[package] busybox: Disable telnet if an SSH public key for root exists (#8760)

[openwrt/svn-archive/archive.git] / package / busybox / files / telnet

diff --git a/package/busybox/files/telnet b/package/busybox/files/telnet
index c994c6052fa983929ee344a2ac831c5fd6f07718..a1e17275a3619c36d07579fd545911161b460867 100755 (executable)
--- a/package/busybox/files/telnet
+++ b/package/busybox/files/telnet
@@ -1,10 +1,30 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2006 OpenWrt.org
+# Copyright (C) 2006-2010 OpenWrt.org
+START=50
+
+has_root_pwd() {
+       local pwd=$([ -f "$1" ] && cat "$1")
+             pwd="${pwd#*root:}"
+             pwd="${pwd%%:*}"
+
+       test -n "${pwd#!}"
+}
+
+has_ssh_pubkey() {
+       ( test -x /usr/sbin/dropbear && grep -qs "^ssh-" /etc/dropbear/authorized_keys ) || \
+       ( test -x /usr/sbin/sshd && grep -qs "^ssh-" /root/.ssh/authorized_keys )
+}
 
 start() {
-       if awk -F: '/^root:/ && $2 !~ /\!/ {exit 1}' /etc/passwd 2>/dev/null && [ -x /usr/sbin/dropbear ]; then telnetd -l /bin/login; fi
+       if ( ! has_ssh_pubkey && \
+            ! has_root_pwd /etc/passwd && ! has_root_pwd /etc/shadow ) || \
+          ( [ ! -x /usr/sbin/dropbear ] && [ ! -x /usr/sbin/sshd ] );
+       then
+               telnetd -l /bin/login.sh
+       fi
 }
 
 stop() {
-       killall telnetd
+       killall telnetd 2>/dev/null
 }
+