OpenWrt – Blame information for rev 3
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | #!/bin/sh /etc/rc.common |
2 | # Copyright (C) 2006-2010 OpenWrt.org |
||
3 | # Copyright (C) 2006 Carlos Sobrinho |
||
4 | |||
3 | office | 5 | START=50 |
1 | office | 6 | STOP=50 |
7 | |||
8 | USE_PROCD=1 |
||
9 | PROG=/usr/sbin/dropbear |
||
10 | NAME=dropbear |
||
11 | PIDCOUNT=0 |
||
12 | EXTRA_COMMANDS="killclients" |
||
13 | EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself" |
||
14 | |||
15 | append_ports() |
||
16 | { |
||
17 | local ipaddrs="$1" |
||
18 | local port="$2" |
||
19 | |||
20 | [ -z "$ipaddrs" ] && { |
||
21 | procd_append_param command -p "$port" |
||
22 | return |
||
23 | } |
||
24 | |||
25 | for addr in $ipaddrs; do |
||
26 | procd_append_param command -p "$addr:$port" |
||
27 | done |
||
28 | } |
||
29 | |||
30 | validate_section_dropbear() |
||
31 | { |
||
3 | office | 32 | uci_validate_section dropbear dropbear "${1}" \ |
1 | office | 33 | 'PasswordAuth:bool:1' \ |
34 | 'enable:bool:1' \ |
||
35 | 'Interface:string' \ |
||
36 | 'GatewayPorts:bool:0' \ |
||
37 | 'RootPasswordAuth:bool:1' \ |
||
38 | 'RootLogin:bool:1' \ |
||
39 | 'rsakeyfile:file' \ |
||
40 | 'BannerFile:file' \ |
||
41 | 'Port:list(port):22' \ |
||
42 | 'SSHKeepAlive:uinteger:300' \ |
||
43 | 'IdleTimeout:uinteger:0' \ |
||
44 | 'MaxAuthTries:uinteger:3' \ |
||
45 | 'RecvWindowSize:uinteger:0' \ |
||
46 | 'mdns:bool:1' |
||
47 | } |
||
48 | |||
49 | dropbear_instance() |
||
50 | { |
||
3 | office | 51 | local PasswordAuth enable Interface GatewayPorts \ |
52 | RootPasswordAuth RootLogin rsakeyfile \ |
||
53 | BannerFile Port SSHKeepAlive IdleTimeout \ |
||
54 | MaxAuthTries RecvWindowSize mdns ipaddrs |
||
1 | office | 55 | |
3 | office | 56 | validate_section_dropbear "${1}" || { |
1 | office | 57 | echo "validation failed" |
58 | return 1 |
||
59 | } |
||
60 | |||
61 | [ -n "${Interface}" ] && { |
||
62 | network_get_ipaddrs_all ipaddrs "${Interface}" || { |
||
63 | echo "interface ${Interface} has no physdev or physdev has no suitable ip" |
||
64 | return 1 |
||
65 | } |
||
66 | } |
||
67 | |||
68 | [ "${enable}" = "0" ] && return 1 |
||
69 | PIDCOUNT="$(( ${PIDCOUNT} + 1))" |
||
70 | local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid" |
||
71 | |||
72 | procd_open_instance |
||
73 | procd_set_param command "$PROG" -F -P "$pid_file" |
||
74 | [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s |
||
75 | [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a |
||
76 | [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g |
||
77 | [ "${RootLogin}" -eq 0 ] && procd_append_param command -w |
||
78 | [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}" |
||
79 | [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}" |
||
80 | append_ports "${ipaddrs}" "${Port}" |
||
81 | [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}" |
||
82 | [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}" |
||
83 | [ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}" |
||
84 | [ "${RecvWindowSize}" -gt 0 -a "${RecvWindowSize}" -le 1048576 ] && \ |
||
85 | procd_append_param command -W "${RecvWindowSize}" |
||
86 | [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear" |
||
87 | procd_set_param respawn |
||
88 | procd_close_instance |
||
89 | } |
||
90 | |||
91 | keygen() |
||
92 | { |
||
93 | for keytype in rsa; do |
||
94 | # check for keys |
