diff --git a/sshmngr/Makefile b/sshmngr/Makefile index 730df69ca..8fd9476c5 100644 --- a/sshmngr/Makefile +++ b/sshmngr/Makefile @@ -11,7 +11,7 @@ LOCAL_DEV:=0 ifneq ($(LOCAL_DEV),1) PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://dev.iopsys.eu/network/sshmngr.git -PKG_SOURCE_VERSION:=70634013565e22d238de15fd6a1a19c0006bb229 +PKG_SOURCE_VERSION:=9af9ec2cda12b7a083c0efd01c3e65a71e79ae0c PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz PKG_MIRROR_HASH:=skip endif @@ -48,15 +48,14 @@ define Build/Prepare endef endif +ifeq ($(CONFIG_SSHMNGR_BACKEND_DROPBEAR),y) + TARGET_CFLAGS += -DDROPBEAR_BACKEND +endif + define Package/sshmngr/install - $(INSTALL_DIR) $(1)/etc/config - $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_DIR) $(1)/lib/sshmngr $(INSTALL_DIR) $(1)/usr/libexec/rpcd - $(INSTALL_DATA) ./files/common/etc/config/sshmngr $(1)/etc/config/ - $(INSTALL_BIN) ./files/common/etc/init.d/sshmngr $(1)/etc/init.d/ - $(INSTALL_DATA) ./files/common/lib/sshmngr/sshmngr.sh $(1)/lib/sshmngr/ $(INSTALL_BIN) ./files/common/usr/libexec/rpcd/sshmngr $(1)/usr/libexec/rpcd/ ifeq ($(CONFIG_SSHMNGR_BACKEND_DROPBEAR),y) $(INSTALL_DATA) ./files/dropbear_backend/lib/sshmngr/backend.sh $(1)/lib/sshmngr/ diff --git a/sshmngr/files/common/etc/config/sshmngr b/sshmngr/files/common/etc/config/sshmngr deleted file mode 100644 index 67695b53d..000000000 --- a/sshmngr/files/common/etc/config/sshmngr +++ /dev/null @@ -1,7 +0,0 @@ -config server 'ssh1' - option enable '1' - option PasswordAuth '1' - option RootPasswordAuth '1' - option RootLogin '1' - option Port '22' - option MaxAuthTries '10' diff --git a/sshmngr/files/common/etc/init.d/sshmngr b/sshmngr/files/common/etc/init.d/sshmngr deleted file mode 100755 index 499a9c382..000000000 --- a/sshmngr/files/common/etc/init.d/sshmngr +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh /etc/rc.common - -START=18 -USE_PROCD=1 - -. /lib/sshmngr/sshmngr.sh - -start_service() { - configure_ssh -} - -service_triggers() { - procd_add_reload_trigger "sshmngr" -} diff --git a/sshmngr/files/common/lib/sshmngr/sshmngr.sh b/sshmngr/files/common/lib/sshmngr/sshmngr.sh deleted file mode 100755 index 7fea365b4..000000000 --- a/sshmngr/files/common/lib/sshmngr/sshmngr.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/sh - -. /lib/sshmngr/backend.sh - -SSHMNGR_SECTIONS="" - -handle_server_section() -{ - local cfg="$1" - local TargetSectionType="$2" - local TargetUci="$3" - local PasswordAuth="" - local Port="" - local RootPasswordAuth="" - local RootLogin="" - local Interface="" - local SSHKeepAlive="" - local IdleTimeout="" - local MaxAuthTries="" - local ServerName="${cfg}" - local enable - - config_get_bool enable $cfg enable 0 - - config_get PasswordAuth $cfg PasswordAuth - config_get Port $cfg Port - config_get RootPasswordAuth $cfg RootPasswordAuth - config_get RootLogin $cfg RootLogin - config_get Interface $cfg Interface - config_get SSHKeepAlive $cfg SSHKeepAlive - config_get IdleTimeout $cfg IdleTimeout - config_get MaxAuthTries $cfg MaxAuthTries - - # if someone does not want sshmngr to over-write/delete a section - # they can set option BbfSection to 0 in the BACKEND UCI - local BbfSection="$(uci -q get $TargetUci.$ServerName.BbfSection)" - - # if section exists and its BbfSection flag is not 1 or true, then it means it was added by user - # so we don't modify it and return - if uci -q get $TargetUci.$ServerName >/dev/null 2>&1; then - if [ -z "$BbfSection" ] || [ "$BbfSection" == "0" ] || [ "$BbfSection" == "false" ]; then - return - fi - fi - - # adding a section using uci set instead of uci add - # because if a section is not present then we want to add it - # if it is present then silently move on - uci -q set $TargetUci.$ServerName=$TargetSectionType - - # set BbfSection to 1 so that in future we will know that this - # section was added by us - uci -q set $TargetUci.$ServerName.BbfSection=1 - - # set options - [ -n "$PasswordAuth" ] && uci -q set $TargetUci.$ServerName.PasswordAuth=$PasswordAuth - [ -n "$Port" ] && uci -q set $TargetUci.$ServerName.Port=$Port - [ -n "$RootPasswordAuth" ] && uci -q set $TargetUci.