X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/b0e1edba81e9169e270c03fc6a6c6eb8987c1b84..3c4461a2c9e1a31227ec6a9a7e48e63f437ab182:/package/dropbear/files/dropbear.init diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init index 6f35672d5..d06d2d534 100755 --- a/package/dropbear/files/dropbear.init +++ b/package/dropbear/files/dropbear.init @@ -1,35 +1,99 @@ #!/bin/sh /etc/rc.common -# Copyright (C) 2006 OpenWrt.org +# Copyright (C) 2006-2010 OpenWrt.org # Copyright (C) 2006 Carlos Sobrinho -config_cb() { - local cfg="$CONFIG_SECTION" - local nopasswd - local type - config_get cfgtype "$cfg" TYPE - - case "$cfgtype" in - dropbear) - config_get passauth $cfg PasswordAuth - config_get port $cfg Port - - case "$passauth" in - no|off|disabled|0) nopasswd=1;; - esac - DROPBEAR_ARGS="${port:+-p $port} ${nopasswd:+-s}" - ;; - esac +NAME=dropbear +PROG=/usr/sbin/dropbear +START=50 +STOP=50 +PIDCOUNT=0 +EXTRA_COMMANDS="killclients" +EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself" + +dropbear_start() +{ + append_ports() + { + local ifname="$1" + local port="$2" + + grep -qs "^ *$ifname:" /proc/net/dev || { + append args "-p $port" + return + } + + for addr in $( + ifconfig "$ifname" | sed -ne ' + /addr: *fe[89ab][0-9a-f]:/d + s/.* addr: *\([0-9a-f:\.]*\).*/\1/p + ' + ); do + append args "-p $addr:$port" + done + } + + + local section="$1" + + # check if section is enabled (default) + local enabled + config_get_bool enabled "${section}" enable 1 + [ "${enabled}" -eq 0 ] && return 1 + + # verbose parameter + local verbosed + config_get_bool verbosed "${section}" verbose 0 + + # increase pid file count to handle multiple instances correctly + PIDCOUNT="$(( ${PIDCOUNT} + 1))" + + # prepare parameters (initialise with pid file) + local args="-P /var/run/${NAME}.${PIDCOUNT}.pid" + local val + # A) password authentication + config_get_bool val "${section}" PasswordAuth 1 + [ "${val}" -eq 0 ] && append args "-s" + # B) listen interface and port + local port + local interface + config_get interface "${section}" Interface + config_get interface "${interface}" ifname "$interface" + config_get port "${section}" Port 22 + append_ports "$interface" "$port" + # C) banner file + config_get val "${section}" BannerFile + [ -f "${val}" ] && append args "-b ${val}" + # D) gatewayports + config_get_bool val "${section}" GatewayPorts 0 + [ "${val}" -eq 1 ] && append args "-a" + # E) root password authentication + config_get_bool val "${section}" RootPasswordAuth 1 + [ "${val}" -eq 0 ] && append args "-g" + # F) root login + config_get_bool val "${section}" RootLogin 1 + [ "${val}" -eq 0 ] && append args "-w" + # G) host keys + config_get val "${section}" rsakeyfile + [ -f "${val}" ] && append args "-r ${val}" + config_get val "${section}" dsskeyfile + [ -f "${val}" ] && append args "-d ${val}" + + # execute program and return its exit code + [ "${verbosed}" -ne 0 ] && echo "${initscript}: section ${section} starting ${PROG} ${args}" + ${PROG} ${args} + return $? } -start() { +keygen() +{ for keytype in rsa dss; do # check for keys - key=/tmp/dropbear/dropbear_${keytype}_host_key - [ ! -f $key ] && { + key=dropbear/dropbear_${keytype}_host_key + [ -f /tmp/$key -o -s /etc/$key ] || { # generate missing keys mkdir -p /tmp/dropbear [ -x /usr/bin/dropbearkey ] && { - /usr/bin/dropbearkey -t $keytype -f $key 2>&- >&- && exec /etc/rc.common "$initscript" start + /usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start } & exit 0 } @@ -39,13 +103,83 @@ start() { mkdir -p /etc/dropbear mv /tmp/dropbear/dropbear_* /etc/dropbear/ lock -u /tmp/.switch2jffs - chown root /etc/dropbear chmod 0700 /etc/dropbear - config_load dropbear - /usr/sbin/dropbear $DROPBEAR_ARGS } -stop() { - killall dropbear +start() +{ + [ -s /etc/dropbear/dropbear_rsa_host_key -a \ + -s /etc/dropbear/dropbear_dss_host_key ] || keygen + + include /lib/network + scan_interfaces + config_load "${NAME}" + config_foreach dropbear_start dropbear +} + +stop() +{ + # killing all server processes + local pidfile + for pidfile in `ls /var/run/${NAME}.*.pid` + do + start-stop-daemon -q -K -s KILL -p "${pidfile}" -n "${NAME}" + rm -f "${pidfile}" + done + [ -z "${pidfile}" ] && echo "${initscript}: no pid files, if you get problems with start then try killclients" +} + +killclients() +{ + local ignore='' + local server + local pid + + # if this script is run from inside a client session, then ignore that session + pid="$$" + while [ "${pid}" -ne 0 ] + do + # get parent process id + pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"` + [ "${pid}" -eq 0 ] && break + + # check if client connection + grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && { + append ignore "${pid}" + break + } + done + + # get all server pids that should be ignored + for server in `cat /var/run/${NAME}.*.pid` + do + append ignore "${server}" + done + + # get all running pids and kill client connections + local skip + for pid in `pidof "${NAME}"` + do + # check if correct program, otherwise process next pid + grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || { + continue + } + + # check if pid should be ignored (servers, ourself) + skip=0 + for server in ${ignore} + do + if [ "${pid}" == "${server}" ] + then + skip=1 + break + fi + done + [ "${skip}" -ne 0 ] && continue + + # kill process + echo "${initscript}: Killing ${pid}..." + kill -KILL ${pid} + done }