Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • feed/openwrt-packages
  • markus.gothe/openwrt-packages
2 results
Show changes
Commits on Source (4)
Hide whitespace changes
Inline Side-by-side
Showing
with 271 additions and 74 deletions
net/nginx/Makefile
View file @ 7a0db03b
......@@ -545,11 +545,11 @@ define Prepare/nginx-dav-ext-module
endef
define Download/nginx-ubus-module
VERSION:=b2d7260dcb428b2fb65540edb28d7538602b4a26
VERSION:=564fa3e9c2b04ea298ea659b793480415da26415
SUBDIR:=nginx-ubus-module
FILE:=nginx-ubus-module-$$(VERSION).tar.xz
URL:=https://github.com/Ansuel/nginx-ubus-module.git
MIRROR_HASH:=472cef416d25effcac66c85417ab6596e634a7a64d45b709bb090892d567553c
MIRROR_HASH:=ff386e7971b06b6673deb5d9d662e481c28e5b2df9f4bcd7b1ab818bdc1632a3
PROTO:=git
endef
......@@ -567,9 +567,6 @@ endif
ifneq "$(or $(CONFIG_PACKAGE_nginx-mod-lua),$(QUILT))" ""
$(call PatchDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/lua-nginx,lua-nginx/)
endif
ifneq "$(or $(CONFIG_PACKAGE_nginx-mod-ubus),$(QUILT))" ""
$(call PatchDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/nginx-ubus-module,nginx-ubus-module/)
endif
ifneq "$(or $(CONFIG_PACKAGE_nginx-mod-rtmp),$(QUILT))" ""
$(call PatchDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/rtmp-nginx,rtmp-nginx/)
endif
......@@ -581,7 +578,6 @@ define Quilt/Refresh/Package
$(call Quilt/RefreshDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/dav-nginx,dav-nginx/)
$(call Quilt/RefreshDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/lua-nginx,lua-nginx/)
$(call Quilt/RefreshDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/rtmp-nginx,rtmp-nginx/)
$(call Quilt/RefreshDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/nginx-ubus-module,nginx-ubus-module/)
endef
define Build/Prepare
......
net/nginx/patches/nginx-ubus-module/100-fix-sem-lock-issue.patch deleted 100644 → 0
View file @ c186667d
--- a/nginx-ubus-module/src/ngx_http_ubus_module.c
+++ b/nginx-ubus-module/src/ngx_http_ubus_module.c
@@ -501,19 +501,19 @@ static enum rpc_status ubus_post_object(
cglcf = ngx_http_get_module_loc_conf(request->r, ngx_http_ubus_module);
if (json_object_get_type(ctx->obj) != json_type_object)
- goto error;
+ goto out;
du->jsobj_cur = ctx->obj;
blob_buf_init(ctx->buf, 0);
if (!blobmsg_add_object(ctx->buf, ctx->obj))
- goto error;
+ goto out;
if (!parse_json_rpc(&data, ctx->buf->head))
- goto error;
+ goto out;
if (!strcmp(data.method, "call")) {
if (!data.sid || !data.object || !data.function || !data.data)
- goto error;
+ goto out;
du->func = data.function;
net/openssh/files/sshd.config
View file @ 7a0db03b
config sshd
option enable '1'
option PasswordAuth '1'
option Port '22'
option RootPasswordAuth '1'
option RootLogin '1'
option PasswordAuth '1'
option RootPasswordAuth '1'
list AllowUsers 'root'
list MacAlgorithms 'hmac-sha1'
list MacAlgorithms 'hmac-sha2-256'
list MacAlgorithms 'hmac-sha2-512'
net/openssh/files/sshd.init
View file @ 7a0db03b
