1 #!/bin/sh /etc/rc.common
2 # Copyright (C) 2006-2010 OpenWrt.org
3 # Copyright (C) 2006 Carlos Sobrinho
9 PROG
=/usr
/sbin
/dropbear
12 EXTRA_COMMANDS
="killclients"
13 EXTRA_HELP
=" killclients Kill ${NAME} processes except servers and yourself"
20 [ -z "$ipaddrs" ] && {
21 procd_append_param
command -p "$port"
25 for addr
in $ipaddrs; do
26 procd_append_param
command -p "$addr:$port"
30 validate_section_dropbear
()
32 uci_validate_section dropbear dropbear
"${1}" \
33 'PasswordAuth:bool:1' \
36 'GatewayPorts:bool:0' \
37 'RootPasswordAuth:bool:1' \
41 'Port:list(port):22' \
42 'SSHKeepAlive:uinteger:300' \
43 'IdleTimeout:uinteger:0' \
44 'MaxAuthTries:uinteger:3' \
50 local PasswordAuth
enable Interface GatewayPorts \
51 RootPasswordAuth RootLogin rsakeyfile \
52 BannerFile Port SSHKeepAlive IdleTimeout \
53 MaxAuthTries mdns ipaddrs
55 validate_section_dropbear
"${1}" ||
{
56 echo "validation failed"
60 [ -n "${Interface}" ] && {
61 network_get_ipaddrs_all ipaddrs
"${Interface}" ||
{
62 echo "interface ${Interface} has no physdev or physdev has no suitable ip"
67 [ "${enable}" = "0" ] && return 1
68 PIDCOUNT
="$(( ${PIDCOUNT} + 1))"
69 local pid_file
="/var/run/${NAME}.${PIDCOUNT}.pid"
72 procd_set_param
command "$PROG" -F -P "$pid_file"
73 [ "${PasswordAuth}" -eq 0 ] && procd_append_param
command -s
74 [ "${GatewayPorts}" -eq 1 ] && procd_append_param
command -a
75 [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param
command -g
76 [ "${RootLogin}" -eq 0 ] && procd_append_param
command -w
77 [ -n "${rsakeyfile}" ] && procd_append_param
command -r "${rsakeyfile}"
78 [ -n "${BannerFile}" ] && procd_append_param
command -b "${BannerFile}"
79 append_ports
"${ipaddrs}" "${Port}"
80 [ "${IdleTimeout}" -ne 0 ] && procd_append_param
command -I "${IdleTimeout}"
81 [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param
command -K "${SSHKeepAlive}"
82 [ "${MaxAuthTries}" -ne 0 ] && procd_append_param
command -T "${MaxAuthTries}"
83 [ "${mdns}" -ne 0 ] && procd_add_mdns
"ssh" "tcp" "$Port" "daemon=dropbear"
84 procd_set_param respawn
90 for keytype
in rsa
; do
92 key
=dropbear
/dropbear_
${keytype}_host_key
93 [ -f /tmp
/$key -o -s /etc
/$key ] ||
{
94 # generate missing keys
95 mkdir
-p /tmp
/dropbear
96 [ -x /usr
/bin
/dropbearkey
] && {
97 /usr
/bin
/dropbearkey
-t $keytype -f /tmp
/$key 2>&- >&- && exec /etc
/rc.common
"$initscript" start
103 lock
/tmp
/.switch2jffs
104 mkdir
-p /etc
/dropbear
105 mv /tmp
/dropbear
/dropbear_
* /etc
/dropbear
/
106 lock
-u /tmp
/.switch2jffs
107 chown root
/etc
/dropbear
108 chmod 0700 /etc
/dropbear
113 config_get interface
"$1" Interface
114 config_get
enable "$1" enable 1
116 [ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}"
121 [ -s /etc
/dropbear
/dropbear_rsa_host_key
] || keygen
124 .
/lib
/functions
/network.sh
126 config_load
"${NAME}"
127 config_foreach dropbear_instance dropbear
134 procd_add_config_trigger
"config.change" "dropbear" /etc
/init.d
/dropbear reload
136 config_load
"${NAME}"
137 config_foreach load_interfaces dropbear
139 [ -n "${interfaces}" ] && {
140 for n
in $interfaces ; do
141 procd_add_interface_trigger
"interface.*" $n /etc
/init.d
/dropbear reload
145 procd_add_validation validate_section_dropbear
154 # if this script is run from inside a client session, then ignore that session
156 while [ "${pid}" -ne 0 ]
158 # get parent process id
159 pid
=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
160 [ "${pid}" -eq 0 ] && break
162 # check if client connection
163 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
164 append ignore
"${pid}"
169 # get all server pids that should be ignored
170 for server
in `cat /var/run/${NAME}.*.pid`
172 append ignore
"${server}"
175 # get all running pids and kill client connections
177 for pid
in `pidof "${NAME}"`
179 # check if correct program, otherwise process next pid
180 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" ||
{
184 # check if pid should be ignored (servers, ourself)
186 for server
in ${ignore}
188 if [ "${pid}" = "${server}" ]
194 [ "${skip}" -ne 0 ] && continue
197 echo "${initscript}: Killing ${pid}..."