ARP Tabelle aus der DHCP CGI entfernt
authormaniacikarus <maniacikarus@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Sat, 18 Aug 2007 19:10:10 +0000 (19:10 +0000)
committermaniacikarus <maniacikarus@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Sat, 18 Aug 2007 19:10:10 +0000 (19:10 +0000)
Pakfire CGI nochmal korrigiert
SSH Zugriff mit Timer gebaut

git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@780 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

config/mpfire/mpfire.pl
doc/language_issues.de
doc/language_issues.en
html/cgi-bin/dhcp.cgi
html/cgi-bin/pakfire.cgi
html/cgi-bin/remote.cgi
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl
src/misc-progs/restartssh.c

index aa6a51e16d60980807f9920993ab52f50b84446b..ded8b9b1c8b97e5d20949199f2e76550e762ae8a 100644 (file)
@@ -9,7 +9,7 @@ require "${General::swroot}/header.pl";
 
 my $filename = "";
 my %songs = "";
-my $debug = 1;
+my $debug = 0;
 my $temp;
 
 if ($ARGV[0] eq 'scan') {
index 9b77add02d2c9934aff9cbaa6795fed8a1fb5c86..3f37f3d25273001f608c0057124bdbed95b488f4 100644 (file)
@@ -265,7 +265,6 @@ WARNING: translation string unused: ovpn_processprioVH
 WARNING: translation string unused: ovpnstatus log
 WARNING: translation string unused: ovpnsys log
 WARNING: translation string unused: package failed to install
-WARNING: translation string unused: pakfire available addons
 WARNING: translation string unused: password contains illegal characters
 WARNING: translation string unused: password crypting key
 WARNING: translation string unused: passwords must be at least 6 characters in length
index 509d00f8a687bfbd4900fcc6b2b230f79f62227e..59f1ba9f50d09de8008ed33d8063e447e51f4125 100644 (file)
@@ -293,7 +293,6 @@ WARNING: translation string unused: ovpn_processprioVH
 WARNING: translation string unused: ovpnstatus log
 WARNING: translation string unused: ovpnsys log
 WARNING: translation string unused: package failed to install
-WARNING: translation string unused: pakfire available addons
 WARNING: translation string unused: password contains illegal characters
 WARNING: translation string unused: password crypting key
 WARNING: translation string unused: passwords must be at least 6 characters in length
index 9357bff17ed418d0525b0e98e4203bb82b4b4b94..91383373412e8cec74fffd8f18c1dd8c71a379f8 100644 (file)
@@ -1014,33 +1014,6 @@ END
 
 &Header::closebox();
 
-&Header::openbox('100%', 'left', $Lang::tr{'arp table entries'});
-my @ip = qx(/sbin/ip neigh show | awk '{print \$1}');
-my @mac = qx(/sbin/ip neigh show | awk '{print \$5}');
-
-print <<END
-<hr />
-<table width='100%'>
-<tr>
-<td width='40%'><b>$Lang::tr{'ip address'}</b></td><td width='40%'><b>$Lang::tr{'mac address'}</b></td><td width='20%'>Optionen</td>
-</tr>
-END
-;
-my $i=0;
-
-foreach my $ip(@ip)
-{
- print"<tr><form method='post' action='$ENV{'SCRIPT_NAME'}'><td><input type='hidden' name='FIX_ADDR' value='$ip' />$ip</td>";
- print"<td><input type='hidden' name='FIX_MAC' value='@mac[$i]' />@mac[$i]</td>";
- print"<td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}2' /><input type='submit' name='SUBMIT' value='$buttontext' /></td></form></tr>";
-}
-
-
-print"</table>";
-
-&Header::closebox();
-
-
 foreach my $itf (@ITFs) {
     if ($dhcpsettings{"ENABLE_${itf}"} eq 'on') {
        # display leases with a list of actions to do with the global select checkbox.
index b10b5a7427e6afdceca34d6327b4370a56ba3357..ca34292fec2d7c3f88c3d23ea8ad349a11f9ec44 100644 (file)
@@ -188,7 +188,7 @@ system("pakfire update &>dev/null");
 
