diff options
Diffstat (limited to 'meta/recipes-core/dropbear/dropbear')
4 files changed, 167 insertions, 0 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/allow-nopw.patch b/meta/recipes-core/dropbear/dropbear/allow-nopw.patch new file mode 100644 index 0000000000..2ae361c63e --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/allow-nopw.patch @@ -0,0 +1,38 @@ +diff --git a/svr-auth.c b/svr-auth.c +index 5da0aa7..4de4964 100644 +--- a/svr-auth.c ++++ b/svr-auth.c +@@ -249,6 +249,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) { + } + + /* check for an empty password */ ++#ifdef DISALLOW_EMPTY_PW + if (ses.authstate.pw_passwd[0] == '\0') { + TRACE(("leave checkusername: empty pword")) + dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", +@@ -256,6 +257,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) { + send_msg_userauth_failure(0, 1); + return DROPBEAR_FAILURE; + } ++#endif + + TRACE(("shell is %s", ses.authstate.pw_shell)) + +diff --git a/svr-authpasswd.c b/svr-authpasswd.c +index 53550a2..7b896bd 100644 +--- a/svr-authpasswd.c ++++ b/svr-authpasswd.c +@@ -64,9 +64,13 @@ void svr_auth_password() { + * since the shadow password may differ to that tested + * in auth.c */ + if (passwdcrypt[0] == '\0') { ++#ifdef DISALLOW_EMPTY_PASSWD + dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", + ses.authstate.pw_name); + send_msg_userauth_failure(0, 1); ++#else ++ send_msg_userauth_success(); ++#endif + return; + } + diff --git a/meta/recipes-core/dropbear/dropbear/fix-2kb-keys.patch b/meta/recipes-core/dropbear/dropbear/fix-2kb-keys.patch new file mode 100644 index 0000000000..ba2b19d44a --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/fix-2kb-keys.patch @@ -0,0 +1,11 @@ +diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h +--- dropbear-0.45/kex.h 2005-03-06 20:27:02.000000000 -0800 ++++ dropbear-0.45.patched/kex.h 2005-03-08 15:22:44.064583279 -0800 +@@ -64,6 +64,6 @@ + + }; + +-#define MAX_KEXHASHBUF 2000 ++#define MAX_KEXHASHBUF 3000 + + #endif /* _KEX_H_ */ diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init new file mode 100755 index 0000000000..e882bae689 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/init @@ -0,0 +1,106 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: sshd +# Required-Start: $remote_fs $syslog $networking +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 1 +# Short-Description: Dropbear Secure Shell server +### END INIT INFO +# +# Do not configure this file. Edit /etc/default/dropbear instead! +# + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/dropbear +NAME=dropbear +DESC="Dropbear SSH server" + +DROPBEAR_PORT=22 +DROPBEAR_EXTRA_ARGS= +NO_START=0 + +set -e + +test ! -r /etc/default/dropbear || . /etc/default/dropbear +test "$NO_START" = "0" || exit 0 +test -x "$DAEMON" || exit 0 +test ! -h /var/service/dropbear || exit 0 + +readonly_rootfs=0 +for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do + case $flag in + ro) + readonly_rootfs=1 + ;; + esac +done + +if [ $readonly_rootfs = "1" ]; then + mkdir -p /var/lib/dropbear + DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key" + DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key" +else + DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key" + DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key" +fi + +test -z "$DROPBEAR_BANNER" || \ + DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" +test -n "$DROPBEAR_RSAKEY" || \ + DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT +test -n "$DROPBEAR_DSSKEY" || \ + DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT +test -n "$DROPBEAR_KEYTYPES" || \ + DROPBEAR_KEYTYPES="rsa" + +gen_keys() { +for t in $DROPBEAR_KEYTYPES; do + case $t in + rsa) + test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY + ;; + dsa) + test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY + ;; + esac +done +} + +case "$1" in + start) + echo -n "Starting $DESC: " + gen_keys + KEY_ARGS="" + test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" + test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" + start-stop-daemon -S \ + -x "$DAEMON" -- $KEY_ARGS \ + -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon -K -x "$DAEMON" + echo "$NAME." + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + start-stop-daemon -K -x "$DAEMON" + sleep 1 + KEY_ARGS="" + test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" + test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" + start-stop-daemon -S \ + -x "$DAEMON" -- $KEY_ARGS \ + -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta/recipes-core/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch new file mode 100644 index 0000000000..75ba306565 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch @@ -0,0 +1,12 @@ +diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h +--- dropbear-0.45/options.h 2005-03-06 20:27:02.000000000 -0800 ++++ dropbear-0.45.patched/options.h 2005-03-08 15:25:09.368742090 -0800 +@@ -167,7 +167,7 @@ + /* The command to invoke for xauth when using X11 forwarding. + * "-q" for quiet */ + #ifndef XAUTH_COMMAND +-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q" ++#define XAUTH_COMMAND "xauth -q" + #endif + + /* if you want to enable running an sftp server (such as the one included with |