$ServerName.RootPasswordAuth=$RootPasswordAuth - [ -n "$RootLogin" ] && uci -q set $TargetUci.$ServerName.RootLogin=$RootLogin - [ -n "$Interface" ] && uci -q set $TargetUci.$ServerName.Interface=$Interface - [ -n "$SSHKeepAlive" ] && uci -q set $TargetUci.$ServerName.SSHKeepAlive=$SSHKeepAlive - [ -n "$IdleTimeout" ] && uci -q set $TargetUci.$ServerName.IdleTimeout=$IdleTimeout - [ -n "$MaxAuthTries" ] && uci -q set $TargetUci.$ServerName.MaxAuthTries=$MaxAuthTries - [ -n "$enable" ] && uci -q set $TargetUci.$ServerName.enable=$enable - - # keep a list of sshmngr sections - # this will be compared with backend sections later - # so that extra sections can be deleted - SSHMNGR_SECTIONS="${SSHMNGR_SECTIONS} $ServerName" -} - -# if a section has been deleted from sshmngr UCI -# then we cannot detect which section has been deleted by looping on sshmngr UCI -# so loop on backend UCI and delete sections that are not present in sshmngr UCI -remove_extra_sections() -{ - local TargetUci="$1" - local TargetSectionType="$2" - local BbfSection="" - local TargetSection="" - - # get a list of sections present in backend uci - TargetSections="$(uci -qX show $TargetUci | awk -F. '{print $2}' | sort -u | grep -vF "=${TargetSectionType}")" - - for TargetSection in $TargetSections; do - # if someone does not want sshmngr to over-write a section - # they can set option BbfSection to 0 in the BACKEND UCI - BbfSection="$(uci -q get $TargetUci.$TargetSection.BbfSection)" - - if [ "$BbfSection" == "1" ] || [ "$BbfSection" == "true" ]; then - if ! echo "$SSHMNGR_SECTIONS" | grep -q $TargetSection; then - uci -q delete $TargetUci.$TargetSection - fi - fi - done -} - -configure_ssh() -{ - local TargetUci="$CONFIG" - local CurrentUci="sshmngr" - local TargetSectionType="$CONFIG" - local CurrentSectionType="server" - - # if this is the first time sshmngr is running - if [ ! -f /etc/sshmngr/first_run_flag ]; then - # create first_run_flag - mkdir -p /etc/sshmngr/ - echo "0" > /etc/sshmngr/first_run_flag - # when sshmngr runs for the first time - # it enforces its own UCI on the backend - # so, remove TargetUci - rm /etc/config/$TargetUci - fi - - # if TargetUci is not present then create it - [ -f /etc/config/$TargetUci ] || touch /etc/config/$TargetUci - - # read all current sections and then apply them to target - config_load "$CurrentUci" - config_foreach handle_server_section "$CurrentSectionType" "$TargetSectionType" "$TargetUci" - - remove_extra_sections "$TargetUci" "$TargetSectionType" - - # do not use single quotes, that gives error - ubus call uci commit "{\"config\":\"$TargetUci\"}" -} diff --git a/sshmngr/files/common/usr/libexec/rpcd/sshmngr b/sshmngr/files/common/usr/libexec/rpcd/sshmngr index e03ee8d75..40ef224a1 100755 --- a/sshmngr/files/common/usr/libexec/rpcd/sshmngr +++ b/sshmngr/files/common/usr/libexec/rpcd/sshmngr @@ -3,8 +3,6 @@ . /usr/share/libubox/jshn.sh . /lib/sshmngr/backend.sh -TEMP_KEY_FILE="/tmp/tempkeyfile" - add_server_name() { local server_sec="${1}" @@ -21,8 +19,11 @@ get_all_servers() { server_names="" - config_load sshmngr - config_foreach add_server_name server + local backend_config="$CONFIG" + local server_section_type="$CONFIG" + + config_load $backend_config + config_foreach add_server_name $server_section_type echo "${server_names}" } diff --git a/sshmngr/files/dropbear_backend/lib/sshmngr/backend.sh b/sshmngr/files/dropbear_backend/lib/sshmngr/backend.sh index acab6b6b5..dd97998df 100755 --- a/sshmngr/files/dropbear_backend/lib/sshmngr/backend.sh +++ b/sshmngr/files/dropbear_backend/lib/sshmngr/backend.sh @@ -9,6 +9,7 @@ get_pid_file() { local ServerName="$1" + # this is the way instances are named in dropbear init file echo "/var/run/$CONFIG.$ServerName.pid" } diff --git a/sshmngr/files/openssh_backend/lib/sshmngr/backend.sh b/sshmngr/files/openssh_backend/lib/sshmngr/backend.sh index 7f20d1e9f..6158d3aa6 100755 --- a/sshmngr/files/openssh_backend/lib/sshmngr/backend.sh +++ b/sshmngr/files/openssh_backend/lib/sshmngr/backend.sh @@ -9,6 +9,7 @@ get_pid_file() { local ServerName="$1" + # this is they instances are named in sshd init file echo "/var/run/$CONFIG.$ServerName.pid" }