int start_shorewall(void)
{
if (!nvram_invmatch("shorewall_enable", "0"))
return 0;
stop_firewall();
stop_shorewall();
mkdir("/var/shorewall", 0700);
nvram2file("sh_interfaces", "/var/shorewall/interfaces");
nvram2file("sh_masq", "/var/shorewall/masq");
nvram2file("sh_policy", "/var/shorewall/policy");
nvram2file("sh_routestopped", "/var/shorewall/route_stopped");
nvram2file("sh_rules", "/var/shorewall/rules");
nvram2file("sh_zones", "/var/shorewall/zones");
symlink("/usr/sbin/shorewall", "/var/shorewall/shorewall");
symlink("/usr/sbin/shorewall.conf", "/var/shorewall/shorewall.conf");
symlink("/usr/sbin/firewall", "/var/shorewall/firewall");
symlink("/usr/sbin/functions", "/var/shorewall/functions");
symlink("/usr/sbin/common.def", "/var/shorewall/common.def");
symlink("/usr/sbin/version", "/var/shorewall/version");
system("/var/shorewall/shorewall start");
return 0;
}
void start_ftpsrv(void)
{
if (!nvram_match("proftpd_enable", "1"))
return;
FILE *fp, *tmp;
char buf[256];
char user[256];
char pass[128];
mkdir("/tmp/proftpd", 0700);
mkdir("/tmp/proftpd/etc", 0700);
mkdir("/tmp/proftpd/var", 0700);
if (nvram_invmatch("proftpd_passw", "")) {
nvram2file("proftpd_passw", "/tmp/proftpd/etc/passwd.tmp");
tmp = fopen("/tmp/proftpd/etc/passwd.tmp", "rb");
fp = fopen("/tmp/proftpd/etc/passwd", "wb");
while (fgets(buf, sizeof(buf), tmp) != NULL) {
if (sscanf(buf, "%s %s", user, pass) == 2) {
if (strlen(pass) == 34) //we assume pass is alredy encrypted
fprintf(fp,
"%s:%s:0:0:Ftp User,,,:/tmp/root:/bin/sh\n",
user, pass);
else
fprintf(fp,
"%s:%s:0:0:Ftp User,,,:/tmp/root:/bin/sh\n",
user, zencrypt(pass));
}
}
fclose(fp);
fclose(tmp);
unlink("/tmp/proftpd/etc/passwd.tmp");
} else
eval("cp", "/tmp/etc/passwd", "/tmp/proftpd/etc/passwd");
// add ftp user (for anonymous access)
if (nvram_match("proftpd_anon", "1")) {
fp = fopen("/tmp/proftpd/etc/passwd", "ab");
fprintf(fp, "ftp:x:0:0:Ftp Anon,,,:/tmp/root:/bin/sh\n");
fclose(fp);
}
fp = fopen("/tmp/proftpd/etc/proftpd.conf", "wb");
fprintf(fp,
"ServerName DD-WRT\n"
"DefaultAddress %s\n"
"ServerType standalone\n"
"DefaultServer on\n"
"ScoreboardFile /tmp/proftpd/etc/proftpd.scoreboard\n"
"Port %s\n"
"Umask 022\n"
"MaxInstances 10\n"
"MaxLoginAttempts 3\n"
"User root\n"
"Group root\n"
"UseReverseDNS off\n"
"IdentLookups off\n"
"RootLogin on\n"
"<Limit SITE_CHMOD>\n"
" DenyAll\n"
"</Limit>\n"
"DelayEngine off\n"
"WtmpLog off\n"
"DefaultRoot /%s\n"
"<Directory /%s/*>\n"
" AllowOverwrite on\n"
" <Limit WRITE>\n"
"%s"
" </Limit>\n"
"</Directory>\n",
nvram_safe_get("lan_ipaddr"),
nvram_safe_get("proftpd_port"),
nvram_safe_get("proftpd_dir"),
nvram_safe_get("proftpd_dir"),
nvram_match("proftpd_writeen", "on") ? "" : " DenyAll\n");
if (nvram_match("proftpd_rad", "0"))
fprintf(fp,"AuthUserFile /tmp/proftpd/etc/passwd\n");
else {
fprintf(fp,"AuthOrder mod_radius.c\n"
"RadiusEngine on\n"
"RadiusAuthServer %s:%s %s 5\n"
"RadiusAcctServer %s:%s %s 5\n",
nvram_safe_get("proftpd_authserverip"),
nvram_safe_get("proftpd_authserverport"),
nvram_safe_get("proftpd_sharedkey"),
nvram_safe_get("proftpd_authserverip"),
nvram_safe_get("proftpd_acctserverport"),
nvram_safe_get("proftpd_sharedkey"));
fprintf(fp,"RadiusUserInfo 0 0 %s /bin/false\n",nvram_safe_get("proftpd_dir"));
}
// Anonymous ftp - read only
if (nvram_match("proftpd_anon", "1")) {
fprintf(fp,
"<Anonymous /%s%s>\n"
"User ftp\n"
"Group root\n"
"UserAlias anonymous ftp\n"
"<Directory *>\n"
" <Limit WRITE>\n"
" DenyAll\n"
" </Limit>\n"
"</Directory>\n"
"</Anonymous>\n",
nvram_safe_get("proftpd_dir"),
nvram_safe_get("proftpd_anon_subdir"));
}
fclose(fp);
eval("proftpd");
syslog(LOG_INFO, "Proftpd : proftpd server successfully started\n");
return;
}
