openwrt/package/dropbear/files/dropbear.init

#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2010 OpenWrt.org
# Copyright (C) 2006 Carlos Sobrinho

NAME=dropbear
PROG=/usr/sbin/dropbear
START=50
STOP=50
PIDCOUNT=0
EXTRA_COMMANDS="killclients"
EXTRA_HELP="	killclients Kill ${NAME} processes except servers and yourself"

dropbear_start()
{
	local section="$1"

	# check if section is enabled (default)
	local enabled
	config_get_bool enabled "${section}" enable 1
	[ "${enabled}" -eq 0 ] && return 1

	# verbose parameter
	local verbosed
	config_get_bool verbosed "${section}" verbose 0

	# increase pid file count to handle multiple instances correctly
	PIDCOUNT="$(( ${PIDCOUNT} + 1))"

	# prepare parameters (initialise with pid file)
	local args="-P /var/run/${NAME}.${PIDCOUNT}.pid"
	local val
	# A) password authentication
	config_get_bool val "${section}" PasswordAuth 1
	[ "${val}" -eq 0 ] && append args "-s"
	# B) listen interface and port
	local interface
	local address
	config_get interface "${section}" Interface
	config_get address "${interface}" ipaddr
	config_get val "${section}" Port
	val="${address:+${address}:}${val}"
	[ -n "${val}" ] && append args "-p ${val}"
	# C) banner file
	config_get val "${section}" BannerFile
	[ -f "${val}" ] && append args "-b ${val}"
	# D) gatewayports
	config_get_bool val "${section}" GatewayPorts 0
	[ "${val}" -eq 1 ] && append args "-a"
	# E) root password authentication
	config_get_bool val "${section}" RootPasswordAuth 1
	[ "${val}" -eq 0 ] && append args "-g"
	# F) root login
	config_get_bool val "${section}" RootLogin 1
	[ "${val}" -eq 0 ] && append args "-w"
	# G) host keys
	config_get val "${section}" rsakeyfile
	[ -f "${val}" ] && append args "-r ${val}"
	config_get val "${section}" dsskeyfile
	[ -f "${val}" ] && append args "-d ${val}"

	# execute program and return its exit code
	[ "${verbosed}" -ne 0 ] && echo "${initscript}: section ${section} starting ${PROG} ${args}"
	${PROG} ${args}
	return $?
}

keygen()
{
	for keytype in rsa dss; do
		# check for keys
		key=dropbear/dropbear_${keytype}_host_key
		[ -f /tmp/$key -o -s /etc/$key ] || {
			# generate missing keys
			mkdir -p /tmp/dropbear
			[ -x /usr/bin/dropbearkey ] && {
				/usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start
			} &
		exit 0
		}
	done

	lock /tmp/.switch2jffs
	mkdir -p /etc/dropbear
	mv /tmp/dropbear/dropbear_* /etc/dropbear/
	lock -u /tmp/.switch2jffs
	chown root /etc/dropbear
	chmod 0700 /etc/dropbear
}

start()
{
	[ -s /etc/dropbear/dropbear_rsa_host_key -a \
	  -s /etc/dropbear/dropbear_dss_host_key ] || keygen

	include /lib/network
	scan_interfaces
	config_load "${NAME}"
	config_foreach dropbear_start dropbear
}

stop()
{
	# killing all server processes
	local pidfile
	for pidfile in `ls /var/run/${NAME}.*.pid`
	 do
		start-stop-daemon -q -K -s KILL -p "${pidfile}" -n "${NAME}"
		rm -f "${pidfile}"
	done
	[ -z "${pidfile}" ] && echo "${initscript}: no pid files, if you get problems with start then try killclients"
}

killclients()
{
	local ignore=''
	local server
	local pid

	# if this script is run from inside a client session, then ignore that session
	pid="$$"
	while [ "${pid}" -ne 0 ]
	 do
		# get parent process id
		pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
		[ "${pid}" -eq 0 ] && break

		# check if client connection
		grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
			append ignore "${pid}"
			break
		}
	done

	# get all server pids that should be ignored
	for server in `cat /var/run/${NAME}.*.pid`
	 do
		append ignore "${server}"
	done

	# get all running pids and kill client connections
	local skip
	for pid in `pidof "${NAME}"`
	 do
		# check if correct program, otherwise process next pid
		grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
			continue
		}

		# check if pid should be ignored (servers, ourself)
		skip=0
		for server in ${ignore}
		 do
			if [ "${pid}" == "${server}" ]
			 then
				skip=1
				break
			fi
		done
		[ "${skip}" -ne 0 ] && continue

		# kill process
		echo "${initscript}: Killing ${pid}..."
		kill -KILL ${pid}
	done
}