openwrt/package/network/services/dropbear/files/dropbear.init

#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2010 OpenWrt.org
# Copyright (C) 2006 Carlos Sobrinho

START=19
STOP=50

USE_PROCD=1
PROG=/usr/sbin/dropbear
NAME=dropbear

extra_command "killclients" "Kill ${NAME} processes except servers and yourself"

# most of time real_stat() will be failing
# due to missing "stat" binary (by default)
real_stat() { env stat -L "$@" 2>/dev/null ; }
dumb_stat() { ls -Ldln "$1" | tr -s '\t ' ' ' ; }
stat_perm()  { real_stat -c '%A' "$1" || dumb_stat "$1" | cut -d ' ' -f 1 ; }
stat_owner() { real_stat -c '%u' "$1" || dumb_stat "$1" | cut -d ' ' -f 3 ; }

_dropbearkey()
{
	/usr/bin/dropbearkey "$@" </dev/null >/dev/null 2>&1
}

# $1 - file name (host key or config)
file_verify()
{
	[ -f "$1" ] || return 1
	# checking file ownership
	[ "$(stat_owner "$1")" = "0" ] || {
		chown 0 "$1"
		[ "$(stat_owner "$1")" = "0" ] || return 2
	}
	# checking file permissions
	[ "$(stat_perm "$1")" = "-rw-------" ] || {
		chmod 0600 "$1"
		[ "$(stat_perm "$1")" = "-rw-------" ] || return 3
	}
	# file is host key or not?
	# if $2 is empty string - file is "host key"
	# if $2 is non-empty string - file is "config"
	[ -z "$2" ] || return 0
	# checking file contents (finally)
	[ -s "$1" ] || return 4
	_dropbearkey -y -f "$1" || return 5
	return 0
}

# $1 - file_verify() return code
file_errmsg()
{
	case "$1" in
	0) ;;
	1) echo "file does not exist" ;;
	2) echo "file has wrong owner (must be owned by root)" ;;
	3) echo "file has wrong permissions (must not have group/other write bit)" ;;
	4) echo "file has zero length" ;;
	5) echo "file is not valid host key or not supported" ;;
	*) echo "unknown error" ;;
	esac
}

# $1 - config option
# $2 - host key file name
hk_config()
{
	local x m
	file_verify "$2" ; x=$?
	if [ "$x" = 0 ] ; then
		procd_append_param command -r "$2"
		return
	fi
	m=$(file_errmsg "$x")
	logger -s -t "${NAME}" -p daemon.warn \
	  "Option '$1', skipping '$2': $m"
}

# $1 - host key file name
hk_config__keyfile() { hk_config keyfile "$1" ; }

ktype_all='ed25519 ecdsa rsa'

hk_generate_as_needed()
{
	local hk_cfg_dir kgen ktype kfile hk_tmp_dir
	hk_cfg_dir='/etc/dropbear'

	[ -d "${hk_cfg_dir}" ] || mkdir -p "${hk_cfg_dir}"

	kgen=
	for ktype in ${ktype_all} ; do
		kfile="${hk_cfg_dir}/dropbear_${ktype}_host_key"

		if file_verify "${kfile}" ; then continue ; fi

		kgen="${kgen}${kgen:+ }${ktype}"
	done

	# all keys are sane?
	[ -n "${kgen}" ] || return 0

	hk_tmp_dir=$(mktemp -d)
	# system in bad state?
	[ -n "${hk_tmp_dir}" ] || return 1

	chmod 0700 "${hk_tmp_dir}"

	for ktype in ${kgen} ; do
		kfile="${hk_tmp_dir}/dropbear_${ktype}_host_key"

		if ! _dropbearkey -t ${ktype} -f "${kfile}" ; then
			# unsupported key type
			rm -f "${kfile}"
			continue
		fi

		chmod 0600 "${kfile}"
	done

	kgen=
	for ktype in ${ktype_all} ; do
		kfile="${hk_tmp_dir}/dropbear_${ktype}_host_key"

		[ -s "${kfile}" ] || continue

		kgen="${kgen}${kgen:+ }${ktype}"
	done

	if [ -n "${kgen}" ] ; then
		for ktype in ${kgen} ; do
			kfile="${hk_tmp_dir}/dropbear_${ktype}_host_key"
			[ -s "${kfile}" ] || continue
			mv -f "${kfile}" "${hk_cfg_dir}/"
		done
	fi

	rm -rf "${hk_tmp_dir}"

