html/cgi-bin/remote.cgi

   1 #!/usr/bin/perl
   2 ###############################################################################
   3 #                                                                             #
   4 # IPFire.org - A linux based firewall                                         #
   5 # Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
   6 #                                                                             #
   7 # This program is free software: you can redistribute it and/or modify        #
   8 # it under the terms of the GNU General Public License as published by        #
   9 # the Free Software Foundation, either version 3 of the License, or           #
  10 # (at your option) any later version.                                         #
  11 #                                                                             #
  12 # This program is distributed in the hope that it will be useful,             #
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
  15 # GNU General Public License for more details.                                #
  16 #                                                                             #
  17 # You should have received a copy of the GNU General Public License           #
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
  19 #                                                                             #
  20 ###############################################################################
  21
  22 use strict;
  23
  24 # enable only the following on debugging purpose
  25 #use warnings;
  26 #use CGI::Carp 'fatalsToBrowser';
  27
  28 use IO::Socket;
  29
  30 require '/var/ipfire/general-functions.pl';
  31 require "${General::swroot}/location-functions.pl";
  32 require "${General::swroot}/lang.pl";
  33 require "${General::swroot}/header.pl";
  34
  35 my %color = ();
  36 my %mainsettings = ();
  37 my %remotesettings=();
  38 my %checked=();
  39 my $errormessage='';
  40 my $counter = 0;
  41
  42 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
  43 &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
  44
  45 &Header::showhttpheaders();
  46
  47 $remotesettings{'ENABLE_SSH'} = 'off';
  48 $remotesettings{'ENABLE_SSH_PORTFW'} = 'off';
  49 $remotesettings{'ACTION'} = '';
  50 &Header::getcgihash(\%remotesettings);
  51
  52 if ( (($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'}) || ($remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'})) && $remotesettings{'ACTION'} ne "" )
  53 {
  54         # not existing here indicates the box is unticked
  55         $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
  56         $remotesettings{'ENABLE_SSH_KEYS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_KEYS'};
  57
  58
  59         &General::writehash("${General::swroot}/remote/settings", \%remotesettings);
  60         if ($remotesettings{'ENABLE_SSH'} eq 'on')
  61         {
  62                 &General::log($Lang::tr{'ssh is enabled'});
  63                 if  ($remotesettings{'ENABLE_SSH_PASSWORDS'} eq 'off'
  64                  and $remotesettings{'ENABLE_SSH_KEYS'}      eq 'off')
  65                 {
  66                         $errormessage = $Lang::tr{'ssh no auth'};
  67                 }
  68                 &General::system('/usr/bin/touch', "${General::swroot}/remote/enablessh");
  69         }
  70         else
  71         {
  72                 &General::log($Lang::tr{'ssh is disabled'});
  73                 unlink "${General::swroot}/remote/enablessh";
  74         }
  75
  76         if ($remotesettings{'SSH_PORT'} eq 'on')
  77         {
  78                 &General::log("SSH Port 22");
  79         }
  80         else
  81         {
  82                 &General::log("SSH Port 222");
  83         }
  84
  85 if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
  86         if ($remotesettings{'ENABLE_SSH'} eq 'off')
  87         {
  88                         &General::system('/usr/bin/touch', "${General::swroot}/remote/enablessh");
  89                         &General::system('/usr/local/bin/sshctrl');
  90         }
  91   if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;}
  92   elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;}
  93
  94   system("/usr/local/bin/sshctrl tempstart $counter >/dev/null");
  95  }
  96 else {
  97         system('/usr/local/bin/sshctrl') == 0
  98                 or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
  99  }
 100 }
 101
 102 &General::readhash("${General::swroot}/remote/settings", \%remotesettings);
