Commit 528679c0 authored by Franco Fichtner's avatar Franco Fichtner

etc: move more files

parent ae5f2995
...@@ -668,7 +668,7 @@ ...@@ -668,7 +668,7 @@
<month>*</month> <month>*</month>
<wday>*</wday> <wday>*</wday>
<who>root</who> <who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command> <command>/usr/bin/nice -n20 /usr/local/etc/rc.dyndns.update</command>
</item> </item>
<item> <item>
<minute>*/60</minute> <minute>*/60</minute>
......
#!/usr/local/bin/php -f
<?php
/*
sshd - Modified to work on disk based system
Copyright 2004 Scott K Ullrich
Original Copyright (C) 2004 Fred Mol <fredmol@xs4all.nl>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
require_once("globals.inc");
require_once("config.inc");
require_once("functions.inc");
require_once("shaper.inc");
if (!isset($config['system']['enablesshd'])) {
return;
}
/* are we already running? if not, do conf_mount_rw(), otherwise it should already be rw */
if (!is_subsystem_dirty('sshdkeys')) {
conf_mount_rw();
}
$keys = array(
'ssh_host_key',
'ssh_host_key.pub',
'ssh_host_dsa_key',
'ssh_host_dsa_key.pub',
'ssh_host_rsa_key',
'ssh_host_rsa_key.pub',
'ssh_host_ecdsa_key',
'ssh_host_ecdsa_key.pub',
'ssh_host_ed25519_key',
'ssh_host_ed25519_key.pub'
);
/* restore ssh data for nanobsd platform */
if($g['platform'] == "nanobsd" and file_exists("/conf/sshd/ssh_host_key") and !file_exists("/etc/ssh/ssh_host_key.pub")) {
echo "Restoring SSH from /conf/sshd/";
exec("/bin/cp -p /conf/sshd/* /etc/ssh/");
/* make sure host private key permissions aren't too open so sshd won't complain */
foreach($keys as $f2c) {
if(file_exists("/etc/ssh/{$f2c}"))
chmod("/etc/ssh/{$f2c}", 0600);
}
}
/* if any of these files are 0 bytes then they are corrupted.
* remove them
*/
foreach($keys as $f2c) {
if (file_exists("/etc/ssh/{$f2c}") && filesize("/etc/ssh/{$f2c}") == 0) {
unlink_if_exists('/etc/ssh/ssh_host*');
break;
}
}
if (!is_dir("/var/empty")) {
/* make ssh home directory */
mkdir("/var/empty", 0555);
}
if(!file_exists("/var/log/lastlog")) {
/* Login related files. */
@touch("/var/log/lastlog");
}
$sshConfigDir = "/etc/ssh";
if (is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port']))
$sshport = $config['system']['ssh']['port'];
else
$sshport = 22;
/* Include default configuration for pfSense */
$sshconf = "# This file is automatically generated at startup\n";
$sshconf .= "Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc\n";
$sshconf .= "PermitRootLogin yes\n";
$sshconf .= "Compression yes\n";
$sshconf .= "ClientAliveInterval 30\n";
$sshconf .= "UseDNS no\n";
$sshconf .= "X11Forwarding no\n";
if (isset($config['system']['ssh']['sshdkeyonly'])) {
$sshconf .= "# Login via Key only\n";
$sshconf .= "PasswordAuthentication no\n";
$sshconf .= "ChallengeResponseAuthentication no\n";
$sshconf .= "PubkeyAuthentication yes\n";
} else {
$sshconf .= "# Login via Key and Password\n";
$sshconf .= "PasswordAuthentication yes\n";
$sshconf .= "ChallengeResponseAuthentication yes\n";
$sshconf .= "PubkeyAuthentication yes\n";
}
$sshconf .= "# override default of no subsystems\n";
$sshconf .= "Subsystem sftp /usr/libexec/sftp-server\n";
/* Only allow protocol 2, because we say so */
$sshconf .= "Protocol 2\n";
/* Run the server on another port if we have one defined */
$sshconf .= "Port $sshport\n";
/* Hide FreeBSD version */
$sshconf .= "VersionAddendum \n";
/* Apply package SSHDCond settings if config file exists */
if (file_exists("/etc/sshd_extra")) {
$fdExtra = fopen("/etc/sshd_extra", 'r');
$szExtra = fread($fdExtra, 1048576); // Read up to 1MB from extra file
$sshconf .= $szExtra;
fclose($fdExtra);
}
/* Write the new sshd config file */
@file_put_contents("/etc/ssh/sshd_config", $sshconf);
/* mop up from a badly implemented ssh keys -> cf backup */
if($config['ssh']['dsa_key'] <> "") {
unset($config['ssh']['dsa_key']);
unset($config['ssh']['ecdsa_key']);
unset($config['ssh']['ed25519_key']);
unset($config['ssh']['rsa_key']);
unset($config['ssh']['rsa1_key']);
unset($config['ssh']['dsa']);
unset($config['ssh']['rsa']);
unset($config['ssh']['rsa1']);
unset($config['ssh']['ak']);
write_config("Clearing SSH keys from config.xml");
}
/* are we already running? if so exit */
if(is_subsystem_dirty('sshdkeys')) {
unset($keys);
return;
}
// Check for all needed key files. If any are missing, the keys need to be regenerated.
