diff options
Diffstat (limited to 'package/dropbear')
-rw-r--r-- | package/dropbear/Makefile | 120 | ||||
-rwxr-xr-x | package/dropbear/files/dropbear.init | 23 | ||||
-rw-r--r-- | package/dropbear/patches/100-pubkey_path.patch | 45 | ||||
-rw-r--r-- | package/dropbear/patches/110-change_user.patch | 19 | ||||
-rw-r--r-- | package/dropbear/patches/120-hostkey_prompt.patch | 12 | ||||
-rw-r--r-- | package/dropbear/patches/130-ssh_ignore_o_and_x_args.patch | 22 | ||||
-rw-r--r-- | package/dropbear/patches/140-use_dev_urandom.patch | 12 | ||||
-rw-r--r-- | package/dropbear/patches/150-dbconvert_standalone.patch | 14 |
8 files changed, 267 insertions, 0 deletions
diff --git a/package/dropbear/Makefile b/package/dropbear/Makefile new file mode 100644 index 0000000..b28b44e --- /dev/null +++ b/package/dropbear/Makefile @@ -0,0 +1,120 @@ +# +# Copyright (C) 2006 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id$ + +include $(TOPDIR)/rules.mk + +PKG_NAME:=dropbear +PKG_VERSION:=0.48.1 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://matt.ucc.asn.au/dropbear/releases/ +PKG_MD5SUM:=ca8e53a766faec831882831364568421 +PKG_CAT:=zcat + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) + +include $(INCLUDE_DIR)/package.mk + +define Package/dropbear/Default + URL:=http://matt.ucc.asn.au/dropbear/ +endef + +define Package/dropbear + $(call Package/dropbear/Default) + SECTION:=net + CATEGORY:=Base system + DEFAULT:=y + TITLE:=Small SSH2 client/server + DESCRIPTION:=\ + A small SSH2 server/client designed for small memory environments. +endef + +define Package/dropbearconvert + $(call Package/dropbear/Default) + SECTION:=utils + CATEGORY:=Utilities + TITLE:=Utility for converting SSH keys +endef + +define Build/Configure + $(SED) 's,^/\* #define PKG_MULTI.*,#define PKG_MULTI,g' $(PKG_BUILD_DIR)/options.h + $(SED) 's,^#define DO_HOST_LOOKUP,/* & */,g' $(PKG_BUILD_DIR)/options.h + (cd $(PKG_BUILD_DIR); rm -rf config.cache; \ + $(TARGET_CONFIGURE_OPTS) \ + CFLAGS="$(TARGET_CFLAGS)" \ + ./configure \ + --target=$(GNU_TARGET_NAME) \ + --host=$(GNU_TARGET_NAME) \ + --build=$(GNU_HOST_NAME) \ + --program-prefix="" \ + --program-suffix="" \ + --prefix=/usr \ + --exec-prefix=/usr \ + --bindir=/usr/bin \ + --datadir=/usr/share \ + --includedir=/usr/include \ + --infodir=/usr/share/info \ + --libdir=/usr/lib \ + --libexecdir=/usr/lib \ + --localstatedir=/var \ + --mandir=/usr/share/man \ + --sbindir=/usr/sbin \ + --sysconfdir=/etc \ + $(DISABLE_LARGEFILE) \ + $(DISABLE_NLS) \ + --with-shared \ + --disable-pam \ + --enable-openpty \ + --enable-syslog \ + --disable-shadow \ + --disable-lastlog \ + --disable-utmp \ + --disable-utmpx \ + --disable-wtmp \ + --disable-wtmpx \ + --disable-loginfunc \ + --disable-pututline \ + --disable-pututxline \ + --disable-zlib \ + ); +endef + +define Build/Compile + $(MAKE) -C $(PKG_BUILD_DIR) \ + $(TARGET_CONFIGURE_OPTS) \ + LD="$(TARGET_CC)" \ + PROGRAMS="dropbear dbclient dropbearkey scp" \ + MULTI=1 SCPPROGRESS=1 + $(MAKE) -C $(PKG_BUILD_DIR) \ + $(TARGET_CONFIGURE_OPTS) \ + LD="$(TARGET_CC)" \ + PROGRAMS="dropbearconvert" +endef + +define Package/dropbear/install + install -d -m0755 $(1)/usr/sbin + install -m0755 $(PKG_BUILD_DIR)/dropbearmulti \ + $(1)/usr/sbin/dropbear + install -d -m0755 $(1)/usr/bin + ln -sf ../sbin/dropbear $(1)/usr/bin/scp + ln -sf ../sbin/dropbear $(1)/usr/bin/ssh + ln -sf ../sbin/dropbear $(1)/usr/bin/dbclient + ln -sf ../sbin/dropbear $(1)/usr/bin/dropbearkey + install -d -m0755 $(1)/etc/init.d + install -m0755 ./files/dropbear.init $(1)/etc/init.d/S50dropbear +endef + +define Package/dropbearconvert/install + install -d -m0755 $(1)/usr/bin + install -m0755 $(PKG_BUILD_DIR)/dropbearconvert \ + $(1)/usr/bin/dropbearconvert +endef + +$(eval $(call BuildPackage,dropbear)) +$(eval $(call BuildPackage,dropbearconvert)) diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init new file mode 100755 index 0000000..a5822e4 --- /dev/null +++ b/package/dropbear/files/dropbear.init @@ -0,0 +1,23 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2006 OpenWrt.org + +start() { + for type in rsa dss; do { + # check for keys + key=/etc/dropbear/dropbear_${type}_host_key + [ ! -f $key ] && { + # generate missing keys + mkdir -p /etc/dropbear + [ -x /usr/bin/dropbearkey ] && { + /usr/bin/dropbearkey -t $type -f $key 2>&- >&- && exec $0 $* + } & + exit 0 + } + }; done + + /usr/sbin/dropbear +} + +stop() { + killall dropbear +} diff --git a/package/dropbear/patches/100-pubkey_path.patch b/package/dropbear/patches/100-pubkey_path.patch new file mode 100644 index 0000000..cbe525b --- /dev/null +++ b/package/dropbear/patches/100-pubkey_path.patch @@ -0,0 +1,45 @@ +--- dropbear.old/svr-authpubkey.c.orig 2006-06-03 14:54:43.000000000 +0000 ++++ dropbear.dev/svr-authpubkey.c 2006-06-03 15:03:19.000000000 +0000 +@@ -176,6 +176,8 @@ + goto out; + } + ++ if (ses.authstate.pw->pw_uid != 0) { ++ + /* we don't need to check pw and pw_dir for validity, since + * its been done in checkpubkeyperms. */ + len = strlen(ses.authstate.pw->pw_dir); +@@ -187,6 +189,9 @@ + + /* open the file */ + authfile = fopen(filename, "r"); ++ } else { ++ authfile = fopen("/etc/dropbear/authorized_keys","r"); ++ } + if (authfile == NULL) { + goto out; + } +@@ -274,6 +279,8 @@ + goto out; + } + ++ if (ses.authstate.pw->pw_uid != 0) { ++ + /* allocate max required pathname storage, + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ + filename = m_malloc(len + 22); +@@ -295,6 +302,14 @@ + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { + goto out; + } ++ } else { ++ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { ++ goto out; ++ } ++ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { ++ goto out; ++ } ++ } + + /* file looks ok, return success */ + ret = DROPBEAR_SUCCESS; diff --git a/package/dropbear/patches/110-change_user.patch b/package/dropbear/patches/110-change_user.patch new file mode 100644 index 0000000..ac617e2 --- /dev/null +++ b/package/dropbear/patches/110-change_user.patch @@ -0,0 +1,19 @@ +diff -urN dropbear.old/svr-chansession.c dropbear.dev/svr-chansession.c +--- dropbear.old/svr-chansession.c 2005-12-09 06:42:33.000000000 +0100 ++++ dropbear.dev/svr-chansession.c 2005-12-12 01:42:38.982034750 +0100 +@@ -860,12 +860,12 @@ + /* We can only change uid/gid as root ... */ + if (getuid() == 0) { + +- if ((setgid(ses.authstate.pw->pw_gid) < 0) || ++ if ((ses.authstate.pw->pw_gid != 0) && ((setgid(ses.authstate.pw->pw_gid) < 0) || + (initgroups(ses.authstate.pw->pw_name, +- ses.authstate.pw->pw_gid) < 0)) { ++ ses.authstate.pw->pw_gid) < 0))) { + dropbear_exit("error