 print <<END;
        <table width='100%'>
-               <tr><td bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire installed addons'}</b></td><td bgcolor='$color{'color20'}'></td><td bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire installed addons'}</b>
+               <tr><td bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire available addons'}</b></td><td bgcolor='$color{'color20'}'></td><td bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire installed addons'}</b>
                <tr><td width='40%' align="center">
                        <form method='post' action='$ENV{'SCRIPT_NAME'}'>
                                <select name="INSPAKS" size="10" multiple>
index ab373791b3811e5606ba6e2da6ddc7c891180cbe..b813692f64dd26927f9110433f3bd3529e71557b 100644 (file)
@@ -31,7 +31,7 @@ $remotesettings{'ENABLE_SSH_PORTFW'} = 'off';
 $remotesettings{'ACTION'} = '';
 &Header::getcgihash(\%remotesettings);
 
-if ($remotesettings{'ACTION'} eq $Lang::tr{'save'})
+if ( ($remotesettings{'ACTION'} eq $Lang::tr{'save'}) || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} )
 {
        # not existing here indicates the box is unticked
        $remotesettings{'ENABLE_SSH_PASSWORDS'} = 'off' unless exists $remotesettings{'ENABLE_SSH_PASSWORDS'};
@@ -63,9 +63,18 @@ if ($remotesettings{'ACTION'} eq $Lang::tr{'save'})
        {
                &General::log($Lang::tr{'ssh1 disabled'});
        }
-
+if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ){
+       system('/usr/local/bin/restartssh','tempstart15') == 0
+               or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
+ }
+elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
+       system('/usr/local/bin/restartssh','tempstart30') == 0
+               or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
+ }
+else {
        system('/usr/local/bin/restartssh') == 0
                or $errormessage = "$Lang::tr{'bad return code'} " . $?/256;
+ }
 }
 
