summaryrefslogtreecommitdiff
path: root/package/dropbear
diff options
context:
space:
mode:
Diffstat (limited to 'package/dropbear')
-rw-r--r--package/dropbear/Makefile120
-rwxr-xr-xpackage/dropbear/files/dropbear.init23
-rw-r--r--package/dropbear/patches/100-pubkey_path.patch45
-rw-r--r--package/dropbear/patches/110-change_user.patch19
-rw-r--r--package/dropbear/patches/120-hostkey_prompt.patch12
-rw-r--r--package/dropbear/patches/130-ssh_ignore_o_and_x_args.patch22
-rw-r--r--package/dropbear/patches/140-use_dev_urandom.patch12
-rw-r--r--package/dropbear/patches/150-dbconvert_standalone.patch14
8 files changed, 267 insertions, 0 deletions
diff --git a/package/dropbear/Makefile b/package/dropbear/Makefile
new file mode 100644
index 0000000..b28b44e
--- /dev/null
+++ b/package/dropbear/Makefile
@@ -0,0 +1,120 @@
+#
+# Copyright (C) 2006 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id$
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dropbear
+PKG_VERSION:=0.48.1
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://matt.ucc.asn.au/dropbear/releases/
+PKG_MD5SUM:=ca8e53a766faec831882831364568421
+PKG_CAT:=zcat
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/dropbear/Default
+ URL:=http://matt.ucc.asn.au/dropbear/
+endef
+
+define Package/dropbear
+ $(call Package/dropbear/Default)
+ SECTION:=net
+ CATEGORY:=Base system
+ DEFAULT:=y
+ TITLE:=Small SSH2 client/server
+ DESCRIPTION:=\
+ A small SSH2 server/client designed for small memory environments.
+endef
+
+define Package/dropbearconvert
+ $(call Package/dropbear/Default)
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=Utility for converting SSH keys
+endef
+
+define Build/Configure
+ $(SED) 's,^/\* #define PKG_MULTI.*,#define PKG_MULTI,g' $(PKG_BUILD_DIR)/options.h
+ $(SED) 's,^#define DO_HOST_LOOKUP,/* & */,g' $(PKG_BUILD_DIR)/options.h
+ (cd $(PKG_BUILD_DIR); rm -rf config.cache; \
+ $(TARGET_CONFIGURE_OPTS) \
+ CFLAGS="$(TARGET_CFLAGS)" \
+ ./configure \
+ --target=$(GNU_TARGET_NAME) \
+ --host=$(GNU_TARGET_NAME) \
+ --build=$(GNU_HOST_NAME) \
+ --program-prefix="" \
+ --program-suffix="" \
+ --prefix=/usr \
+ --exec-prefix=/usr \
+ --bindir=/usr/bin \
+ --datadir=/usr/share \
+ --includedir=/usr/include \
+ --infodir=/usr/share/info \
+ --libdir=/usr/lib \
+ --libexecdir=/usr/lib \
+ --localstatedir=/var \
+ --mandir=/usr/share/man \
+ --sbindir=/usr/sbin \
+ --sysconfdir=/etc \
+ $(DISABLE_LARGEFILE) \
+ $(DISABLE_NLS) \
+ --with-shared \
+ --disable-pam \
+ --enable-openpty \
+ --enable-syslog \
+ --disable-shadow \
+ --disable-lastlog \
+ --disable-utmp \
+ --disable-utmpx \
+ --disable-wtmp \
+ --disable-wtmpx \
+ --disable-loginfunc \
+ --disable-pututline \
+ --disable-pututxline \
+ --disable-zlib \
+ );
+endef
+
+define Build/Compile
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ $(TARGET_CONFIGURE_OPTS) \
+ LD="$(TARGET_CC)" \
+ PROGRAMS="dropbear dbclient dropbearkey scp" \
+ MULTI=1 SCPPROGRESS=1
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ $(TARGET_CONFIGURE_OPTS) \
+ LD="$(TARGET_CC)" \
+ PROGRAMS="dropbearconvert"
+endef
+
+define Package/dropbear/install
+ install -d -m0755 $(1)/usr/sbin
+ install -m0755 $(PKG_BUILD_DIR)/dropbearmulti \
+ $(1)/usr/sbin/dropbear
+ install -d -m0755 $(1)/usr/bin
+ ln -sf ../sbin/dropbear $(1)/usr/bin/scp
