[package] busybox: Disable telnet if an SSH public key for root exists (#8760)

[openwrt/svn-archive/archive.git] / package / busybox / files / telnet

diff --git a/package/busybox/files/telnet b/package/busybox/files/telnet
index 082aba7e90b9984cd024751925b6e3effc0ecb84..a1e17275a3619c36d07579fd545911161b460867 100755 (executable)
--- a/package/busybox/files/telnet
+++ b/package/busybox/files/telnet
@@ -1,16 +1,30 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2006 OpenWrt.org
+# Copyright (C) 2006-2010 OpenWrt.org
 START=50
 
+has_root_pwd() {
+       local pwd=$([ -f "$1" ] && cat "$1")
+             pwd="${pwd#*root:}"
+             pwd="${pwd%%:*}"
+
+       test -n "${pwd#!}"
+}
+
+has_ssh_pubkey() {
+       ( test -x /usr/sbin/dropbear && grep -qs "^ssh-" /etc/dropbear/authorized_keys ) || \
+       ( test -x /usr/sbin/sshd && grep -qs "^ssh-" /root/.ssh/authorized_keys )
+}
+
 start() {
-       if      [ \! -f /etc/passwd ] || \
-               awk -F: '/^root:/ && ($2 != "") && ($2 !~ /\!/) {exit 1}' /etc/passwd 2>/dev/null || \
-               ( [ \! -x /usr/sbin/dropbear ] && [ \! -x /usr/sbin/sshd ] )
-       then \
+       if ( ! has_ssh_pubkey && \
+            ! has_root_pwd /etc/passwd && ! has_root_pwd /etc/shadow ) || \
+          ( [ ! -x /usr/sbin/dropbear ] && [ ! -x /usr/sbin/sshd ] );
+       then
                telnetd -l /bin/login.sh
        fi
 }
 
 stop() {
-       killall telnetd
+       killall telnetd 2>/dev/null
 }
+