 &General::readhash("${General::swroot}/remote/settings", \%remotesettings);
@@ -132,7 +141,9 @@ print <<END
        <td width='100%' class='base'>$Lang::tr{'ssh keys'}</td>
 </tr>
 <tr>
-       <td colspan='3' align='center'><hr /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+       <td align='center'><hr /><input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart15'}' /></td>
+  <td align='center'><hr /><input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart30'}' /></td>
+  <td align='center'><hr /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
 </tr>
 </table>
 END
index 017634c61405b0ca7726200aad8796bc9d5302a3..e72edb92f8a74d728c3d884516adf645953413b1 100644 (file)
 'ssh no auth' => 'Sie haben keinerlei Authentifizierungverfahren zugelassen; dies wird Ihre Anmeldung verhindern',
 'ssh passwords' => 'Passwortbasierte Authentifizierung zulassen',
 'ssh portfw' => 'TCP-Weiterleitung zulassen',
+'ssh tempstart15' => 'SSH-Zugriff für 15 Minuten',
+'ssh tempstart30' => 'SSH-Zugriff für 30 Minuten',
 'ssh1 disabled' => 'SSHv1 ist deaktiviert, ein Client der Version 2 wird benötigt.',
 'ssh1 enabled' => 'SSHv1 ist aktiviert, Clients mit alten Versionen werden unterstützt.',
 'ssh1 support' => 'Unterstützung für Version 1 des SSH-Protokolls (wird nur für alte Clients benötigt)',
index c4a91a064aed14f52d4418e4787ff741ceaefa0e..ab36808f6dacae01cef50d11920b64738c81c17f 100644 (file)
 'ssh no auth' => 'You have not allowed any authentication methods; this will stop you logging in',
 'ssh passwords' => 'Allow password based authentication',
 'ssh portfw' => 'Allow TCP Forwarding',
+'ssh tempstart15' => 'SSH Access for 15 Minutes',
+'ssh tempstart30' => 'SSH Access for 30 Minutes',
 'ssh1 disabled' => 'SSHv1 is disabled, a version 2 client will be required.',
 'ssh1 enabled' => 'SSHv1 is enabled, old clients will be supported.',
 'ssh1 support' => 'Support SSH protocol version 1 (required only for old clients)',
index 13614014b2b8edddddbbd8dc757d82f2086b5745..531508affc1a85bec8bce4fee56aeccb2ec432df 100644 (file)
-/* SmoothWall helper program - restartssh\r
- *\r
- * This program is distributed under the terms of the GNU General Public\r
- * Licence.  See the file COPYING for details.\r
- *\r
- * (c) Mark Wormgoor, 2001\r
- * Simple program intended to be installed setuid(0) that can be used for\r
- * restarting SSHd. \r
- * \r
- * $Id: restartssh.c,v 1.3 2003/12/11 10:57:34 riddles Exp $\r
- * \r
- */\r
-\r
-#include <stdio.h>\r
-#include <stdlib.h>\r
-#include <unistd.h>\r
-#include <string.h>\r
-#include <sys/types.h>\r
-#include <fcntl.h>\r
-#include <signal.h>\r
-#include <errno.h>\r
-#include "libsmooth.h"\r
-#include "setuid.h"\r
-\r
-int main(void)\r
-{\r
-       int fd, config_fd, rc, pid;\r
-       char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '";\r
-       struct keyvalue *kv = NULL;\r
-\r
-       if (!(initsetuid()))\r
-               exit(1);\r
-\r
-       kv = initkeyvalues();\r
-       if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings"))\r
-       {\r
-               fprintf(stderr, "Cannot read remote access settings\n");\r
-               exit(1);\r
-       }\r
-\r
-       /* By using O_CREAT with O_EXCL open() will fail if the file already exists,\r
-        * this prevents 2 copies of restartssh both trying to edit the config file\r
-        * at once. It also prevents race conditions, but these shouldn't be\r
-        * possible as /etc/ssh/ should only be writable by root anyhow\r
-        */\r
-\r
-       if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 )\r
-       {\r
-               perror("Unable to open new config file");\r
-               freekeyvalues(kv);\r
-               exit(1);\r
-       }\r
-\r
-       if(findkey(kv, "ENABLE_SSH_PROTOCOL1", buffer) && !strcmp(buffer,"on"))\r
-               strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE - 1 );\r
-       else\r
-               strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 );\r
-\r
-       if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off"))\r
-               strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;"\r
-                                "s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;",\r
-                                 STRING_SIZE - 1 );\r
-       else\r
-               strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;"\r
-                                "s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;",\r
-                                 STRING_SIZE - 1 );\r
-\r
-       if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off"))\r
-               strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 );\r
-       else\r
-               strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 );\r
-\r
-       if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on"))\r
-               strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE - 1 );\r
-       else\r
-               strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE - 1 );\r
-\r
-       freekeyvalues(kv);\r
-\r
-       snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd );\r
-       strlcat(command, buffer, STRING_SIZE - 1);\r
-\r
-       if((rc = unpriv_system(command,99,99)) != 0)\r
-       {\r
-               fprintf(stderr, "sed returned bad exit code: %d\n", rc);\r
-               close(config_fd);\r
-               unlink("/etc/ssh/sshd_config.new");\r
-               exit(1);\r
-       }\r
-       close(config_fd);\r
-       if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0)\r
-       {\r
-               perror("Unable to replace old config file");\r
-               unlink("/etc/ssh/sshd_config.new");\r
-               exit(1);\r
-       }\r
-\r
-       memset(buffer, 0, STRING_SIZE);\r
-\r
-       if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1)\r
-       {\r
-               if (read(fd, buffer, STRING_SIZE - 1) == -1)\r
-                       fprintf(stderr, "Couldn't read from pid file\n");\r
-               else\r
-               {\r
-                       pid = atoi(buffer);\r
-                       if (pid <= 1)\r
-                               fprintf(stderr, "Bad pid value\n");\r
