Current File : //usr/share/webmin/sshd/sshd-lib.pl
#!/usr/bin/perl
# sshd-lib.pl
# Common functions for the ssh daemon config file

BEGIN { push(@INC, ".."); };
use WebminCore;
&init_config();

# Get version information
if (!&read_file("$module_config_directory/version", \%version)) {
	%version = &get_sshd_version();
	}

# get_sshd_version()
# Returns a hash containing the version type, number and full version
sub get_sshd_version
{
local %version;
local $out = &backquote_command(
	&quote_path($config{'sshd_path'})." -h 2>&1 </dev/null");
if ($config{'sshd_version'}) {
	# Forced version
	$version{'type'} = 'openssh';
	$version{'number'} = $version{'full'} = $config{'sshd_version'};
	}
elsif ($out =~ /(sshd\s+version\s+([0-9\.]+))/i ||
    $out =~ /(ssh\s+secure\s+shell\s+([0-9\.]+))/i) {
	# Classic commercial SSH
	$version{'type'} = 'ssh';
	$version{'number'} = $2;
	$version{'full'} = $1;
	}
elsif ($out =~ /(OpenSSH.([0-9\.]+))/i) {
	# OpenSSH .. assume all versions are supported
	$version{'type'} = 'openssh';
	$version{'number'} = $2;
	$version{'full'} = $1;
	}
elsif ($out =~ /(Sun_SSH_([0-9\.]+))/i) {
	# Solaris 9 SSH is actually OpenSSH 2.x
	$version{'type'} = 'openssh';
	$version{'number'} = 2.0;
	$version{'full'} = $1;
	}
elsif (($out = $config{'sshd_version'}) && ($out =~ /(Sun_SSH_([0-9\.]+))/i)) {
	# Probably Solaris 10 SSHD that didn't display version.  Use it.
	$version{'type'} = 'openssh';
	$version{'number'} = 2.0;
	$version{'full'} = $1;
	}
return %version;
}

# get_sshd_config()
# Returns a reference to an array of SSHD config file options
sub get_sshd_config
{
local @rv = ( { 'dummy' => 1,
		'indent' => 0,
		'file' => $config{'sshd_config'},
		'line' => -1,
		'eline' => -1 } );
local $lnum = 0;
open(CONF, "<".$config{'sshd_config'});
while(<CONF>) {
	s/\r|\n//g;
	s/^\s*#.*$//g;
	local ($name, @values) = split(/\s+/, $_);
	if ($name) {
		local $dir = { 'name' => $name,
			       'values' => \@values,
			       'file' => $config{'sshd_config'},
			       'line' => $lnum };
		push(@rv, $dir);
		}
	$lnum++;
	}
close(CONF);
return \@rv;
}

# find_value(name, &config)
sub find_value
{
foreach $c (@{$_[1]}) {
	if (lc($c->{'name'}) eq lc($_[0])) {
		return wantarray ? @{$c->{'values'}} : $c->{'values'}->[0];
		}
	}
return wantarray ? ( ) : undef;
}

# find(value, &config)
sub find
{
local @rv;
foreach $c (@{$_[1]}) {
	if (lc($c->{'name'}) eq lc($_[0])) {
		push(@rv, $c);
		}
	}
return wantarray ? @rv : $rv[0];
}

