1 #!/bin/sh /etc/rc.common
2 # Copyright (C) 2006-2010 OpenWrt.org
3 # Copyright (C) 2006 Carlos Sobrinho
9 PROG=/usr/sbin/dropbear
12 EXTRA_COMMANDS="killclients"
13 EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself"
20 [ -z "$ipaddrs" ] && {
21 procd_append_param command -p "$port"
25 for addr in $ipaddrs; do
26 procd_append_param command -p "$addr:$port"
30 validate_section_dropbear()
32 uci_validate_section dropbear dropbear "${1}" \
33 'PasswordAuth:bool:1' \
36 'GatewayPorts:bool:0' \
37 'RootPasswordAuth:bool:1' \
41 'Port:list(port):22' \
42 'SSHKeepAlive:uinteger:300' \
43 'IdleTimeout:uinteger:0' \
44 'MaxAuthTries:uinteger:3' \
50 local PasswordAuth enable Interface GatewayPorts \
51 RootPasswordAuth RootLogin rsakeyfile \
52 BannerFile Port SSHKeepAlive IdleTimeout \
53 MaxAuthTries mdns ipaddrs
55 validate_section_dropbear "${1}" || {
56 echo "validation failed"
60 [ -n "${Interface}" ] && {
61 network_get_ipaddrs_all ipaddrs "${Interface}" || {
62 echo "interface ${Interface} has no physdev or physdev has no suitable ip"
67 [ "${enable}" = "0" ] && return 1
68 PIDCOUNT="$(( ${PIDCOUNT} + 1))"
69 local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
72 procd_set_param command "$PROG" -F -P "$pid_file"
73 [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
74 [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
75 [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
76 [ "${RootLogin}" -eq 0 ] && procd_append_param command -w
77 [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}"
78 [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
79 append_ports "${ipaddrs}" "${Port}"
80 [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}"
81 [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}"
82 [ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}"
83 [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear"
84 procd_set_param respawn
90 for keytype in rsa; do
92 key=dropbear/dropbear_${keytype}_host_key
93 [ -f /tmp/$key -o -s /etc/$key ] || {
94 # generate missing keys
95 mkdir -p /tmp/dropbear
96 [ -x /usr/bin/dropbearkey ] && {
97 /usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start
103 lock /tmp/.switch2jffs
104 mkdir -p /etc/dropbear
105 mv /tmp/dropbear/dropbear_* /etc/dropbear/
106 lock -u /tmp/.switch2jffs
107 chown root /etc/dropbear
108 chmod 0700 /etc/dropbear
113 config_get interface "$1" Interface
114 config_get enable "$1" enable 1
116 [ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}"
121 [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen
124 . /lib/functions/network.sh
126 config_load "${NAME}"
127 config_foreach dropbear_instance dropbear
134 procd_add_config_trigger "config.change" "dropbear" /etc/init.d/dropbear reload
136 config_load "${NAME}"
137 config_foreach load_interfaces dropbear
139 [ -n "${interfaces}" ] && {
140 for n in $interfaces ; do
141 procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload
145 procd_add_validation validate_section_dropbear
154 # if this script is run from inside a client session, then ignore that session
156 while [ "${pid}" -ne 0 ]
158 # get parent process id
159 pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
160 [ "${pid}" -eq 0 ] && break
162 # check if client connection
163 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
164 append ignore "${pid}"
169 # get all server pids that should be ignored
170 for server in `cat /var/run/${NAME}.*.pid`
172 append ignore "${server}"
175 # get all running pids and kill client connections
177 for pid in `pidof "${NAME}"`
179 # check if correct program, otherwise process next pid
180 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
184 # check if pid should be ignored (servers, ourself)
186 for server in ${ignore}
188 if [ "${pid}" = "${server}" ]
194 [ "${skip}" -ne 0 ] && continue
197 echo "${initscript}: Killing ${pid}..."