]>
Commit | Line | Data |
---|---|---|
ac1cfefa | 1 | #!/usr/bin/perl |
70df8302 MT |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2007 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
ac1cfefa MT |
21 | |
22 | use strict; | |
23 | ||
24 | # enable only the following on debugging purpose | |
25 | #use warnings; | |
26 | #use CGI::Carp 'fatalsToBrowser'; | |
27 | ||
986e08d9 | 28 | require '/var/ipfire/general-functions.pl'; |
ac1cfefa MT |
29 | require "${General::swroot}/lang.pl"; |
30 | require "${General::swroot}/header.pl"; | |
31 | ||
32 | my %remotesettings=(); | |
33 | my %checked=(); | |
34 | my $errormessage=''; | |
113cd628 | 35 | my $counter = 0; |
ac1cfefa MT |
36 | |
37 | &Header::showhttpheaders(); | |
38 | ||
39 | $remotesettings{'ENABLE_SSH'} = 'off'; | |
4ef2ecc2 | 40 | $remotesettings{'ENABLE_SSH_PORTOCOL1'} = 'off'; |
ac1cfefa MT |
41 | $remotesettings{'ENABLE_SSH_PORTFW'} = 'off'; |
42 | $remotesettings{'ACTION'} = ''; | |
43 | &Header::getcgihash(\%remotesettings); | |
44 | ||
05c71989 | 45 | if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'})) && $remotesettings{'ACTION'} ne "" ) |
ac1cfefa MT |
46 | { |
47 | # not existing here indicates the box is unticked | |
48 | $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'}; | |
49 | $remotesettings{'ENABLE_SSH_KEYS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_KEYS'}; | |
50 | ||
51 | ||
52 | &General::writehash("${General::swroot}/remote/settings", \%remotesettings); | |
53 | if ($remotesettings{'ENABLE_SSH'} eq 'on') | |
54 | { | |
55 | &General::log($Lang::tr{'ssh is enabled'}); | |
56 | if ($remotesettings{'ENABLE_SSH_PASSWORDS'} eq 'off' | |
57 | and $remotesettings{'ENABLE_SSH_KEYS'} eq 'off') | |
58 | { | |
59 | $errormessage = $Lang::tr{'ssh no auth'}; | |
60 | } | |
9833e7d8 | 61 | system ('/usr/bin/touch', "${General::swroot}/remote/enablessh"); |
ac1cfefa MT |
62 | } |
63 | else | |
64 | { | |
65 | &General::log($Lang::tr{'ssh is disabled'}); | |
66 | unlink "${General::swroot}/remote/enablessh"; | |
67 | } | |
68 | ||
4ef2ecc2 | 69 | if ($remotesettings{'ENABLE_SSH_PORTOCOL1'} eq 'on') |
ac1cfefa MT |
70 | { |
71 | &General::log($Lang::tr{'ssh1 enabled'}); | |
72 | } | |
73 | else | |
74 | { | |
75 | &General::log($Lang::tr{'ssh1 disabled'}); | |
76 | } | |
4ef2ecc2 JPT |
77 | |
78 | if ($remotesettings{'SSH_PORT'} eq 'on') | |
79 | { | |
80 | &General::log("SSH Port 22"); | |
81 | } | |
82 | else | |
83 | { | |
84 | &General::log("SSH Port 222"); | |
85 | } | |
86 | ||
113cd628 CS |
87 | if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){ |
88 | if ($remotesettings{'ENABLE_SSH'} eq 'off') | |
89 | { | |
90 | system ('/usr/bin/touch', "${General::swroot}/remote/enablessh"); | |
91 | system('/usr/local/bin/sshctrl'); | |
92 | } | |
93 | if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;} | |
94 | elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;} | |
95 | ||
96 | system("/usr/local/bin/sshctrl tempstart $counter >/dev/null"); | |
70db8683 CS |
97 | } |
98 | else { | |
900832fa | 99 | system('/usr/local/bin/sshctrl') == 0 |
ac1cfefa | 100 | or $errormessage = "$Lang::tr{'bad return code'} " . $?/256; |
70db8683 | 101 | } |
ac1cfefa MT |
102 | } |
103 | ||
104 | &General::readhash("${General::swroot}/remote/settings", \%remotesettings); | |
105 | ||
106 | # not existing here means they're undefined and the default value should be | |
107 | # used | |
108 | $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'}; | |
109 | $remotesettings{'ENABLE_SSH_KEYS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_KEYS'}; | |
110 | ||
111 | $checked{'ENABLE_SSH'}{'off'} = ''; | |
112 | $checked{'ENABLE_SSH'}{'on'} = ''; | |
113 | $checked{'ENABLE_SSH'}{$remotesettings{'ENABLE_SSH'}} = "checked='checked'"; | |
4ef2ecc2 JPT |
114 | $checked{'ENABLE_SSH_PORTOCOL1'}{'off'} = ''; |
115 | $checked{'ENABLE_SSH_PORTOCOL1'}{'on'} = ''; | |
116 | $checked{'ENABLE_SSH_PORTOCOL1'}{$remotesettings{'ENABLE_SSH_PORTOCOL1'}} = "checked='checked'"; | |
ac1cfefa MT |
117 | $checked{'ENABLE_SSH_PORTFW'}{'off'} = ''; |
118 | $checked{'ENABLE_SSH_PORTFW'}{'on'} = ''; | |
119 | $checked{'ENABLE_SSH_PORTFW'}{$remotesettings{'ENABLE_SSH_PORTFW'}} = "checked='checked'"; | |