# save_directive(name, &config, [value*|&values], [before])
sub save_directive
{
local @o = &find($_[0], $_[1]);
local @n = ref($_[2]) ?
		grep { defined($_) } @{$_[2]} :
		grep { defined($_) } @_[2..@_-1];
local $lref = &read_file_lines($_[1]->[0]->{'file'});
local $id = ("\t" x $_[1]->[0]->{'indent'});
local $i;
local $before = $_[3] && ref($_[2]) ? &find($_[3], $_[1]) : undef;
for($i=0; $i<@o || $i<@n; $i++) {
	if (defined($o[$i]) && defined($n[$i])) {
		# Replacing a line
		$lref->[$o[$i]->{'line'}] = "$id$_[0] $n[$i]";
		}
	elsif (defined($o[$i])) {
		# Removing a line
		splice(@$lref, $o[$i]->{'line'}, 1);
		foreach $c (@{$_[1]}) {
			if ($c->{'line'} > $o[$i]->{'line'}) {
				$c->{'line'}--;
				}
			}
		}
	elsif (defined($n[$i]) && !$before) {
		# Adding a line at the end, but before the first Match directive
		local $ll = $_[1]->[@{$_[1]}-1]->{'line'};
		foreach my $m (&find("Match", $_[1])) {
			$ll = $m->{'line'} - 1;
			last;
			}
		splice(@$lref, $ll+1, 0, "$id$_[0] $n[$i]");
		}
	elsif (defined($n[$i]) && $before) {
		# Adding a line before the first instance of some directive
		splice(@$lref, $before->{'line'}, 0, "$id$_[0] $n[$i]");
		foreach $c (@{$_[1]}) {
			if ($c->{'line'} >= $before->{'line'}) {
				$c->{'line'}--;
				}
			}
		}
	}
}

# save_socket(ports, listens)
sub save_socket
{
my ($ports, $listens) = @_;
return if ($version{'number'} < 6.7);
return if (!&foreign_available('init'));
&foreign_require('init');
my $default_port = 22;
my $socket_unit = &get_ssh_socket();
return if (!$socket_unit);

# Extend listens with IPs from default socket configuration if set
my $socket_details = &init::cat_systemd($socket_unit, 'ListenStream');
my ($socket_conf_file, $socket_conf_dir);
my @default_streams;
foreach my $entry (@$socket_details) {
	next if ($entry->{'file'} =~ m{^/run}); # Skip runtime files
	my $streams = $entry->{'sections'}{'Socket'}{'ListenStream'};
	if ($entry->{'file'} =~ m{^/etc}) {
		if (defined($streams)) {
			# Determine the socket configuration file and
			# directory from the custom config that defines
			# ListenStream to support multiple socket
			# override files (edge case)
			($socket_conf_dir, $socket_conf_file) =
				$entry->{'file'} =~ m|^(.*/)([^/]+)$|;
			$socket_conf_dir =~ s|/$|| if ($socket_conf_dir);
			}
		next;
		}
	if ($streams) {
		foreach my $stream (@$streams) {
			if ($stream =~ /^(?:\[(.+?)\]|([^:]+)):\d+$/) {
				my $address = defined($1) ? "[$1]" : $2;
				push(@default_streams, $address)
				}
			}
		}
	}

my @result;

# Set default port if empty
$ports = [$default_port] if (!@$ports);

# Check if port is different from default
my $port = @$ports == 1 && $ports->[0] == $default_port;

if (@$listens) {
	# Process listens
	foreach my $listen (@$listens) {
		if ($listen =~ /:\d+$/) {
			# If listen already contains a port, keep it as is
			push(@result, $listen);
			}
		elsif ($listen =~ /^\[.*\]$/) {
			# IPv6 address without a port
			push(@result, map { "$listen:$_" } @$ports);
			}
		else {
			# IPv4 address or hostname without a port
			push(@result, map { "$listen:$_" } @$ports);
			}
		}
	}

# Add ports not already in @result
if (!$port || @result) {
	foreach my $port (@$ports) {
		unless (grep { /:$port$/ } @result) {
			if (@default_streams) {
				push(@result, map { "$_:$port" }
					@default_streams);
				}
			else {
				push(@result, $port);
				}
			}
		}
	}

# Update socket if @results not empty
my $socket_conf = { 'Socket' => {} };
if (@result) {
	unshift(@result, '');
	$socket_conf = {
		'Socket' => {
			'ListenStream' => \@result,
			},
		};
	}
&init::edit_systemd($socket_unit, $socket_conf,
	$socket_conf_file, $socket_conf_dir);
}

