Remote CGI fuer ssh tempstart fertig
kleine Korrektur der sshctrl und syslogdctrl
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@849
ea5c0bd1-69bd-2848-81d8-
4f18e57aeed8
my %remotesettings=();
my %checked=();
my $errormessage='';
my %remotesettings=();
my %checked=();
my $errormessage='';
&Header::showhttpheaders();
&Header::showhttpheaders();
{
&General::log($Lang::tr{'ssh1 disabled'});
}
{
&General::log($Lang::tr{'ssh1 disabled'});
}
-if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ){
- system('/usr/local/bin/sshctrl','tempstart','900') == 0
- or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
- }
-elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
- system('/usr/local/bin/sshctrl','tempstart','1800') == 0
- or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
+if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
+ if ($remotesettings{'ENABLE_SSH'} eq 'off')
+ {
+ system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+ system('/usr/local/bin/sshctrl');
+ }
+ if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;}
+ elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;}
+
+ system("/usr/local/bin/sshctrl tempstart $counter >/dev/null");
}
else {
system('/usr/local/bin/sshctrl') == 0
}
else {
system('/usr/local/bin/sshctrl') == 0
'ssh no auth' => 'Sie haben keinerlei Authentifizierungverfahren zugelassen; dies wird Ihre Anmeldung verhindern',
'ssh passwords' => 'Passwortbasierte Authentifizierung zulassen',
'ssh portfw' => 'TCP-Weiterleitung zulassen',
'ssh no auth' => 'Sie haben keinerlei Authentifizierungverfahren zugelassen; dies wird Ihre Anmeldung verhindern',
'ssh passwords' => 'Passwortbasierte Authentifizierung zulassen',
'ssh portfw' => 'TCP-Weiterleitung zulassen',
-'ssh tempstart15' => 'SSH-Zugriff für 15 Minuten',
-'ssh tempstart30' => 'SSH-Zugriff für 30 Minuten',
+'ssh tempstart15' => 'SSH-Deamon in 15 Minuten beenden',
+'ssh tempstart30' => 'SSH-Deamon in 30 Minuten beenden',
'ssh1 disabled' => 'SSHv1 ist deaktiviert, ein Client der Version 2 wird benötigt.',
'ssh1 enabled' => 'SSHv1 ist aktiviert, Clients mit alten Versionen werden unterstützt.',
'ssh1 support' => 'Unterstützung für Version 1 des SSH-Protokolls (wird nur für alte Clients benötigt)',
'ssh1 disabled' => 'SSHv1 ist deaktiviert, ein Client der Version 2 wird benötigt.',
'ssh1 enabled' => 'SSHv1 ist aktiviert, Clients mit alten Versionen werden unterstützt.',
'ssh1 support' => 'Unterstützung für Version 1 des SSH-Protokolls (wird nur für alte Clients benötigt)',
'ssh no auth' => 'You have not allowed any authentication methods; this will stop you logging in',
'ssh passwords' => 'Allow password based authentication',
'ssh portfw' => 'Allow TCP Forwarding',
'ssh no auth' => 'You have not allowed any authentication methods; this will stop you logging in',
'ssh passwords' => 'Allow password based authentication',
'ssh portfw' => 'Allow TCP Forwarding',
-'ssh tempstart15' => 'SSH Access for 15 Minutes',
-'ssh tempstart30' => 'SSH Access for 30 Minutes',
+'ssh tempstart15' => 'Stop SSH deamon in 15 minutes',
+'ssh tempstart30' => 'Stop SSH deamon in 30 minutes',
'ssh1 disabled' => 'SSHv1 is disabled, a version 2 client will be required.',
'ssh1 enabled' => 'SSHv1 is enabled, old clients will be supported.',
'ssh1 support' => 'Support SSH protocol version 1 (required only for old clients)',
'ssh1 disabled' => 'SSHv1 is disabled, a version 2 client will be required.',
'ssh1 enabled' => 'SSHv1 is enabled, old clients will be supported.',
'ssh1 support' => 'Support SSH protocol version 1 (required only for old clients)',
ln -sf $(CONFIG_ROOT)/crls /etc/ipsec.d/crls
cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-startklips-1.patch
ln -sf $(CONFIG_ROOT)/crls /etc/ipsec.d/crls
cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-startklips-1.patch
+ cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-realsetup-1.patch
#@rm -rf $(DIR_APP)
@$(POSTBUILD)
#@rm -rf $(DIR_APP)
@$(POSTBUILD)
sleep(5);
unlink("/var/ipfire/remote/enablessh");
safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
sleep(5);
unlink("/var/ipfire/remote/enablessh");
safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
+ safe_system("chown nobody.nobody /var/ipfire/remote/settings");
snprintf(command, BUFFER_SIZE-1, "sleep %s && /usr/local/bin/sshctrl &", argv[2]);
safe_system(command);
}
snprintf(command, BUFFER_SIZE-1, "sleep %s && /usr/local/bin/sshctrl &", argv[2]);
safe_system(command);
}
else
snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@.\\+\\)$/#\\1/' /etc/syslog.conf >&%d", config_fd );
else
snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@.\\+\\)$/#\\1/' /etc/syslog.conf >&%d", config_fd );
- snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/*.\\/var\\/log\\/messages/%s \\/var\\/log\\/messages/' /etc/syslog.conf >&%d", varmessages, config_fd );
+ snprintf(buffer, STRING_SIZE - 1, "/bin/sed 's/*.\\/var\\/log\\/messages/%s \\/var\\/log\\/messages/' /etc/syslog.conf >&%d", varmessages, config_fd );
/* if the return code isn't 0 failsafe */
if ((rc = unpriv_system(buffer,99,99)) != 0)
/* if the return code isn't 0 failsafe */
if ((rc = unpriv_system(buffer,99,99)) != 0)
--- /dev/null
+--- programs/_realsetup/_realsetup.in
++++ programs/_realsetup/_realsetup.in
+@@ -193,8 +193,8 @@
+
+ # preliminaries
+ perform rm -f $lock
+- mkdir -p rundir > /dev/null 2>/dev/null
+- mkdir -p subsysdir > /dev/null 2>/dev/null
++ mkdir -p $rundir > /dev/null 2>/dev/null
++ mkdir -p $subsysdir > /dev/null 2>/dev/null