120 | $checked{'ENABLE_SSH_PASSWORDS'}{'off'} = ''; | |
121 | $checked{'ENABLE_SSH_PASSWORDS'}{'on'} = ''; | |
122 | $checked{'ENABLE_SSH_PASSWORDS'}{$remotesettings{'ENABLE_SSH_PASSWORDS'}} = "checked='checked'"; | |
123 | $checked{'ENABLE_SSH_KEYS'}{'off'} = ''; | |
124 | $checked{'ENABLE_SSH_KEYS'}{'on'} = ''; | |
125 | $checked{'ENABLE_SSH_KEYS'}{$remotesettings{'ENABLE_SSH_KEYS'}} = "checked='checked'"; | |
4ef2ecc2 JPT |
126 | $checked{'SSH_PORT'}{'off'} = ''; |
127 | $checked{'SSH_PORT'}{'on'} = ''; | |
128 | $checked{'SSH_PORT'}{$remotesettings{'SSH_PORT'}} = "checked='checked'"; | |
ac1cfefa MT |
129 | |
130 | &Header::openpage($Lang::tr{'remote access'}, 1, ''); | |
131 | ||
132 | &Header::openbigbox('100%', 'left', '', $errormessage); | |
133 | ||
134 | if ($errormessage) { | |
135 | &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); | |
136 | print "<FONT CLASS='base'>$errormessage </FONT>\n"; | |
137 | &Header::closebox(); | |
138 | } | |
139 | ||
140 | print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n"; | |
141 | ||
142 | &Header::openbox('100%', 'left', 'SSH:'); | |
143 | print <<END | |
144 | <table width='100%'> | |
145 | <tr> | |
146 | <td><input type='checkbox' name='ENABLE_SSH' $checked{'ENABLE_SSH'}{'on'} /></td> | |
147 | <td class='base' colspan='2'>$Lang::tr{'ssh access'}</td> | |
148 | </tr> | |
149 | <tr> | |
150 | <td> </td> | |
4ef2ecc2 | 151 | <td><input type='checkbox' name='ENABLE_SSH_PORTOCOL1' $checked{'ENABLE_SSH_PORTOCOL1'}{'on'} /></td> |
ac1cfefa MT |
152 | <td width='100%' class='base'>$Lang::tr{'ssh1 support'}</td> |
153 | </tr> | |
154 | <tr> | |
155 | <td> </td> | |
156 | <td><input type='checkbox' name='ENABLE_SSH_PORTFW' $checked{'ENABLE_SSH_PORTFW'}{'on'} /></td> | |
157 | <td width='100%' class='base'>$Lang::tr{'ssh portfw'}</td> | |
158 | </tr> | |
159 | <tr> | |
160 | <td> </td> | |
161 | <td><input type='checkbox' name='ENABLE_SSH_PASSWORDS' $checked{'ENABLE_SSH_PASSWORDS'}{'on'} /></td> | |
162 | <td width='100%' class='base'>$Lang::tr{'ssh passwords'}</td> | |
163 | </tr> | |
164 | <tr> | |
165 | <td> </td> | |
166 | <td><input type='checkbox' name='ENABLE_SSH_KEYS' $checked{'ENABLE_SSH_KEYS'}{'on'} /></td> | |
167 | <td width='100%' class='base'>$Lang::tr{'ssh keys'}</td> | |
168 | </tr> | |
4ef2ecc2 JPT |
169 | <tr> |
170 | <td> </td> | |
171 | <td><input type='checkbox' name='SSH_PORT' $checked{'SSH_PORT'}{'on'} /></td> | |
172 | <td width='100%' class='base'>$Lang::tr{'ssh port'}</td> | |
173 | </tr> | |
ac1cfefa | 174 | <tr> |
bba7212c MT |
175 | <td align='center' colspan='3'><hr /> |
176 | <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart15'}' /> | |
177 | <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart30'}' /> | |
178 | <input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td> | |
ac1cfefa MT |
179 | </tr> |
180 | </table> | |
181 | END | |
182 | ; | |
183 | &Header::closebox(); | |
184 | ||
185 | print "</form>\n"; | |
186 | ||
187 | &Header::openbox('100%', 'left', $Lang::tr{'ssh host keys'}); | |
188 | ||
189 | print "<table>\n"; | |
190 | ||
191 | print <<END | |
192 | <tr><td class='boldbase'><b>$Lang::tr{'ssh key'}</b></td> | |
193 | <td class='boldbase'><b>$Lang::tr{'ssh fingerprint'}</b></td> | |
194 | <td class='boldbase'><b>$Lang::tr{'ssh key size'}</b></td></tr> | |
195 | END | |
196 | ; | |
197 | ||
198 | &viewkey("/etc/ssh/ssh_host_key.pub","RSA1"); | |
199 | &viewkey("/etc/ssh/ssh_host_rsa_key.pub","RSA2"); | |
200 | &viewkey("/etc/ssh/ssh_host_dsa_key.pub","DSA"); | |
201 | ||
202 | print "</table>\n"; | |
203 | ||
204 | &Header::closebox(); | |
205 | ||
206 | &Header::closebigbox(); | |
207 | ||
208 | &Header::closepage(); | |
209 | ||
210 | ||
211 | sub viewkey | |
212 | { | |
213 | my $key = $_[0]; | |
214 | my $name = $_[1]; | |
215 | ||
216 | if ( -e $key ) | |
217 | { | |
218 | my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`); | |
219 | my $keysize = &Header::cleanhtml($temp[0],"y"); | |
220 | my $fingerprint = &Header::cleanhtml($temp[1],"y"); | |
221 | print "<tr><td>$key ($name)</td><td><code>$fingerprint</code></td><td align='center'>$keysize</td></tr>\n"; | |
222 | } | |
223 | } |