From 651ba7cce4fd5bc01edf6902e0f08c7c93527d00 Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Wed, 24 Sep 2008 15:21:17 +0000 Subject: Modified openssh. Changed expert, status, and startstop to links. Modified config to use standard cfes. Modified peers to account for dns names. git-svn-id: svn://svn.alpinelinux.org/acf/openssh/trunk@1489 ab2d0c66-481e-0410-8bed-d214d4d58bed --- openssh-model.lua | 201 ++++++++++++++++++++++-------------------------------- 1 file changed, 82 insertions(+), 119 deletions(-) (limited to 'openssh-model.lua') diff --git a/openssh-model.lua b/openssh-model.lua index 4df9abd..4aac198 100644 --- a/openssh-model.lua +++ b/openssh-model.lua @@ -4,8 +4,6 @@ module(..., package.seeall) require("modelfunctions") require("validator") require("fs") -require("posix") -require("getopts") -- Set variables local configfile = "/etc/ssh/sshd_config" @@ -14,92 +12,40 @@ local packagename = "openssh-server" local header = "SSH" local path="PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin " -local default = { - Port = 22, - ListenAddress = "0.0.0.0", --- PermitRootLogin = true, - PasswordAuthentication = true, - UseDNS = true, -} - -- ################################################################################ -- LOCAL FUNCTIONS -local function parseconfigfile(file) - file = file or "" - local retval = {} - for line in string.gmatch(file, "([^\n]+)\n?") do - line = string.gsub(line, "#.*$", "") - if line and line ~= "" then - table.insert(retval, {}) - for word in string.gmatch(line, "%S+") do - table.insert(retval[#retval], word) - end - end - end - - return retval -end - -- return "Yes" or "No" on true/false or value as string local function config_value(value) if type(value) == "boolean" then if value then - return "Yes" + return "yes" else - return "No" + return "no" end end return tostring(value) end -local function validateconfig(config) +local function validate_config(config) + local success = true - if config.ListenAddress and not validator.is_ipv4(config.ListenAddress) then - return false, { ['ListenAddress'] = "You entered invalid IP", } + if not validator.is_ipv4(config.value.ListenAddress.value) then + config.value.ListenAddress.errtxt = "Invalid IP" + success = false end - - if config.Port and not validator.is_port(config.Port) then - return false, { ['Port'] = "You entered invalid Port", } + if not validator.is_port(config.value.Port.value) then + config.value.Port.value = "Invalid Port" + success = false end - return true + return success, config end + -- ################################################################################ -- PUBLIC FUNCTIONS --- valid keywords and default config - -function read_config() - local conf = {} - local f = io.open(configfile, "r") - local line, key, _, k, v - - if not f then - return nil - end - - -- clone default conf - for k, v in pairs(default) do - conf[k] = v - end - - for line in f:lines() do - line = string.gsub(line, "#.*", "") - for key, _ in pairs(default) do - local k,v = string.match(line, "^("..key..")%s+(.*)") - if k then - conf[k] = v - end - end - end - f:close() - return conf -end - - -function startstop_service(action)require("getopts") - +function startstop_service(action) return modelfunctions.startstop_service(processname, action) end @@ -116,49 +62,61 @@ function setconfigfile(filedetails) return modelfunctions.setfiledetails(filedetails) end -function write_config(config) - local k, v, lines, i,j - local errtxt = {} - local conf = {} +function read_config() + local output = {} + output.Port = cfe({ value=22, label="Port" }) + output.ListenAddress = cfe({ value="0.0.0.0", label="Listen address" }) + output.PermitRootLogin = cfe({ type="boolean", value=true, label="Permit Root Login" }) + output.PasswordAuthentication = cfe({ type="boolean", value=true, label="Password Authentication" }) + output.UseDNS = cfe({ type="boolean", value=true, label="Use DNS" }) + + local config = format.parse_configfile(fs.read_file(configfile)) + if config then + output.Port.value = config.Port or output.Port.value + output.ListenAddress.value = config.ListenAddress or output.ListenAddress.value + output.PermitRootLogin.value = not (config.PermitRootLogin == "no") + output.PasswordAuthentication.value = not (config.PasswordAuthentication == "no") + output.UseDNS.value = not (config.UseDNS == "no") + end + + return cfe({ type="group", value=output, label="OpenSSH Config" }) +end - local validated, errtxt = validateconfig(config) - if not validated then - return false, errtxt - end +function update_config(config) + local success, config = validate_config(config) - -- filter out unsupported keys - for k,v in pairs(default) do - if (config[k] == nil) or (config[k] == "") then - conf[k] = "no" - else - conf[k] = config[k] + if success then + for name,val in pairs(config.value) do + val.line = name.." "..config_value(val.value) end - end - lines = fs.read_file_as_array(configfile) or {} - for i, j in ipairs(lines) do - for k, v in pairs(conf) do - if string.match(j, "^#?"..k.."%s+") then - lines[i] = k .. " " .. config_value(v) - conf[k] = nil + local lines = {} + for line in string.gmatch(fs.read_file(configfile) or "", "([^\n]*)\n?") do + for name,val in pairs(config.value) do + if val.line and string.find(line, "^%s*#?%s*"..name) then + if string.find(line, "^%s*#") then + lines[#lines+1] = val.line + else + line = val.line + end + val.line = nil + end end + lines[#lines+1] = line end - end - -- append config opts to end - for k,v in pairs(conf) do - table.insert(lines, k .. " " .. config_value(v)) + for name,val in pairs(config.value) do + if val.line then + lines[#lines+1] = val.line + val.line = nil + end + end + fs.write_file(configfile, string.gsub(table.concat(lines, "\n"), "\n+$", "")) + else + config.errtxt = "Failed to save config" end - -- write file - posix.mkdir(posix.dirname(configfile)) - local f = io.open(configfile, "w") - for _,i in ipairs(lines) do - f:write(i.."\n") - end - f:close() - - return true + return config end function list_conn_peers() @@ -167,42 +125,47 @@ function list_conn_peers() local ps = {} local who = {} config = read_config() - local f = io.popen( path .. 'netstat -lna | grep ' .. tostring(config.Port) .. ' | grep "ESTABLISHED"' ) + local f = io.popen( path .. 'netstat -lna | grep ":' .. tostring(config.value.Port.value) .. ' " | grep "ESTABLISHED"' ) for line in f:lines() do - local peer = string.match(line, "^%S*%s*%S*%s*%S*%s*%S*%s*(%S*)") - peer = string.match(peer, "(%d*%.%d*%.%d*%.%d*):%d*$") - if (peer) then - if not (netstat[peer]) then netstat[peer] = {cnt=0} end - netstat[peer]['cnt'] = (tonumber(netstat[peer]['cnt']) + 1) + local peer = string.match(line, "^%S+%s+%S+%s+%S+%s+%S+%s+(%S+)") + peer = string.match(peer, "(%d+%.%d+%.%d+%.%d+):%d*$") + if peer then + if not netstat[peer] then + local g = io.popen( path .. "dnsname " .. peer) + local name = g:read("*l") + g:close() + netstat[peer] = {cnt=0, name=name} + end + netstat[peer].cnt = netstat[peer].cnt + 1 end end f:close() local f = io.popen( path .. 'ps | grep "sshd:" | grep -v "grep"' ) for line in f:lines() do - table.insert(ps, string.match(line,".-%@(%S*)$")) + table.insert(ps, string.match(line,"@(%S+)")) end f:close() for peer,v in pairs(netstat) do - if not (netstat[peer]['tty']) then netstat[peer]['tty'] = {} end - local f = io.popen( path .. 'who | grep "' .. tostring(peer) .. '" | egrep "' .. table.concat(ps, "|") .. '"' ) + if not (netstat[peer].tty) then netstat[peer].tty = {} end + local cmd = path .. 'who | egrep "' .. peer + if v.name and v.name ~= "" then cmd = cmd .. '|' .. v.name end + cmd = cmd .. '" | egrep "' .. table.concat(ps, "|") .. '"' + local f = io.popen( cmd ) for line in f:lines() do local user,tty,idle,time = string.match(line, "^(%S*)%s*(%S*)%s*(%S*)%s*(%S*%s*%S*%s*%S*)") - table.insert(netstat[peer]['tty'], { - user=user, - tty=tty, - idle=idle, - time=time, + table.insert(netstat[peer].tty, { + user=user, + tty=tty, + idle=idle, + time=time, }) end f:close() - end - - for k,v in pairs(netstat) do table.insert(output, v) - output[#output]['host'] = k + output[#output]['host'] = peer end return output -- cgit v1.2.3