1 #!/bin/sh /etc/rc.common
2 # Copyright (C) 2006-2010 OpenWrt.org
3 # Copyright (C) 2006 Carlos Sobrinho
9 PROG=/usr/sbin/dropbear
12 EXTRA_COMMANDS="killclients"
13 EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself"
17 /usr/bin/dropbearkey "$@" 0<&- 1>&- 2>&-
20 # $1 - host key file name
23 [ -f "$1" ] || return 1
24 [ -s "$1" ] || return 2
25 _dropbearkey -y -f "$1" || return 3
29 # $1 - hk_verify() return code
34 1) echo "file does not exist" ;;
35 2) echo "file has zero length" ;;
36 3) echo "file is not valid host key or not supported" ;;
37 *) echo "unknown error" ;;
42 # $2 - host key file name
48 0) procd_append_param command -r "$2"
50 *) m=$(hk_errmsg "$x")
51 logger -t "${NAME}" -p daemon.warn \
52 "option '$1', value '$2': $m, skipping"
57 # $1 - host key file name
60 hk_config 'keyfile' "$1"
63 hk_generate_as_needed()
65 local kdir kgen ktype tdir kcount tfile
69 for ktype in ecdsa rsa; do
70 hk_verify "${kdir}/dropbear_${ktype}_host_key" && continue
72 kgen="${kgen} ${ktype}"
75 [ -z "${kgen}" ] && return
77 tdir=$(mktemp -d); chmod 0700 "${tdir}"
80 for ktype in ${kgen}; do
81 tfile="${tdir}/dropbear_${ktype}_host_key"
83 if ! _dropbearkey -t ${ktype} -f "${tfile}"; then
84 # unsupported key type
92 if [ ${kcount} -ne 0 ]; then
93 mkdir -p "${kdir}"; chmod 0700 "${kdir}"; chown root "${kdir}"
94 mv -f "${tdir}/"* "${kdir}/"
105 [ -z "$ipaddrs" ] && {
106 procd_append_param command -p "$port"
110 for addr in $ipaddrs; do
111 procd_append_param command -p "$addr:$port"
115 validate_section_dropbear()
117 uci_load_validate dropbear dropbear "$1" "$2" \
118 'PasswordAuth:bool:1' \
121 'GatewayPorts:bool:0' \
122 'RootPasswordAuth:bool:1' \
125 'keyfile:list(file)' \
128 'SSHKeepAlive:uinteger:300' \
129 'IdleTimeout:uinteger:0' \
130 'MaxAuthTries:uinteger:3' \
131 'RecvWindowSize:uinteger:0' \
140 echo "validation failed"
144 [ -n "${Interface}" ] && {
145 [ -n "${BOOT}" ] && return 0
147 network_get_ipaddrs_all ipaddrs "${Interface}" || {
148 echo "interface ${Interface} has no physdev or physdev has no suitable ip"
153 [ "${enable}" = "0" ] && return 1
154 PIDCOUNT="$(( ${PIDCOUNT} + 1))"
155 local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
158 procd_set_param command "$PROG" -F -P "$pid_file"
159 [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
160 [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
161 [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
162 [ "${RootLogin}" -eq 0 ] && procd_append_param command -w
163 if [ -n "${rsakeyfile}" ]; then
164 logger -t ${NAME} -p daemon.warn \
165 "option 'rsakeyfile' is considered to be deprecated and" \
166 "will be removed in future releases, use 'keyfile' instead"
167 hk_config 'rsakeyfile' "${rsakeyfile}"
169 config_list_foreach "$1" "keyfile" hk_config__keyfile
170 [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
171 append_ports "${ipaddrs}" "${Port}"
172 [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}"
173 [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}"
174 [ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}"
175 [ "${RecvWindowSize}" -gt 0 -a "${RecvWindowSize}" -le 1048576 ] && \
176 procd_append_param command -W "${RecvWindowSize}"
177 [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear"
178 procd_set_param respawn
184 config_get interface "$1" Interface
185 config_get enable "$1" enable 1
187 [ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}"
198 hk_generate_as_needed
201 . /lib/functions/network.sh
203 config_load "${NAME}"
204 config_foreach validate_section_dropbear dropbear dropbear_instance
211 procd_add_config_trigger "config.change" "dropbear" /etc/init.d/dropbear reload
213 config_load "${NAME}"
214 config_foreach load_interfaces dropbear
216 [ -n "${interfaces}" ] && {
217 for n in $interfaces ; do
218 procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload
222 procd_add_validation validate_section_dropbear
226 # close all open connections
236 # if this script is run from inside a client session, then ignore that session
238 while [ "${pid}" -ne 0 ]
240 # get parent process id
241 pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
242 [ "${pid}" -eq 0 ] && break
244 # check if client connection
245 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
246 append ignore "${pid}"
251 # get all server pids that should be ignored
252 for server in `cat /var/run/${NAME}.*.pid`
254 append ignore "${server}"
257 # get all running pids and kill client connections
259 for pid in `pidof "${NAME}"`
261 # check if correct program, otherwise process next pid
262 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
266 # check if pid should be ignored (servers, ourself)
268 for server in ${ignore}
270 if [ "${pid}" = "${server}" ]
276 [ "${skip}" -ne 0 ] && continue
279 echo "${initscript}: Killing ${pid}..."