code clarification

2020-04-02 23:33:54 +02:00 · 2020-04-02 23:33:54 +02:00 · b141daca29
parent 092b204be2
commit b141daca29
3 changed files with 49 additions and 40 deletions
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@ -18,22 +18,23 @@ jail_path=$(jail_path "${jail_name}")
 test -d "${jail_path}" || error "${jail_name}: jail is missing."
 if [ -z "${ip}" ]; then
    # parse IP addresses from AllowUsers directives in sshd config
    grep -E "^AllowUsers" "${jail_path}/${SSHD_CONFIG}" | grep -Eo "root@[^ ]+" | while read allow; do
        echo "${allow}" | cut -d'@' -f2
    done
 else
    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
-        ips="0.0.0.0/0"
+        new_ips="0.0.0.0/0"
    else
-        ips=$("${LIBDIR}/bkctld-ip" "${jail_name}")
+        existing_ips=$("${LIBDIR}/bkctld-ip" "${jail_name}")
-        ips=$(echo "${ips}" "${ip}" | xargs -n1 | grep -v "0.0.0.0/0" | sort | uniq)
+        new_ips=$(echo "${existing_ips}" "${ip}" | xargs -n1 | grep -v "0.0.0.0/0" | sort | uniq)
    fi
-    allow="AllowUsers"
+    allow_users="AllowUsers"
-    for ip in $ips; do
+    for ip in ${new_ips}; do
-        allow="${allow} root@${ip}"
+        allow_users="${allow_users} root@${ip}"
    done
-    sed -i "s~^AllowUsers .*~${allow}~" "${jail_path}/${SSHD_CONFIG}"
+    sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_path}/${SSHD_CONFIG}"
-    notice "${jail_name}: update ip => ${ip}"
+    notice "${jail_name}: IP whitelist updated to ${ip}"
    "${LIBDIR}/bkctld-reload" "${jail_name}"
    "${LIBDIR}/bkctld-firewall" "${jail_name}"
 fi
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@ -17,6 +17,8 @@ test -d "${jail_path}" || error "${jail_name}: jail is missing."
 "${LIBDIR}/bkctld-is-on" "${jail_name}" && exit 0
 # Prepare the chroot
 (
    cd "${jail_path}" || error "${jail_name}: failed to change directory to ${jail_path}."
    grep -q "${jail_path}/proc" /proc/mounts || mount -t proc "proc-${jail_name}" proc
@ -38,10 +40,13 @@ mkdir -p dev/pts
    mkdir -p dev/shm
    grep -q "${jail_path}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
    grep -q "${jail_path}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
 )
 # Start SSH in the chroot
 chroot "${jail_path}" /usr/sbin/sshd -E /var/log/authlog || error "${jail_name}: failed to start sshd"
 pidfile="${jail_path}/${SSHD_PID}"
 # Wait for SSH to be up
 for try in $(seq 1 10); do
    test -f "${pidfile}" || sleep 0.3
 done
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@ -7,20 +7,23 @@
 # shellcheck source=./includes
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
-jail="${1:?}"
+jail_name="${1:?}"
-if [ ! -n "${jail}" ]; then
+if [ ! -n "${jail_name}" ]; then
    "${LIBDIR}/bkctld-help" && exit 1
 fi
-[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail ! Use '$0 status' for list all"
+[ -d "${JAILDIR}/${jail_name}" ] || error "${jail_name} : jail is missing.\nUse '$0 status [all]' to get the status of all jails."
-inc="0"
+incs_policy="0"
-if [ -f "${CONFDIR}/${jail}" ]; then
+if [ -f "${CONFDIR}/${jail_name}" ]; then
-    day=$(grep -c "day" "${CONFDIR}/${jail}")
+    days=$(grep -c "day" "${CONFDIR}/${jail_name}")
-    month=$(grep -c "month" "${CONFDIR}/${jail}")
+    months=$(grep -c "month" "${CONFDIR}/${jail_name}")
-    inc="${day}/${month}"
+    incs_policy="${days}/${months}"
 fi
 status="OFF"
-"${LIBDIR}/bkctld-is-on" "${jail}" && status="ON "
+"${LIBDIR}/bkctld-is-on" "${jail_name}" && status="ON "
-port=$("${LIBDIR}/bkctld-port" "${jail}")
+
-ip=$("${LIBDIR}/bkctld-ip" "${jail}"|xargs|tr -s ' ' ',')
+port=$("${LIBDIR}/bkctld-port" "${jail_name}")
-echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
+ip=$("${LIBDIR}/bkctld-ip" "${jail_name}" | xargs | tr -s ' ' ',')
 echo "${jail_name} ${status} ${port} ${incs_policy} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'