OpenWrt – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | #!/bin/sh /etc/rc.common |
2 | # Copyright (C) 2006-2010 OpenWrt.org |
||
3 | # Copyright (C) 2006 Carlos Sobrinho |
||
4 | |||
5 | START=19 |
||
6 | STOP=50 |
||
7 | |||
8 | USE_PROCD=1 |
||
9 | PROG=/usr/sbin/dropbear |
||
10 | NAME=dropbear |
||
11 | PIDCOUNT=0 |
||
12 | EXTRA_COMMANDS="killclients" |
||
13 | EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself" |
||
14 | |||
15 | append_ports() |
||
16 | { |
||
17 | local ipaddrs="$1" |
||
18 | local port="$2" |
||
19 | |||
20 | [ -z "$ipaddrs" ] && { |
||
21 | procd_append_param command -p "$port" |
||
22 | return |
||
23 | } |
||
24 | |||
25 | for addr in $ipaddrs; do |
||
26 | procd_append_param command -p "$addr:$port" |
||
27 | done |
||
28 | } |
||
29 | |||
30 | validate_section_dropbear() |
||
31 | { |
||
32 | uci_load_validate dropbear dropbear "$1" "$2" \ |
||
33 | 'PasswordAuth:bool:1' \ |
||
34 | 'enable:bool:1' \ |
||
35 | 'Interface:string' \ |
||
36 | 'GatewayPorts:bool:0' \ |
||
37 | 'RootPasswordAuth:bool:1' \ |
||
38 | 'RootLogin:bool:1' \ |
||
39 | 'rsakeyfile:file' \ |
||
40 | 'BannerFile:file' \ |
||
41 | 'Port:list(port):22' \ |
||
42 | 'SSHKeepAlive:uinteger:300' \ |
||
43 | 'IdleTimeout:uinteger:0' \ |
||
44 | 'MaxAuthTries:uinteger:3' \ |
||
45 | 'RecvWindowSize:uinteger:0' \ |
||
46 | 'mdns:bool:1' |
||
47 | } |
||
48 | |||
49 | dropbear_instance() |
||
50 | { |
||
51 | local ipaddrs |
||
52 | |||
53 | [ "$2" = 0 ] || { |
||
54 | echo "validation failed" |
||
55 | return 1 |
||
56 | } |
||
57 | |||
58 | [ -n "${Interface}" ] && { |
||
59 | [ -n "${BOOT}" ] && return 0 |
||
60 | |||
61 | network_get_ipaddrs_all ipaddrs "${Interface}" || { |
||
62 | echo "interface ${Interface} has no physdev or physdev has no suitable ip" |
||
63 | return 1 |
||
64 | } |
||
65 | } |
||
66 | |||
67 | [ "${enable}" = "0" ] && return 1 |
||
68 | PIDCOUNT="$(( ${PIDCOUNT} + 1))" |
||
69 | local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid" |
||
70 | |||
71 | procd_open_instance |
||
72 | procd_set_param command "$PROG" -F -P "$pid_file" |
||
73 | [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s |
||
74 | [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a |
||
75 | [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g |
||
76 | [ "${RootLogin}" -eq 0 ] && procd_append_param command -w |
||
77 | [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}" |
||
78 | [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}" |
||
79 | append_ports "${ipaddrs}" "${Port}" |
||
80 | [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}" |
||
81 | [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}" |
||
82 | [ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}" |
||
83 | [ "${RecvWindowSize}" -gt 0 -a "${RecvWindowSize}" -le 1048576 ] && \ |
||
84 | procd_append_param command -W "${RecvWindowSize}" |
||
85 | [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear" |
||
86 | procd_set_param respawn |
||
87 | procd_close_instance |
||
88 | } |
||
89 | |||
90 | keygen() |
||
91 | { |
||
92 | for keytype in rsa; do |
||
93 | # check for keys |
||
94 | key=dropbear/dropbear_${keytype}_host_key |
||
95 | [ -f /tmp/$key -o -s /etc/$key ] || { |
||
96 | # generate missing keys |
||
97 | mkdir -p /tmp/dropbear |
||
