#!/bin/bash if [ "`id -u`" != "0" ]; then echo "Must be run as root" exit 1 fi user="$1" if [ "$user" == "" ]; then user=`cat /root/submissions/user 2>/dev/null` if [ "$user" == "" ]; then echo "parameter user missing. Usage: $0 [] []" exit 1 fi fi if [ "$2" != "" ]; then BOCASERVER=$2 else if [[ ! -e /etc/bocaip ]] ; then echo "O IP do servidor boca nao configurado. Usando bombonera.org" BOCASERVER=50.116.19.221 else source /etc/bocaip BOCASERVER=$BOCAIP fi fi if [ "$BOCASERVER" == "" ]; then echo "BOCA server not defined. Aborting" exit 1 fi echo "Server at $BOCASERVER" for i in wget sha256sum cut; do p=`which $i` if [ -x "$p" ]; then echo -n "" else echo "$i" not found exit 1 fi done temp=/root/.temp.`date +%s%N`.txt mkdir -p /root/.ssh if [ ! -f /root/.ssh/$BOCASERVER -o ! -f /root/.ssh/$BOCASERVER.pub -o ! -f /root/.ssh/authorized_keys -o "$3" != "" ]; then ssh-keygen -q -f /root/.ssh/$BOCASERVER -t rsa -b 4096 -C "${user}@bombonera.org" -N '' echo -e "Host $BOCASERVER\n HostName $BOCASERVER\n User bocassh\n IdentityFile /root/.ssh/$BOCASERVER\n" > /root/.ssh/config chmod 600 /root/.ssh/config if [ -f /root/submissions/code ]; then ress=`cat /root/submissions/code` else read -s -p "Password: " pass echo "" ress=`echo -n $pass | sha256sum - | cut -f1 -d' '` fi md=`wget -4 --no-check-certificate -t 2 -T 5 -S https://$BOCASERVER/boca/updatessh.php -O /dev/null --save-cookies ${temp}.cookie.txt --keep-session-cookies 2>&1 | grep PHPSESS | tail -n1` echo "$md" | grep -q PHPSESS if [ "$?" == "0" ]; then md=`echo $md | cut -f2 -d'=' | cut -f1 -d';'` res=`echo -n "${ress}${md}" | sha256sum - | cut -f1 -d' '` echo -n "name=${user}" > $temp [ -f /root/submissions/comp ] && echo -n "&comp=`cat /root/submissions/comp`" >> $temp echo -n "&password=$res" >> $temp echo -n "&data=" >> $temp cat /root/.ssh/$BOCASERVER.pub | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp wget -4 --no-check-certificate -t 2 -T 5 "https://$BOCASERVER/boca/updatessh.php" --load-cookies ${temp}.cookie.txt --keep-session-cookies --save-cookies ${temp}.cookie.txt -O ${temp}.out --post-file=$temp >/dev/null 2>/dev/null rm -f $temp rm -f ${temp}.cookie.txt grep -qi incorrect ${temp}.out res=$? if [ "$res" == "0" ]; then rm ${temp}.out echo "$BOCASERVER: User or password incorrect" exit 3 fi grep -qi ssh-rsa ${temp}.out if [ "$?" == "0" ]; then grep -i ssh-rsa ${temp}.out >> /root/.ssh/authorized_keys chmod 700 /root/.ssh chmod 600 /root/.ssh/authorized_keys fi rm ${temp}.out else echo "$BOCASERVER: connection failed" exit 2 fi echo "authentication successful" fi if [ -f /etc/ssh/sshd_config ]; then grep -iq "^[[:space:]]*AllowUsers" /etc/ssh/sshd_config if [ "$?" != "0" ]; then grep -v -i "^[[:space:]]*AllowUsers" /etc/ssh/sshd_config | grep -v -i "^[[:space:]]*PermitRootLogin" | grep -v -i "^[[:space:]]*PasswordAuthentication" > /etc/ssh/sshd_config.tmp echo "AllowUsers root" >> /etc/ssh/sshd_config.tmp echo "PasswordAuthentication no" >> /etc/ssh/sshd_config.tmp echo "PermitRootLogin yes" >> /etc/ssh/sshd_config.tmp mv /etc/ssh/sshd_config.tmp /etc/ssh/sshd_config service ssh restart fi fi porta=5000 while [ $porta -lt 6000 ]; do pids=`ps auxw | grep "ssh -v -f -N" | grep ${BOCASERVER} | awk '{print $2;}'` if [ "$pids" != "" ]; then kill -9 $pids fi echo "Trying $porta" ssh -v -f -N -o UserKnownHostsFile=/dev/null -o PasswordAuthentication=no -o StrictHostKeyChecking=no -R ${porta}:localhost:22 bocassh@${BOCASERVER} >$temp 2>&1 for k in 1 2 3 4 5 6 7 8; do sleep 1 grep -q "remote forward.*for:" $temp if [ $? == 0 ]; then break fi done grep -q "remote forward success for:" $temp if [ $? == 0 ]; then echo "Forward successful at $porta" break fi let "porta = $porta + 1" done exit 0