From 1522d2f6cdba8d7b322d6e159990928474f190a8 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Fri, 4 Jan 2019 16:38:20 +0100 Subject: [PATCH] Merge bkctld-params and some functions into bkctld-(ip|port|key) scripts --- bkctld | 2 +- lib/bkctld-init | 5 ++-- lib/bkctld-ip | 31 +++++++++++++++++++++++- lib/bkctld-key | 22 ++++++++++++++++- lib/bkctld-params | 17 ------------- lib/bkctld-port | 24 ++++++++++++++++++- lib/bkctld-status | 4 ++-- lib/functions | 61 ++--------------------------------------------- 8 files changed, 81 insertions(+), 85 deletions(-) mode change 120000 => 100755 lib/bkctld-ip mode change 120000 => 100755 lib/bkctld-key delete mode 100755 lib/bkctld-params mode change 120000 => 100755 lib/bkctld-port diff --git a/bkctld b/bkctld index 79f9209..9e54e6b 100755 --- a/bkctld +++ b/bkctld @@ -31,7 +31,7 @@ case "${subcommand}" in "${LIBDIR}/bkctld-${subcommand}" "${jail}" ;; "key" | "port" | "ip") - "${LIBDIR}/bkctld-params" "${jail}" "${subcommand}" "${option}" + "${LIBDIR}/bkctld-${subcommand}" "${jail}" "${option}" ;; "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove") if [ "${jail}" = "all" ]; then diff --git a/lib/bkctld-init b/lib/bkctld-init index ddbe8ae..c816b0f 100755 --- a/lib/bkctld-init +++ b/lib/bkctld-init @@ -22,8 +22,7 @@ fi . "${LIBDIR}/mkjail" info "4 - Copie default sshd_config" install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}" -info "5 - Set usable sshd port" -set_port "${jail}" auto -info "6 - Copie default inc configuration" +info "5 - Copie default inc configuration" install -m 0640 "${inctpl}" "${CONFDIR}/${jail}" +"${LIBDIR}/bkctld-port" "${jail}" auto notice "${jail} : created jail" diff --git a/lib/bkctld-ip b/lib/bkctld-ip deleted file mode 120000 index 5b4f890..0000000 --- a/lib/bkctld-ip +++ /dev/null @@ -1 +0,0 @@ -bkctld-params \ No newline at end of file diff --git a/lib/bkctld-ip b/lib/bkctld-ip new file mode 100755 index 0000000..3b8f10e --- /dev/null +++ b/lib/bkctld-ip @@ -0,0 +1,30 @@ +#!/bin/sh + +LIBDIR="$(dirname $0)" && . "${LIBDIR}/config" + +jail="${1:-}" +ip="${2:-}" +[ -n "${jail}" ] || usage +check_jail "${jail}" || error "${jail} : inexistant jail'" + +if [ -z "${ip}" ]; then + grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do + echo "${allow}"|cut -d'@' -f2 + done +else + if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then + ips="0.0.0.0/0" + else + ips=$("${LIBDIR}/bkctld-ip" "${jail}") + ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq) + fi + allow="AllowUsers" + for ip in $ips; do + allow="${allow} root@${ip}" + done + sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}" + set_firewall "${jail}" + notice "${jail} : update ip => ${ip}" + + check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}" +fi diff --git a/lib/bkctld-key b/lib/bkctld-key deleted file mode 120000 index 5b4f890..0000000 --- a/lib/bkctld-key +++ /dev/null @@ -1 +0,0 @@ -bkctld-params \ No newline at end of file diff --git a/lib/bkctld-key b/lib/bkctld-key new file mode 100755 index 0000000..4f26cf7 --- /dev/null +++ b/lib/bkctld-key @@ -0,0 +1,21 @@ +#!/bin/sh + +LIBDIR="$(dirname $0)" && . "${LIBDIR}/config" + +jail="${1:-}" +keyfile="${2:-}" +[ -n "${jail}" ] || usage +check_jail "${jail}" || error "${jail} : inexistant jail'" + +if [ -z "${keyfile}" ]; then + if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then + cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" + fi +else + [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !" + cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" + chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" + notice "${jail} : update key => ${keyfile}" + + check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}" +fi diff --git a/lib/bkctld-params b/lib/bkctld-params deleted file mode 100755 index f0fae46..0000000 --- a/lib/bkctld-params +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh - -LIBDIR="$(dirname $0)" && . "${LIBDIR}/config" - -jail="${1:-}" -params="${2:-}" -option="${3:-}" -[ -n "${jail}" ] || usage -check_jail "${jail}" || error "${jail} : inexistant jail'" - -if [ -z "${option}" ]; then - "get_${params}" "${jail}" -else - "set_${params}" "${jail}" "${option}" - check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}" - notice "${jail} : update ${params} => ${option}" -fi diff --git a/lib/bkctld-port b/lib/bkctld-port deleted file mode 120000 index 5b4f890..0000000 --- a/lib/bkctld-port +++ /dev/null @@ -1 +0,0 @@ -bkctld-params \ No newline at end of file diff --git a/lib/bkctld-port b/lib/bkctld-port new file mode 100755 index 0000000..ee73356 --- /dev/null +++ b/lib/bkctld-port @@ -0,0 +1,23 @@ +#!/bin/sh + +LIBDIR="$(dirname $0)" && . "${LIBDIR}/config" + +jail="${1:-}" +port="${2:-}" +[ -n "${jail}" ] || usage +check_jail "${jail}" || error "${jail} : inexistant jail'" + +if [ -z "${port}" ]; then + grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+" +else + if [ "${port}" = "auto" ]; then + port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1) + port=$((port+1)) + [ "${port}" -le 1 ] && port=2222 + fi + sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}" + set_firewall "${jail}" + notice "${jail} : update port => ${port}" + + check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}" +fi diff --git a/lib/bkctld-status b/lib/bkctld-status index e0082d2..2d3e9ba 100755 --- a/lib/bkctld-status +++ b/lib/bkctld-status @@ -12,6 +12,6 @@ if ( check_jail_on "${jail}" ); then else status="OFF" fi -port=$(get_port "${jail}") -ip=$(get_ip "${jail}"|xargs|tr -s ' ' ',') +port=$("${LIBDIR}/bkctld-port" "${jail}") +ip=$("${LIBDIR}/bkctld-ip" "${jail}"|xargs|tr -s ' ' ',') echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }' diff --git a/lib/functions b/lib/functions index d694c84..74d5b4f 100755 --- a/lib/functions +++ b/lib/functions @@ -46,26 +46,6 @@ check_jail_on() { return "${return}" } -get_port() { - jail="${1}" - port=$(grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+") - echo "${port}" -} - -get_key() { - jail="${1}" - if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then - cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" - fi -} - -get_ip() { - jail="${1}" - grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do - echo "${allow}"|cut -d'@' -f2 - done -} - get_inc() { jail="${1}" inc="0" @@ -77,43 +57,6 @@ get_inc() { echo "${inc}" } -set_port() { - jail="${1}" - port="${2}" - if [ "${port}" = "auto" ]; then - port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1) - port=$((port+1)) - [ "${port}" -le 1 ] && port=2222 - fi - sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}" - set_firewall "${jail}" -} - -set_key() { - jail="${1}" - keyfile="${2}" - [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !" - cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" - chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" -} - -set_ip() { - jail="${1}" - ip="${2}" - if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then - ips="0.0.0.0/0" - else - ips=$(get_ip "${jail}") - ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq) - fi - allow="AllowUsers" - for ip in $ips; do - allow="${allow} root@${ip}" - done - sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}" - set_firewall "${jail}" -} - set_firewall() { jail="${1}" if [ -n "${FIREWALL_RULES}" ]; then @@ -121,8 +64,8 @@ set_firewall() { sed -i "/#${jail}$/d" "${FIREWALL_RULES}" fi if ( check_jail "${jail}" ); then - port=$(get_port "${jail}") - for ip in $(get_ip "${jail}"); do + port=$("${LIBDIR}/bkctld-port" "${jail}") + for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}" done if [ -f /etc/init.d/minifirewall ]; then