rapid-tunneling:

 - Created server part RPM.


git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@6470 283159da-0705-0410-b60c-f2062b4bb6ad

7 files changed, 349 insertions, 63 deletions

diff --git a/Makefile b/Makefile
index 33c98a9..9b41431 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,10 @@
 PACKAGE	= rapid-tunneling
 SPEC	= rapid-tunneling.spec
 
-SOURCES = rapid-tunneling rapid-tunneling-status
+SCRIPTS = rapid-tunneling rapid-tunneling-status rtadm rt-from-remote
+CONFIGS = rtadm.config sshd_support_config
+INIT_D  = sshd_support
+SOURCES = Makefile $(SPEC) $(SCRIPTS) $(CONFIGS) $(INIT_D)
 
 VER	= $(shell awk '/^Version: / {print $$2}' $(SPEC)| head -n 1)
 REL	= $(shell awk '/^Release: / {print $$2}' $(SPEC)| head -n 1)
@@ -13,5 +16,17 @@ rpm: $(SPEC) SOURCES/$(PACKAGE)-$(VER).tar.gz
 	[ -e SPECS ] || ln -s . SPECS
 	cd SPECS; rpmbuild --target noarch --define "_topdir $(PWD)" -ba $(SPEC)
 
-SOURCES/$(PACKAGE)-%.tar.gz: $(SOURCES)
+SOURCES/$(PACKAGE)-$(VER).tar.gz: $(SOURCES)
 	tar czf $@ --transform 's|^|$(PACKAGE)-$(VER)/|' $^
+
+install:
+	install -m 755 -d $(DESTDIR)/usr/sbin
+	install -m 755 rapid-tunneling $(DESTDIR)/usr/sbin
+	install -m 755 rapid-tunneling-status $(DESTDIR)/usr/sbin
+	install -m 755 -d $(DESTDIR)/var/lib/rapid-tunneling	
+	install -m 755 rtadm $(DESTDIR)/usr/sbin
+	install -m 755 rt-from-remote $(DESTDIR)/usr/sbin
+	install -m 755 -d $(DESTDIR)/etc/default
+	install -m 644 rtadm.config $(DESTDIR)/etc/default/rtadm
+	install -m 755 -d $(DESTDIR)/etc/ssh
+	install -m 644 sshd_support_config $(DESTDIR)/etc/ssh
diff --git a/rapid-tunneling.spec b/rapid-tunneling.spec
index 5afe062..fc54a40 100644
--- a/rapid-tunneling.spec
+++ b/rapid-tunneling.spec
@@ -6,57 +6,33 @@ License: GPLv2
 Group: Applications/Internet
 URL: http://www.xorcom.com/
 Source: rapid-tunneling-%{version}.tar.gz
-#Patch0: libname.diff
-#Patch1: bristuff.diff
 Requires: openssh-clients busybox
 
-# Patch: libpri-1.2.3-cflags.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 
 %description
 RapidTunneling (tm) allows remote access to machines behind firewalls
 and NAT routers via SSH port forwarding.
 
-#%package devel
-#Summary: Header files and development libraries for libpri
-#Group: Development/Libraries
-#Requires: %{name} = %{version}
+%package server
+Summary: Server part of RapidTunneling
+Group: Applications/Internet
+Requires: openssh-server
 
-#%description devel
-#This package contains the header files needed to compile applications that
-#will use libpri.
+%description server
+This package contains the server files needed to run RapidTunneling Server.
 
 %prep
 %setup -q
-# %patch -p1 -b .cflags
-#%{__perl} -pi -e 's|(\$\(INSTALL_BASE\)/)lib|$1%{_lib}|g' Makefile
-#%patch0 -p1
-
-# this does basically:  cp -a . bristuff
-#mkdir %{bristuff_dir}
-#tar cf - . --exclude ./%{bristuff_dir} | tar xf - -C %{bristuff_dir}
-#cd %{bristuff_dir}
-#%patch1 -p1
 
 %build
-#export CFLAGS="%{optflags}"
-#%{__make} %{?_smp_mflags}
-
-#cd %{bristuff_dir}
-#%{__make} %{?_smp_mflags}  LIB_SUF=bristuffed
 