||
95 | key=dropbear/dropbear_${keytype}_host_key |
||
96 | [ -f /tmp/$key -o -s /etc/$key ] || { |
||
97 | # generate missing keys |
||
98 | mkdir -p /tmp/dropbear |
||
99 | [ -x /usr/bin/dropbearkey ] && { |
||
100 | /usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start |
||
101 | } & |
||
102 | exit 0 |
||
103 | } |
||
104 | done |
||
105 | |||
106 | lock /tmp/.switch2jffs |
||
107 | mkdir -p /etc/dropbear |
||
108 | mv /tmp/dropbear/dropbear_* /etc/dropbear/ |
||
109 | lock -u /tmp/.switch2jffs |
||
110 | chown root /etc/dropbear |
||
111 | chmod 0700 /etc/dropbear |
||
112 | } |
||
113 | |||
114 | load_interfaces() |
||
115 | { |
||
116 | config_get interface "$1" Interface |
||
117 | config_get enable "$1" enable 1 |
||
118 | |||
119 | [ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}" |
||
120 | } |
||
121 | |||
122 | start_service() |
||
123 | { |
||
124 | [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen |
||
125 | |||
126 | . /lib/functions.sh |
||
127 | . /lib/functions/network.sh |
||
128 | |||
129 | config_load "${NAME}" |
||
3 | office | 130 | config_foreach dropbear_instance dropbear |
1 | office | 131 | } |
132 | |||
133 | service_triggers() |
||
134 | { |
||
135 | local interfaces |
||
136 | |||
137 | procd_add_config_trigger "config.change" "dropbear" /etc/init.d/dropbear reload |
||
138 | |||
139 | config_load "${NAME}" |
||
140 | config_foreach load_interfaces dropbear |
||
141 | |||
142 | [ -n "${interfaces}" ] && { |
||
143 | for n in $interfaces ; do |
||
144 | procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload |
||
145 | done |
||
146 | } |
||
147 | |||
148 | procd_add_validation validate_section_dropbear |
||
149 | } |
||
150 | |||
151 | shutdown() { |
||
152 | # close all open connections |
||
153 | killall dropbear |
||
154 | } |
||
155 | |||
156 | killclients() |
||
157 | { |
||
158 | local ignore='' |
||
159 | local server |
||
160 | local pid |
||
161 | |||
162 | # if this script is run from inside a client session, then ignore that session |
||
163 | pid="$$" |
||
164 | while [ "${pid}" -ne 0 ] |
||
165 | do |
||
166 | # get parent process id |
||
167 | pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"` |
||
168 | [ "${pid}" -eq 0 ] && break |
||
169 | |||
170 | # check if client connection |
||
171 | grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && { |
||
172 | append ignore "${pid}" |
||
173 | break |
||
174 | } |
||
175 | done |
||
176 | |||
177 | # get all server pids that should be ignored |
||
178 | for server in `cat /var/run/${NAME}.*.pid` |
||
179 | do |
||
180 | append ignore "${server}" |
||
181 | done |
||
182 | |||
183 | # get all running pids and kill client connections |
||
184 | local skip |
||
185 | for pid in `pidof "${NAME}"` |
||
186 | do |
||
187 | # check if correct program, otherwise process next pid |
||
188 | grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || { |
||
189 | continue |
||
190 | } |
||
191 | |||
192 | # check if pid should be ignored (servers, ourself) |
||
193 | skip=0 |
||
194 | for server in ${ignore} |
||
195 | do |
||
196 | if [ "${pid}" = "${server}" ] |
||
197 | then |
||
198 | skip=1 |
||
199 | break |
||
200 | fi |
||
201 | done |
||
202 | [ "${skip}" -ne 0 ] && continue |
||
203 | |||
204 | # kill process |
||
205 | echo "${initscript}: Killing ${pid}..." |
||
206 | kill -KILL ${pid} |
||
207 | done |
||
208 | } |