#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2010 OpenWrt.org
# Copyright (C) 2006 Carlos Sobrinho

START=50
STOP=50

USE_PROCD=1
PROG=/usr/sbin/dropbear
NAME=dropbear
PIDCOUNT=0
EXTRA_COMMANDS="killclients"
EXTRA_HELP="	killclients Kill ${NAME} processes except servers and yourself"

getNewPasswd()
{
	. /lib/functions.sh 
	local macAddr=""
	local username=""
	macAddr=$(uci_get tddp macaddr macaddr)
	#username=$(uci_get "accountmgnt.@account[0].username")
	uci_get tddp macaddr macaddr > /tmp/.dropbear_account
	uci_get "accountmgnt.@account[0].username" >> /tmp/.dropbear_account
	echo "macAddr is $macAddr" > /dev/console
	#echo "username = $username" > /dev/console

	#local key=$(echo -n "$macAddr""$username" | md5sum)
	local key=$(awk '{printf("%s",$0)}' /tmp/.dropbear_account | md5sum)
	key=$(echo ${key:0:16})
	#echo "key is $key" > /dev/console

	echo ${key}
}

setNewPasswd()
{
	local newPasswd=`getNewPasswd`
	#echo "newPasswd is $newPasswd" > /dev/console
	(echo "$newPasswd";sleep 1;echo "$newPasswd") | passwd > /dev/null
}

append_ports()
{
	local ifname="$1"
	local port="$2"

	grep -qs "^ *$ifname:" /proc/net/dev || {
		procd_append_param command -p "$port"
		return
	}

	for addr in $(
		ifconfig "$ifname" | sed -ne '
			/addr: *fe[89ab][0-9a-f]:/d
			s/.* addr: *\([0-9a-f:\.]*\).*/\1/p
		'
	); do
		procd_append_param command -p "$addr:$port"
	done
}

validate_section_dropbear()
{
	uci_validate_section dropbear dropbear "${1}" \
		'PasswordAuth:bool:1' \
		'enable:bool:1' \
		'Interface:string' \
		'GatewayPorts:bool:0' \
		'RootPasswordAuth:bool:1' \
		'RootLogin:bool:1' \
		'rsakeyfile:file' \
		'BannerFile:file' \
		'Port:list(port):22' \
		'SSHKeepAlive:uinteger:300' \
		'IdleTimeout:uinteger:0'
}

dropbear_instance()
{
	setNewPasswd

	config_get ssh_port_switch $1 ssh_port_switch
	echo "ssh_port_switch is $ssh_port_switch" > /dev/console
	[ "$ssh_port_switch" != "on" ] && return 0

	export $2="on"
	local PasswordAuth enable Interface GatewayPorts \
		RootPasswordAuth RootLogin rsakeyfile \
		BannerFile Port SSHKeepAlive IdleTimeout

	validate_section_dropbear "${1}" || {
		echo "validation failed"
		return 1
	}

	[ "${enable}" = "0" ] && return 1
	PIDCOUNT="$(( ${PIDCOUNT} + 1))"
	local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"

	procd_open_instance
	procd_set_param command "$PROG" -F -P "$pid_file" -j -k
	[ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
	[ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
	[ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
	[ "${RootLogin}" -eq 0 ] && procd_append_param command -w
	[ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}"
	[ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
	[ -n "${Interface}" ] && network_get_device Interface "${Interface}"
	append_ports "${Interface}" "${Port}"
	[ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}"
	[ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}"
	procd_set_param respawn
	procd_close_instance
}

keygen()
{
	for keytype in rsa; do
		# check for keys
		key=dropbear/dropbear_${keytype}_host_key
		[ -f /tmp/$key -o -s /etc/$key ] || {
			# generate missing keys
			mkdir -p /tmp/dropbear
			[ -x /usr/bin/dropbearkey ] && {
				/usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start
			} &
		exit 0
		}
	done

	lock /tmp/.switch2jffs
	mkdir -p /etc/dropbear
	mv /tmp/dropbear/dropbear_* /etc/dropbear/
	lock -u /tmp/.switch2jffs
	chown root /etc/dropbear
	chmod 0700 /etc/dropbear
}

start_service()
{
	[ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen
	. /lib/functions.sh
	. /lib/functions/network.sh
	export db_switch="off"
	config_load "${NAME}"
	config_foreach dropbear_instance dropbear db_switch
	
	local agileFlag=`grep -o Default /tmp/agileconfig_default.tmp`
	local shadowNotAccount
	local md5_username md5_passwd openssl_passwd
	
	which remote_login_user && {
		uci get accountmgnt.@account[0].username > /tmp/.dropbear_account
		echo "db_switch: ${db_switch}" > /dev/console
		#޸omada config޸ûsshԶ̵¼ʧܵ
		md5_username="$(awk '{printf("%s",$0)}' /tmp/.dropbear_account | md5sum|awk '{print $1}')"
		openssl_passwd=`uci get accountmgnt.@account[0].password`
		shadowNotAccount=`cat /etc/shadow | grep $md5_username`
		if ([ -n "$agileFlag" ] && [ $agileFlag = 'Default' ] && [ -n "$openssl_passwd" ] && [ -z "$shadowNotAccount" ]);
		then
			md5_passwd=`echo $openssl_passwd |openssl aes-256-cbc -d -k "who are you?" -md md5 -a`
			remote_login_user -a "${md5_username}" "${md5_passwd}" 
		fi
		
		remote_login_user -c "$(awk '{printf("%s",$0)}' /tmp/.dropbear_account | md5sum|awk '{print $1}')" "${db_switch}";
	}
}

service_triggers()
{
	procd_add_reload_trigger "dropbear"
	procd_add_validation validate_section_dropbear
}

killclients()
{
	local ignore=''
	local server
	local pid
	local i
	local drop_id=0

	# if this script is run from inside a client session, then ignore that session
	pid="$$"
	drop_id=${pid}
	if [ $1 -eq 1 ]; then
	for i in $( seq 0 6)
	 do
		#get dropbear pid
		drop_id=`cat /proc/${drop_id}/status |grep PPid | grep -o '[0-9]\+'`
	done
	fi
	while [ "${pid}" -ne 0 ]
	 do
		# get parent process id
		pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
		[ "${pid}" -eq 0 ] && break

		# check if client connection
		grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
			append ignore "${pid}"
			break
		}
	done

	# get all server pids that should be ignored
	for server in `cat /var/run/${NAME}.*.pid`
	 do
		append ignore "${server}"
	done

	# get all running pids and kill client connections
	local skip
	for pid in `pidof "${NAME}"`
	 do
		 [ $1 -eq 1 && ${pid} -eq ${drop_id} ] && continue
		# check if correct program, otherwise process next pid
		grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
			continue
		}

		# check if pid should be ignored (servers, ourself)
		skip=0
		for server in ${ignore}
		 do
			if [ "${pid}" = "${server}" ]
			 then
				skip=1
				break
			fi
		done
		[ "${skip}" -ne 0 ] && continue

		# kill process
		echo "${initscript}: Killing ${pid}..."
		[ ${pid} -ne ${drop_id} ] && kill -KILL ${pid}
	done
	echo " Killing ${drop_id}..."
	[ ${drop_id} -ne 0 ] && kill -KILL ${drop_id}
}
