ssh: Cleanup permanent ssh patch

Author: remittor

data/ssh_install.sh

@@ -2,14 +2,8 @@
 
 DIR_PATCH=/etc/crontabs/patches
 
-if [ "$( grep 'ssh_patch.sh' /etc/crontabs/root )" != "" ]; then
-	if [ -e "/tmp/ssh_uninstall.sh" ]; then
-		sh /tmp/ssh_uninstall.sh
-	fi
-fi
-
 if [ ! -d $DIR_PATCH ]; then
-	mkdir $DIR_PATCH
+	mkdir -p $DIR_PATCH
 	chown root $DIR_PATCH
 	chmod 0755 $DIR_PATCH
 fi
@@ -20,7 +14,20 @@ chmod +x $DIR_PATCH/ssh_patch.sh
 nvram set ssh_en=1
 nvram commit
 
-grep -v "/ssh_patch.sh" /etc/crontabs/root > /etc/crontabs/root.new
-echo "*/1 * * * * /etc/crontabs/patches/ssh_patch.sh >/dev/null 2>&1" >> /etc/crontabs/root.new
-mv /etc/crontabs/root.new /etc/crontabs/root
-/etc/init.d/cron restart
+INSTALL_METHOD=2
+
+if [ $INSTALL_METHOD = 1 ]; then
+	FILE_FOR_EDIT=/etc/crontabs/root
+	grep -v "/ssh_patch.sh" $FILE_FOR_EDIT > $FILE_FOR_EDIT.new
+	echo "*/1 * * * * /etc/crontabs/patches/ssh_patch.sh >/dev/null 2>&1" >> $FILE_FOR_EDIT.new
+	mv $FILE_FOR_EDIT.new $FILE_FOR_EDIT
+	/etc/init.d/cron restart
+fi
+
+if [ $INSTALL_METHOD = 2 ]; then
+	uci set firewall.auto_ssh_patch=include
+	uci set firewall.auto_ssh_patch.type='script'
+	uci set firewall.auto_ssh_patch.path="$DIR_PATCH/ssh_patch.sh"
+	uci set firewall.auto_ssh_patch.enabled='1'
+	uci commit firewall
+fi

data/ssh_patch.sh

@@ -2,12 +2,15 @@
 
 [ -e "/tmp/ssh_patch.log" ] && return 0
 
-HAVE_PATCH=$( grep '= "release"' /etc/init.d/dropbear )
-if [ -z "$HAVE_PATCH" ]; then
-	return 0
+SSH_EN=`nvram get ssh_en`
+if [ "$SSH_EN" != "1" ]; then
+	nvram set ssh_en=1
+	nvram commit
 fi
 
-sed -i 's/= "release"/= "XXXXXX"/g' /etc/init.d/dropbear
+if grep -q '= "release"' /etc/init.d/dropbear ; then
+	sed -i 's/= "release"/= "XXXXXX"/g'  /etc/init.d/dropbear
+fi
 
 /etc/init.d/dropbear enable
 /etc/init.d/dropbear restart

data/ssh_uninstall.sh

@@ -1,9 +1,16 @@
 #!/bin/sh
 
-grep -v "/ssh_patch.sh" /etc/crontabs/root > /etc/crontabs/root.new
-mv /etc/crontabs/root.new /etc/crontabs/root
-/etc/init.d/cron restart
+DIR_PATCH=/etc/crontabs/patches
 
-rm -f /etc/crontabs/patches/ssh_patch.sh
+if grep -q '/ssh_patch.sh' /etc/crontabs/root ; then
+	# remove older version of patch
+	grep -v "/ssh_patch.sh" /etc/crontabs/root > /etc/crontabs/root.new
+	mv /etc/crontabs/root.new /etc/crontabs/root
+	/etc/init.d/cron restart
+fi
+uci delete firewall.auto_ssh_patch
+uci commit firewall
+
+rm -f $DIR_PATCH/ssh_patch.sh
 rm -f /tmp/ssh_patch.log
 

install_ssh.py

@@ -1,53 +1,41 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-
-import os
-import sys
-
-import xmir_base
-import gateway
-from gateway import die
-
-
-gw = gateway.Gateway()
-
-fn_dir      = 'data/'
-fn_local    = 'data/ssh_patch.sh'
-fn_remote   = '/tmp/ssh_patch.sh'
-fn_local_i  = 'data/ssh_install.sh'
-fn_remote_i = '/tmp/ssh_install.sh'
-fn_local_u  = 'data/ssh_uninstall.sh'
-fn_remote_u = '/tmp/ssh_uninstall.sh'
-
-action = 'install'
-if len(sys.argv) > 1:
-  if sys.argv[1].startswith('u') or sys.argv[1].startswith('r'):
-    action = 'uninstall'
-
-if action == 'install':
-  gw.upload(fn_local, fn_remote)
-  gw.upload(fn_local_i, fn_remote_i)
-
-gw.upload(fn_local_u, fn_remote_u)
-
-print("All files uploaded!")
-'''
-if action == 'install':
-  gw.ssh_close()
-  import passw
-  gw = gateway.Gateway()
-  if not gw.ping():
-    die('SSH not active!')
-'''
-
-print("Run scripts...")
-if action == 'install':
-  gw.run_cmd("sh " + fn_remote_i)
-else:
-  gw.run_cmd("sh " + fn_remote_u)
-
-gw.run_cmd("rm -f " + fn_remote)
-gw.run_cmd("rm -f " + fn_remote_i)
-gw.run_cmd("rm -f " + fn_remote_u)
-
-print("Ready! The SSH patch installed.")
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import os
+import sys
+import time
+
+import xmir_base
+from gateway import *
+
+gw = Gateway()
+
+FN_patch     = 'data/ssh_patch.sh'
+fn_patch     = '/tmp/ssh_patch.sh'
+FN_install   = 'data/ssh_install.sh'
+fn_install   = '/tmp/ssh_install.sh'
+FN_uninstall = 'data/ssh_uninstall.sh'
+fn_uninstall = '/tmp/ssh_uninstall.sh'
+
+action = 'install'
+if len(sys.argv) > 1:
+    if sys.argv[1].startswith('u') or sys.argv[1].startswith('r'):
+        action = 'uninstall'
+
+if action == 'install':
+    gw.upload(FN_patch, fn_patch)
+    gw.upload(FN_install, fn_install)
+
+gw.upload(FN_uninstall, fn_uninstall)
+
+print("All files uploaded!")
+
+print("Run scripts...")
+run_script = fn_install if action == 'install' else fn_uninstall
+gw.run_cmd(f"chmod +x {run_script} ; {run_script}")
+
+time.sleep(1.5)
+
+gw.run_cmd(f"rm -f {fn_patch} ; rm -f {fn_install} ; rm -f {fn_uninstall}")
+
+print("Ready! The Permanent SSH patch installed.")