src/misc-progs/restartssh.c

   1 /* SmoothWall helper program - restartssh
   2  *
   3  * This program is distributed under the terms of the GNU General Public
   4  * Licence.  See the file COPYING for details.
   5  *
   6  * (c) Mark Wormgoor, 2001
   7  * Simple program intended to be installed setuid(0) that can be used for
   8  * restarting SSHd.
   9  *
  10  * $Id: restartssh.c,v 1.3 2003/12/11 10:57:34 riddles Exp $
  11  *
  12  */
  13
  14 #include <stdio.h>
  15 #include <stdlib.h>
  16 #include <unistd.h>
  17 #include <string.h>
  18 #include <sys/types.h>
  19 #include <fcntl.h>
  20 #include <signal.h>
  21 #include <errno.h>
  22 #include "libsmooth.h"
  23 #include "setuid.h"
  24
  25 int main(void)
  26 {
  27         int fd, config_fd, rc, pid;
  28         char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '";
  29         struct keyvalue *kv = NULL;
  30
  31         if (!(initsetuid()))
  32                 exit(1);
  33
  34         kv = initkeyvalues();
  35         if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings"))
  36         {
  37                 fprintf(stderr, "Cannot read remote access settings\n");
  38                 exit(1);
  39         }
  40
  41         /* By using O_CREAT with O_EXCL open() will fail if the file already exists,
  42          * this prevents 2 copies of restartssh both trying to edit the config file
  43          * at once. It also prevents race conditions, but these shouldn't be
  44          * possible as /etc/ssh/ should only be writable by root anyhow
  45          */
  46
  47         if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 )
  48         {
  49                 perror("Unable to open new config file");
  50                 freekeyvalues(kv);
  51                 exit(1);
  52         }
  53
  54         if(findkey(kv, "ENABLE_SSH_PROTOCOL1", buffer) && !strcmp(buffer,"on"))
  55                 strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE - 1 );
  56         else
  57                 strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 );
  58
  59         if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off"))
  60                 strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;"
  61                                  "s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;",
  62                                   STRING_SIZE - 1 );
  63         else
  64                 strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;"
  65                                  "s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;",
  66                                   STRING_SIZE - 1 );
  67
  68         if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off"))
  69                 strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 );
  70         else
  71                 strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 );
  72
  73         if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on"))
  74                 strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE - 1 );
  75         else
  76                 strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE - 1 );
  77
  78         freekeyvalues(kv);
  79
  80         snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd );
  81         strlcat(command, buffer, STRING_SIZE - 1);
  82
  83         if((rc = unpriv_system(command,99,99)) != 0)
  84         {
  85                 fprintf(stderr, "sed returned bad exit code: %d\n", rc);
  86                 close(config_fd);
  87                 unlink("/etc/ssh/sshd_config.new");
  88                 exit(1);
  89         }
  90         close(config_fd);
  91         if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0)
  92         {
  93                 perror("Unable to replace old config file");
  94                 unlink("/etc/ssh/sshd_config.new");
  95                 exit(1);
  96         }
  97
  98         memset(buffer, 0, STRING_SIZE);
  99
 100         if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1)
 101         {
 102                 if (read(fd, buffer, STRING_SIZE - 1) == -1)
 103                         fprintf(stderr, "Couldn't read from pid file\n");
 104                 else
 105                 {
 106                         pid = atoi(buffer);
 107                         if (pid <= 1)
 108                                 fprintf(stderr, "Bad pid value\n");
 109                         else
 110                         {
 111                                 if (kill(pid, SIGTERM) == -1)
 112                                         fprintf(stderr, "Unable to send SIGTERM\n");
 113                                 else
 114                                         unlink("/var/run/sshd.pid");
 115                         }
 116                 }
 117                 close(fd);
 118         }
 119         else
 120         {
 121                 if (errno != ENOENT)
 122                 {
 123                         perror("Unable to open pid file");
 124                         exit(1);
 125                 }
 126         }
 127
 128         if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1)
 129         {
 130                 close(fd);
 131                 safe_system("/usr/sbin/sshd");
 132         }
 133
 134         return 0;
 135 }