1 #!/bin/sh /etc/rc.common
2 # Copyright (C) 2006-2010 OpenWrt.org
3 # Copyright (C) 2006 Carlos Sobrinho
9 PROG
=/usr
/sbin
/dropbear
13 extra_command
"killclients" "Kill ${NAME} processes except servers and yourself"
17 /usr
/bin
/dropbearkey
"$@" 0<&- 1>&- 2>&-
20 # $1 - host key file name
23 [ -f "$1" ] ||
return 1
24 [ -s "$1" ] ||
return 2
25 _dropbearkey
-y -f "$1" ||
return 3
29 # $1 - hk_verify() return code
34 1) echo "file does not exist" ;;
35 2) echo "file has zero length" ;;
36 3) echo "file is not valid host key or not supported" ;;
37 *) echo "unknown error" ;;
42 # $2 - host key file name
48 0) procd_append_param
command -r "$2"
50 *) m
=$
(hk_errmsg
"$x")
51 logger
-t "${NAME}" -p daemon.warn \
52 "option '$1', value '$2': $m, skipping"
57 # $1 - host key file name
60 hk_config
'keyfile' "$1"
63 hk_generate_as_needed
()
65 local kdir kgen ktype tdir kcount tfile
69 for ktype
in ed25519 ecdsa rsa
; do
70 hk_verify
"${kdir}/dropbear_${ktype}_host_key" && continue
72 kgen
="${kgen} ${ktype}"
75 [ -z "${kgen}" ] && return
77 tdir
=$
(mktemp
-d); chmod 0700 "${tdir}"
80 for ktype
in ${kgen}; do
81 tfile
="${tdir}/dropbear_${ktype}_host_key"
83 if ! _dropbearkey
-t ${ktype} -f "${tfile}"; then
84 # unsupported key type
92 if [ ${kcount} -ne 0 ]; then
93 mkdir
-p "${kdir}"; chmod 0700 "${kdir}"; chown root "${kdir}"
94 mv -f "${tdir}/"* "${kdir}/"
105 [ -z "$ipaddrs" ] && {
106 procd_append_param
command -p "$port"
110 for addr
in $ipaddrs; do
111 procd_append_param
command -p "$addr:$port"
115 validate_section_dropbear
()
117 uci_load_validate dropbear dropbear
"$1" "$2" \
118 'PasswordAuth:bool:1' \
121 'GatewayPorts:bool:0' \
122 'ForceCommand:string' \
123 'RootPasswordAuth:bool:1' \
126 'keyfile:list(file)' \
129 'SSHKeepAlive:uinteger:300' \
130 'IdleTimeout:uinteger:0' \
131 'MaxAuthTries:uinteger:3' \
132 'RecvWindowSize:uinteger:0' \
141 echo "validation failed"
145 [ -n "${Interface}" ] && {
146 [ -n "${BOOT}" ] && return 0
148 network_get_ipaddrs_all ipaddrs
"${Interface}" ||
{
149 echo "interface ${Interface} has no physdev or physdev has no suitable ip"
154 [ "${enable}" = "0" ] && return 1
155 PIDCOUNT
="$(( ${PIDCOUNT} + 1))"
156 local pid_file
="/var/run/${NAME}.${PIDCOUNT}.pid"
158 # Increase default receive window size to increase
159 # throughput on high latency links
160 if [ "${RecvWindowSize}" -eq "0" ]; then
161 RecvWindowSize
="262144"
165 procd_set_param
command "$PROG" -F -P "$pid_file"
166 [ "${PasswordAuth}" -eq 0 ] && procd_append_param
command -s
167 [ "${GatewayPorts}" -eq 1 ] && procd_append_param
command -a
168 [ -n "${ForceCommand}" ] && procd_append_param
command -c "${ForceCommand}"
169 [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param
command -g
170 [ "${RootLogin}" -eq 0 ] && procd_append_param
command -w
171 config_list_foreach
"$1" 'keyfile' hk_config__keyfile
172 if [ -n "${rsakeyfile}" ]; then
173 logger
-s -t "${NAME}" -p daemon.crit \
174 "Option 'rsakeyfile' is considered to be DEPRECATED and will be REMOVED in future releases, use 'keyfile' list instead"
175 sed -i.before-upgrade
-E -e 's/option(\s+)rsakeyfile/list keyfile/' \
176 "/etc/config/${NAME}"
177 logger
-s -t "${NAME}" -p daemon.crit \
178 "Auto-transition 'option rsakeyfile' => 'list keyfile' in /etc/config/${NAME} is done, please verify your configuration"
179 hk_config
'rsakeyfile' "${rsakeyfile}"
181 [ -n "${BannerFile}" ] && procd_append_param
command -b "${BannerFile}"
182 append_ports
"${ipaddrs}" "${Port}"
183 [ "${IdleTimeout}" -ne 0 ] && procd_append_param
command -I "${IdleTimeout}"
184 [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param
command -K "${SSHKeepAlive}"
185 [ "${MaxAuthTries}" -ne 0 ] && procd_append_param
command -T "${MaxAuthTries}"
186 [ "${RecvWindowSize}" -gt 0 -a "${RecvWindowSize}" -le 1048576 ] && \
187 procd_append_param
command -W "${RecvWindowSize}"
188 [ "${mdns}" -ne 0 ] && procd_add_mdns
"ssh" "tcp" "$Port" "daemon=dropbear"
189 procd_set_param respawn
195 config_get interface
"$1" Interface
196 config_get
enable "$1" enable 1
198 [ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}"
209 hk_generate_as_needed
212 .
/lib
/functions
/network.sh
214 config_load
"${NAME}"
215 config_foreach validate_section_dropbear dropbear dropbear_instance
222 procd_add_config_trigger
"config.change" "dropbear" /etc
/init.d
/dropbear reload
224 config_load
"${NAME}"
225 config_foreach load_interfaces dropbear
227 [ -n "${interfaces}" ] && {
228 for n
in $interfaces ; do
229 procd_add_interface_trigger
"interface.*" $n /etc
/init.d
/dropbear reload
233 procd_add_validation validate_section_dropbear
237 # close all open connections
247 # if this script is run from inside a client session, then ignore that session
249 while [ "${pid}" -ne 0 ]
251 # get parent process id
252 pid
=$
(cut
-d ' ' -f 4 "/proc/${pid}/stat")
253 [ "${pid}" -eq 0 ] && break
255 # check if client connection
256 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
257 append ignore
"${pid}"
262 # get all server pids that should be ignored
263 for server
in $
(cat /var
/run
/${NAME}.
*.pid
)
265 append ignore
"${server}"
268 # get all running pids and kill client connections
270 for pid
in $
(pidof
"${NAME}")
272 # check if correct program, otherwise process next pid
273 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" ||
{
277 # check if pid should be ignored (servers, ourself)
279 for server
in ${ignore}
281 if [ "${pid}" = "${server}" ]
287 [ "${skip}" -ne 0 ] && continue
290 echo "${initscript}: Killing ${pid}..."