-                       else\r
-                       {\r
-                               if (kill(pid, SIGTERM) == -1)\r
-                                       fprintf(stderr, "Unable to send SIGTERM\n");\r
-                               else\r
-                                       unlink("/var/run/sshd.pid");\r
-                       }\r
-               }\r
-               close(fd);\r
-       }\r
-       else\r
-       {\r
-               if (errno != ENOENT)\r
-               {\r
-                       perror("Unable to open pid file");\r
-                       exit(1);\r
-               }\r
-       }\r
-\r
-       if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1)\r
-       {\r
-               close(fd);\r
-               safe_system("/usr/sbin/sshd");\r
-       }\r
-\r
-       return 0;\r
-}\r
+/* SmoothWall helper program - restartssh
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence.  See the file COPYING for details.
+ *
+ * (c) Mark Wormgoor, 2001
+ * Simple program intended to be installed setuid(0) that can be used for
+ * restarting SSHd. 
+ * 
+ * $Id: restartssh.c,v 1.3 2003/12/11 10:57:34 riddles Exp $
+ * 
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <errno.h>
+#include "libsmooth.h"
+#include "setuid.h"
+
+int main(int argc, char *argv[])
+{
+       if (strcmp(argv[1], "tempstart15") == 0) {
+                     safe_system("/usr/local/bin/restartssh");
+          sleep 5;
+                                       unlink("/var/ipfire/remote/enablessh");
+                                       safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
+                     safe_system("sleep 900 && /usr/local/bin/restartssh &");
+       }
+  else if (strcmp(argv[1], "tempstart30") == 0) {
+                     safe_system("/usr/local/bin/restartssh");
+          sleep 5;
+                                       unlink("/var/ipfire/remote/enablessh");
+                                       safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
+                     safe_system("sleep 1800 && /usr/local/bin/restartssh &");
+       } else {
+       int fd, config_fd, rc, pid;
+       char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '";
+       struct keyvalue *kv = NULL;
+
+       if (!(initsetuid()))
+               exit(1);
+
+       kv = initkeyvalues();
+       if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings"))
+       {
+               fprintf(stderr, "Cannot read remote access settings\n");
+               exit(1);
+       }
+
+       /* By using O_CREAT with O_EXCL open() will fail if the file already exists,
+        * this prevents 2 copies of restartssh both trying to edit the config file
+        * at once. It also prevents race conditions, but these shouldn't be
+        * possible as /etc/ssh/ should only be writable by root anyhow
+        */
+
+       if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 )
+       {
+               perror("Unable to open new config file");
+               freekeyvalues(kv);
+               exit(1);
+       }
+
+       if(findkey(kv, "ENABLE_SSH_PROTOCOL1", buffer) && !strcmp(buffer,"on"))
+               strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE - 1 );
+       else
+               strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 );
+
+       if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off"))
+               strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;"
+                                "s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;",
+                                 STRING_SIZE - 1 );
+       else
+               strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;"
+                                "s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;",
+                                 STRING_SIZE - 1 );
+
+       if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off"))
+               strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 );
+       else
+               strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 );
+
+       if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on"))
+               strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE - 1 );
+       else
+               strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE - 1 );
+
+       freekeyvalues(kv);
+
+       snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd );
+       strlcat(command, buffer, STRING_SIZE - 1);
+
+       if((rc = unpriv_system(command,99,99)) != 0)
+       {
+               fprintf(stderr, "sed returned bad exit code: %d\n", rc);
+               close(config_fd);
+               unlink("/etc/ssh/sshd_config.new");
+               exit(1);
+       }
+       close(config_fd);
+       if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0)
+       {
+               perror("Unable to replace old config file");
+               unlink("/etc/ssh/sshd_config.new");
+               exit(1);
+       }
+
+       memset(buffer, 0, STRING_SIZE);
+
+       if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1)
+       {
+               if (read(fd, buffer, STRING_SIZE - 1) == -1)
+                       fprintf(stderr, "Couldn't read from pid file\n");
+               else
+               {
+                       pid = atoi(buffer);
+                       if (pid <= 1)
+                               fprintf(stderr, "Bad pid value\n");
+                       else
+                       {
+                               if (kill(pid, SIGTERM) == -1)
+                                       fprintf(stderr, "Unable to send SIGTERM\n");
+                               else
+                                       unlink("/var/run/sshd.pid");
+                       }
+               }
+               close(fd);
+       }
+       else
+       {
+               if (errno != ENOENT)
+               {
+                       perror("Unable to open pid file");
+                       exit(1);
+               }
+       }
+
+       if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1)
+       {
+               close(fd);
+               safe_system("/usr/sbin/sshd");
+       }
+
+       return 0;
+ }
+}