sshmngr: deprecate sshmngr uci

* sshmngr uci is deprecated and so are the library functions related to managing that uci, sshmngr will directly interact with the backend uci now * a compile time flag is introduced which tells sshmngr code whether dropbear backend is being used or not
2025-12-10 07:44:50 +01:00 · 2024-04-23 14:52:29 +05:30 · 2024-04-23 14:52:29 +05:30 · b7d861466a
commit b7d861466a
parent f17c3d4763
7 changed files with 12 additions and 158 deletions
--- a/sshmngr/Makefile
+++ b/sshmngr/Makefile
@ -11,7 +11,7 @@ LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/network/sshmngr.git
-PKG_SOURCE_VERSION:=70634013565e22d238de15fd6a1a19c0006bb229
+PKG_SOURCE_VERSION:=9af9ec2cda12b7a083c0efd01c3e65a71e79ae0c
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
 endif
@ -48,15 +48,14 @@ define Build/Prepare
 endef
 endif

+ifeq ($(CONFIG_SSHMNGR_BACKEND_DROPBEAR),y)
+	TARGET_CFLAGS += -DDROPBEAR_BACKEND
+endif
+
 define Package/sshmngr/install
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/lib/sshmngr
 	$(INSTALL_DIR) $(1)/usr/libexec/rpcd