	# cleanup empty files
	for ktype in ${ktype_all} ; do
		kfile="${hk_cfg_dir}/dropbear_${ktype}_host_key"

		[ -s "${kfile}" ] || rm -f "${kfile}"
	done
}

# $1 - list with whitespace-separated elements
normalize_list()
{
	printf '%s' "$1" | tr -s ' \r\n\t' ' ' | sed -E 's/^ //;s/ $//'
}

warn_multiple_interfaces()
{
	logger -t "${NAME}" -p daemon.warn \
	  "Option '$1' should specify SINGLE interface but instead it lists interfaces: $2"
	logger -t "${NAME}" -p daemon.warn \
	  "Consider creating per-interface instances instead!"
}

validate_section_dropbear()
{
	uci_load_validate dropbear dropbear "$1" "$2" \
		'PasswordAuth:bool:1' \
		'enable:bool:1' \
		'DirectInterface:string' \
		'Interface:string' \
		'GatewayPorts:bool:0' \
		'ForceCommand:string' \
		'RootPasswordAuth:bool:1' \
		'RootLogin:bool:1' \
		'rsakeyfile:file' \
		'keyfile:list(file)' \
		'BannerFile:file' \
		'Port:port:22' \
		'SSHKeepAlive:uinteger:300' \
		'IdleTimeout:uinteger:0' \
		'MaxAuthTries:uinteger:3' \
		'RecvWindowSize:uinteger:0' \
		'mdns:bool:1'
}

dropbear_instance()
{
	[ "$2" = 0 ] || {
		echo "validation failed"
		return 1
	}

	[ "${enable}" = "1" ] || return 1

	local iface ndev ipaddrs

	# 'DirectInterface' should specify single interface
	# but end users may misinterpret this setting
	DirectInterface=$(normalize_list "${DirectInterface}")

	# 'Interface' should specify single interface
	# but end users are often misinterpret this setting
	Interface=$(normalize_list "${Interface}")

	if [ -n "${Interface}" ] ; then
		if [ -n "${DirectInterface}" ] ; then
			logger -t "${NAME}" -p daemon.warn \
			  "Option 'DirectInterface' takes precedence over 'Interface'"
		else
			logger -t "${NAME}" -p daemon.info \
			  "Option 'Interface' binds to address(es) but not to interface"
			logger -t "${NAME}" -p daemon.info \
			  "Consider using option 'DirectInterface' to bind directly to interface"
		fi
	fi

	# handle 'DirectInterface'
	iface=$(echo "${DirectInterface}" | awk '{print $1}')
	case "${DirectInterface}" in
	*\ *)
		warn_multiple_interfaces DirectInterface "${DirectInterface}"
		logger -t "${NAME}" -p daemon.warn \
		  "Using network interface '${iface}' for direct binding"
	;;
	esac
	while [ -n "${iface}" ] ; do
		# if network is available (even during boot) - proceed
		if network_is_up "${iface}" ; then break ; fi
		# skip during boot
		[ -z "${BOOT}" ] || return 0

		logger -t "${NAME}" -p daemon.crit \
		  "Network interface '${iface}' is not available!"
		return 1
	done
	while [ -n "${iface}" ] ; do
		# ${iface} is logical (higher level) interface name
		# ${ndev} is 'real' interface name
		# e.g.: if ${iface} is 'lan' (default LAN interface) then ${ndev} is 'br-lan'
		network_get_device ndev "${iface}"
		[ -z "${ndev}" ] || break

		logger -t "${NAME}" -p daemon.crit \
		  "Missing network device for network interface '${iface}'!"
		return 1
	done
	if [ -n "${iface}" ] ; then
		logger -t "${NAME}" -p daemon.info \
		  "Using network interface '${iface}' (network device '${ndev}') for direct binding"
	fi
	# handle 'Interface'
	while [ -z "${iface}" ] ; do
		[ -n "${Interface}" ] || break

		# skip during boot
		[ -z "${BOOT}" ] || return 0

		case "${Interface}" in
		*\ *)
			warn_multiple_interfaces Interface "${Interface}"
		;;
		esac

		local c=0
		# src/sysoptions.h
		local DROPBEAR_MAX_PORTS=10

		local a n if_ipaddrs
		for n in ${Interface} ; do
			[ -n "$n" ] || continue

			if_ipaddrs=
			network_get_ipaddrs_all if_ipaddrs "$n"
			[ -n "${if_ipaddrs}" ] || {
				logger -s -t "${NAME}" -p daemon.err \
				  "Network interface '$n' has no suitable IP address(es)!"
				continue
			}

			[ $c -le ${DROPBEAR_MAX_PORTS} ] || {
				logger -s -t "${NAME}" -p daemon.err \
				  "Network interface '$n' is NOT listened due to option limit exceed!"
				continue
			}

			for a in ${if_ipaddrs} ; do
				[ -n "$a" ] || continue

				c=$((c+1))
				if [ $c -le ${DROPBEAR_MAX_PORTS} ] ; then
					ipaddrs="${ipaddrs} $a"
					continue
				fi

				logger -t "${NAME}" -p daemon.err \
				  "Endpoint '$a:${Port}' on network interface '$n' is NOT listened due to option limit exceed!"
			done
		done
		break
	done

	local pid_file="/var/run/${NAME}.${1}.pid"

