X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=package%2Fnetwork%2Fservices%2Fdropbear%2Ffiles%2Fdropbear.init;h=2225113498a509403300e556a5da690e0b3959fb;hb=1c308bbbf598e09e463f67686ff4b7dafcb98ae6;hp=5186523910d3a36abc950644c87cf05d2bcda6ab;hpb=7f260ef6b7b9b7031b6a24ba5195a78472e04be0;p=openwrt%2Fstaging%2Flynxis.git diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init index 5186523910..2225113498 100755 --- a/package/network/services/dropbear/files/dropbear.init +++ b/package/network/services/dropbear/files/dropbear.init @@ -14,20 +14,15 @@ EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself" append_ports() { - local ifname="$1" + local ipaddrs="$1" local port="$2" - grep -qs "^ *$ifname:" /proc/net/dev || { + [ -z "$ipaddrs" ] && { procd_append_param command -p "$port" return } - for addr in $( - ifconfig "$ifname" | sed -ne ' - /addr: *fe[89ab][0-9a-f]:/d - s/.* addr: *\([0-9a-f:\.]*\).*/\1/p - ' - ); do + for addr in $ipaddrs; do procd_append_param command -p "$addr:$port" done } @@ -42,26 +37,34 @@ validate_section_dropbear() 'RootPasswordAuth:bool:1' \ 'RootLogin:bool:1' \ 'rsakeyfile:file' \ - 'dsskeyfile:file' \ 'BannerFile:file' \ 'Port:list(port):22' \ 'SSHKeepAlive:uinteger:300' \ 'IdleTimeout:uinteger:0' \ - 'mdns:uinteger:1' + 'MaxAuthTries:uinteger:3' \ + 'RecvWindowSize:uinteger:0' \ + 'mdns:bool:1' } dropbear_instance() { local PasswordAuth enable Interface GatewayPorts \ RootPasswordAuth RootLogin rsakeyfile \ - dsskeyfile BannerFile Port SSHKeepAlive IdleTimeout \ - mdns + BannerFile Port SSHKeepAlive IdleTimeout \ + MaxAuthTries RecvWindowSize mdns ipaddrs validate_section_dropbear "${1}" || { echo "validation failed" return 1 } + [ -n "${Interface}" ] && { + network_get_ipaddrs_all ipaddrs "${Interface}" || { + echo "interface ${Interface} has no physdev or physdev has no suitable ip" + return 1 + } + } + [ "${enable}" = "0" ] && return 1 PIDCOUNT="$(( ${PIDCOUNT} + 1))" local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid" @@ -73,19 +76,21 @@ dropbear_instance() [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g [ "${RootLogin}" -eq 0 ] && procd_append_param command -w [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}" - [ -n "${dsskeyfile}" ] && procd_append_param command -d "${dsskeyfile}" [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}" - [ -n "${Interface}" ] && network_get_device Interface "${Interface}" - append_ports "${Interface}" "${Port}" + append_ports "${ipaddrs}" "${Port}" [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}" [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}" + [ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}" + [ "${RecvWindowSize}" -gt 0 -a "${RecvWindowSize}" -le 1048576 ] && \ + procd_append_param command -W "${RecvWindowSize}" [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear" + procd_set_param respawn procd_close_instance } keygen() { - for keytype in rsa dss; do + for keytype in rsa; do # check for keys key=dropbear/dropbear_${keytype}_host_key [ -f /tmp/$key -o -s /etc/$key ] || { @@ -106,10 +111,17 @@ keygen() chmod 0700 /etc/dropbear } +load_interfaces() +{ + config_get interface "$1" Interface + config_get enable "$1" enable 1 + + [ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}" +} + start_service() { - [ -s /etc/dropbear/dropbear_rsa_host_key -a \ - -s /etc/dropbear/dropbear_dss_host_key ] || keygen + [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen . /lib/functions.sh . /lib/functions/network.sh @@ -120,7 +132,19 @@ start_service() service_triggers() { - procd_add_reload_trigger "dropbear" + local interfaces + + procd_add_config_trigger "config.change" "dropbear" /etc/init.d/dropbear reload + + config_load "${NAME}" + config_foreach load_interfaces dropbear + + [ -n "${interfaces}" ] && { + for n in $interfaces ; do + procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload + done + } + procd_add_validation validate_section_dropbear } @@ -164,7 +188,7 @@ killclients() skip=0 for server in ${ignore} do - if [ "${pid}" == "${server}" ] + if [ "${pid}" = "${server}" ] then skip=1 break