......@@ -7,6 +7,7 @@ STOP=50
USE_PROCD=1
PROG=/usr/sbin/sshd
NAME=sshd
TEMPCONF="/tmp/sshd_config.tmp"
. /lib/functions.sh
. /lib/functions/network.sh
......@@ -14,55 +15,209 @@ NAME=sshd
validate_section_sshd()
{
uci_load_validate sshd sshd "$1" "$2" \
'PasswordAuth:bool:1' \
'RootPasswordAuth:bool:1' \
'RootLogin:bool:1' \
'AllowUsers:list(string)' \
'BannerFile:file' \
'enable:bool:1' \
'GatewayPorts:bool:0' \
'IdleTimeout:uinteger:0' \
'Interface:string' \
'MacAlgorithms:list(string)' \
'MaxAuthTries:uinteger:6' \
'PasswordAuth:bool:1' \
'Port:port:22' \
'IdleTimeout:uinteger:0' \
'MaxAuthTries:uinteger:3' \
'enable:bool:1' \
'mdns:bool:1'
'PublishOverMdns:bool:1' \
'RootLogin:bool:1' \
'RootPasswordAuth:bool:1'
}
append_config()
{
local Param="${1}"
local Value="${2}"
if [ -n "${Param}" ]; then
echo "${Param} ${Value}" >> "${TEMPCONF}"
fi
}
set_mac_algorithms()
{
local MacAlgorithms="${1}"
local MacList=""
if [ -n "${MacAlgorithms}" ]; then
for MacAlgorithm in $MacAlgorithms; do
# if this is the first iteration, then MacList
# should be empty, and we only want to add a
# comma if there are multiple values,
# this is to avoid extra comma in the end
if [ -z "${MacList}" ]; then
MacList="${MacAlgorithm}"
else
MacList="${MacAlgorithm},${MacList}"
fi
done
append_config "MACs" "${MacList}"
fi
}
set_allow_users()
{
local AllowUsers="${1}"
local UserList=""
if [ -n "${AllowUsers}" ]; then
for User in $AllowUsers; do
UserList="${User} ${UserList}"
done
append_config "AllowUsers" "${UserList}"
fi
}
set_banner_file()
{
local BannerFile="${1}"
if [ -n "${BannerFile}" ]; then
append_config "Banner" "${BannerFile}"
fi
}
set_gateway_ports()
{
local GatewayPorts="${1}"
if [ -n "${GatewayPorts}" ]; then
if [ "${GatewayPorts}" -eq 0 ]; then
append_config "GatewayPorts" "no"
else
append_config "GatewayPorts" "yes"
fi
fi
}
set_port()
{
local Port="${1}"
if [ "${Port}" -gt 0 ]; then
append_config "Port" "${Port}"
fi
}
# because sshd does not have an option for specifying an interface
# but only for specifying listen address
# we get the addresses of interface and add them
append_addresses()
set_listen_addresses()
{
local ipaddrs="${1}"
local port="${2}"
local Port="${1}"
local IpAddrs="${2}"
procd_append_param command -o "Port ${port}"
set_port "${Port}"
for addr in $ipaddrs; do
procd_append_param command -o "ListenAddress ${addr}"
for Addr in $IpAddrs; do
append_config "ListenAddress" "${Addr}"
done
}
set_params()
set_idle_timeout()
{
append_addresses "${ipaddrs}" "${Port}"
[ "${PasswordAuth}" -eq 0 ] && procd_append_param command -o "PasswordAuthentication no"
[ "${RootPasswordAuth}" -eq 1 ] && procd_append_param command -o "PermitRootLogin yes"
[ "${RootLogin}" -eq 0 ] && procd_append_param command -o "PermitRootLogin no"
[ "${MaxAuthTries}" -gt 0 ] && procd_append_param command -o "MaxAuthTries ${MaxAuthTries}"
[ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "${Port}" "daemon=sshd"
local IdleTimeout="${1}"