-	$(INSTALL_DATA) ./files/common/etc/config/sshmngr $(1)/etc/config/
-	$(INSTALL_BIN) ./files/common/etc/init.d/sshmngr $(1)/etc/init.d/
-	$(INSTALL_DATA) ./files/common/lib/sshmngr/sshmngr.sh $(1)/lib/sshmngr/
 	$(INSTALL_BIN) ./files/common/usr/libexec/rpcd/sshmngr $(1)/usr/libexec/rpcd/
 ifeq ($(CONFIG_SSHMNGR_BACKEND_DROPBEAR),y)
 	$(INSTALL_DATA) ./files/dropbear_backend/lib/sshmngr/backend.sh $(1)/lib/sshmngr/
--- a/sshmngr/files/common/etc/config/sshmngr
+++ b/sshmngr/files/common/etc/config/sshmngr
@ -1,7 +0,0 @@
-config server 'ssh1'
-	option enable '1'
-	option PasswordAuth '1'
-	option RootPasswordAuth '1'
-	option RootLogin '1'
-	option Port '22'
-	option MaxAuthTries '10'
--- a/sshmngr/files/common/etc/init.d/sshmngr
+++ b/sshmngr/files/common/etc/init.d/sshmngr
@ -1,14 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=18
-USE_PROCD=1
-
-. /lib/sshmngr/sshmngr.sh
-
-start_service() {
-	configure_ssh
-}
-
-service_triggers() {
-	procd_add_reload_trigger "sshmngr"
-}
--- a/sshmngr/files/common/lib/sshmngr/sshmngr.sh
+++ b/sshmngr/files/common/lib/sshmngr/sshmngr.sh
@ -1,127 +0,0 @@
-#!/bin/sh
-
-. /lib/sshmngr/backend.sh
-
-SSHMNGR_SECTIONS=""
-
-handle_server_section()
-{
-	local cfg="$1"
-	local TargetSectionType="$2"
-	local TargetUci="$3"
-	local PasswordAuth=""
-	local Port=""
-	local RootPasswordAuth=""
-	local RootLogin=""
-	local Interface=""
-	local SSHKeepAlive=""
-	local IdleTimeout=""
-	local MaxAuthTries=""
-	local ServerName="${cfg}"
-	local enable
-
-	config_get_bool enable $cfg enable 0
-
-	config_get PasswordAuth $cfg PasswordAuth
-	config_get Port $cfg Port
-	config_get RootPasswordAuth $cfg RootPasswordAuth
-	config_get RootLogin $cfg RootLogin
-	config_get Interface $cfg Interface
-	config_get SSHKeepAlive $cfg SSHKeepAlive
-	config_get IdleTimeout $cfg IdleTimeout
-	config_get MaxAuthTries $cfg MaxAuthTries
-
-	# if someone does not want sshmngr to over-write/delete a section
-	# they can set option BbfSection to 0 in the BACKEND UCI
-	local BbfSection="$(uci -q get $TargetUci.$ServerName.BbfSection)"
-
-	# if section exists and its BbfSection flag is not 1 or true, then it means it was added by user
-	# so we don't modify it and return
-	if uci -q get $TargetUci.$ServerName >/dev/null 2>&1; then
-		if [ -z "$BbfSection" ] || [ "$BbfSection" == "0" ] || [ "$BbfSection" == "false" ]; then
-			return
-		fi
-	fi
-
-	# adding a section using uci set instead of uci add
-	# because if a section is not present then we want to add it
-	# if it is present then silently move on
-	uci -q set $TargetUci.$ServerName=$TargetSectionType
-
-	# set BbfSection to 1 so that in future we will know that this
-	# section was added by us
-	uci -q set $TargetUci.$ServerName.BbfSection=1
-
-	# set options
-	[ -n "$PasswordAuth" ] && uci -q set $TargetUci.$ServerName.PasswordAuth=$PasswordAuth
-	[ -n "$Port" ] && uci -q set $TargetUci.$ServerName.Port=$Port
-	[ -n "$RootPasswordAuth" ] && uci -q set $TargetUci.$ServerName.RootPasswordAuth=$RootPasswordAuth
-	[ -n "$RootLogin" ] && uci -q set $TargetUci.$ServerName.RootLogin=$RootLogin
-	[ -n "$Interface" ] && uci -q set $TargetUci.$ServerName.Interface=$Interface
-	[ -n "$SSHKeepAlive" ] && uci -q set $TargetUci.$ServerName.SSHKeepAlive=$SSHKeepAlive
-	[ -n "$IdleTimeout" ] && uci -q set $TargetUci.$ServerName.IdleTimeout=$IdleTimeout
-	[ -n "$MaxAuthTries" ] && uci -q set $TargetUci.$ServerName.MaxAuthTries=$MaxAuthTries
-	[ -n "$enable" ] && uci -q set $TargetUci.$ServerName.enable=$enable
-
-	# keep a list of sshmngr sections
-	# this will be compared with backend sections later
-	# so that extra sections can be deleted
-	SSHMNGR_SECTIONS="${SSHMNGR_SECTIONS} $ServerName"
-}
-
-# if a section has been deleted from sshmngr UCI
-# then we cannot detect which section has been deleted by looping on sshmngr UCI
-# so loop on backend UCI and delete sections that are not present in sshmngr UCI
-remove_extra_sections()
-{
-	local TargetUci="$1"
-	local TargetSectionType="$2"
-	local BbfSection=""
-	local TargetSection=""
-
-	# get a list of sections present in backend uci
-	TargetSections="$(uci -qX show $TargetUci | awk -F. '{print $2}' | sort -u | grep -vF "=${TargetSectionType}")"
-
-	for TargetSection in $TargetSections; do
-		# if someone does not want sshmngr to over-write a section
-		# they can set option BbfSection to 0 in the BACKEND UCI
-		BbfSection="$(uci -q get $TargetUci.$TargetSection.BbfSection)"
-
-		if [ "$BbfSection" == "1" ] || [ "$BbfSection" == "true" ]; then
-			if ! echo "$SSHMNGR_SECTIONS" | grep -q $TargetSection; then
-				uci -q delete $TargetUci.$TargetSection
-			fi
-		fi
-	done
-}
-
-configure_ssh()
-{
-	local TargetUci="$CONFIG"
-	local CurrentUci="sshmngr"
-	local TargetSectionType="$CONFIG"
-	local CurrentSectionType="server"
-
-	# if this is the first time sshmngr is running
-	if [ ! -f /etc/sshmngr/first_run_flag ]; then
-		# create first_run_flag
-		mkdir -p /etc/sshmngr/
-		echo "0" > /etc/sshmngr/first_run_flag
-		# when sshmngr runs for the first time
-		# it enforces its own UCI on the backend
-		# so, remove TargetUci
-		rm /etc/config/$TargetUci
-	fi
-
-	# if TargetUci is not present then create it
-	[ -f /etc/config/$TargetUci ] || touch /etc/config/$TargetUci
-
-	# read all current sections and then apply them to target
-	config_load "$CurrentUci"
-	config_foreach handle_server_section "$CurrentSectionType" "$TargetSectionType" "$TargetUci"
-
-	remove_extra_sections "$TargetUci" "$TargetSectionType"
-
-	# do not use single quotes, that gives error
-	ubus call uci commit "{\"config\":\"$TargetUci\"}"
-}
--- a/sshmngr/files/common/usr/libexec/rpcd/sshmngr
+++ b/sshmngr/files/common/usr/libexec/rpcd/sshmngr
@ -3,8 +3,6 @@
 . /usr/share/libubox/jshn.sh
 . /lib/sshmngr/backend.sh

-TEMP_KEY_FILE="/tmp/tempkeyfile"
-
 add_server_name()
 {
 	local server_sec="${1}"
@ -21,8 +19,11 @@ get_all_servers()
 {
 	server_names=""

-	config_load sshmngr
-	config_foreach add_server_name server
+	local backend_config="$CONFIG"
+	local server_section_type="$CONFIG"
+
+	config_load $backend_config
+	config_foreach add_server_name $server_section_type

 	echo "${server_names}"
 }
--- a/sshmngr/files/dropbear_backend/lib/sshmngr/backend.sh
+++ b/sshmngr/files/dropbear_backend/lib/sshmngr/backend.sh
@ -9,6 +9,7 @@ get_pid_file()
 {
 	local ServerName="$1"

+	# this is the way instances are named in dropbear init file
 	echo "/var/run/$CONFIG.$ServerName.pid"
 }

--- a/sshmngr/files/openssh_backend/lib/sshmngr/backend.sh
+++ b/sshmngr/files/openssh_backend/lib/sshmngr/backend.sh
@ -9,6 +9,7 @@ get_pid_file()
 {
 	local ServerName="$1"

+	# this is they instances are named in sshd init file
 	echo "/var/run/$CONFIG.$ServerName.pid"
 }