 %install
 %{__rm} -rf %{buildroot}
-%{__install} -m 755 -d %{buildroot}%{_sbindir}
-%{__install} -m 755 rapid-tunneling %{buildroot}%{_sbindir}
-%{__install} -m 755 rapid-tunneling-status %{buildroot}%{_sbindir}
-%{__install} -m 755 -d %{buildroot}/var/lib/rapid-tunneling
-
-#%{__rm} -rf %{buildroot}
-#%{__make} install INSTALL_PREFIX=%{buildroot}
-
-#cd %{bristuff_dir}
-#%{__make} install INSTALL_PREFIX=%{buildroot} LIB_SUF=bristuffed
+%{__make} install DESTDIR=%{buildroot}
+%{__mv} -f %{buildroot}/etc/default %{buildroot}/etc/sysconfig
+%{__install} -m 755 -d %{buildroot}/etc/init.d
+%{__install} -m 755 sshd_support %{buildroot}/etc/init.d
 
 %clean
 %{__rm} -rf %{buildroot}
@@ -67,19 +43,37 @@ useradd -d /var/lib/rapid-tunneling/home -m -u 0 -g 0 -o rapid-tunneling 2>/dev/
 
 %preun
 if [ "$1" = 0 ]; then
-	userdel -r rapid-tunneling || true
+	userdel -r rapid-tunneling || :
 fi
 
+%post server
+useradd -d /var/lib/rapid-tunneling-server -m support 2>/dev/null || :
+/sbin/chkconfig --add sshd_support
+
+%preun server
+if [ "$1" = 0 ]; then
+	/sbin/service sshd_support stop > /dev/null 2>&1 || :
+	/sbin/chkconfig --del sshd_support
+	userdel support || :
+fi
+
+%postun server
+/sbin/service sshd_support condrestart > /dev/null 2>&1 || :
+
 %files
 %defattr(-, root, root, 0755)
-#%doc ChangeLog LICENSE README TODO
-%{_sbindir}/*
+/usr/sbin/rapid-tunneling
+/usr/sbin/rapid-tunneling-status
 /var/lib/rapid-tunneling
 
-#%files devel
-#%defattr(-, root, root, 0755)
-#%{_sbindir}/*
+%files server
+%defattr(-, root, root, 0755)
+%config(noreplace) /etc/sysconfig/rtadm
+%config(noreplace) /etc/ssh/sshd_support_config
+/usr/sbin/rtadm
+/usr/sbin/rt-from-remote
+/etc/init.d/sshd_support
 
 %changelog
-* Sun Dec  8 2008 Alex Landau <alex.landau@xorcom.com> 1.0-1
+* Sun Dec 14 2008 Alex Landau <alex.landau@xorcom.com> 1.0-1
 - Initial RPM release.
diff --git a/from-remote b/rt-from-remote
index 178b4c1..89d6623 100755
--- a/from-remote
+++ b/rt-from-remote
@@ -30,7 +30,7 @@ comment=`grep "$pubkey" .ssh/authorized_keys | awk '{print $NF}'`
 mv -f ra/$comment-* ra/old 2>/dev/null
 mv $file ra/$comment-$$.tar.gz
 file=ra/$comment-$$.tar.gz
-keyfile=`echo $file | sed 's/.tar.gz$/-key/'`
+keyfile=ra/$comment-key
 tar xzf $file -O key > $keyfile || bad
 chmod 600 $keyfile
 log "Connection from $comment. SSH_CONNECTION='$SSH_CONNECTION', file=$file"
diff --git a/rtadm b/rtadm
index c51df44..e1e8746 100755
--- a/rtadm
+++ b/rtadm
@@ -1,35 +1,42 @@
 #!/bin/sh
 
-FROM_REMOTE_COMMAND=/usr/local/bin/from-remote
-HOSTNAME=tunnel.vserver
-PORT=2222
 USERNAME=support
+FROM_REMOTE_COMMAND=/usr/sbin/rt-from-remote
+
+[ -r /etc/default/rtadm ] && . /etc/default/rtadm
+[ -r /etc/sysconfig/rtadm ] && . /etc/sysconfig/rtadm
+
+if [ -z "$HOSTNAME" -o -z "$PORT" ]; then
+	echo "ERROR: Hostname or port not set in configuration file." 1>&2
+	exit 1
+fi
 