+ ln -sf ../sbin/dropbear $(1)/usr/bin/ssh
+ ln -sf ../sbin/dropbear $(1)/usr/bin/dbclient
+ ln -sf ../sbin/dropbear $(1)/usr/bin/dropbearkey
+ install -d -m0755 $(1)/etc/init.d
+ install -m0755 ./files/dropbear.init $(1)/etc/init.d/S50dropbear
+endef
+
+define Package/dropbearconvert/install
+ install -d -m0755 $(1)/usr/bin
+ install -m0755 $(PKG_BUILD_DIR)/dropbearconvert \
+ $(1)/usr/bin/dropbearconvert
+endef
+
+$(eval $(call BuildPackage,dropbear))
+$(eval $(call BuildPackage,dropbearconvert))
diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init
new file mode 100755
index 0000000..a5822e4
--- /dev/null
+++ b/package/dropbear/files/dropbear.init
@@ -0,0 +1,23 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006 OpenWrt.org
+
+start() {
+ for type in rsa dss; do {
+ # check for keys
+ key=/etc/dropbear/dropbear_${type}_host_key
+ [ ! -f $key ] && {
+ # generate missing keys
+ mkdir -p /etc/dropbear
+ [ -x /usr/bin/dropbearkey ] && {
+ /usr/bin/dropbearkey -t $type -f $key 2>&- >&- && exec $0 $*
+ } &
+ exit 0
+ }
+ }; done
+
+ /usr/sbin/dropbear
+}
+
+stop() {
+ killall dropbear
+}
diff --git a/package/dropbear/patches/100-pubkey_path.patch b/package/dropbear/patches/100-pubkey_path.patch
new file mode 100644
index 0000000..cbe525b
--- /dev/null
+++ b/package/dropbear/patches/100-pubkey_path.patch
@@ -0,0 +1,45 @@
+--- dropbear.old/svr-authpubkey.c.orig 2006-06-03 14:54:43.000000000 +0000
++++ dropbear.dev/svr-authpubkey.c 2006-06-03 15:03:19.000000000 +0000
+@@ -176,6 +176,8 @@
+ goto out;
+ }
+
++ if (ses.authstate.pw->pw_uid != 0) {
++
+ /* we don't need to check pw and pw_dir for validity, since
+ * its been done in checkpubkeyperms. */
+ len = strlen(ses.authstate.pw->pw_dir);
+@@ -187,6 +189,9 @@
+
+ /* open the file */
+ authfile = fopen(filename, "r");
++ } else {
++ authfile = fopen("/etc/dropbear/authorized_keys","r");
++ }
+ if (authfile == NULL) {
+ goto out;
+ }
+@@ -274,6 +279,8 @@
+ goto out;
+ }
+
++ if (ses.authstate.pw->pw_uid != 0) {
++
+ /* allocate max required pathname storage,
+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+ filename = m_malloc(len + 22);
+@@ -295,6 +302,14 @@
+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+ goto out;
+ }
++ } else {
++ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
++ goto out;
++ }
++ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
++ goto out;
++ }
++ }
+
+ /* file looks ok, return success */
+ ret = DROPBEAR_SUCCESS;
diff --git a/package/dropbear/patches/110-change_user.patch b/package/dropbear/patches/110-change_user.patch
new file mode 100644
index 0000000..ac617e2
--- /dev/null
+++ b/package/dropbear/patches/110-change_user.patch
@@ -0,0 +1,19 @@
+diff -urN dropbear.old/svr-chansession.c dropbear.dev/svr-chansession.c
+--- dropbear.old/svr-chansession.c 2005-12-09 06:42:33.000000000 +0100
++++ dropbear.dev/svr-chansession.c 2005-12-12 01:42:38.982034750 +0100
+@@ -860,12 +860,12 @@
+ /* We can only change uid/gid as root ... */
+ if (getuid() == 0) {
+
+- if ((setgid(ses.authstate.pw->pw_gid) < 0) ||
++ if ((ses.authstate.pw->pw_gid != 0) && ((setgid(ses.authstate.pw->pw_gid) < 0) ||
+ (initgroups(ses.authstate.pw->pw_name,
+- ses.authstate.pw->pw_gid) < 0)) {
++ ses.authstate.pw->pw_gid) < 0))) {
+ dropbear_exit("error changing user group");