 103
 104 # not existing here means they're undefined and the default value should be
 105 # used
 106         $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
 107         $remotesettings{'ENABLE_SSH_KEYS'} = 'on' unless exists $remotesettings{'ENABLE_SSH_KEYS'};
 108         $remotesettings{'SSH_AGENT_FORWARDING'} = 'off' unless exists $remotesettings{'SSH_AGENT_FORWARDING'};
 109
 110 $checked{'ENABLE_SSH'}{'off'} = '';
 111 $checked{'ENABLE_SSH'}{'on'} = '';
 112 $checked{'ENABLE_SSH'}{$remotesettings{'ENABLE_SSH'}} = "checked='checked'";
 113 $checked{'ENABLE_SSH_PORTFW'}{'off'} = '';
 114 $checked{'ENABLE_SSH_PORTFW'}{'on'} = '';
 115 $checked{'ENABLE_SSH_PORTFW'}{$remotesettings{'ENABLE_SSH_PORTFW'}} = "checked='checked'";
 116 $checked{'ENABLE_SSH_PASSWORDS'}{'off'} = '';
 117 $checked{'ENABLE_SSH_PASSWORDS'}{'on'} = '';
 118 $checked{'ENABLE_SSH_PASSWORDS'}{$remotesettings{'ENABLE_SSH_PASSWORDS'}} = "checked='checked'";
 119 $checked{'ENABLE_SSH_KEYS'}{'off'} = '';
 120 $checked{'ENABLE_SSH_KEYS'}{'on'} = '';
 121 $checked{'ENABLE_SSH_KEYS'}{$remotesettings{'ENABLE_SSH_KEYS'}} = "checked='checked'";
 122 $checked{'SSH_PORT'}{'off'} = '';
 123 $checked{'SSH_PORT'}{'on'} = '';
 124 $checked{'SSH_PORT'}{$remotesettings{'SSH_PORT'}} = "checked='checked'";
 125 $checked{'SSH_AGENT_FORWARDING'}{'off'} = '';
 126 $checked{'SSH_AGENT_FORWARDING'}{'on'} = '';
 127 $checked{'SSH_AGENT_FORWARDING'}{$remotesettings{'SSH_AGENT_FORWARDING'}} = "checked='checked'";
 128
 129 &Header::openpage($Lang::tr{'remote access'}, 1, '');
 130
 131 &Header::openbigbox('100%', 'left', '', $errormessage);
 132
 133 if ($errormessage) {
 134         &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
 135         print "<font class='base'>$errormessage&nbsp;</font>\n";
 136         &Header::closebox();
 137 }
 138
 139 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
 140
 141 &Header::openbox('100%', 'left', $Lang::tr{'ssh'});
 142 print <<END
 143 <table width='100%'>
 144 <tr>
 145         <td><input type='checkbox' name='ENABLE_SSH' $checked{'ENABLE_SSH'}{'on'} /></td>
 146         <td class='base' colspan='2'>$Lang::tr{'ssh access'}</td>
 147 </tr>
 148 <tr>
 149         <td>&nbsp;</td>
 150         <td><input type='checkbox' name='SSH_AGENT_FORWARDING' $checked{'SSH_AGENT_FORWARDING'}{'on'} /></td>
 151         <td width='100%' class='base'>$Lang::tr{'ssh agent forwarding'}</td>
 152 </tr>
 153 <tr>
 154         <td>&nbsp;</td>
 155         <td><input type='checkbox' name='ENABLE_SSH_PORTFW' $checked{'ENABLE_SSH_PORTFW'}{'on'} /></td>
 156         <td width='100%' class='base'>$Lang::tr{'ssh portfw'}</td>
 157 </tr>
 158 <tr>
 159         <td>&nbsp;</td>
 160         <td><input type='checkbox' name='ENABLE_SSH_PASSWORDS' $checked{'ENABLE_SSH_PASSWORDS'}{'on'} /></td>
 161         <td width='100%' class='base'>$Lang::tr{'ssh passwords'}</td>
 162 </tr>
 163 <tr>
 164         <td>&nbsp;</td>
 165         <td><input type='checkbox' name='ENABLE_SSH_KEYS' $checked{'ENABLE_SSH_KEYS'}{'on'} /></td>
 166         <td width='100%' class='base'>$Lang::tr{'ssh keys'}</td>
 167 </tr>
 168 <tr>
 169         <td>&nbsp;</td>
 170         <td><input type='checkbox' name='SSH_PORT' $checked{'SSH_PORT'}{'on'} /></td>
 171         <td width='100%' class='base'>$Lang::tr{'ssh port'}</td>
 172 </tr>
 173 <tr>
 174         <td align='right' colspan='3'>
 175         <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart15'}' />
 176         <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart30'}' />
 177         <input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
 178 </tr>
 179 </table>
 180 END
 181 ;
 182 &Header::closebox();
 183
 184 print "</form>\n";
 185
 186 &Header::openbox('100%', 'center', $Lang::tr{'ssh host keys'});
 187
 188 print "<table class='tbl' width='100%'>\n";
 189
 190 print <<END
 191 <thead>
 192         <tr>
 193                 <th align="center"><strong>$Lang::tr{'ssh key'}</strong></th>
 194                 <th align="center"><strong>$Lang::tr{'type'}</strong></th>
 195                 <th align="center"><strong>$Lang::tr{'ssh fingerprint'}</strong></th>
 196                 <th align="center"><strong>$Lang::tr{'ssh key size'}</strong></th>
 197         </tr>
 198 </thead>
 199 <tbody>
 200 END
 201 ;
 202
 203 &viewkey("/etc/ssh/ssh_host_key.pub","RSA1");
 204 &viewkey("/etc/ssh/ssh_host_rsa_key.pub","RSA2");
 205 &viewkey("/etc/ssh/ssh_host_dsa_key.pub","DSA");
 206 &viewkey("/etc/ssh/ssh_host_ecdsa_key.pub","ECDSA");
 207 &viewkey("/etc/ssh/ssh_host_ed25519_key.pub","ED25519");