$generate_keys = false;
foreach ($keys as $f2c) {
if (!file_exists("/etc/ssh/{$f2c}")) {
$generate_keys = true;
break;
}
}
if ($generate_keys) {
/* remove previous keys and regen later */
file_notice("SSH", "{$g['product_name']} has started creating your SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.", "SSH KeyGen", "");
unlink_if_exists('/etc/ssh/ssh_host_*');
mark_subsystem_dirty('sshdkeys');
echo " Generating Keys:\n";
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key");
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa -N '' -f $sshConfigDir/ssh_host_rsa_key");
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t dsa -N '' -f $sshConfigDir/ssh_host_dsa_key");
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ecdsa -N '' -f $sshConfigDir/ssh_host_ecdsa_key");
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ed25519 -N '' -f $sshConfigDir/ssh_host_ed25519_key");
clear_subsystem_dirty('sshdkeys');
file_notice("SSH", "{$g['product_name']} has completed creating your SSH keys. SSH is now started.", "SSH Startup", "");
}
/* kill existing sshd process, server only, not the childs */
$sshd_pid = exec("ps ax | egrep '/usr/sbin/[s]shd' | awk '{print $1}'");
if($sshd_pid <> "") {
echo "stopping ssh process $sshd_pid \n";
@posix_kill($sshd_pid, SIGTERM);
}
/* Launch new server process */
$status = mwexec("/usr/sbin/sshd");
if($status <> 0) {
file_notice("sshd_startup", "SSHD failed to start.", "SSHD Daemon", "");
echo "error!\n";
} else {
echo "done.\n";
}
// NanoBSD
if($g['platform'] == "nanobsd") {
if(!is_dir("/conf/sshd"))
mkdir("/conf/sshd", 0750);
$_gb = exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd");
}
conf_mount_ro();
unset($keys);
?>
...@@ -7,7 +7,7 @@ PRIOR_VERSION=`uname -r | cut -d'.' -f1` ...@@ -7,7 +7,7 @@ PRIOR_VERSION=`uname -r | cut -d'.' -f1`
echo $PRIOR_VERSION > /tmp/pre_upgrade_version echo $PRIOR_VERSION > /tmp/pre_upgrade_version
# Hack to workaround ticket #3749 # Hack to workaround ticket #3749
if [ "${PRIOR_VERSION}" = "8" ] && grep -q 'sh /etc/rc.reboot' /usr/local/etc/rc.firmware; then if [ "${PRIOR_VERSION}" = "8" ] && grep -q 'sh /usr/local/etc/rc.reboot' /usr/local/etc/rc.firmware; then
PROC=$(ps axwww | grep '/usr/local/etc/rc.firmware *pfSenseupgrade') PROC=$(ps axwww | grep '/usr/local/etc/rc.firmware *pfSenseupgrade')
PID='' PID=''
IMG='' IMG=''
......
<?php <?php
/* /*
interfaces.inc
Copyright (C) 2004-2008 Scott Ullrich Copyright (C) 2004-2008 Scott Ullrich
Copyright (C) 2008-2009 Ermal Lu?i Copyright (C) 2008-2009 Ermal Lu?i
All rights reserved. All rights reserved.
