2019-01-04 16:38:20 +01:00
|
|
|
#!/bin/sh
|
2019-01-07 14:47:05 +01:00
|
|
|
#
|
|
|
|
# Set or get allowed(s) ip(s) of <jailname>
|
|
|
|
# Usage: ip <jailname> [<ip>|all]
|
|
|
|
#
|
2019-01-04 16:38:20 +01:00
|
|
|
|
|
|
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
|
|
|
|
|
|
|
jail="${1:-}"
|
|
|
|
ip="${2:-}"
|
2019-01-07 14:47:05 +01:00
|
|
|
if [ ! -n "${jail}" ]; then
|
|
|
|
"${LIBDIR}/bkctld-help" && exit 1
|
|
|
|
fi
|
2019-01-04 16:38:20 +01:00
|
|
|
check_jail "${jail}" || error "${jail} : inexistant jail'"
|
|
|
|
|
|
|
|
if [ -z "${ip}" ]; then
|
|
|
|
grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
|
|
|
|
echo "${allow}"|cut -d'@' -f2
|
|
|
|
done
|
|
|
|
else
|
|
|
|
if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
|
|
|
|
ips="0.0.0.0/0"
|
|
|
|
else
|
|
|
|
ips=$("${LIBDIR}/bkctld-ip" "${jail}")
|
|
|
|
ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
|
|
|
|
fi
|
|
|
|
allow="AllowUsers"
|
|
|
|
for ip in $ips; do
|
|
|
|
allow="${allow} root@${ip}"
|
|
|
|
done
|
|
|
|
sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
|
|
|
notice "${jail} : update ip => ${ip}"
|
2019-01-07 16:34:14 +01:00
|
|
|
"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
|
2019-01-04 16:55:56 +01:00
|
|
|
"${LIBDIR}/bkctld-firewall" "${jail}"
|
2019-01-04 16:38:20 +01:00
|
|
|
fi
|