lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 08:34:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

ssh: fix ssh installer anti-lockout on WAN/LAN-only setups

Browse Source 
PR: https://github.com/opnsense/core/issues/1750
This commit is contained in:
Franco Fichtner 2017-08-08 17:16:16 +02:00
parent b5348a397a
commit cc6444bf7f
3 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/etc/inc/filter.lib.inc
View File

@ -50,6 +50,17 @@ function filter_core_antilockout_ports()
{
global $config;
$lockout_ports = array();
/*
* XXX Some issues here:
*
* 1. Why does the webgui nolockout control the ssh lockout?
* 2. Both webgui and openssh are plugins, their code should
* reside in the respective plugins.inc.d file once anti-
* lockout is fully pluggable.
* 3. Openssh opens the port when install media is detected
* and no ssh has ever been configured. This is in line
* with how the plugin behaves, but probably looks odd.
*/
if (!isset($config['system']['webgui']['noantilockout'])) {
if (empty($config['system']['webgui']['port'])) {
$lockout_ports[] = $config['system']['webgui']['protocol'] == "https" ? "443" : "80";
@ -59,7 +70,7 @@ function filter_core_antilockout_ports()
if ($config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) {
$lockout_ports[] = "80";
}
if (isset($config['system']['ssh']['enabled'])) {
if (isset($config['system']['ssh']['enabled']) || (!isset($config['system']['ssh']) && is_install_media())) {
$lockout_ports[] = empty($config['system']['ssh']['port']) ? "22" : $config['system']['ssh']['port'];
}
}

2
src/etc/inc/plugins.inc.d/openssh.inc
View File

@ -67,7 +67,7 @@ function openssh_configure_do($verbose = false)
if (isset($config['system']['ssh'])) {
if (isset($config['system']['ssh']['enabled'])) {
$sshcfg = $config['system']['ssh'];
$sshcfg = $config['system']['ssh'];
}
} elseif (is_install_media()) {
/* only revert to installer config when ssh is not set at all */

3
src/www/system_advanced_admin.php
View File

@ -196,6 +196,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['webgui']['althostnames']);
}
/* always store ssh setting to prevent install scenario */
config_read_array('system', 'ssh');
if (empty($config['system']['ssh']['enabled']) != empty($pconfig['enablesshd']) ||
empty($config['system']['ssh']['passwordauth']) != empty($pconfig['passwordauth']) ||
$config['system']['ssh']['port'] != $pconfig['sshport'] ||