT CLASS='base'>$errormessage&nbsp;</FONT>\n";
	&Header::closebox();
}

print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";

&Header::openbox('100%', 'left', 'SSH:');
print <<END
<table width='100%'>
<tr>
	<td><input type='checkbox' name='ENABLE_SSH' $checked{'ENABLE_SSH'}{'on'} /></td>
	<td class='base' colspan='2'>$Lang::tr{'ssh access'}</td>
</tr>
<tr>
	<td>&nbsp;</td>
	<td><input type='checkbox' name='ENABLE_SSH_PORTOCOL1' $checked{'ENABLE_SSH_PORTOCOL1'}{'on'} /></td>
	<td width='100%' class='base'>$Lang::tr{'ssh1 support'}</td>
</tr>
<tr>
	<td>&nbsp;</td>
	<td><input type='checkbox' name='ENABLE_SSH_PORTFW' $checked{'ENABLE_SSH_PORTFW'}{'on'} /></td>
	<td width='100%' class='base'>$Lang::tr{'ssh portfw'}</td>
</tr>
<tr>
	<td>&nbsp;</td>
	<td><input type='checkbox' name='ENABLE_SSH_PASSWORDS' $checked{'ENABLE_SSH_PASSWORDS'}{'on'} /></td>
	<td width='100%' class='base'>$Lang::tr{'ssh passwords'}</td>
</tr>
<tr>
	<td>&nbsp;</td>
	<td><input type='checkbox' name='ENABLE_SSH_KEYS' $checked{'ENABLE_SSH_KEYS'}{'on'} /></td>
	<td width='100%' class='base'>$Lang::tr{'ssh keys'}</td>
</tr>
<tr>
	<td>&nbsp;</td>
	<td><input type='checkbox' name='SSH_PORT' $checked{'SSH_PORT'}{'on'} /></td>
	<td width='100%' class='base'>$Lang::tr{'ssh port'}</td>
</tr>
<tr>
	<td align='center' colspan='3'><hr />
	<input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart15'}' />
	<input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart30'}' />
	<input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
</tr>
</table>
END
;
&Header::closebox();

print "</form>\n";

&Header::openbox('100%', 'left', $Lang::tr{'ssh host keys'});

print "<table>\n";

print <<END
<tr><td class='boldbase'><b>$Lang::tr{'ssh key'}</b></td>
    <td class='boldbase'><b>$Lang::tr{'ssh fingerprint'}</b></td>
    <td class='boldbase'><b>$Lang::tr{'ssh key size'}</b></td></tr>
END
;

&viewkey("/etc/ssh/ssh_host_key.pub","RSA1");
&viewkey("/etc/ssh/ssh_host_rsa_key.pub","RSA2");
&viewkey("/etc/ssh/ssh_host_dsa_key.pub","DSA");

print "</table>\n";

&Header::closebox();

&Header::closebigbox();

&Header::closepage();


sub viewkey
{
  my $key = $_[0];
  my $name = $_[1];

