package/network/services/dropbear/files/dropbear.init

   1 #!/bin/sh /etc/rc.common
   2 # Copyright (C) 2006-2010 OpenWrt.org
   3 # Copyright (C) 2006 Carlos Sobrinho
   4
   5 START=50
   6 STOP=50
   7
   8 USE_PROCD=1
   9 PROG=/usr/sbin/dropbear
  10 NAME=dropbear
  11 PIDCOUNT=0
  12 EXTRA_COMMANDS="killclients"
  13 EXTRA_HELP="    killclients Kill ${NAME} processes except servers and yourself"
  14
  15 append_ports()
  16 {
  17         local ipaddrs="$1"
  18         local port="$2"
  19
  20         [ -z "$ipaddrs" ] && {
  21                 procd_append_param command -p "$port"
  22                 return
  23         }
  24
  25         for addr in $ipaddrs; do
  26                 procd_append_param command -p "$addr:$port"
  27         done
  28 }
  29
  30 validate_section_dropbear()
  31 {
  32         uci_validate_section dropbear dropbear "${1}" \
  33                 'PasswordAuth:bool:1' \
  34                 'enable:bool:1' \
  35                 'Interface:string' \
  36                 'GatewayPorts:bool:0' \
  37                 'RootPasswordAuth:bool:1' \
  38                 'RootLogin:bool:1' \
  39                 'rsakeyfile:file' \
  40                 'BannerFile:file' \
  41                 'Port:list(port):22' \
  42                 'SSHKeepAlive:uinteger:300' \
  43                 'IdleTimeout:uinteger:0' \
  44                 'MaxAuthTries:uinteger:3' \
  45                 'mdns:bool:1'
  46 }
  47
  48 dropbear_instance()
  49 {
  50         local PasswordAuth enable Interface GatewayPorts \
  51                 RootPasswordAuth RootLogin rsakeyfile \
  52                 BannerFile Port SSHKeepAlive IdleTimeout \
  53                 MaxAuthTries mdns ipaddrs
  54
  55         validate_section_dropbear "${1}" || {
  56                 echo "validation failed"
  57                 return 1
  58         }
  59
  60         [ -n "${Interface}" ] && {
  61                 network_get_ipaddrs_all ipaddrs "${Interface}" || {
  62                         echo "interface ${Interface} has no physdev or physdev has no suitable ip"
  63                         return 1
  64                 }
  65         }
  66
  67         [ "${enable}" = "0" ] && return 1
  68         PIDCOUNT="$(( ${PIDCOUNT} + 1))"
  69         local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
  70
  71         procd_open_instance
  72         procd_set_param command "$PROG" -F -P "$pid_file"
  73         [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
  74         [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
  75         [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
  76         [ "${RootLogin}" -eq 0 ] && procd_append_param command -w
  77         [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}"
  78         [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
  79         append_ports "${ipaddrs}" "${Port}"
  80         [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}"
  81         [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}"
  82         [ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}"
  83         [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear"
  84         procd_set_param respawn
  85         procd_close_instance
  86 }
  87
  88 keygen()
  89 {
  90         for keytype in rsa; do
  91                 # check for keys
  92                 key=dropbear/dropbear_${keytype}_host_key
  93                 [ -f /tmp/$key -o -s /etc/$key ] || {
  94                         # generate missing keys
  95                         mkdir -p /tmp/dropbear
  96                         [ -x /usr/bin/dropbearkey ] && {
  97                                 /usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start
  98                         } &
  99                 exit 0
 100                 }
 101         done
 102
 103         lock /tmp/.switch2jffs
 104         mkdir -p /etc/dropbear
 105         mv /tmp/dropbear/dropbear_* /etc/dropbear/
 106         lock -u /tmp/.switch2jffs
 107         chown root /etc/dropbear
 108         chmod 0700 /etc/dropbear
 109 }
 110
 111 load_interfaces()
 112 {
 113         config_get interface "$1" Interface
 114         config_get enable "$1" enable 1
 115
 116         [ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}"
 117 }
 118
 119 start_service()
 120 {
 121         [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen
 122
 123         . /lib/functions.sh
 124         . /lib/functions/network.sh
 125
 126         config_load "${NAME}"
 127         config_foreach dropbear_instance dropbear
 128 }
 129
 130 service_triggers()
 131 {
 132         local interfaces
 133
 134         procd_add_config_trigger "config.change" "dropbear" /etc/init.d/dropbear reload
 135
 136         config_load "${NAME}"
 137         config_foreach load_interfaces dropbear
 138
 139         [ -n "${interfaces}" ] && {
 140                 for n in $interfaces ; do
 141                         procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload
 142                 done
 143         }
 144
 145         procd_add_validation validate_section_dropbear
 146 }
 147
 148 killclients()
 149 {
 150         local ignore=''
 151         local server
 152         local pid
 153
 154         # if this script is run from inside a client session, then ignore that session
 155         pid="$$"
 156         while [ "${pid}" -ne 0 ]
 157          do
 158                 # get parent process id
 159                 pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
 160                 [ "${pid}" -eq 0 ] && break
 161
 162                 # check if client connection
 163                 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
 164                         append ignore "${pid}"
 165                         break
 166                 }
 167         done
 168
 169         # get all server pids that should be ignored
 170         for server in `cat /var/run/${NAME}.*.pid`
 171          do
 172                 append ignore "${server}"
 173         done
 174
 175         # get all running pids and kill client connections
 176         local skip
 177         for pid in `pidof "${NAME}"`
 178          do
 179                 # check if correct program, otherwise process next pid
 180                 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
 181                         continue
 182                 }
 183
 184                 # check if pid should be ignored (servers, ourself)
 185                 skip=0
 186                 for server in ${ignore}
 187                  do
 188                         if [ "${pid}" = "${server}" ]
 189                          then
 190                                 skip=1
 191                                 break
 192                         fi
 193                 done
 194                 [ "${skip}" -ne 0 ] && continue
 195
 196                 # kill process
 197                 echo "${initscript}: Killing ${pid}..."
 198                 kill -KILL ${pid}
 199         done
 200 }