...@@ -3621,10 +3621,10 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { ...@@ -3621,10 +3621,10 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
unset($dhcp6cconf); unset($dhcp6cconf);
$dhcp6cscript = "#!/bin/sh\n"; $dhcp6cscript = "#!/bin/sh\n";
$dhcp6cscript .= "# This shell script launches /etc/rc.newwanipv6 with a interface argument.\n"; $dhcp6cscript .= "# This shell script launches /usr/local/etc/rc.newwanipv6 with a interface argument.\n";
$dhcp6cscript .= "dmips=\${new_domain_name_servers}\n"; $dhcp6cscript .= "dmips=\${new_domain_name_servers}\n";
$dhcp6cscript .= "dmnames=\${new_domain_name}\n"; $dhcp6cscript .= "dmnames=\${new_domain_name}\n";
$dhcp6cscript .= "/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n"; $dhcp6cscript .= "/usr/local/sbin/fcgicli -f /usr/local/etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n";
/* Add wide-dhcp6c shell script here. Because we can not pass a argument to it. */ /* Add wide-dhcp6c shell script here. Because we can not pass a argument to it. */
if (!@file_put_contents("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", $dhcp6cscript)) { if (!@file_put_contents("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", $dhcp6cscript)) {
printf("Error: cannot open dhcp6c_{$interface}_script.sh in interface_dhcpv6_configure() for writing.\n"); printf("Error: cannot open dhcp6c_{$interface}_script.sh in interface_dhcpv6_configure() for writing.\n");
......
...@@ -1682,7 +1682,7 @@ function system_reboot() { ...@@ -1682,7 +1682,7 @@ function system_reboot() {
system_reboot_cleanup(); system_reboot_cleanup();
mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &"); mwexec("nohup /usr/local/etc/rc.reboot > /dev/null 2>&1 &");
} }
function system_reboot_sync() { function system_reboot_sync() {
...@@ -1690,7 +1690,7 @@ function system_reboot_sync() { ...@@ -1690,7 +1690,7 @@ function system_reboot_sync() {
system_reboot_cleanup(); system_reboot_cleanup();
mwexec("/etc/rc.reboot > /dev/null 2>&1"); mwexec("/usr/local/etc/rc.reboot > /dev/null 2>&1");
} }
function system_reboot_cleanup() { function system_reboot_cleanup() {
......
...@@ -461,7 +461,7 @@ function upgrade_025_to_026() { ...@@ -461,7 +461,7 @@ function upgrade_025_to_026() {
$cron_item['month'] = "*"; $cron_item['month'] = "*";
$cron_item['wday'] = "*"; $cron_item['wday'] = "*";
$cron_item['who'] = "root"; $cron_item['who'] = "root";
$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.dyndns.update"; $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/etc/rc.dyndns.update";
$config['cron']['item'][] = $cron_item; $config['cron']['item'][] = $cron_item;
......
...@@ -66,7 +66,7 @@ function rescue_detect_keypress() { ...@@ -66,7 +66,7 @@ function rescue_detect_keypress() {
echo "\n\nInstaller mode selected...\n"; echo "\n\nInstaller mode selected...\n";
passthru("/usr/bin/env TERM=cons25 /bin/csh -c /usr/local/installer/lua_installer"); passthru("/usr/bin/env TERM=cons25 /bin/csh -c /usr/local/installer/lua_installer");
if(file_exists("/tmp/install_complete")) { if(file_exists("/tmp/install_complete")) {
passthru("/etc/rc.reboot"); passthru("/usr/local/etc/rc.reboot");
exit; exit;
} }
} elseif (in_array($key, array("!", "~"))) { } elseif (in_array($key, array("!", "~"))) {
......
#!/usr/local/bin/php -f #!/usr/local/bin/php -f
<?php <?php
/* $Id$ */
/* /*
rc.dyndns.update
part of pfSense (https://www.pfsense.org) part of pfSense (https://www.pfsense.org)
Copyright (C) 2004 Scott Ullrich Copyright (C) 2004 Scott Ullrich
All rights reserved. All rights reserved.
...@@ -52,5 +51,3 @@ if(empty($argument) || $argument == "all") { ...@@ -52,5 +51,3 @@ if(empty($argument) || $argument == "all") {
services_dyndns_configure($interface); services_dyndns_configure($interface);
services_dnsupdate_process($interface); services_dnsupdate_process($interface);
} }
?>
...@@ -155,7 +155,7 @@ pfSenseNanoBSDupgrade) ...@@ -155,7 +155,7 @@ pfSenseNanoBSDupgrade)
echo "NanoBSD Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1 echo "NanoBSD Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1
echo "NanoBSD Firmware upgrade in progress..." | wall echo "NanoBSD Firmware upgrade in progress..." | wall
/etc/rc.notify_message -e -g -m "NanoBSD Firmware upgrade in progress..." /usr/local/etc/rc.notify_message -e -g -m "NanoBSD Firmware upgrade in progress..."