  if ( -e $key )
  {
    my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`);
    my $keysize = &Header::cleanhtml($temp[0],"y");
    my $fingerprint = &Header::cleanhtml($temp[1],"y");
    print "<tr><td>$key ($name)</td><td><code>$fingerprint</code></td><td align='center'>$keysize</td></tr>\n";
  }
}
Commit	Line	Data
ac1cfefa	1	#!/usr/bin/perl
70df8302 MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
ac1cfefa MT	21
	22	use strict;
	23
	24	# enable only the following on debugging purpose
	25	#use warnings;
	26	#use CGI::Carp 'fatalsToBrowser';
	27
986e08d9	28	require '/var/ipfire/general-functions.pl';
ac1cfefa MT	29	require "${General::swroot}/lang.pl";
	30	require "${General::swroot}/header.pl";
	31
	32	my %remotesettings=();
	33	my %checked=();
	34	my $errormessage='';
113cd628	35	my $counter = 0;
ac1cfefa MT	36
	37	&Header::showhttpheaders();
	38
	39	$remotesettings{'ENABLE_SSH'} = 'off';
4ef2ecc2	40	$remotesettings{'ENABLE_SSH_PORTOCOL1'} = 'off';
ac1cfefa MT	41	$remotesettings{'ENABLE_SSH_PORTFW'} = 'off';
	42	$remotesettings{'ACTION'} = '';
	43	&Header::getcgihash(\%remotesettings);
	44
05c71989	45	if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) \|\| ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'}) \|\| ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'})) && $remotesettings{'ACTION'} ne "" )
ac1cfefa MT	46	{
	47	# not existing here indicates the box is unticked
	48	$remotesettings{'ENABLE_SSH_PASSWORDS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
	49	$remotesettings{'ENABLE_SSH_KEYS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_KEYS'};
	50
	51
	52	&General::writehash("${General::swroot}/remote/settings", \%remotesettings);
	53	if ($remotesettings{'ENABLE_SSH'} eq 'on')
	54	{
	55	&General::log($Lang::tr{'ssh is enabled'});
	56	if ($remotesettings{'ENABLE_SSH_PASSWORDS'} eq 'off'
	57	and $remotesettings{'ENABLE_SSH_KEYS'} eq 'off')
	58	{
	59	$errormessage = $Lang::tr{'ssh no auth'};
	60	}
9833e7d8	61	system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
ac1cfefa MT	62	}
	63	else
	64	{
	65	&General::log($Lang::tr{'ssh is disabled'});
	66	unlink "${General::swroot}/remote/enablessh";
	67	}
	68
4ef2ecc2	69	if ($remotesettings{'ENABLE_SSH_PORTOCOL1'} eq 'on')
ac1cfefa MT	70	{
	71	&General::log($Lang::tr{'ssh1 enabled'});
	72	}
	73	else
	74	{
	75	&General::log($Lang::tr{'ssh1 disabled'});
	76	}
4ef2ecc2 JPT	77
	78	if ($remotesettings{'SSH_PORT'} eq 'on')
	79	{
	80	&General::log("SSH Port 22");
	81	}
	82	else
	83	{
	84	&General::log("SSH Port 222");
	85	}
	86
113cd628 CS	87	if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} \|\| $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
	88	if ($remotesettings{'ENABLE_SSH'} eq 'off')
	89	{
	90	system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
	91	system('/usr/local/bin/sshctrl');
	92	}
	93	if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;}
	94	elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;}
	95
	96	system("/usr/local/bin/sshctrl tempstart $counter >/dev/null");
70db8683 CS	97	}
70db8683 CS	98	else {
900832fa	99	system('/usr/local/bin/sshctrl') == 0
ac1cfefa	100	or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
70db8683	101	}
ac1cfefa MT	102	}
	103
	104	&General::readhash("${General::swroot}/remote/settings", \%remotesettings);
	105
	106	# not existing here means they're undefined and the default value should be
	107	# used
	108	$remotesettings{'ENABLE_SSH_PASSWORDS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
	109	$remotesettings{'ENABLE_SSH_KEYS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_KEYS'};
	110
	111	$checked{'ENABLE_SSH'}{'off'} = '';
	112	$checked{'ENABLE_SSH'}{'on'} = '';
	113	$checked{'ENABLE_SSH'}{$remotesettings{'ENABLE_SSH'}} = "checked='checked'";
4ef2ecc2 JPT	114	$checked{'ENABLE_SSH_PORTOCOL1'}{'off'} = '';
	115	$checked{'ENABLE_SSH_PORTOCOL1'}{'on'} = '';
