From dab0bb0498da096e8949f3ac3d66ed73ead52f2a Mon Sep 17 00:00:00 2001 From: Mohd Husaam Mehdi Date: Tue, 26 Mar 2024 17:12:17 +0530 Subject: [PATCH] openssh: add UCI support Update init script to handle UCI and add a default config Signed-off-by: Mohd Husaam Mehdi --- net/openssh/Makefile | 2 + net/openssh/files/sshd.config | 6 ++ net/openssh/files/sshd.init | 122 +++++++++++++++++++++++++++++++--- 3 files changed, 119 insertions(+), 11 deletions(-) create mode 100644 net/openssh/files/sshd.config diff --git a/net/openssh/Makefile b/net/openssh/Makefile index 450ab5ff85..c4094dc7e4 100644 --- a/net/openssh/Makefile +++ b/net/openssh/Makefile @@ -231,6 +231,8 @@ define Package/openssh-server/install sed -r -i 's,^#(HostKey /etc/ssh/ssh_host_(rsa|ed25519)_key)$$$$,\1,' $(1)/etc/ssh/sshd_config $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_BIN) ./files/sshd.config $(1)/etc/config/sshd $(INSTALL_DIR) $(1)/lib/preinit $(INSTALL_BIN) ./files/sshd.failsafe $(1)/lib/preinit/99_10_failsafe_sshd $(INSTALL_DIR) $(1)/usr/sbin diff --git a/net/openssh/files/sshd.config b/net/openssh/files/sshd.config new file mode 100644 index 0000000000..9a8c3bb662 --- /dev/null +++ b/net/openssh/files/sshd.config @@ -0,0 +1,6 @@ +config sshd + option enable '1' + option PasswordAuth '1' + option Port '22' + option RootPasswordAuth '1' + option RootLogin '1' diff --git a/net/openssh/files/sshd.init b/net/openssh/files/sshd.init index 0b859e146e..b01ce0bed4 100644 --- a/net/openssh/files/sshd.init +++ b/net/openssh/files/sshd.init @@ -6,8 +6,99 @@ STOP=50 USE_PROCD=1 PROG=/usr/sbin/sshd +NAME=sshd -start_service() { +. /lib/functions.sh +. /lib/functions/network.sh + +validate_section_sshd() +{ + uci_load_validate sshd sshd "$1" "$2" \ + 'PasswordAuth:bool:1' \ + 'RootPasswordAuth:bool:1' \ + 'RootLogin:bool:1' \ + 'Interface:string' \ + 'Port:port:22' \ + 'IdleTimeout:uinteger:0' \ + 'MaxAuthTries:uinteger:3' \ + 'enable:bool:1' \ + 'mdns:bool:1' +} + +# because sshd does not have an option for specifying an interface +# but only for specifying listen address +# we get the addresses of interface and add them +append_addresses() +{ + local ipaddrs="${1}" + local port="${2}" + + procd_append_param command -o "Port ${port}" + + for addr in $ipaddrs; do + procd_append_param command -o "ListenAddress ${addr}" + done +} + +set_params() +{ + append_addresses "${ipaddrs}" "${Port}" + + [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -o "PasswordAuthentication no" + [ "${RootPasswordAuth}" -eq 1 ] && procd_append_param command -o "PermitRootLogin yes" + [ "${RootLogin}" -eq 0 ] && procd_append_param command -o "PermitRootLogin no" + [ "${MaxAuthTries}" -gt 0 ] && procd_append_param command -o "MaxAuthTries ${MaxAuthTries}" + [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "${Port}" "daemon=sshd" + + if [ "${IdleTimeout}" -ne 0 ]; then + procd_append_param command -o "ClientAliveCountMax 1" + procd_append_param command -o "ClientAliveInterval ${IdleTimeout}" + fi +} + +sshd_instance() +{ + local ipaddrs + local cfg="$1" + local validation_result="${2}" + + [ "${validation_result}" = 0 ] || { + echo "validation failed" + return 1 + } + + [ "${enable}" -eq 0 ] && return 0 + + [ -n "${Interface}" ] && { + network_get_ipaddrs_all ipaddrs "${Interface}" || { + echo "interface ${Interface} has no physdev or physdev has no suitable ip" + return 1 + } + } + + local pid_file="/var/run/${NAME}.${cfg}.pid" + + procd_open_instance $cfg + procd_set_param command $PROG -D + procd_append_param command -o "PidFile $pid_file" + + set_params + + procd_set_param respawn + procd_close_instance +} + +# for adding trigger +load_interfaces() +{ + config_get Interface "$1" Interface + config_get enable "$1" enable 1 + + [ "${enable}" = "1" ] && interfaces=" ${Interface} ${interfaces}" +} + +start_service() +{ for type in rsa ed25519 do # check for keys @@ -20,19 +111,28 @@ start_service() { } done mkdir -m 0700 -p /var/empty + mkdir -m 0700 -p /root/.ssh - local lport=$(awk '/^Port / { print $2; exit }' /etc/ssh/sshd_config) - [ -z "$lport" ] && lport=22 - - procd_open_instance - procd_add_mdns "ssh" "tcp" "$lport" - procd_set_param command $PROG -D - procd_set_param respawn - procd_close_instance + config_load "${NAME}" + config_foreach validate_section_sshd sshd sshd_instance } -reload_service() { - procd_send_signal sshd +service_triggers() +{ + local interfaces + + procd_add_config_trigger "config.change" "sshd" /etc/init.d/sshd reload + + config_load "${NAME}" + config_foreach load_interfaces sshd + + [ -n "${interfaces}" ] && { + for n in $interfaces ; do + procd_add_interface_trigger "interface.*" $n /etc/init.d/sshd reload + done + } + + procd_add_validation validate_section_sshd } shutdown() {