# from https://www.man7.org/linux/man-pages/man5/sshd_config.5.html
# ClientAliveCountMax:
# The default value is 3. If ClientAliveInterval is set to
# 15, and ClientAliveCountMax is left at the default,
# unresponsive SSH clients will be disconnected after
# approximately 45 seconds. Setting a zero
# ClientAliveCountMax disables connection termination.
#
# Therefore, to mimic IdleTimeout from dropbear, we set
# ClientAliveCountMax to 1 and ClientAliveInterval to
# the time we want to wait
if [ "${IdleTimeout}" -ne 0 ]; then
procd_append_param command -o "ClientAliveCountMax 1"
procd_append_param command -o "ClientAliveInterval ${IdleTimeout}"
append_config "ClientAliveCountMax" "1"
append_config "ClientAliveInterval" "${IdleTimeout}"
fi
}
publish_ssh_service_over_mdns()
{
local PublishOverMdns="${1}"
local Port="${2}"
if [ "${PublishOverMdns}" -ne 0 -a "${Port}" -gt 0 ]; then
procd_add_mdns "ssh" "tcp" "${Port}" "daemon=sshd"
fi
}
set_max_auth_tries()
{
local MaxAuthTries="${1}"
if [ "${MaxAuthTries}" -gt 0 ]; then
append_config "MaxAuthTries" "${MaxAuthTries}"
fi
}
set_root_login()
{
local RootLogin="${1}"
local RootPasswordAuth="${2}"
if [ "${RootLogin}" -eq 0 ]; then
append_config "PermitRootLogin" "no"
else
if [ "${RootPasswordAuth}" -eq 0 ]; then
append_config "PermitRootLogin" "prohibit-password"
else
append_config "PermitRootLogin" "yes"
fi
fi
}
set_password_auth()
{
local PasswordAuth="${1}"
if [ "${PasswordAuth}" -eq 0 ]; then
append_config "PasswordAuthentication" "no"
else
append_config "PasswordAuthentication" "yes"
fi
}
set_params()
{
local ConfigFile="${1}"
# start fresh
rm -rf "${TEMPCONF}"
touch "${TEMPCONF}"
set_allow_users "${AllowUsers}"
set_banner_file "${BannerFile}"
set_gateway_ports "${GatewayPorts}"
set_idle_timeout "${IdleTimeout}"
set_listen_addresses "${Port}" "${IpAddrs}"
set_mac_algorithms "${MacAlgorithms}"
set_max_auth_tries "${MaxAuthTries}"
set_password_auth "${PasswordAuth}"
set_root_login "${RootLogin}" "${RootPasswordAuth}"
# finalize
cp "${TEMPCONF}" "${ConfigFile}"
}
sshd_instance()
{
local ipaddrs
local cfg="$1"
local validation_result="${2}"
local IpAddrs
local Cfg="$1"
local ValidationResult="${2}"
[ "${validation_result}" = 0 ] || {
[ "${ValidationResult}" = 0 ] || {
echo "validation failed"
return 1
}
......@@ -70,19 +225,28 @@ sshd_instance()
[ "${enable}" -eq 0 ] && return 0
[ -n "${Interface}" ] && {
network_get_ipaddrs_all ipaddrs "${Interface}" || {
network_get_ipaddrs_all IpAddrs "${Interface}" || {
echo "interface ${Interface} has no physdev or physdev has no suitable ip"
return 1
}
}
local pid_file="/var/run/${NAME}.${cfg}.pid"
local PidFile="/var/run/${NAME}.${Cfg}.pid"
local ConfigFile="/etc/ssh/${NAME}.${Cfg}.conf"
# create config file
set_params "$ConfigFile"
procd_open_instance $cfg
# set up procd instance
procd_open_instance $Cfg
procd_set_param command $PROG -D
procd_append_param command -o "PidFile $pid_file"
procd_append_param command -o "PidFile $PidFile"
set_params
# pass config to daemon
procd_append_param command -f "$ConfigFile"
# announce mdns service
publish_ssh_service_over_mdns "${PublishOverMdns}" "${Port}"
procd_set_param respawn
procd_close_instance
......@@ -94,7 +258,7 @@ load_interfaces()
config_get Interface "$1" Interface
config_get enable "$1" enable 1
[ "${enable}" = "1" ] && interfaces=" ${Interface} ${interfaces}"
[ "${enable}" = "1" ] && Interfaces=" ${Interface} ${Interfaces}"
}
start_service()
......@@ -117,17 +281,23 @@ start_service()
config_foreach validate_section_sshd sshd sshd_instance
}
reload_service()
{
rc_procd start_service "$@"
procd_send_signal sshd "$@"
}
service_triggers()
{
local interfaces
local Interfaces
procd_add_config_trigger "config.change" "sshd" /etc/init.d/sshd reload
config_load "${NAME}"
config_foreach load_interfaces sshd
[ -n "${interfaces}" ] && {
for n in $interfaces ; do
[ -n "${Interfaces}" ] && {
for n in $Interfaces ; do
procd_add_interface_trigger "interface.*" $n /etc/init.d/sshd reload
done
}
......