 208
 209 print "</tbody>\n</table>\n";
 210
 211 &Header::closebox();
 212
 213 &Header::openbox('100%', 'center', $Lang::tr{'ssh active sessions'});
 214
 215 print <<END;
 216                 <table class="tbl" width="100%">
 217                         <thead>
 218                                 <tr>
 219                                         <th align="center">
 220                                                 <strong>$Lang::tr{'ssh username'}</strong>
 221                                         </th>
 222                                         <th align="center">
 223                                                 <strong>$Lang::tr{'ssh login time'}</strong>
 224                                         </th>
 225                                         <th align="center">
 226                                                 <strong>$Lang::tr{'ip address'}</strong>
 227                                         </th>
 228                                         <th align="center">
 229                                                 <strong>$Lang::tr{'country'}</strong>
 230                                         </th>
 231                                         <th align="center">
 232                                                 <strong>$Lang::tr{'rdns'}</strong>
 233                                         </th>
 234                                 </tr>
 235                         </thead>
 236                         <tbody>
 237 END
 238
 239 &printactivelogins();
 240
 241 print "</tbody>\n</table>\n";
 242
 243 &Header::closebox();
 244
 245 &Header::closebigbox();
 246
 247 &Header::closepage();
 248
 249
 250 sub viewkey
 251 {
 252   my $key = $_[0];
 253   my $name = $_[1];
 254
 255   if ( -e $key )
 256   {
 257     # Use safe system_output function to call ssh-keygen and get the output from the tool.
 258     my @ssh_keygen = &General::system_output("/usr/bin/ssh-keygen", "-l", "-f", "$key");
 259
 260     my @temp = split(/ /, $ssh_keygen[0]);
 261     my $keysize = &Header::cleanhtml($temp[0],"y");
 262     my $fingerprint = &Header::cleanhtml($temp[1],"y");
 263     print "<tr><td><code>$key</code></td><td align='center'>$name</td><td><code>$fingerprint</code></td><td align='center'>$keysize</td></tr>\n";
 264   }
 265 }
 266
 267 sub printactivelogins()
 268 {
 269         # print active SSH logins (grep outpout of "who -s")
 270         my @output = &General::system_output("who", "-s");
 271         chomp(@output);
 272
 273         my $id = 0;
 274
 275         if ( scalar(@output) == 0 )
 276         {
 277                 # no logins appeared
 278                 my $table_colour = ($id++ % 2) ? $color{'color20'} : $color{'color22'};
 279                 print "<tr bgcolor='$table_colour'><td colspan='5'>$Lang::tr{'ssh no active logins'}</td></tr>\n";
 280         } else {
 281                 # list active logins...
 282                 foreach my $line (@output)
 283                 {
 284                         my @arry = split(/\ +/, $line);
 285
 286                         my $username = @arry[0];
 287                         my $logintime = join(' ', @arry[2..4]);
 288                         my $remoteip = @arry[5];
 289                         $remoteip =~ s/[()]//g;
 290
 291                         # display more information about that IP adress...
 292                         my $ccode = &Location::Functions::lookup_country_code($remoteip);
 293                         my $flag_icon = &Location::Functions::get_flag_icon($ccode);
 294
 295                         # get rDNS...
 296                         my $iaddr = inet_aton($remoteip);
 297                         my $rdns = gethostbyaddr($iaddr, AF_INET);
 298                         if (!$rdns) { $rdns = $Lang::tr{'ptr lookup failed'}; };
 299
 300                         my $table_colour = ($id++ % 2) ? $color{'color20'} : $color{'color22'};
 301
 302                         print <<END;
 303                         <tr bgcolor='$table_colour'>
 304                                 <td>$username</td>
 305                                 <td>$logintime</td>
 306                                 <td align='center'><a href='ipinfo.cgi?ip=$remoteip'>$remoteip</a></td>
 307                                 <td align='center'><a href='country.cgi#$ccode'><img src='$flag_icon' border='0' alt='$ccode' title='$ccode' /></a></td>
 308                                 <td>$rdns</td>
 309                         </tr>
 310 END
 311 ;
 312                 }
 313         }
 314 }