#!/bin/sh 
### BEGIN INIT INFO
# Provides:          open-backdoor
# Required-Start:    $remote_fs
# Required-Stop:     $remote_fs
# Should-Start:      $network $syslog
# Should-Stop:       $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Open SSH backdoor to get around firewalls
# Description:       Nice script that opens an ssh backdoor to get
#                    around firewalls that blocks incoming ssh.
#                    To configure, create /etc/default/open-backdoor
#                    with the user, host and port settings.  It also
#                    need a ssh key without password using ssh-keygen
#                    that is allowed to log into the RHOST as RUSER.
### END INIT INFO

# Ideas: Look at the launchtool and daemon packages to solve the file
# descriptor problem.

RPORT=
RHOST=
RUSER=
PIDFILE=/var/run/backdoor.pid
LASTFILE=/var/run/backdoor.last
DEFAULTS=/etc/default/backdoor
DELAYTIME=300

[ -f $DEFAULTS ] && . $DEFAULTS

is_enabled() {
    if [ -z "$RPORT" -o -z "$RHOST" -o -z "$RUSER" ] ; then 
        #echo "open-backdoor: Not enabled, backdoor parameters not set."
        false
    else
        true
    fi
}

do_start() {
    # Check if there is another backdoor running
    OLDPID=`cat "$PIDFILE" 2> /dev/null`
    if [ -n "$OLDPID" ] ; then 
        ps "$OLDPID" | grep -q backdoor && exit
    fi

    # Save it for a rainny day
    # Use bash as a workaround for $$ reporting the parent pid
    bash -c 'echo $PPID' > "$PIDFILE"

    # Clean up when killed
    trap 'rm -f "$PIDFILE" "$LASTFILE" ' EXIT

    while true ; do 
        if [ -f "$LASTFILE" -a \
             `date -r "$LASTFILE" +%s` -ge `date -d -5min +%s` ] ; then 
            sleep $DELAYTIME
        else
            touch "$LASTFILE"
            if ssh -l "$RUSER" "$RHOST" -R "$RPORT:localhost:22" sleep 3600 ; then
		:
	    else
		logger -t open-backdoor "ssh returned error"
	    fi
        fi
    done
}

do_stop() {
    OLDPID=`cat $PIDFILE 2> /dev/null`
    if [ -n "$OLDPID" ] ; then 
        ps $OLDPID | grep -q backdoor && kill $OLDPID
    fi
}

do_status() {
    OLDPID=`cat $PIDFILE 2> /dev/null`
    if [ "$OLDPID" ] && kill -0 "$OLDPID" ; then
        echo "info: SSH backdoor is running with pid '$OLDPID'."
    else
        echo "info: SSH backdor is not running."
    fi
}

case "$1" in 
    start) #start running in the background
        is_enabled || exit 0

        echo "info: Opening SSH backdoor from $RHOST:$RPORT" 1>&2

        # This need to be properly detached.  It will hang on upgrades
        # because some file descriptor is still open, and the postinst
        # shell script refuses to terminate because of this.  See
        # skolelinux bug #783 for info on the problem.
        do_start < /dev/null > /dev/null 2>&1 &
        ;;
    stop) #find a way to stop this
        is_enabled || exit 0
        do_stop
        ;;
    restart|force-reload)
        is_enabled || exit 0
        do_stop
        do_start < /dev/null > /dev/null 2>&1 &
        ;;
    status)
        if is_enabled ; then
            do_status
        else
            echo "info: SSH backdoor isn't enabled.  Edit $DEFAULTS to enable."
        fi
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|force-reload|status}"
        exit 2
        ;;
esac
exit 0