changing user group"); + } +- if (setuid(ses.authstate.pw->pw_uid) < 0) { ++ if ((ses.authstate.pw->pw_uid != 0) && (setuid(ses.authstate.pw->pw_uid) < 0)) { + dropbear_exit("error changing user"); + } + } else { diff --git a/package/dropbear/patches/120-hostkey_prompt.patch b/package/dropbear/patches/120-hostkey_prompt.patch new file mode 100644 index 0000000..59639e7 --- /dev/null +++ b/package/dropbear/patches/120-hostkey_prompt.patch @@ -0,0 +1,12 @@ +diff -urN dropbear-0.45.old/cli-kex.c dropbear-0.45/cli-kex.c +--- dropbear-0.45.old/cli-kex.c 2005-03-07 05:27:01.000000000 +0100 ++++ dropbear-0.45/cli-kex.c 2005-03-25 11:13:57.000000000 +0100 +@@ -119,7 +119,7 @@ + char response = 'z'; + + fp = sign_key_fingerprint(keyblob, keybloblen); +- fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", ++ fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n) ", + cli_opts.remotehost, + fp); + diff --git a/package/dropbear/patches/130-ssh_ignore_o_and_x_args.patch b/package/dropbear/patches/130-ssh_ignore_o_and_x_args.patch new file mode 100644 index 0000000..9b79e48 --- /dev/null +++ b/package/dropbear/patches/130-ssh_ignore_o_and_x_args.patch @@ -0,0 +1,22 @@ +diff -ruN dropbear-0.48-old/cli-runopts.c dropbear-0.48-new/cli-runopts.c +--- dropbear-0.48-old/cli-runopts.c 2006-03-09 16:06:03.000000000 +0100 ++++ dropbear-0.48-new/cli-runopts.c 2006-03-11 12:28:54.000000000 +0100 +@@ -188,6 +188,10 @@ + debug_trace = 1; + break; + #endif ++ case 'o': ++ next = &dummy; ++ case 'x': ++ break; + case 'F': + case 'e': + case 'c': +@@ -199,7 +203,6 @@ + #ifndef ENABLE_CLI_LOCALTCPFWD + case 'L': + #endif +- case 'o': + case 'b': + next = &dummy; + default: diff --git a/package/dropbear/patches/140-use_dev_urandom.patch b/package/dropbear/patches/140-use_dev_urandom.patch new file mode 100644 index 0000000..e1424f5 --- /dev/null +++ b/package/dropbear/patches/140-use_dev_urandom.patch @@ -0,0 +1,12 @@ +diff -urN dropbear-0.45.old/options.h dropbear-0.45/options.h +--- dropbear-0.45.old/options.h 2005-03-14 17:12:22.000000000 +0100 ++++ dropbear-0.45/options.h 2005-03-14 17:13:49.000000000 +0100 +@@ -143,7 +143,7 @@ + * however significantly reduce the security of your ssh connections + * if the PRNG state becomes guessable - make sure you know what you are + * doing if you change this. */ +-#define DROPBEAR_RANDOM_DEV "/dev/random" ++#define DROPBEAR_RANDOM_DEV "/dev/urandom" + + /* prngd must be manually set up to produce output */ + /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ diff --git a/package/dropbear/patches/150-dbconvert_standalone.patch b/package/dropbear/patches/150-dbconvert_standalone.patch new file mode 100644 index 0000000..50c035a --- /dev/null +++ b/package/dropbear/patches/150-dbconvert_standalone.patch @@ -0,0 +1,14 @@ +--- dropbear-0.47.old/options.h 2006-01-31 13:36:25.301562500 +0100 ++++ dropbear-0.47.dev/options.h 2006-01-31 13:37:41.846346250 +0100 +@@ -5,6 +5,11 @@ + #ifndef _OPTIONS_H_ + #define _OPTIONS_H_ + ++#if !defined(DROPBEAR_CLIENT) && !defined(DROPBEAR_SERVER) ++#define DROPBEAR_SERVER ++#define DROPBEAR_CLIENT ++#endif ++ + /****************************************************************** + * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" + * parts are to allow for commandline -DDROPBEAR_XXX options etc. |