ARP Tabelle aus der DHCP CGI entfernt
[people/pmueller/ipfire-2.x.git] / src / misc-progs / restartssh.c
1 /* SmoothWall helper program - restartssh
2 *
3 * This program is distributed under the terms of the GNU General Public
4 * Licence. See the file COPYING for details.
5 *
6 * (c) Mark Wormgoor, 2001
7 * Simple program intended to be installed setuid(0) that can be used for
8 * restarting SSHd.
9 *
10 * $Id: restartssh.c,v 1.3 2003/12/11 10:57:34 riddles Exp $
11 *
12 */
13
14 #include <stdio.h>
15 #include <stdlib.h>
16 #include <unistd.h>
17 #include <string.h>
18 #include <sys/types.h>
19 #include <fcntl.h>
20 #include <signal.h>
21 #include <errno.h>
22 #include "libsmooth.h"
23 #include "setuid.h"
24
25 int main(int argc, char *argv[])
26 {
27 if (strcmp(argv[1], "tempstart15") == 0) {
28 safe_system("/usr/local/bin/restartssh");
29 sleep 5;
30 unlink("/var/ipfire/remote/enablessh");
31 safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
32 safe_system("sleep 900 && /usr/local/bin/restartssh &");
33 }
34 else if (strcmp(argv[1], "tempstart30") == 0) {
35 safe_system("/usr/local/bin/restartssh");
36 sleep 5;
37 unlink("/var/ipfire/remote/enablessh");
38 safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
39 safe_system("sleep 1800 && /usr/local/bin/restartssh &");
40 } else {
41 int fd, config_fd, rc, pid;
42 char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '";
43 struct keyvalue *kv = NULL;
44
45 if (!(initsetuid()))
46 exit(1);
47
48 kv = initkeyvalues();
49 if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings"))
50 {
51 fprintf(stderr, "Cannot read remote access settings\n");
52 exit(1);
53 }
54
55 /* By using O_CREAT with O_EXCL open() will fail if the file already exists,
56 * this prevents 2 copies of restartssh both trying to edit the config file
57 * at once. It also prevents race conditions, but these shouldn't be
58 * possible as /etc/ssh/ should only be writable by root anyhow
59 */
60
61 if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 )
62 {
63 perror("Unable to open new config file");
64 freekeyvalues(kv);
65 exit(1);
66 }
67
68 if(findkey(kv, "ENABLE_SSH_PROTOCOL1", buffer) && !strcmp(buffer,"on"))
69 strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE - 1 );
70 else
71 strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 );
72
73 if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off"))
74 strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;"
75 "s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;",
76 STRING_SIZE - 1 );
77 else
78 strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;"
79 "s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;",
80 STRING_SIZE - 1 );
81
82 if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off"))
83 strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 );
84 else
85 strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 );
86
87 if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on"))
88 strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE - 1 );
89 else
90 strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE - 1 );
91
92 freekeyvalues(kv);
93
94 snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd );
95 strlcat(command, buffer, STRING_SIZE - 1);
96
97 if((rc = unpriv_system(command,99,99)) != 0)
98 {
99 fprintf(stderr, "sed returned bad exit code: %d\n", rc);
100 close(config_fd);
101 unlink("/etc/ssh/sshd_config.new");
102 exit(1);
103 }
104 close(config_fd);
105 if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0)
106 {
107 perror("Unable to replace old config file");
108 unlink("/etc/ssh/sshd_config.new");
109 exit(1);
110 }
111
112 memset(buffer, 0, STRING_SIZE);
113
114 if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1)
115 {
116 if (read(fd, buffer, STRING_SIZE - 1) == -1)
117 fprintf(stderr, "Couldn't read from pid file\n");
118 else
119 {
120 pid = atoi(buffer);
121 if (pid <= 1)
122 fprintf(stderr, "Bad pid value\n");
123 else
124 {
125 if (kill(pid, SIGTERM) == -1)
126 fprintf(stderr, "Unable to send SIGTERM\n");
127 else
128 unlink("/var/run/sshd.pid");
129 }
130 }
131 close(fd);
132 }
133 else
134 {
135 if (errno != ENOENT)
136 {
137 perror("Unable to open pid file");
138 exit(1);
139 }
140 }
141
142 if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1)
143 {
144 close(fd);
145 safe_system("/usr/sbin/sshd");
146 }
147
148 return 0;
149 }
150 }