aboutsummaryrefslogtreecommitdiffstats
path: root/config/sshdcond
diff options
context:
space:
mode:
Diffstat (limited to 'config/sshdcond')
-rw-r--r--config/sshdcond/sshdcond.inc159
1 files changed, 68 insertions, 91 deletions
diff --git a/config/sshdcond/sshdcond.inc b/config/sshdcond/sshdcond.inc
index 2caa39cc..7ff911c1 100644
--- a/config/sshdcond/sshdcond.inc
+++ b/config/sshdcond/sshdcond.inc
@@ -1,69 +1,46 @@
<?php
-/* ========================================================================== */
/*
- sshdcond.inc
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2012 Marcello Coutinho
- Copyright (C) 2012 Han Van (namezero@afim.info)
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- require_once("config.inc");
- require_once("util.inc");
-
-function restart_sshd(){
- #backup /etc/sshd before any change
- $etc_sshd="/etc/sshd";
- $pfsense_version=preg_replace("/\s/","",file_get_contents("/etc/version"));
- if (!file_exists('/root/'.$pfsense_version.'.sshd.backup')){
- copy ($etc_sshd,'/root/'.$pfsense_version.'.sshd.backup');
- }
-
- #patch /etc/sshd if need
- $sshd_file=file($etc_sshd);
- $sshd_new_file="";
- foreach ($sshd_file as $line){
- if (preg_match('/sshconf .= "Port/',$line)){
- $sshd_new_file.= $line;
- $sshd_new_file.= "\t".'if(file_exists("/etc/ssh/sshd_extra")){$sshconf.=file_get_contents("/etc/ssh/sshd_extra");}'."\n";
- }
- elseif(!preg_match('/sshd_extra/',$line)){
- $sshd_new_file.= $line;
- }
- }
- file_put_contents($etc_sshd,$sshd_new_file,LOCK_EX);
- mwexec_bg($etc_sshd);
- }
+ sshdcond.inc
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2012 Marcello Coutinho
+ Copyright (C) 2012 Han Van (namezero@afim.info)
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once("config.inc");
+require_once("util.inc");
+
+function restart_sshd() {
+ mwexec_bg("/etc/sshd");
+}
-function sshdcond_custom_php_install_command(){
+function sshdcond_custom_php_install_command() {
global $g, $config;
conf_mount_rw();
@@ -71,12 +48,12 @@ function sshdcond_custom_php_install_command(){
// We need to generate an outfile for our extra commands
// The patched g_szSSHDFileGenerate php file then reads and appends that config
$fd = fopen("/etc/ssh/sshd_extra", 'w');
- fclose($fd);
+ fclose($fd);
conf_mount_ro();
}
-function sshdcond_custom_php_deinstall_command(){
+function sshdcond_custom_php_deinstall_command() {
global $g, $config;
conf_mount_rw();
@@ -90,25 +67,25 @@ function sshdcond_custom_php_deinstall_command(){
conf_mount_ro();
}
-function sshdcond_custom_php_write_config(){
+function sshdcond_custom_php_write_config() {
global $g, $config;
-
+
# detect boot process
- if (is_array($_POST)){
+ if (is_array($_POST)) {
if (!preg_match("/\w+/",$_POST['__csrf_magic']))
return;
}
-
+
$sshd_extra="";
- if (is_array($config['installedpackages']['sshdcond']['config'])){
+ if (is_array($config['installedpackages']['sshdcond']['config'])) {
// Mount Read-only
conf_mount_rw();
// Read config
- foreach ($config['installedpackages']['sshdcond']['config'] as $sshdcond){
- if ($sshdcond['enable'] && is_array($sshdcond['row'])){
+ foreach ($config['installedpackages']['sshdcond']['config'] as $sshdcond) {
+ if ($sshdcond['enable'] && is_array($sshdcond['row'])) {
$sshd_extra.= "Match {$sshdcond['matchtype']} {$sshdcond['matchvalue']}\n";
- foreach ($sshdcond['row'] as $sshd){
+ foreach ($sshdcond['row'] as $sshd) {
//check if there is spaces on sshd value
if(preg_match ("/\s+/",$sshd['sshdvalue']))
$sshd['sshdvalue']='"'.$sshd['sshdvalue'].'"';
@@ -118,7 +95,7 @@ function sshdcond_custom_php_write_config(){
$sshd_extra.="\t {$sshd['sshdoption']} {$sshd['sshdvalue']}\n";
//apply file permission if option is ChrootDirectory
- if ($sshd['sshdoption']=="ChrootDirectory" && file_exists($sshd['sshdvalue'])){
+ if ($sshd['sshdoption']=="ChrootDirectory" && file_exists($sshd['sshdvalue'])) {
chown($sshd['sshdvalue'], 'root');
chgrp($sshd['sshdvalue'], 'operator');
}
@@ -129,15 +106,15 @@ function sshdcond_custom_php_write_config(){
//Save /etc/ssh/sshd_extra
file_put_contents("/etc/ssh/sshd_extra",$sshd_extra,LOCK_EX);
-
-
+
+
// Restart sshd
restart_sshd();
// Mount Read-only
conf_mount_ro();
-
+
//sync config with other pfsense servers
sshdcond_sync_on_changes();
}
@@ -145,14 +122,14 @@ function sshdcond_custom_php_write_config(){
/* Uses XMLRPC to synchronize the changes to a remote node */
function sshdcond_sync_on_changes() {
global $config, $g;
-
+
if (is_array($config['installedpackages']['sshdcondsync']))
- if (!$config['installedpackages']['sshdcondsync']['config'][0]['synconchanges'])
+ if (!$config['installedpackages']['sshdcondsync']['config'][0]['synconchanges'])
return;
log_error("[sshdcond] xmlrpc sync is starting.");
- foreach ($config['installedpackages']['sshdcondsync']['config'] as $rs ){
- foreach($rs['row'] as $sh){
+ foreach ($config['installedpackages']['sshdcondsync']['config'] as $rs ) {
+ foreach($rs['row'] as $sh) {
$sync_to_ip = $sh['ipaddress'];
$password = $sh['password'];
if($password && $sync_to_ip)
@@ -174,18 +151,18 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) {
$username='admin';
$xmlrpc_sync_neighbor = $sync_to_ip;
- if($config['system']['webgui']['protocol'] != "") {
+ if($config['system']['webgui']['protocol'] != "") {
$synchronizetoip = $config['system']['webgui']['protocol'];
$synchronizetoip .= "://";
- }
- $port = $config['system']['webgui']['port'];
- /* if port is empty lets rely on the protocol selection */
- if($port == "") {
- if($config['system']['webgui']['protocol'] == "http")
+ }
+ $port = $config['system']['webgui']['port'];
+ /* if port is empty lets rely on the protocol selection */
+ if($port == "") {
+ if($config['system']['webgui']['protocol'] == "http")
$port = "80";
- else
+ else
$port = "443";
- }
+ }
$synchronizetoip .= $sync_to_ip;
/* xml will hold the sections to sync */
@@ -221,7 +198,7 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) {
} else {
log_error("sshdcond XMLRPC sync successfully completed with {$url}:{$port}.");
}
-
+
/* tell sshdcond to reload our settings on the destionation sync host. */
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/pkg/sshdcond.inc');\n";
@@ -231,7 +208,7 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) {
XML_RPC_encode($password),
XML_RPC_encode($execcmd)
);
-
+
log_error("sshdcond XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
@@ -251,4 +228,4 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) {
log_error("sshdcond XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
}
}
- ?> \ No newline at end of file
+ ?>