lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-18 18:44:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

openssh: convert to newwanip_map and modernise

Browse Source 
* Replace subsystem "locking" with broader config file lock
* change syslog() to log_msg()
* change array() to []
This commit is contained in:
Franco Fichtner 2024-08-23 09:44:55 +02:00
parent 27ef4bfbb7
commit 6472278074
1 changed files with 33 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
src/etc/inc/plugins.inc.d/openssh.inc
View File

@ -3,7 +3,7 @@
/*
* Copyright (C) 2004 Scott Ullrich <sullrich@gmail.com>
* Copyright (C) 2004 Fred Mol <fredmol@xs4all.nl>
* Copyright (C) 2015-2022 Franco Fichtner <franco@opnsense.org>
* Copyright (C) 2015-2024 Franco Fichtner <franco@opnsense.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -38,23 +38,23 @@ function openssh_enabled()
function openssh_configure()
{
return array(
'early' => array('openssh_configure_do'),
'local' => array('openssh_configure_do'),
'newwanip' => array('openssh_configure_do:2'),
);
return [
'early' => ['openssh_configure_do'],
'local' => ['openssh_configure_do'],
'newwanip_map' => ['openssh_configure_do:2'],
];
}
function openssh_services()
{
$services = array();
$services = [];
if (openssh_enabled()) {
$pconfig = array();
$pconfig = [];
$pconfig['description'] = gettext('Secure Shell Daemon');
$pconfig['configd']['restart'] = array('openssh restart');
$pconfig['configd']['start'] = array('openssh start');
$pconfig['configd']['stop'] = array('openssh stop');
$pconfig['configd']['restart'] = ['openssh restart'];
$pconfig['configd']['start'] = ['openssh start'];
$pconfig['configd']['stop'] = ['openssh stop'];
$pconfig['pidfile'] = '/var/run/sshd.pid';
$pconfig['name'] = 'openssh';
$services[] = $pconfig;
@ -69,15 +69,12 @@ function openssh_services()
*/
function openssh_xmlrpc_sync()
{
$result = [];
$result[] = array(
return [[
'description' => gettext('OpenSSH'),
'section' => 'system.ssh',
'services' => ['openssh'],
'id' => 'ssh',
'services' => ["openssh"],
);
return $result;
]];
}
@ -87,7 +84,7 @@ function openssh_stop()
mwexecf('/bin/pkill -af %s', '/usr/local/sbin/sshd', true);
}
function openssh_configure_do($verbose = false, $interface = '')
function openssh_configure_do($verbose = false, $interface_map = null)
{
global $config;
@ -97,7 +94,7 @@ function openssh_configure_do($verbose = false, $interface = '')
$sshcfg = $config['system']['ssh'];
} elseif (!isset($config['system']['ssh']['noauto']) && is_install_media()) {
/* only revert to installer config when ssh is not set at all */
$sshcfg = array('permitrootlogin' => 1, 'passwordauth' => 1);
$sshcfg = ['permitrootlogin' => 1, 'passwordauth' => 1];
}
if ($sshcfg === null) {
@ -105,16 +102,22 @@ function openssh_configure_do($verbose = false, $interface = '')
return;
}
$interfaces = array();
$interfaces = [];
if (!empty($sshcfg['interfaces'])) {
$interfaces = explode(',', $sshcfg['interfaces']);
$interfaces[] = 'lo0';
array_unshift($interfaces, 'lo0');
}
if (!empty($interface) && !in_array($interface, $interfaces)) {
return;
/* 'newwanip_map' configuration is the only event to take second argument */
if (!empty($interface_map)) {
if (!count(array_intersect(explode(',', $interface_map), $interfaces))) {
return;
}
}
/* lock the config generation and service start/stop, also secures key generation */
$fobj = new \OPNsense\Core\FileObject('/usr/local/etc/ssh/sshd_config', 'a+', null, LOCK_EX);
openssh_stop();
/* make sshd key store */
@ -141,18 +144,12 @@ function openssh_configure_do($verbose = false, $interface = '')
}
if ($generate_keys) {
/* XXX replace with file lock */
if (is_subsystem_dirty('sshdkeys')) {
return;
}
mark_subsystem_dirty('sshdkeys');
foreach ($keys as $type => $name) {
$file = "/conf/sshd/{$name}";
@unlink("{$file}.pub");
@unlink($file);
mwexecf('/usr/local/bin/ssh-keygen -t %s -N "" -f %s', array($type, $file));
mwexecf('/usr/local/bin/ssh-keygen -t %s -N "" -f %s', [$type, $file]);
}
clear_subsystem_dirty('sshdkeys');
}
$sshport = isset($sshcfg['port']) ? $sshcfg['port'] : 22;
@ -192,7 +189,7 @@ function openssh_configure_do($verbose = false, $interface = '')
$sshconf .= "HostKey {$file}\n";
}
$listeners = array();
$listeners = [];
foreach (interfaces_addresses($interfaces) as $tmpaddr => $info) {
if (!$info['bind']) {
@ -236,18 +233,18 @@ function openssh_configure_do($verbose = false, $interface = '')
if (in_array($elem, $supported[$adv['key']])) {
$selected[] = $elem;
} else {
syslog(LOG_WARNING, "OpenSSH: Configured {$adv['node']} value '{$elem}' is not supported.");
log_msg("OpenSSH: Configured {$adv['node']} value '{$elem}' is not supported.", LOG_WARNING);
}
}
if (count($selected) == 0) {
syslog(LOG_WARNING, "OpenSSH: No configured {$adv['node']} value is supported - using defaults.");
log_msg("OpenSSH: No configured {$adv['node']} value is supported - using defaults.", LOG_WARNING);
} else {
$sshconf .= $adv['config'] . ' ' . implode(',', $selected) . PHP_EOL;
}
}
file_put_contents("/usr/local/etc/ssh/sshd_config", $sshconf);
$fobj->truncate(0)->write($sshconf);
service_log('Configuring OpenSSH...', $verbose);
@ -256,4 +253,6 @@ function openssh_configure_do($verbose = false, $interface = '')
} else {
service_log("done.\n", $verbose);
}
unset($fobj);
}