# backup config # backup config
/bin/mkdir -p /tmp/configbak /bin/mkdir -p /tmp/configbak
...@@ -367,13 +367,13 @@ pfSenseNanoBSDupgrade) ...@@ -367,13 +367,13 @@ pfSenseNanoBSDupgrade)
echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." >> /conf/upgrade_log.txt 2>&1 echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." >> /conf/upgrade_log.txt 2>&1
echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." | wall echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." | wall
/etc/rc.notify_message -e -g -m "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." /usr/local/etc/rc.notify_message -e -g -m "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds."
sleep 10 sleep 10
rm -f /var/run/firmwarelock.dirty rm -f /var/run/firmwarelock.dirty
rm -f /var/run/firmware.lock rm -f /var/run/firmware.lock
. /etc/rc.reboot . /usr/local/etc/rc.reboot
;; ;;
pfSenseupgrade) pfSenseupgrade)
...@@ -419,7 +419,7 @@ pfSenseupgrade) ...@@ -419,7 +419,7 @@ pfSenseupgrade)
echo "Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1 echo "Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1
echo "Firmware upgrade in progress..." | wall echo "Firmware upgrade in progress..." | wall
/etc/rc.notify_message -e -g -m "Firmware upgrade in progress..." /usr/local/etc/rc.notify_message -e -g -m "Firmware upgrade in progress..."
# backup config # backup config
[ -d /tmp/configbak ] && rm -rf /tmp/configbak [ -d /tmp/configbak ] && rm -rf /tmp/configbak
...@@ -489,7 +489,7 @@ pfSenseupgrade) ...@@ -489,7 +489,7 @@ pfSenseupgrade)
echo "Firmware upgrade is complete. Rebooting in 10 seconds." >> /conf/upgrade_log.txt 2>&1 echo "Firmware upgrade is complete. Rebooting in 10 seconds." >> /conf/upgrade_log.txt 2>&1
echo "Firmware upgrade is complete. Rebooting in 10 seconds." | wall echo "Firmware upgrade is complete. Rebooting in 10 seconds." | wall
/etc/rc.notify_message -e -g -m "Firmware upgrade is complete. Rebooting in 10 seconds." /usr/local/etc/rc.notify_message -e -g -m "Firmware upgrade is complete. Rebooting in 10 seconds."
# Sleep and allow disks to catch up # Sleep and allow disks to catch up
sleep 10 sleep 10
...@@ -500,7 +500,7 @@ pfSenseupgrade) ...@@ -500,7 +500,7 @@ pfSenseupgrade)
if [ -f /tmp/no_upgrade_reboot_required ]; then if [ -f /tmp/no_upgrade_reboot_required ]; then
rm /tmp/no_upgrade_reboot_required rm /tmp/no_upgrade_reboot_required
else else
. /etc/rc.reboot . /usr/local/etc/rc.reboot
fi fi
;; ;;
......
...@@ -131,7 +131,7 @@ case ${opmode} in ...@@ -131,7 +131,7 @@ case ${opmode} in
/usr/local/etc/rc.initial.toggle_sshd /usr/local/etc/rc.initial.toggle_sshd
;; ;;
15) 15)
/etc/rc.restore_config_backup /usr/local/etc/rc.restore_config_backup
;; ;;
99) 99)
if [ -e /dev/ukbd0 ]; then if [ -e /dev/ukbd0 ]; then
......
#!/usr/local/bin/php -f #!/usr/local/bin/php -f
<?php <?php
/* /*
rc.newwanip
Copyright (C) 2013 Renato Botelho (garga@pfsense.org) Copyright (C) 2013 Renato Botelho (garga@pfsense.org)
part of pfSense (https://www.pfsense.org) part of pfSense (https://www.pfsense.org)
......
#!/usr/local/bin/php -f #!/usr/local/bin/php -f
<?php <?php
/* /*
rc.newwanip
Copyright (C) 2006 Scott Ullrich (sullrich@gmail.com) Copyright (C) 2006 Scott Ullrich (sullrich@gmail.com)
part of pfSense (https://www.pfsense.org) part of pfSense (https://www.pfsense.org)
......
#!/usr/local/bin/php #!/usr/local/bin/php
<?php <?php
/* /*
rc.notify_message
part of pfSense (https://www.pfsense.org) part of pfSense (https://www.pfsense.org)
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
All rights reserved. All rights reserved.
......
