1 #!/bin/sh /etc/rc.common
2 # Copyright (C) 2006-2010 OpenWrt.org
3 # Copyright (C) 2006 Carlos Sobrinho
9 PROG=/usr/sbin/dropbear
12 EXTRA_COMMANDS="killclients"
13 EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself"
20 grep -qs "^ *$ifname:" /proc/net/dev || {
21 procd_append_param command -p "$port"
26 ifconfig "$ifname" | sed -ne '
27 /addr: *fe[89ab][0-9a-f]:/d
28 s/.* addr: *\([0-9a-f:\.]*\).*/\1/p
31 procd_append_param command -p "$addr:$port"
35 validate_section_dropbear()
37 uci_validate_section dropbear dropbear "${1}" \
38 'PasswordAuth:bool:1' \
41 'GatewayPorts:bool:0' \
42 'RootPasswordAuth:bool:1' \
47 'Port:list(port):22' \
48 'SSHKeepAlive:uinteger:300' \
49 'IdleTimeout:uinteger:0' \
55 local PasswordAuth enable Interface GatewayPorts \
56 RootPasswordAuth RootLogin rsakeyfile \
57 dsskeyfile BannerFile Port SSHKeepAlive IdleTimeout \
60 validate_section_dropbear "${1}" || {
61 echo "validation failed"
65 [ "${enable}" = "0" ] && return 1
66 PIDCOUNT="$(( ${PIDCOUNT} + 1))"
67 local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
70 procd_set_param command "$PROG" -F -P "$pid_file"
71 [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
72 [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
73 [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
74 [ "${RootLogin}" -eq 0 ] && procd_append_param command -w
75 [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}"
76 [ -n "${dsskeyfile}" ] && procd_append_param command -d "${dsskeyfile}"
77 [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
78 [ -n "${Interface}" ] && network_get_device Interface "${Interface}"
79 append_ports "${Interface}" "${Port}"
80 [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}"
81 [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}"
82 [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear"
88 for keytype in rsa dss; do
90 key=dropbear/dropbear_${keytype}_host_key
91 [ -f /tmp/$key -o -s /etc/$key ] || {
92 # generate missing keys
93 mkdir -p /tmp/dropbear
94 [ -x /usr/bin/dropbearkey ] && {
95 /usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start
101 lock /tmp/.switch2jffs
102 mkdir -p /etc/dropbear
103 mv /tmp/dropbear/dropbear_* /etc/dropbear/
104 lock -u /tmp/.switch2jffs
105 chown root /etc/dropbear
106 chmod 0700 /etc/dropbear
111 [ -s /etc/dropbear/dropbear_rsa_host_key -a \
112 -s /etc/dropbear/dropbear_dss_host_key ] || keygen
115 . /lib/functions/network.sh
117 config_load "${NAME}"
118 config_foreach dropbear_instance dropbear
123 procd_add_reload_trigger "dropbear"
124 procd_add_validation validate_section_dropbear
133 # if this script is run from inside a client session, then ignore that session
135 while [ "${pid}" -ne 0 ]
137 # get parent process id
138 pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
139 [ "${pid}" -eq 0 ] && break
141 # check if client connection
142 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
143 append ignore "${pid}"
148 # get all server pids that should be ignored
149 for server in `cat /var/run/${NAME}.*.pid`
151 append ignore "${server}"
154 # get all running pids and kill client connections
156 for pid in `pidof "${NAME}"`
158 # check if correct program, otherwise process next pid
159 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
163 # check if pid should be ignored (servers, ourself)
165 for server in ${ignore}
167 if [ "${pid}" == "${server}" ]
173 [ "${skip}" -ne 0 ] && continue
176 echo "${initscript}: Killing ${pid}..."