1 #!/bin/sh /etc/rc.common
2 # Copyright (C) 2006-2010 OpenWrt.org
3 # Copyright (C) 2006 Carlos Sobrinho
9 PROG
=/usr
/sbin
/dropbear
12 EXTRA_COMMANDS
="killclients"
13 EXTRA_HELP
=" killclients Kill ${NAME} processes except servers and yourself"
17 /usr
/bin
/dropbearkey
"$@" 0<&- 1>&- 2>&-
20 # $1 - host key file name
23 [ -f "$1" ] ||
return 1
24 [ -s "$1" ] ||
return 2
25 _dropbearkey
-y -f "$1" ||
return 3
29 # $1 - hk_verify() return code
34 1) echo "file does not exist" ;;
35 2) echo "file has zero length" ;;
36 3) echo "file is not valid host key or not supported" ;;
37 *) echo "unknown error" ;;
42 # $2 - host key file name
48 0) procd_append_param
command -r "$2"
50 *) m
=$
(hk_errmsg
"$x")
51 logger
-t "${NAME}" -p daemon.warn \
52 "option '$1', value '$2': $m, skipping"
57 # $1 - host key file name
60 hk_config
'keyfile' "$1"
68 [ -z "$ipaddrs" ] && {
69 procd_append_param
command -p "$port"
73 for addr
in $ipaddrs; do
74 procd_append_param
command -p "$addr:$port"
78 validate_section_dropbear
()
80 uci_load_validate dropbear dropbear
"$1" "$2" \
81 'PasswordAuth:bool:1' \
84 'GatewayPorts:bool:0' \
85 'RootPasswordAuth:bool:1' \
88 'keyfile:list(file)' \
90 'Port:list(port):22' \
91 'SSHKeepAlive:uinteger:300' \
92 'IdleTimeout:uinteger:0' \
93 'MaxAuthTries:uinteger:3' \
94 'RecvWindowSize:uinteger:0' \
103 echo "validation failed"
107 [ -n "${Interface}" ] && {
108 [ -n "${BOOT}" ] && return 0
110 network_get_ipaddrs_all ipaddrs
"${Interface}" ||
{
111 echo "interface ${Interface} has no physdev or physdev has no suitable ip"
116 [ "${enable}" = "0" ] && return 1
117 PIDCOUNT
="$(( ${PIDCOUNT} + 1))"
118 local pid_file
="/var/run/${NAME}.${PIDCOUNT}.pid"
121 procd_set_param
command "$PROG" -F -P "$pid_file"
122 [ "${PasswordAuth}" -eq 0 ] && procd_append_param
command -s
123 [ "${GatewayPorts}" -eq 1 ] && procd_append_param
command -a
124 [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param
command -g
125 [ "${RootLogin}" -eq 0 ] && procd_append_param
command -w
126 if [ -n "${rsakeyfile}" ]; then
127 logger
-t ${NAME} -p daemon.warn \
128 "option 'rsakeyfile' is considered to be deprecated and" \
129 "will be removed in future releases, use 'keyfile' instead"
130 hk_config
'rsakeyfile' "${rsakeyfile}"
132 config_list_foreach
"$1" "keyfile" hk_config__keyfile
133 [ -n "${BannerFile}" ] && procd_append_param
command -b "${BannerFile}"
134 append_ports
"${ipaddrs}" "${Port}"
135 [ "${IdleTimeout}" -ne 0 ] && procd_append_param
command -I "${IdleTimeout}"
136 [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param
command -K "${SSHKeepAlive}"
137 [ "${MaxAuthTries}" -ne 0 ] && procd_append_param
command -T "${MaxAuthTries}"
138 [ "${RecvWindowSize}" -gt 0 -a "${RecvWindowSize}" -le 1048576 ] && \
139 procd_append_param
command -W "${RecvWindowSize}"
140 [ "${mdns}" -ne 0 ] && procd_add_mdns
"ssh" "tcp" "$Port" "daemon=dropbear"
141 procd_set_param respawn
147 for keytype
in rsa
; do
149 key
=dropbear
/dropbear_
${keytype}_host_key
150 [ -f /tmp
/$key -o -s /etc
/$key ] ||
{
151 # generate missing keys
152 mkdir
-p /tmp
/dropbear
153 [ -x /usr
/bin
/dropbearkey
] && {
154 /usr
/bin
/dropbearkey
-t $keytype -f /tmp
/$key 2>&- >&- && exec /etc
/rc.common
"$initscript" start
160 lock
/tmp
/.switch2jffs
161 mkdir
-p /etc
/dropbear
162 mv /tmp
/dropbear
/dropbear_
* /etc
/dropbear
/
163 lock
-u /tmp
/.switch2jffs
164 chown root
/etc
/dropbear
165 chmod 0700 /etc
/dropbear
170 config_get interface
"$1" Interface
171 config_get
enable "$1" enable 1
173 [ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}"
184 [ -s /etc
/dropbear
/dropbear_rsa_host_key
] || keygen
187 .
/lib
/functions
/network.sh
189 config_load
"${NAME}"
190 config_foreach validate_section_dropbear dropbear dropbear_instance
197 procd_add_config_trigger
"config.change" "dropbear" /etc
/init.d
/dropbear reload
199 config_load
"${NAME}"
200 config_foreach load_interfaces dropbear
202 [ -n "${interfaces}" ] && {
203 for n
in $interfaces ; do
204 procd_add_interface_trigger
"interface.*" $n /etc
/init.d
/dropbear reload
208 procd_add_validation validate_section_dropbear
212 # close all open connections
222 # if this script is run from inside a client session, then ignore that session
224 while [ "${pid}" -ne 0 ]
226 # get parent process id
227 pid
=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
228 [ "${pid}" -eq 0 ] && break
230 # check if client connection
231 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
232 append ignore
"${pid}"
237 # get all server pids that should be ignored
238 for server
in `cat /var/run/${NAME}.*.pid`
240 append ignore
"${server}"
243 # get all running pids and kill client connections
245 for pid
in `pidof "${NAME}"`
247 # check if correct program, otherwise process next pid
248 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" ||
{
252 # check if pid should be ignored (servers, ourself)
254 for server
in ${ignore}
256 if [ "${pid}" = "${server}" ]
262 [ "${skip}" -ne 0 ] && continue
265 echo "${initscript}: Killing ${pid}..."