#!/usr/local/bin/php -f
<?php
/*
Copyright 2004 Scott K Ullrich
Original Copyright (C) 2004 Fred Mol <fredmol@xs4all.nl>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
require_once("globals.inc");
require_once("config.inc");
require_once("functions.inc");
require_once("shaper.inc");
if (!isset($config['system']['enablesshd'])) {
return;
}
/* are we already running? if not, do conf_mount_rw(), otherwise it should already be rw */
if (!is_subsystem_dirty('sshdkeys')) {
conf_mount_rw();
}
$keys = array(
'ssh_host_key',
'ssh_host_key.pub',
'ssh_host_dsa_key',
'ssh_host_dsa_key.pub',
'ssh_host_rsa_key',
'ssh_host_rsa_key.pub',
'ssh_host_ecdsa_key',
'ssh_host_ecdsa_key.pub',
'ssh_host_ed25519_key',
'ssh_host_ed25519_key.pub'
);
/* restore ssh data for nanobsd platform */
if($g['platform'] == "nanobsd" and file_exists("/conf/sshd/ssh_host_key") and !file_exists("/etc/ssh/ssh_host_key.pub")) {
echo "Restoring SSH from /conf/sshd/";
exec("/bin/cp -p /conf/sshd/* /etc/ssh/");
/* make sure host private key permissions aren't too open so sshd won't complain */
foreach($keys as $f2c) {
if(file_exists("/etc/ssh/{$f2c}"))
chmod("/etc/ssh/{$f2c}", 0600);
}
}
/* if any of these files are 0 bytes then they are corrupted.
* remove them
*/
foreach($keys as $f2c) {
if (file_exists("/etc/ssh/{$f2c}") && filesize("/etc/ssh/{$f2c}") == 0) {
unlink_if_exists('/etc/ssh/ssh_host*');
break;
}
}
if (!is_dir("/var/empty")) {
/* make ssh home directory */
mkdir("/var/empty", 0555);
}
if(!file_exists("/var/log/lastlog")) {
/* Login related files. */
@touch("/var/log/lastlog");
}
$sshConfigDir = "/etc/ssh";
if (is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port']))
$sshport = $config['system']['ssh']['port'];
else
$sshport = 22;
/* Include default configuration for pfSense */
$sshconf = "# This file is automatically generated at startup\n";
$sshconf .= "Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc\n";
$sshconf .= "PermitRootLogin yes\n";
$sshconf .= "Compression yes\n";
$sshconf .= "ClientAliveInterval 30\n";
$sshconf .= "UseDNS no\n";
$sshconf .= "X11Forwarding no\n";
if (isset($config['system']['ssh']['sshdkeyonly'])) {
$sshconf .= "# Login via Key only\n";
$sshconf .= "PasswordAuthentication no\n";
$sshconf .= "ChallengeResponseAuthentication no\n";
$sshconf .= "PubkeyAuthentication yes\n";
} else {
$sshconf .= "# Login via Key and Password\n";
$sshconf .= "PasswordAuthentication yes\n";
$sshconf .= "ChallengeResponseAuthentication yes\n";
$sshconf .= "PubkeyAuthentication yes\n";
}
$sshconf .= "# override default of no subsystems\n";
$sshconf .= "Subsystem sftp /usr/libexec/sftp-server\n";
/* Only allow protocol 2, because we say so */
$sshconf .= "Protocol 2\n";
/* Run the server on another port if we have one defined */
$sshconf .= "Port $sshport\n";
/* Hide FreeBSD version */
$sshconf .= "VersionAddendum \n";
/* Write the new sshd config file */
@file_put_contents("/etc/ssh/sshd_config", $sshconf);
/* mop up from a badly implemented ssh keys -> cf backup */
if($config['ssh']['dsa_key'] <> "") {
unset($config['ssh']['dsa_key']);
unset($config['ssh']['ecdsa_key']);
unset($config['ssh']['ed25519_key']);
unset($config['ssh']['rsa_key']);
unset($config['ssh']['rsa1_key']);
unset($config['ssh']['dsa']);
unset($config['ssh']['rsa']);
unset($config['ssh']['rsa1']);
unset($config['ssh']['ak']);
write_config("Clearing SSH keys from config.xml");
}
/* are we already running? if so exit */
if(is_subsystem_dirty('sshdkeys')) {
unset($keys);
return;
}
// Check for all needed key files. If any are missing, the keys need to be regenerated.