98 | [ -x /usr/bin/dropbearkey ] && { |
||
99 | /usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start |
||
100 | } & |
||
101 | exit 0 |
||
102 | } |
||
103 | done |
||
104 | |||
105 | lock /tmp/.switch2jffs |
||
106 | mkdir -p /etc/dropbear |
||
107 | mv /tmp/dropbear/dropbear_* /etc/dropbear/ |
||
108 | lock -u /tmp/.switch2jffs |
||
109 | chown root /etc/dropbear |
||
110 | chmod 0700 /etc/dropbear |
||
111 | } |
||
112 | |||
113 | load_interfaces() |
||
114 | { |
||
115 | config_get interface "$1" Interface |
||
116 | config_get enable "$1" enable 1 |
||
117 | |||
118 | [ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}" |
||
119 | } |
||
120 | |||
121 | boot() |
||
122 | { |
||
123 | BOOT=1 |
||
124 | start "$@" |
||
125 | } |
||
126 | |||
127 | start_service() |
||
128 | { |
||
129 | [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen |
||
130 | |||
131 | . /lib/functions.sh |
||
132 | . /lib/functions/network.sh |
||
133 | |||
134 | config_load "${NAME}" |
||
135 | config_foreach validate_section_dropbear dropbear dropbear_instance |
||
136 | } |
||
137 | |||
138 | service_triggers() |
||
139 | { |
||
140 | local interfaces |
||
141 | |||
142 | procd_add_config_trigger "config.change" "dropbear" /etc/init.d/dropbear reload |
||
143 | |||
144 | config_load "${NAME}" |
||
145 | config_foreach load_interfaces dropbear |
||
146 | |||
147 | [ -n "${interfaces}" ] && { |
||
148 | for n in $interfaces ; do |
||
149 | procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload |
||
150 | done |
||
151 | } |
||
152 | |||
153 | procd_add_validation validate_section_dropbear |
||
154 | } |
||
155 | |||
156 | shutdown() { |
||
157 | # close all open connections |
||
158 | killall dropbear |
||
159 | } |
||
160 | |||
161 | killclients() |
||
162 | { |
||
163 | local ignore='' |
||
164 | local server |
||
165 | local pid |
||
166 | |||
167 | # if this script is run from inside a client session, then ignore that session |
||
168 | pid="$$" |
||
169 | while [ "${pid}" -ne 0 ] |
||
170 | do |
||
171 | # get parent process id |
||
172 | pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"` |
||
173 | [ "${pid}" -eq 0 ] && break |
||
174 | |||
175 | # check if client connection |
||
176 | grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && { |
||
177 | append ignore "${pid}" |
||
178 | break |
||
179 | } |
||
180 | done |
||
181 | |||
182 | # get all server pids that should be ignored |
||
183 | for server in `cat /var/run/${NAME}.*.pid` |
||
184 | do |
||
185 | append ignore "${server}" |
||
186 | done |
||
187 | |||
188 | # get all running pids and kill client connections |
||
189 | local skip |
||
190 | for pid in `pidof "${NAME}"` |
||
191 | do |
||
192 | # check if correct program, otherwise process next pid |
||
193 | grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || { |
||
194 | continue |
||
195 | } |
||
196 | |||
197 | # check if pid should be ignored (servers, ourself) |
||
198 | skip=0 |
||
199 | for server in ${ignore} |
||
200 | do |
||
201 | if [ "${pid}" = "${server}" ] |
||
202 | then |
||
203 | skip=1 |
||
204 | break |
||
205 | fi |
||
206 | done |
||
207 | [ "${skip}" -ne 0 ] && continue |
||
208 | |||
209 | # kill process |
||
210 | echo "${initscript}: Killing ${pid}..." |
||
211 | kill -KILL ${pid} |
||
212 | done |
||
213 | } |