	116	$checked{'ENABLE_SSH_PORTOCOL1'}{$remotesettings{'ENABLE_SSH_PORTOCOL1'}} = "checked='checked'";
ac1cfefa MT	117	$checked{'ENABLE_SSH_PORTFW'}{'off'} = '';
	118	$checked{'ENABLE_SSH_PORTFW'}{'on'} = '';
	119	$checked{'ENABLE_SSH_PORTFW'}{$remotesettings{'ENABLE_SSH_PORTFW'}} = "checked='checked'";
	120	$checked{'ENABLE_SSH_PASSWORDS'}{'off'} = '';
	121	$checked{'ENABLE_SSH_PASSWORDS'}{'on'} = '';
	122	$checked{'ENABLE_SSH_PASSWORDS'}{$remotesettings{'ENABLE_SSH_PASSWORDS'}} = "checked='checked'";
	123	$checked{'ENABLE_SSH_KEYS'}{'off'} = '';
	124	$checked{'ENABLE_SSH_KEYS'}{'on'} = '';
	125	$checked{'ENABLE_SSH_KEYS'}{$remotesettings{'ENABLE_SSH_KEYS'}} = "checked='checked'";
4ef2ecc2 JPT	126	$checked{'SSH_PORT'}{'off'} = '';
	127	$checked{'SSH_PORT'}{'on'} = '';
	128	$checked{'SSH_PORT'}{$remotesettings{'SSH_PORT'}} = "checked='checked'";
ac1cfefa MT	129
	130	&Header::openpage($Lang::tr{'remote access'}, 1, '');
	131
	132	&Header::openbigbox('100%', 'left', '', $errormessage);
	133
	134	if ($errormessage) {
	135	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
	136	print "<FONT CLASS='base'>$errormessage </FONT>\n";
	137	&Header::closebox();
	138	}
	139
	140	print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
	141
	142	&Header::openbox('100%', 'left', 'SSH:');
	143	print <<END
	144	<table width='100%'>
	145	<tr>
	146	<td><input type='checkbox' name='ENABLE_SSH' $checked{'ENABLE_SSH'}{'on'} /></td>
	147	<td class='base' colspan='2'>$Lang::tr{'ssh access'}</td>
	148	</tr>
	149	<tr>
	150	<td> </td>
4ef2ecc2	151	<td><input type='checkbox' name='ENABLE_SSH_PORTOCOL1' $checked{'ENABLE_SSH_PORTOCOL1'}{'on'} /></td>
ac1cfefa MT	152	<td width='100%' class='base'>$Lang::tr{'ssh1 support'}</td>
	153	</tr>
	154	<tr>
	155	<td> </td>
	156	<td><input type='checkbox' name='ENABLE_SSH_PORTFW' $checked{'ENABLE_SSH_PORTFW'}{'on'} /></td>
	157	<td width='100%' class='base'>$Lang::tr{'ssh portfw'}</td>
	158	</tr>
	159	<tr>
	160	<td> </td>
	161	<td><input type='checkbox' name='ENABLE_SSH_PASSWORDS' $checked{'ENABLE_SSH_PASSWORDS'}{'on'} /></td>
	162	<td width='100%' class='base'>$Lang::tr{'ssh passwords'}</td>
	163	</tr>
	164	<tr>
	165	<td> </td>
	166	<td><input type='checkbox' name='ENABLE_SSH_KEYS' $checked{'ENABLE_SSH_KEYS'}{'on'} /></td>
	167	<td width='100%' class='base'>$Lang::tr{'ssh keys'}</td>
	168	</tr>
4ef2ecc2 JPT	169	<tr>
	170	<td> </td>
	171	<td><input type='checkbox' name='SSH_PORT' $checked{'SSH_PORT'}{'on'} /></td>
	172	<td width='100%' class='base'>$Lang::tr{'ssh port'}</td>
	173	</tr>
ac1cfefa	174	<tr>
bba7212c MT	175	<td align='center' colspan='3'><hr />
	176	<input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart15'}' />
	177	<input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart30'}' />
	178	<input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
ac1cfefa MT	179	</tr>
	180	</table>
	181	END
	182	;
	183	&Header::closebox();
	184
	185	print "</form>\n";
	186
	187	&Header::openbox('100%', 'left', $Lang::tr{'ssh host keys'});
	188
	189	print "<table>\n";
	190
	191	print <<END
	192	<tr><td class='boldbase'><b>$Lang::tr{'ssh key'}</b></td>
	193	<td class='boldbase'><b>$Lang::tr{'ssh fingerprint'}</b></td>
	194	<td class='boldbase'><b>$Lang::tr{'ssh key size'}</b></td></tr>
	195	END
	196	;
	197
	198	&viewkey("/etc/ssh/ssh_host_key.pub","RSA1");
	199	&viewkey("/etc/ssh/ssh_host_rsa_key.pub","RSA2");
	200	&viewkey("/etc/ssh/ssh_host_dsa_key.pub","DSA");
	201
	202	print "</table>\n";
	203
	204	&Header::closebox();
	205
	206	&Header::closebigbox();
	207
	208	&Header::closepage();
	209
	210
	211	sub viewkey
	212	{
	213	my $key = $_[0];
	214	my $name = $_[1];
	215
	216	if ( -e $key )
	217	{
	218	my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`);
	219	my $keysize = &Header::cleanhtml($temp[0],"y");
	220	my $fingerprint = &Header::cleanhtml($temp[1],"y");
	221	print "<tr><td>$key ($name)</td><td><code>$fingerprint</code></td><td align='center'>$keysize</td></tr>\n";
	222	}
	223	}