# scmd(double)
sub scmd
{
if ($cmd_count % 2 == 0) {
	print "<tr>\n";
	}
elsif ($_[0]) {
	print "<td colspan=2></td> </tr>\n";
	print "<tr>\n";
	$cmd_count = 0;
	}
$cmd_count += ($_[0] ? 2 : 1);
}

# ecmd()
sub ecmd
{
if ($cmd_count % 2 == 0) {
	print "</tr>\n";
	}
}

# get_client_config()
# Returns a list of structures, one for each host
sub get_client_config
{
local @rv = ( { 'dummy' => 1,
		'indent' => 0,
		'file' => $config{'client_config'},
		'line' => -1,
		'eline' => -1 } );
local $host;
local $lnum = 0;
open(CLIENT, "<".$config{'client_config'});
while(<CLIENT>) {
	s/\r|\n//g;
	s/^\s*#.*$//g;
	s/^\s*//g;
	local ($name, @values) = split(/\s+/, $_);
	if (lc($name) eq 'host') {
		# Start of new host
		$host = { 'name' => $name,
			  'values' => \@values,
			  'file' => $config{'client_config'},
			  'line' => $lnum,
			  'eline' => $lnum,
			  'members' => [ { 'dummy' => 1,
					   'indent' => 1,
					   'file' => $config{'client_config'},
					   'line' => $lnum } ] };
		push(@rv, $host);
		}
	elsif ($name) {
		# A directive inside a host
		local $dir = { 'name' => $name,
			       'values' => \@values,
			       'file' => $config{'client_config'},
			       'line' => $lnum };
		push(@{$host->{'members'}}, $dir);
		$host->{'eline'} = $lnum;
		}
	$lnum++;
	}
close(CLIENT);
return \@rv;
}

# create_host(&host)
sub create_host
{
local $lref = &read_file_lines($config{'client_config'});
$_[0]->{'line'} = $_[0]->{'eline'} = scalar(@$lref);
push(@$lref, "Host ".join(" ", @{$_[0]->{'values'}}));
$_[0]->{'members'} = [ { 'dummy' => 1,
			 'indent' => 1,
			 'file' => $config{'client_config'},
			 'line' => $_[0]->{'line'} } ];
}

# modify_host(&host)
sub modify_host
{
local $lref = &read_file_lines($config{'client_config'});
$lref->[$_[0]->{'line'}] = "Host ".join(" ", @{$_[0]->{'values'}});
}

# delete_host(&host)
sub delete_host
{
local $lref = &read_file_lines($config{'client_config'});
splice(@$lref, $_[0]->{'line'}, $_[0]->{'eline'} - $_[0]->{'line'} + 1);
}

# get_ssh_socket()
sub get_ssh_socket
{
return undef if ($version{'number'} < 6.7); 
return undef if (!&foreign_available('init'));
&foreign_require('init');
return undef if ($init::init_mode ne 'systemd');
my @socket_units = ('ssh.socket', 'sshd.socket');
my $socket_unit;
foreach (@socket_units) {
	if (&init::action_status($_) == 2) {
		$socket_unit = $_;
		last;
		}
	}
return $socket_unit if ($socket_unit);
return undef;
}

# restart_sshd()
# Re-starts the SSH server, and returns an error message on failure or
# undef on success
sub restart_sshd
{
if (my $ssh_socket = &get_ssh_socket()) {
	&init::restart_action($ssh_socket);
	}
elsif ($config{'restart_cmd'}) {
	local $out = `$config{'restart_cmd'} 2>&1 </dev/null`;
	return "<pre>$out</pre>" if ($?);
	}
else {
	local $pid = &get_sshd_pid();
	$pid || return $text{'apply_epid'};
	&kill_logged('HUP', $pid);
	}
return undef;
}