$generate_keys = false;
foreach ($keys as $f2c) {
if (!file_exists("/etc/ssh/{$f2c}")) {
$generate_keys = true;
break;
}
}
if ($generate_keys) {
/* remove previous keys and regen later */
file_notice("SSH", "{$g['product_name']} has started creating your SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.", "SSH KeyGen", "");
unlink_if_exists('/etc/ssh/ssh_host_*');
mark_subsystem_dirty('sshdkeys');
echo " Generating Keys:\n";
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key");
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa -N '' -f $sshConfigDir/ssh_host_rsa_key");
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t dsa -N '' -f $sshConfigDir/ssh_host_dsa_key");
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ecdsa -N '' -f $sshConfigDir/ssh_host_ecdsa_key");
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ed25519 -N '' -f $sshConfigDir/ssh_host_ed25519_key");
clear_subsystem_dirty('sshdkeys');
file_notice("SSH", "{$g['product_name']} has completed creating your SSH keys. SSH is now started.", "SSH Startup", "");
}
/* kill existing sshd process, server only, not the childs */
$sshd_pid = exec("ps ax | egrep '/usr/sbin/[s]shd' | awk '{print $1}'");
if($sshd_pid <> "") {
echo "stopping ssh process $sshd_pid \n";
@posix_kill($sshd_pid, SIGTERM);
}
/* Launch new server process */
$status = mwexec("/usr/sbin/sshd");
if($status <> 0) {
file_notice("sshd_startup", "SSHD failed to start.", "SSHD Daemon", "");
echo "error!\n";
} else {
echo "done.\n";
}
// NanoBSD
if($g['platform'] == "nanobsd") {
if(!is_dir("/conf/sshd"))
mkdir("/conf/sshd", 0750);
$_gb = exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd");
}
conf_mount_ro();
unset($keys);
...@@ -29,13 +29,13 @@ type:script ...@@ -29,13 +29,13 @@ type:script
message:Configuring interface %s message:Configuring interface %s
[newip] [newip]
command:/etc/rc.newwanip command:/usr/local/etc/rc.newwanip
parameters:%s parameters:%s
type:script type:script
message:rc.newwanip starting %s message:rc.newwanip starting %s
[newwanipv6] [newwanipv6]
command:/etc/rc.newwanipv6 command:/usr/local/etc/rc.newwanipv6
parameters:%s parameters:%s
type:script type:script
message:rc.newwanipv6 starting %s message:rc.newwanipv6 starting %s
......
...@@ -5,7 +5,7 @@ type:script ...@@ -5,7 +5,7 @@ type:script
message:Reloading all message:Reloading all
[reload|restart.dns] [reload|restart.dns]
command:/etc/rc.resolv_conf_generate command:/usr/local/etc/rc.resolv_conf_generate
parameters: parameters:
type:script type:script
message:Rewriting resolv.conf message:Rewriting resolv.conf
...@@ -29,13 +29,13 @@ type:script ...@@ -29,13 +29,13 @@ type:script
message:Restarting OpenVPN tunnels/interfaces %s message:Restarting OpenVPN tunnels/interfaces %s
[reload|restart.dyndns] [reload|restart.dyndns]
command:/etc/rc.dyndns.update command:/usr/local/etc/rc.dyndns.update
parameters:%s parameters:%s
type:script type:script
message:updating dyndns %s message:updating dyndns %s
[reload|restart.dyndnsall] [reload|restart.dyndnsall]
command:/etc/rc.dyndns.update command:/usr/local/etc/rc.dyndns.update
parameters: parameters:
type:script type:script
message:Updating all dyndns message:Updating all dyndns
...@@ -54,7 +54,7 @@ type:script ...@@ -54,7 +54,7 @@ type:script
message:Starting packages message:Starting packages
[reload|restart.sshd] [reload|restart.sshd]
command:/etc/sshd command:/usr/local/etc/rc.sshd
parameters: parameters:
type:script type:script
message:starting sshd message:starting sshd
......
...@@ -464,7 +464,7 @@ function reboot_xmlrpc($raw_params) { ...@@ -464,7 +464,7 @@ function reboot_xmlrpc($raw_params) {
xmlrpc_authfail(); xmlrpc_authfail();
return $xmlrpc_g['return']['authfail']; return $xmlrpc_g['return']['authfail'];
} }
mwexec_bg("/etc/rc.reboot"); mwexec_bg("/usr/local/etc/rc.reboot");
return $xmlrpc_g['return']['true']; return $xmlrpc_g['return']['true'];
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment