diff options
Diffstat (limited to 'config/sshdcond/sshdcond.inc')
-rw-r--r-- | config/sshdcond/sshdcond.inc | 159 |
1 files changed, 68 insertions, 91 deletions
diff --git a/config/sshdcond/sshdcond.inc b/config/sshdcond/sshdcond.inc index 2caa39cc..7ff911c1 100644 --- a/config/sshdcond/sshdcond.inc +++ b/config/sshdcond/sshdcond.inc @@ -1,69 +1,46 @@ <?php -/* ========================================================================== */ /* - sshdcond.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - Copyright (C) 2012 Han Van (namezero@afim.info) - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - require_once("config.inc"); - require_once("util.inc"); - -function restart_sshd(){ - #backup /etc/sshd before any change - $etc_sshd="/etc/sshd"; - $pfsense_version=preg_replace("/\s/","",file_get_contents("/etc/version")); - if (!file_exists('/root/'.$pfsense_version.'.sshd.backup')){ - copy ($etc_sshd,'/root/'.$pfsense_version.'.sshd.backup'); - } - - #patch /etc/sshd if need - $sshd_file=file($etc_sshd); - $sshd_new_file=""; - foreach ($sshd_file as $line){ - if (preg_match('/sshconf .= "Port/',$line)){ - $sshd_new_file.= $line; - $sshd_new_file.= "\t".'if(file_exists("/etc/ssh/sshd_extra")){$sshconf.=file_get_contents("/etc/ssh/sshd_extra");}'."\n"; - } - elseif(!preg_match('/sshd_extra/',$line)){ - $sshd_new_file.= $line; - } - } - file_put_contents($etc_sshd,$sshd_new_file,LOCK_EX); - mwexec_bg($etc_sshd); - } + sshdcond.inc + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2012 Han Van (namezero@afim.info) + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("config.inc"); +require_once("util.inc"); + +function restart_sshd() { + mwexec_bg("/etc/sshd"); +} -function sshdcond_custom_php_install_command(){ +function sshdcond_custom_php_install_command() { global $g, $config; conf_mount_rw(); @@ -71,12 +48,12 @@ function sshdcond_custom_php_install_command(){ // We need to generate an outfile for our extra commands // The patched g_szSSHDFileGenerate php file then reads and appends that config $fd = fopen("/etc/ssh/sshd_extra", 'w'); - fclose($fd); + fclose($fd); conf_mount_ro(); } -function sshdcond_custom_php_deinstall_command(){ +function sshdcond_custom_php_deinstall_command() { global $g, $config; conf_mount_rw(); @@ -90,25 +67,25 @@ function sshdcond_custom_php_deinstall_command(){ conf_mount_ro(); } -function sshdcond_custom_php_write_config(){ +function sshdcond_custom_php_write_config() { global $g, $config; - + # detect boot process - if (is_array($_POST)){ + if (is_array($_POST)) { if (!preg_match("/\w+/",$_POST['__csrf_magic'])) return; } - + $sshd_extra=""; - if (is_array($config['installedpackages']['sshdcond']['config'])){ + if (is_array($config['installedpackages']['sshdcond']['config'])) { // Mount Read-only conf_mount_rw(); // Read config - foreach ($config['installedpackages']['sshdcond']['config'] as $sshdcond){ - if ($sshdcond['enable'] && is_array($sshdcond['row'])){ + foreach ($config['installedpackages']['sshdcond']['config'] as $sshdcond) { + if ($sshdcond['enable'] && is_array($sshdcond['row'])) { $sshd_extra.= "Match {$sshdcond['matchtype']} {$sshdcond['matchvalue']}\n"; - foreach ($sshdcond['row'] as $sshd){ + foreach ($sshdcond['row'] as $sshd) { //check if there is spaces on sshd value if(preg_match ("/\s+/",$sshd['sshdvalue'])) $sshd['sshdvalue']='"'.$sshd['sshdvalue'].'"'; @@ -118,7 +95,7 @@ function sshdcond_custom_php_write_config(){ $sshd_extra.="\t {$sshd['sshdoption']} {$sshd['sshdvalue']}\n"; //apply file permission if option is ChrootDirectory - if ($sshd['sshdoption']=="ChrootDirectory" && file_exists($sshd['sshdvalue'])){ + if ($sshd['sshdoption']=="ChrootDirectory" && file_exists($sshd['sshdvalue'])) { chown($sshd['sshdvalue'], 'root'); chgrp($sshd['sshdvalue'], 'operator'); } @@ -129,15 +106,15 @@ function sshdcond_custom_php_write_config(){ //Save /etc/ssh/sshd_extra file_put_contents("/etc/ssh/sshd_extra",$sshd_extra,LOCK_EX); - - + + // Restart sshd restart_sshd(); // Mount Read-only conf_mount_ro(); - + //sync config with other pfsense servers sshdcond_sync_on_changes(); } @@ -145,14 +122,14 @@ function sshdcond_custom_php_write_config(){ /* Uses XMLRPC to synchronize the changes to a remote node */ function sshdcond_sync_on_changes() { global $config, $g; - + if (is_array($config['installedpackages']['sshdcondsync'])) - if (!$config['installedpackages']['sshdcondsync']['config'][0]['synconchanges']) + if (!$config['installedpackages']['sshdcondsync']['config'][0]['synconchanges']) return; log_error("[sshdcond] xmlrpc sync is starting."); - foreach ($config['installedpackages']['sshdcondsync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ + foreach ($config['installedpackages']['sshdcondsync']['config'] as $rs ) { + foreach($rs['row'] as $sh) { $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; if($password && $sync_to_ip) @@ -174,18 +151,18 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { $username='admin'; $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { + if($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") $port = "80"; - else + else $port = "443"; - } + } $synchronizetoip .= $sync_to_ip; /* xml will hold the sections to sync */ @@ -221,7 +198,7 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { } else { log_error("sshdcond XMLRPC sync successfully completed with {$url}:{$port}."); } - + /* tell sshdcond to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/sshdcond.inc');\n"; @@ -231,7 +208,7 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - + log_error("sshdcond XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -251,4 +228,4 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { log_error("sshdcond XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } - ?>
\ No newline at end of file + ?> |