+ }
+- if (setuid(ses.authstate.pw->pw_uid) < 0) {
++ if ((ses.authstate.pw->pw_uid != 0) && (setuid(ses.authstate.pw->pw_uid) < 0)) {
+ dropbear_exit("error changing user");
+ }
+ } else {
diff --git a/package/dropbear/patches/120-hostkey_prompt.patch b/package/dropbear/patches/120-hostkey_prompt.patch
new file mode 100644
index 0000000..59639e7
--- /dev/null
+++ b/package/dropbear/patches/120-hostkey_prompt.patch
@@ -0,0 +1,12 @@
+diff -urN dropbear-0.45.old/cli-kex.c dropbear-0.45/cli-kex.c
+--- dropbear-0.45.old/cli-kex.c 2005-03-07 05:27:01.000000000 +0100
++++ dropbear-0.45/cli-kex.c 2005-03-25 11:13:57.000000000 +0100
+@@ -119,7 +119,7 @@
+ char response = 'z';
+
+ fp = sign_key_fingerprint(keyblob, keybloblen);
+- fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n",
++ fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n) ",
+ cli_opts.remotehost,
+ fp);
+
diff --git a/package/dropbear/patches/130-ssh_ignore_o_and_x_args.patch b/package/dropbear/patches/130-ssh_ignore_o_and_x_args.patch
new file mode 100644
index 0000000..9b79e48
--- /dev/null
+++ b/package/dropbear/patches/130-ssh_ignore_o_and_x_args.patch
@@ -0,0 +1,22 @@
+diff -ruN dropbear-0.48-old/cli-runopts.c dropbear-0.48-new/cli-runopts.c
+--- dropbear-0.48-old/cli-runopts.c 2006-03-09 16:06:03.000000000 +0100
++++ dropbear-0.48-new/cli-runopts.c 2006-03-11 12:28:54.000000000 +0100
+@@ -188,6 +188,10 @@
+ debug_trace = 1;
+ break;
+ #endif
++ case 'o':
++ next = &dummy;
++ case 'x':
++ break;
+ case 'F':
+ case 'e':
+ case 'c':
+@@ -199,7 +203,6 @@
+ #ifndef ENABLE_CLI_LOCALTCPFWD
+ case 'L':
+ #endif
+- case 'o':
+ case 'b':
+ next = &dummy;
+ default:
diff --git a/package/dropbear/patches/140-use_dev_urandom.patch b/package/dropbear/patches/140-use_dev_urandom.patch
new file mode 100644
index 0000000..e1424f5
--- /dev/null
+++ b/package/dropbear/patches/140-use_dev_urandom.patch
@@ -0,0 +1,12 @@
+diff -urN dropbear-0.45.old/options.h dropbear-0.45/options.h
+--- dropbear-0.45.old/options.h 2005-03-14 17:12:22.000000000 +0100
++++ dropbear-0.45/options.h 2005-03-14 17:13:49.000000000 +0100
+@@ -143,7 +143,7 @@
+ * however significantly reduce the security of your ssh connections
+ * if the PRNG state becomes guessable - make sure you know what you are
+ * doing if you change this. */
+-#define DROPBEAR_RANDOM_DEV "/dev/random"
++#define DROPBEAR_RANDOM_DEV "/dev/urandom"
+
+ /* prngd must be manually set up to produce output */
+ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
diff --git a/package/dropbear/patches/150-dbconvert_standalone.patch b/package/dropbear/patches/150-dbconvert_standalone.patch
new file mode 100644
index 0000000..50c035a
--- /dev/null
+++ b/package/dropbear/patches/150-dbconvert_standalone.patch
@@ -0,0 +1,14 @@
+--- dropbear-0.47.old/options.h 2006-01-31 13:36:25.301562500 +0100
++++ dropbear-0.47.dev/options.h 2006-01-31 13:37:41.846346250 +0100
+@@ -5,6 +5,11 @@
+ #ifndef _OPTIONS_H_
+ #define _OPTIONS_H_
+
++#if !defined(DROPBEAR_CLIENT) && !defined(DROPBEAR_SERVER)
++#define DROPBEAR_SERVER
++#define DROPBEAR_CLIENT
++#endif
++
+ /******************************************************************
+ * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
+ * parts are to allow for commandline -DDROPBEAR_XXX options etc.