# stop_sshd()
# Kills the SSH server, and returns an error message on failure or
# undef on success
sub stop_sshd
{
if (my $ssh_socket = &get_ssh_socket()) {
	&init::stop_action($ssh_socket);
	}
elsif ($config{'stop_cmd'}) {
	local $out = `$config{'stop_cmd'} 2>&1 </dev/null`;
	return "<pre>$out</pre>" if ($?);
	}
else {
	local $pid = &get_sshd_pid();
	$pid || return $text{'apply_epid'};
	&kill_logged('TERM', $pid);
	}
return undef;
}

# start_sshd()
# Attempts to start the SSH server, returning undef on success or an error
# message on failure.
sub start_sshd
{
# Remove PID file if invalid
if (-f $config{'pid_file'} && !&check_pid_file($config{'pid_file'})) {
	&unlink_file($config{'pid_file'});
	}
if (my $ssh_socket = &get_ssh_socket()) {
	&init::start_action($ssh_socket);
	}
elsif ($config{'start_cmd'}) {
	$out = &backquote_logged("$config{'start_cmd'} 2>&1 </dev/null");
	if ($?) { return "<pre>$out</pre>"; }
	}
else {
	$out = &backquote_logged("$config{'sshd_path'} 2>&1 </dev/null");
	if ($?) { return "<pre>$out</pre>"; }
	}
return undef;
}

# get_pid_file()
# Returns the SSH server PID file
sub get_pid_file
{
local $conf = &get_sshd_config();
local $pidfile = &find_value("PidFile", $conf);
$pidfile ||= $config{'pid_file'};
return $pidfile;
}

# get_sshd_pid()
# Returns the PID of the running SSHd process
sub get_sshd_pid
{
local $file = &get_pid_file();
if ($file) {
	return &check_pid_file($file);
	}
else {
	local ($rv) = &find_byname("sshd");
	return $rv;
	}
}

# get_mlvalues(file, id, [splitchar])
# Return an array with values from a file, where the
# values are one per line with an id preceding them
sub get_mlvalues
{
local @rv;
local $_;
local $split = defined($_[2]) ? $_[2] : " ";
local $realfile = &translate_filename($_[0]);
&open_readfile(ARFILE, $_[0]) || return 0;
while(<ARFILE>) {
	chomp;
	local $hash = index($_, "#");
	local $eq = index($_, $split);
	if ($hash != 0 && $eq >= 0) {
		local $n = substr($_, 0, $eq);
		local $v = substr($_, $eq+1);
		chomp($v);
		if ($n eq $_[1]) {
			push(@rv, $v);
						}
        	}
        }
close(ARFILE);
return @rv;
}

# list_syslog_facilities()
# Returns an upper-case list of syslog facility names
sub list_syslog_facilities
{
local @facils;
if (&foreign_check("syslog")) {
	local %sconfig = &foreign_config("syslog");
	@facils = map { uc($_) } split(/\s+/, $sconfig{'facilities'});
	}
if (!@facils) {
	@facils = ( 'DAEMON', 'USER', 'AUTH', 'AUTHPRIV', 'LOCAL0', 'LOCAL1', 'LOCAL2',
		    'LOCAL3', 'LOCAL4', 'LOCAL5', 'LOCAL6', 'LOCAL7' );
	}
return @facils;
}

sub list_logging_levels
{
return ('QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE', 'DEBUG');
}

sub yes_no_default_radio
{
local ($name, $val) = @_;
return &ui_radio($name, (lc($val) eq 'yes' || $val =~ /^\d+$/ && $val > 0) ? 1 :
			(lc($val) eq 'no' || $val =~ /^\d+$/) ? 0 : 2,
		 [ [ 1, $text{'yes'} ], [ 0, $text{'no'} ],
		   [ 2, $text{'default'} ] ]);
}

sub get_preferred_key_type
{
if ($version{'type'} eq 'openssh' && $version{'number'} >= 6.5) {
	return "ed25519";
	}
if ($version{'type'} eq 'openssh' && $version{'number'} >= 3.2) {
	return "rsa1";
	}
return undef;
}

1;