 create()
 {
 	set -e
 
-	KEY=tmp/key
 	TUNNEL_PORT=$1
 	COMMENT=$2
 
-	rm -rf tmp
-	mkdir tmp
+	rm -rf ~/tmp
+	mkdir ~/tmp
 	key_comment=ra-$TUNNEL_PORT-$COMMENT-`date '+%Y%m%d%H%M%S'`
-	ssh-keygen -q -t rsa -f tmp/key -N "" -C $key_comment
-	sed -i 's|^|#DISABLED#no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="127.0.0.1:65534",command="'"$FROM_REMOTE_COMMAND $TUNNEL_PORT"' |' tmp/key.pub
-	echo $HOSTNAME > tmp/host
-	echo $PORT > tmp/port
-	echo $USERNAME > tmp/user
-	echo $TUNNEL_PORT > tmp/tunnelport
-	tar -czf remote-access.tar.gz -C tmp host port user tunnelport key --owner root --group root
-	cat tmp/key.pub >> ~/.ssh/authorized_keys
+	ssh-keygen -q -t rsa -f ~/tmp/key -N "" -C $key_comment
+	sed -i 's|^|#DISABLED#no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="127.0.0.1:65534",command="'"$FROM_REMOTE_COMMAND $TUNNEL_PORT"'" |' ~/tmp/key.pub
+	echo $HOSTNAME > ~/tmp/host
+	echo $PORT > ~/tmp/port
+	echo $USERNAME > ~/tmp/user
+	echo $TUNNEL_PORT > ~/tmp/tunnelport
+	tar -czf remote-access.tar.gz -C ~/tmp host port user tunnelport key --owner root --group root
+	mkdir -m 700 -p ~/.ssh
+	umask 022
+	cat ~/tmp/key.pub >> ~/.ssh/authorized_keys
 
 	perl -e '$host="'ra-$COMMENT'"; $/=undef; $_=<>; s/^Host\s+(${host}$).*?((?=^Host)|\s*\Z)//gsm; print' ~/.ssh/config > ~/.ssh/config.new 2>/dev/null 
 	cat >> ~/.ssh/config.new <<EOF
 Host ra-$COMMENT
 	HostName localhost
-	User support
+	User rapid-tunneling
 	Port $TUNNEL_PORT
 	IdentityFile ~/ra/$key_comment-key
 	ForwardX11 no
@@ -103,8 +110,8 @@ usage()
 	echo "    # enable/disable future connections"
 	echo "  disconnect <comment>"
 	echo "    # disconnect connection"
-	echo "  delete [-d] <comment>"
-	echo "    # delete any trace of the connection, if -d specified, disconnect too"
+	echo "  delete <comment>"
+	echo "    # disconnect and delete any trace of the connection"
 	exit 1
 }
 
