-
Notifications
You must be signed in to change notification settings - Fork 0
/
dyndnssh-shell
executable file
·70 lines (60 loc) · 2.26 KB
/
dyndnssh-shell
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/bin/sh
re_match() {
echo "$2" | egrep "$1" > /dev/null
return $?
}
part() {
echo "$2" | cut -d " " -f "$1"
}
log() {
echo "$@" | ./dyndnssh-log
}
logf() {
printf "$@" | ./dyndnssh-log
}
hostname_re="([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])"
ip4_re='(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])'
ip6_re='([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)'
if test -z "$SSH_CONNECTION"; then
echo "\$SSH_CONNECTION not set"
exit 1
fi
ssh_address="$(part 1 "$SSH_CONNECTION")"
if test $# -ne 2 -o "$1" != "-c"; then
echo "interactive login not permitted"
logf "%s: attempted interactive login\n" "$ssh_address"
exit 1
fi
request="$2"
if re_match "^$hostname_re\$" "$request"; then # no address supplied, use SSH_CONNECTION
hostname="$request"
address="$ssh_address"
logf "%s: implicit request for hostname: %s\n" "$ssh_address" "$hostname"
elif re_match "^$hostname_re ($ip4_re)|($ip6_re)$" "$request"; then # explicit address supplied in request
hostname="$(part 1 "$request")"
address="$(part 2 "$request")"
logf "%s: explicit request for hostname: %s, address: %s\n" "$ssh_address" "$hostname" "$address"
else # malformed request
echo "malformed request, should be \"HOSTNAME\" or \"HOSTNAME ADDRESS\""
logf "%s: malformed request \"%s\"\n" "$ssh_address" "$request"
exit 1
fi
if test -z "$DYNDNSSH_ALLOWED_HOSTNAMES" || \
re_match ":$hostname:" ":$DYNDNSSH_ALLOWED_HOSTNAMES:"; then # user has permission for this hostname
if re_match "^$ip4_re\$" "$address"; then
echo "$address" > db/ip4/$hostname
elif re_match "^$ip6_re\$" "$address"; then
echo "$address" > db/ip6/$hostname
else
echo "malformed address"
logf "%s: malformed address \"%s\"\n" "$ssh_address" "$address"
exit 1
fi
else
echo "permission denied"
logf "%s: permission denied\n" "$ssh_address"
exit 1
fi
if test -x dyndnssh-bridge; then
exec ./dyndnssh-bridge
fi