int start_shorewall(void) { if (!nvram_invmatch("shorewall_enable", "0")) return 0; stop_firewall(); stop_shorewall(); mkdir("/var/shorewall", 0700); nvram2file("sh_interfaces", "/var/shorewall/interfaces"); nvram2file("sh_masq", "/var/shorewall/masq"); nvram2file("sh_policy", "/var/shorewall/policy"); nvram2file("sh_routestopped", "/var/shorewall/route_stopped"); nvram2file("sh_rules", "/var/shorewall/rules"); nvram2file("sh_zones", "/var/shorewall/zones"); symlink("/usr/sbin/shorewall", "/var/shorewall/shorewall"); symlink("/usr/sbin/shorewall.conf", "/var/shorewall/shorewall.conf"); symlink("/usr/sbin/firewall", "/var/shorewall/firewall"); symlink("/usr/sbin/functions", "/var/shorewall/functions"); symlink("/usr/sbin/common.def", "/var/shorewall/common.def"); symlink("/usr/sbin/version", "/var/shorewall/version"); system("/var/shorewall/shorewall start"); return 0; }
void start_ftpsrv(void) { if (!nvram_match("proftpd_enable", "1")) return; FILE *fp, *tmp; char buf[256]; char user[256]; char pass[128]; mkdir("/tmp/proftpd", 0700); mkdir("/tmp/proftpd/etc", 0700); mkdir("/tmp/proftpd/var", 0700); if (nvram_invmatch("proftpd_passw", "")) { nvram2file("proftpd_passw", "/tmp/proftpd/etc/passwd.tmp"); tmp = fopen("/tmp/proftpd/etc/passwd.tmp", "rb"); fp = fopen("/tmp/proftpd/etc/passwd", "wb"); while (fgets(buf, sizeof(buf), tmp) != NULL) { if (sscanf(buf, "%s %s", user, pass) == 2) { if (strlen(pass) == 34) //we assume pass is alredy encrypted fprintf(fp, "%s:%s:0:0:Ftp User,,,:/tmp/root:/bin/sh\n", user, pass); else fprintf(fp, "%s:%s:0:0:Ftp User,,,:/tmp/root:/bin/sh\n", user, zencrypt(pass)); } } fclose(fp); fclose(tmp); unlink("/tmp/proftpd/etc/passwd.tmp"); } else eval("cp", "/tmp/etc/passwd", "/tmp/proftpd/etc/passwd"); // add ftp user (for anonymous access) if (nvram_match("proftpd_anon", "1")) { fp = fopen("/tmp/proftpd/etc/passwd", "ab"); fprintf(fp, "ftp:x:0:0:Ftp Anon,,,:/tmp/root:/bin/sh\n"); fclose(fp); } fp = fopen("/tmp/proftpd/etc/proftpd.conf", "wb"); fprintf(fp, "ServerName DD-WRT\n" "DefaultAddress %s\n" "ServerType standalone\n" "DefaultServer on\n" "ScoreboardFile /tmp/proftpd/etc/proftpd.scoreboard\n" "Port %s\n" "Umask 022\n" "MaxInstances 10\n" "MaxLoginAttempts 3\n" "User root\n" "Group root\n" "UseReverseDNS off\n" "IdentLookups off\n" "RootLogin on\n" "<Limit SITE_CHMOD>\n" " DenyAll\n" "</Limit>\n" "DelayEngine off\n" "WtmpLog off\n" "DefaultRoot /%s\n" "<Directory /%s/*>\n" " AllowOverwrite on\n" " <Limit WRITE>\n" "%s" " </Limit>\n" "</Directory>\n", nvram_safe_get("lan_ipaddr"), nvram_safe_get("proftpd_port"), nvram_safe_get("proftpd_dir"), nvram_safe_get("proftpd_dir"), nvram_match("proftpd_writeen", "on") ? "" : " DenyAll\n"); if (nvram_match("proftpd_rad", "0")) fprintf(fp,"AuthUserFile /tmp/proftpd/etc/passwd\n"); else { fprintf(fp,"AuthOrder mod_radius.c\n" "RadiusEngine on\n" "RadiusAuthServer %s:%s %s 5\n" "RadiusAcctServer %s:%s %s 5\n", nvram_safe_get("proftpd_authserverip"), nvram_safe_get("proftpd_authserverport"), nvram_safe_get("proftpd_sharedkey"), nvram_safe_get("proftpd_authserverip"), nvram_safe_get("proftpd_acctserverport"), nvram_safe_get("proftpd_sharedkey")); fprintf(fp,"RadiusUserInfo 0 0 %s /bin/false\n",nvram_safe_get("proftpd_dir")); } // Anonymous ftp - read only if (nvram_match("proftpd_anon", "1")) { fprintf(fp, "<Anonymous /%s%s>\n" "User ftp\n" "Group root\n" "UserAlias anonymous ftp\n" "<Directory *>\n" " <Limit WRITE>\n" " DenyAll\n" " </Limit>\n" "</Directory>\n" "</Anonymous>\n", nvram_safe_get("proftpd_dir"), nvram_safe_get("proftpd_anon_subdir")); } fclose(fp); eval("proftpd"); syslog(LOG_INFO, "Proftpd : proftpd server successfully started\n"); return; }