@@ -141,10 +148,9 @@ case "$1" in
 		;;
 	delete)
 		shift
-		[ "$1" = "-d" ] && do_disconnect=1 && shift
 		[ -z "$1" ] && usage
 		delete "$1"
-		[ "$do_disconnect" = 1 ] && disconnect "$1"
+		disconnect "$1"
 		;;
 	*)
 		usage
diff --git a/rtadm.config b/rtadm.config
new file mode 100644
index 0000000..e7734fb
--- /dev/null
+++ b/rtadm.config
@@ -0,0 +1,10 @@
+# rtadm (RapidTunneling Administrator) configuration options
+
+# Hostname of the server as seen by the client. This may be
+# a host name or an IP address.
+# Example: HOSTNAME=support.example.com
+HOSTNAME=
+
+# Port number on which the local SSH server listens.
+# If you change it below, change it also in /etc/ssh/sshd_support_config
+PORT=2222
diff --git a/sshd_support b/sshd_support
new file mode 100755
index 0000000..7120eaa
--- /dev/null
+++ b/sshd_support
@@ -0,0 +1,182 @@
+#!/bin/bash
+#
+# Init file for OpenSSH server daemon
+#
+# chkconfig: 2345 55 25
+# description: OpenSSH server daemon
+#
+# processname: sshd
+# config: /etc/ssh/ssh_host_key
+# config: /etc/ssh/ssh_host_key.pub
+# config: /etc/ssh/ssh_random_seed
+# config: /etc/ssh/sshd_support_config
+# pidfile: /var/run/sshd_support.pid
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+# pull in sysconfig settings
+[ -f /etc/sysconfig/sshd_support ] && . /etc/sysconfig/sshd_support
+
+RETVAL=0
+prog="sshd_support"
+
+# Some functions to make the below more readable
+KEYGEN=/usr/bin/ssh-keygen
+SSHD=/usr/sbin/sshd
+RSA1_KEY=/etc/ssh/ssh_host_key
+RSA_KEY=/etc/ssh/ssh_host_rsa_key
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
+PID_FILE=/var/run/sshd_support.pid
+PID_BASENAME=sshd_support
+CONFIG_FILE=/etc/ssh/sshd_support_config
+
+runlevel=$(set -- $(runlevel); eval "echo \$$#" )
+
+do_rsa1_keygen() {
+	if [ ! -s $RSA1_KEY ]; then
+		echo -n $"Generating SSH1 RSA host key: "
+		if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
+			chmod 600 $RSA1_KEY
+			chmod 644 $RSA1_KEY.pub
+			if [ -x /sbin/restorecon ]; then
+			    /sbin/restorecon $RSA1_KEY.pub
+			fi
+			success $"RSA1 key generation"
+			echo
+		else
+			failure $"RSA1 key generation"
+			echo
+			exit 1
+		fi
+	fi
+}
+
+do_rsa_keygen() {
+	if [ ! -s $RSA_KEY ]; then
+		echo -n $"Generating SSH2 RSA host key: "
+		if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
+			chmod 600 $RSA_KEY
+			chmod 644 $RSA_KEY.pub
+			if [ -x /sbin/restorecon ]; then
+			    /sbin/restorecon $RSA_KEY.pub
+			fi
+			success $"RSA key generation"
+			echo
+		else
+			failure $"RSA key generation"
+			echo
+			exit 1
+		fi
+	fi
+}
+
+do_dsa_keygen() {
+	if [ ! -s $DSA_KEY ]; then
+		echo -n $"Generating SSH2 DSA host key: "
+		if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
+			chmod 600 $DSA_KEY
+			chmod 644 $DSA_KEY.pub
+			if [ -x /sbin/restorecon ]; then
+			    /sbin/restorecon $DSA_KEY.pub
+			fi
+			success $"DSA key generation"
+			echo
+		else
+			failure $"DSA key generation"
+			echo
+			exit 1
+		fi
+	fi
+}
+
+do_restart_sanity_check()
+{
+	$SSHD -f $CONFIG_FILE -t
+	RETVAL=$?
+	if [ ! "$RETVAL" = 0 ]; then
+		failure $"Configuration file or keys are invalid"
+		echo
+	fi
+}
+
+start()
+{
+	# Create keys if necessary
+	do_rsa1_keygen
+	do_rsa_keygen
+	do_dsa_keygen
+	
+	cp -af /etc/localtime /var/empty/sshd/etc
+
+	echo -n $"Starting $prog: "
+	$SSHD -f $CONFIG_FILE -o "PidFile $PID_FILE" $OPTIONS && success || failure
+	RETVAL=$?
+	[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd_support
+	echo
+}
+
+stop()
+{
+	echo -n $"Stopping $prog: "
+	if [ -n "`pidfileofproc $PID_BASENAME`" ] ; then
+	    killproc $PID_BASENAME
+	else
+	    failure $"Stopping $prog"
+	fi
+	RETVAL=$?
+	# if we are in halt or reboot runlevel kill all running sessions
+	# so the TCP connections are closed cleanly
+	if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
+	    killall $prog 2>/dev/null
+	fi
+	[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd_support
+	echo
+}
+
+reload()
+{
+	echo -n $"Reloading $prog: "
+	if [ -n "`pidfileofproc $PID_BASENAME`" ] ; then
+	    killproc $PID_BASENAME -HUP
+	else
+	    failure $"Reloading $prog"
+	fi
+	RETVAL=$?
+	echo
+}
+
+case "$1" in
+	start)
+		start
+		;;
+	stop)
+		stop
+		;;
+	restart)
+		stop
+		start
+		;;
+	reload)
+		reload
+		;;
+	condrestart)
+		if [ -f /var/lock/subsys/sshd_support ] ; then
+			do_restart_sanity_check
+			if [ "$RETVAL" = 0 ] ; then
+				stop
+				# avoid race
+				sleep 3
+				start
+			fi
+		fi
+		;;
+	status)
+		status $PID_BASENAME
+		RETVAL=$?
+		;;
+	*)
+		echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
+		RETVAL=1
+esac
+exit $RETVAL
diff --git a/sshd_support_config b/sshd_support_config
new file mode 100644
index 0000000..9794b01
--- /dev/null
+++ b/sshd_support_config
@@ -0,0 +1,79 @@
+# Package generated configuration file
+# See the sshd(8) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 2222
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin no
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding no
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog no
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+UsePAM yes
+
+AllowUsers support