	procd_open_instance
	procd_set_param command "$PROG" -F -P "$pid_file"
	if [ -n "${iface}" ] ; then
		# if ${iface} is non-empty then ${ndev} is non-empty too
		procd_append_param command -l "${ndev}" -p "${Port}"
	else
		if [ -z "${ipaddrs}" ] ; then
			procd_append_param command -p "${Port}"
		else
			local a
			for a in ${ipaddrs} ; do
				[ -n "$a" ] || continue
				procd_append_param command -p "$a:${Port}"
			done
		fi
	fi
	[ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
	[ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
	[ -n "${ForceCommand}" ] && procd_append_param command -c "${ForceCommand}"
	[ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
	[ "${RootLogin}" -eq 0 ] && procd_append_param command -w
	config_list_foreach "$1" 'keyfile' hk_config__keyfile
	if [ -n "${rsakeyfile}" ]; then
		logger -s -t "${NAME}" -p daemon.crit \
		  "Option 'rsakeyfile' is considered to be DEPRECATED and will be REMOVED in future releases, use 'keyfile' list instead"
		sed -i.before-upgrade -E -e 's/option(\s+)rsakeyfile/list keyfile/' \
		  "/etc/config/${NAME}"
		logger -s -t "${NAME}" -p daemon.crit \
		  "Auto-transition 'option rsakeyfile' => 'list keyfile' in /etc/config/${NAME} is done, please verify your configuration"
		hk_config 'rsakeyfile' "${rsakeyfile}"
	fi
	[ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
	[ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}"
	[ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}"
	[ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}"
	[ "${RecvWindowSize}" -gt 0 ] && {
		# NB: OpenWrt increases receive window size to increase throughput on high latency links
		# ref: validate_section_dropbear()
		# default receive window size is 24576 (DEFAULT_RECV_WINDOW in default_options.h)

		# src/sysoptions.h
		local MAX_RECV_WINDOW=10485760
		if [ "${RecvWindowSize}" -gt ${MAX_RECV_WINDOW} ] ; then
			# separate logging is required because syslog misses dropbear's message
			#   Bad recv window '${RecvWindowSize}', using ${MAX_RECV_WINDOW}
			# it's probably dropbear issue but we should handle this and notify user
			logger -s -t "${NAME}" -p daemon.warn \
			  "Option 'RecvWindowSize' is too high (${RecvWindowSize}), limiting to ${MAX_RECV_WINDOW}"
			RecvWindowSize=${MAX_RECV_WINDOW}
		fi
		procd_append_param command -W "${RecvWindowSize}"
	}
	[ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear"
	procd_set_param respawn
	procd_close_instance
}

load_interfaces()
{
	local enable
	config_get_bool enable "$1" enable 1
	[ "${enable}" = "1" ] || return 0

	local direct_iface iface
	config_get direct_iface "$1" DirectInterface
	direct_iface=$(normalize_list "${direct_iface}")
	# 'DirectInterface' takes precedence over 'Interface'
	if [ -n "${direct_iface}" ] ; then
		iface=$(echo "${direct_iface}" | awk '{print $1}')
	else
		config_get iface "$1" Interface
		iface=$(normalize_list "${iface}")
	fi
	interfaces="${interfaces} ${iface}"
}

boot()
{
	BOOT=1
	start "$@"
}

start_service()
{
	hk_generate_as_needed
	file_verify /etc/dropbear/authorized_keys config

	. /lib/functions.sh
	. /lib/functions/network.sh

	config_load "${NAME}"
	config_foreach validate_section_dropbear dropbear dropbear_instance
}

service_triggers()
{
	local interfaces

	procd_add_config_trigger "config.change" "${NAME}" /etc/init.d/dropbear reload

	config_load "${NAME}"
	config_foreach load_interfaces "${NAME}"

	[ -n "${interfaces}" ] && {
		local n
		for n in $(printf '%s\n' ${interfaces} | sort -u) ; do
			procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload
		done
	}

	procd_add_validation validate_section_dropbear
}

shutdown() {
	# close all open connections
	killall dropbear
}

killclients()
{
	local ignore=''
	local server
	local pid

	# if this script is run from inside a client session, then ignore that session
	pid="$$"
	while [ "${pid}" -ne 0 ]
	 do
		# get parent process id
		pid=$(cut -d ' ' -f 4 "/proc/${pid}/stat")
		[ "${pid}" -eq 0 ] && break

		# check if client connection
		grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
			append ignore "${pid}"
			break
		}
	done

	# get all server pids that should be ignored
	for server in $(cat /var/run/${NAME}.*.pid)
	 do
		append ignore "${server}"
	done

	# get all running pids and kill client connections
	local skip
	for pid in $(pidof "${NAME}")
	 do
		# check if correct program, otherwise process next pid
		grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
			continue
		}

		# check if pid should be ignored (servers, ourself)
		skip=0
		for server in ${ignore}
		 do
			if [ "${pid}" = "${server}" ]
			 then
				skip=1
				break
			fi
		done
		[ "${skip}" -ne 0 ] && continue

		# kill process
		echo "${initscript}: Killing ${pid}..."
		kill -KILL ${pid}
	done
}