net/openvpn/Makefile
View file @ 7a0db03b
......@@ -114,8 +114,7 @@ define Package/openvpn-$(BUILD_VARIANT)/install
$(1)/usr/libexec \
$(1)/usr/libexec/rpcd \
$(1)/etc/hotplug.d/openvpn \
$(1)/etc/bbfdm \
$(1)/etc/bbfdm/plugins
$(1)/usr/share/bbfdm/plugins
$(INSTALL_BIN) \
$(PKG_INSTALL_DIR)/usr/sbin/openvpn \
......@@ -158,8 +157,8 @@ define Package/openvpn-$(BUILD_VARIANT)/install
ifeq ($(CONFIG_OPENVPN_TR181_DATAMODEL),y)
$(INSTALL_BIN) \
files/etc/bbfdm/plugins/OpenVPN_DM.json \
$(1)/etc/bbfdm/plugins/OpenVPN_DM.json
files/bbfdm/OpenVPN_DM.json \
$(1)/usr/share/bbfdm/plugins/OpenVPN_DM.json
endif
endef
......
net/openvpn/files/etc/openvpn.user
View file @ 7a0db03b
......@@ -9,3 +9,53 @@
# <up> up action is generated after the TUN/TAP device is opened
# $INSTANCE Name of the openvpn instance which went up or down
# Function to extract the tunnel name (e.g., tun0) from uci section or the log file
get_tunnel_name() {
tunnel_name=$(uci -q get openvpn.$INSTANCE.dev)
if [ -z "${tunnel_name}" ]; then
log_file=$(uci -q get openvpn.$INSTANCE.log)
if [ -z "${log_file}" ]; then
return
fi
# Extract tunnel name from the log file
tunnel_name=$(grep -E -o 'TUN/TAP device \S+' "${log_file}" | cut -d' ' -f3)
fi
echo "$tunnel_name"
}
# Function to assign the tunnel to the WAN firewall zone
assign_tunnel_to_wan_zone() {
tunnel_name=$(get_tunnel_name)
if [ -z "${tunnel_name}" ]; then
return
fi
uci -q add_list firewall.wan.device="${tunnel_name}"
ubus call uci commit '{"config":"firewall"}'
}
# Function to delete the tunnel from the WAN firewall zone
delete_tunnel_from_wan_zone() {
tunnel_name=$(get_tunnel_name)
if [ -z "${tunnel_name}" ]; then
return
fi
uci -q del_list firewall.wan.device="${tunnel_name}"
ubus call uci commit '{"config":"firewall"}'
}
# Execute actions based on OpenVPN event
case "$ACTION" in
"up")
assign_tunnel_to_wan_zone
;;
"down")
delete_tunnel_from_wan_zone
;;
*)
# Unsupported action, do nothing
;;
esac
net/openvpn/files/usr/libexec/rpcd/openvpn
View file @ 7a0db03b
......@@ -166,6 +166,10 @@ case "$1" in
uci -q set openvpn."${name}".use_stored_password="0"
fi
idx=$(uci show openvpn | grep 'openvpn.*=openvpn' | grep -n "openvpn.${name}=openvpn" | awk -F: '{print $1}')
uci -q set openvpn."${name}".dev="tun${idx}"
uci -q set openvpn."${name}".dev_type="tun"
uci -q set openvpn."${name}".log="/tmp/openvpn_${name}.log"
uci -q commit openvpn
......