feat: supports sshd control

Author: mingzhangqun

solutions/supervisor/main/include/global_cfg.h

@@ -37,6 +37,7 @@
 #define PATH_SERVER_KEY            "/etc/cert/server.key"
 
 #define PATH_FIRST_LOGIN           "/etc/.first_login"
+#define PATH_SSHD                  "/etc/init.d/S50sshd"
 
 #define PATH_WLAN0_MAC             "/sys/class/net/wlan0/address"
 
@@ -100,5 +101,6 @@
 #define SCRIPT_DEVICE_GETFILEMD5      SCRIPT_DEVICE(getFileMd5)
 #define SCRIPT_DEVICE_RESTARTNODERED  SCRIPT_DEVICE(restartNodered)
 #define SCRIPT_DEVICE_RESTARTSSCMA    SCRIPT_DEVICE(restartSscma)
+#define SCRIPT_DEVICE_ENABLE_SSHD     SCRIPT_DEVICE(enableSshd)
 
 #endif

solutions/supervisor/main/include/utils_user.h

@@ -16,5 +16,6 @@ int addSShkey(HttpRequest* req, HttpResponse* resp);
 int deleteSShkey(HttpRequest* req, HttpResponse* resp);
 int login(HttpRequest* req, HttpResponse* resp);
 int authorization(HttpRequest* req, HttpResponse* resp);
+int setSShStatus(HttpRequest* req, HttpResponse* resp);
 
 #endif

solutions/supervisor/main/src/http.cpp

@@ -77,6 +77,7 @@ static void registerUserApi(HttpService& router) {
     API_POST(userMgr, updatePassword);
     API_POST(userMgr, addSShkey);
     API_POST(userMgr, deleteSShkey);
+    API_POST(userMgr, setSShStatus);
 }
 
 static void registerWiFiApi(HttpService& router) {

solutions/supervisor/main/src/utils_user.cpp

@@ -10,6 +10,7 @@
 #include <unistd.h>
 #include <unordered_set>
 #include <vector>
+#include <time.h>
 
 #include "global_cfg.h"
 #include "hv/HttpServer.h"
@@ -261,6 +262,30 @@ static std::string generateToken(const std::string& username) {
     return std::string(token);
 }
 
+int setSShStatus(HttpRequest* req, HttpResponse* resp) {
+    hv::Json response;
+
+    int ret = 0;
+    FILE* fp;
+    char cmd[128]  = SCRIPT_DEVICE_ENABLE_SSHD;
+
+    strcat(cmd, req->GetString("enabled").c_str());
+    fp = popen(cmd, "r");
+    if (fp == NULL) {
+        syslog(LOG_ERR, "Failed to run `%s`(%s)\n", cmd, strerror(errno));
+        ret = -1;
+        goto exit;
+    }
+    pclose(fp);
+
+exit:
+    response["code"] = ret;
+    response["msg"]  = "";
+    response["data"] = hv::Json({});
+
+    return resp->Json(response);
+}
+
 int queryUserInfo(HttpRequest* req, HttpResponse* resp) {
     hv::Json User;
     User["code"] = 0;
@@ -278,6 +303,13 @@ int queryUserInfo(HttpRequest* req, HttpResponse* resp) {
         data["firstLogin"] = false;
     }
 
+    if (access(PATH_SSHD, F_OK) == 0) {
+        data["sshEnabled"] = true;
+    }
+    else {
+        data["sshEnabled"] = false;
+    }
+
     FILE* fp;
     char info[128];
     std::vector<hv::Json> sshkeyList;
@@ -356,7 +388,6 @@ int updatePassword(HttpRequest* req, HttpResponse* resp) {
         return resp->Json(User);
     }
 
-
     // if (req->GetString("oldPassword") == req->GetString("newPassword")) {
     //     hv::Json User;
     //     User["code"] = -1;
@@ -495,6 +526,7 @@ int authorization(HttpRequest* req, HttpResponse* resp) {
                                                                   "/api/userMgr/login",
                                                                   "/api/userMgr/updatePassword",
                                                                   "/api/userMgr/queryUserInfo",
+                                                                  "/api/userMgr/setSShStatus",
                                                                   "/api/deviceMgr/queryDeviceInfo",
                                                                   "/api/deviceMgr/getDeviceList",
                                                                   "/api/deviceMgr/getModelList",
@@ -536,6 +568,8 @@ int authorization(HttpRequest* req, HttpResponse* resp) {
 }
 
 
+static int retryCount = 5;
+static struct timespec tsFailed;
 int login(HttpRequest* req, HttpResponse* resp) {
     hv::Json res;
     std::string username = req->GetString("userName");
@@ -564,11 +598,27 @@ int login(HttpRequest* req, HttpResponse* resp) {
     }
 
     if (verifyPasswd(plaintext) != 0) {
+        if (retryCount > 0) { 
+            retryCount--;
+            if (retryCount == 0) {
+                timespec_get(&tsFailed, TIME_UTC);
+            }
+        }
+        if (retryCount == 0) {
+            struct timespec ts;
+            timespec_get(&ts, TIME_UTC);
+            if (ts.tv_sec - ts.tv_sec > 60) {
+                retryCount = 4;
+            }
+        }
         res["code"] = -1;
         res["msg"]  = "Incorrect password";
-        res["data"] = hv::Json({});
+        res["data"] = hv::Json({
+            {"retryCount", retryCount},
+         });
         return resp->Json(res);
     }
+    retryCount = 5;
 
     // generate token randomly
     std::string token = generateToken(username);

solutions/supervisor/rootfs/usr/share/supervisor/scripts/devicetool.sh

@@ -97,4 +97,25 @@ restartSscma)
     restartApp $sscma
     ;;
 
+enableSshd)
+    dir="/etc/init.d"
+    dir_disabled="$dir/disabled"
+    sshd="S*sshd"
+
+    if [ "$2" = "false" ]; then
+        path=$(ls $dir/$sshd 2>/dev/null)
+        if [ -n "$path" ] && [ -f $path ]; then
+            mkdir -p $dir_disabled
+            $path stop >/dev/null 2>&1
+            mv -v $path $dir_disabled/
+        fi
+    else
+        path=$(ls $dir_disabled/$sshd 2>/dev/null)
+        if [ -n "$path" ] && [ -f $path ]; then
+            $path restart >/dev/null 2>&1
+            mv -v $path $dir/
+        fi
+    fi
+    ;;
+
 esac