summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorPaul Eggleton <paul.eggleton@linux.intel.com>2013-01-16 17:00:11 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-01-18 13:28:05 +0000
commit955568ddfad2e21b8ff680d84655b2c9d54c06f2 (patch)
treeb36804be0c06ef9d2f914ea48f871986299604fe /meta
parent8ca0d592c5c266741ea00bc2629ef031506f834e (diff)
downloadpoky-955568ddfad2e21b8ff680d84655b2c9d54c06f2.tar.gz
dropbear: allow configuring blank password option at runtime
Instead of using IMAGE_FEATURES to control something within a recipe, allow this to be set at runtime, avoiding the need to rebuild dropbear when we want to change this option. First half of the fix for [YOCTO #2578]. (From OE-Core rev: 313039590171456b652fa7a2f5823c9b7060b20f) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-core/dropbear/dropbear.inc6
-rw-r--r--meta/recipes-core/dropbear/dropbear/allow-nopw.patch19
-rw-r--r--meta/recipes-core/dropbear/dropbear/nopw-option.patch106
3 files changed, 108 insertions, 23 deletions
diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
index aa313df316..3e430f22bf 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -2,7 +2,7 @@ DESCRIPTION = "Dropbear is a lightweight SSH and SCP implementation"
2HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" 2HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
3SECTION = "console/network" 3SECTION = "console/network"
4 4
5INC_PR = "r0" 5INC_PR = "r1"
6 6
7# some files are from other projects and have others license terms: 7# some files are from other projects and have others license terms:
8# public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY 8# public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY
@@ -18,7 +18,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
18 file://dropbear-0.53.1-static_build_fix.patch \ 18 file://dropbear-0.53.1-static_build_fix.patch \
19 file://configure.patch \ 19 file://configure.patch \
20 file://fix-2kb-keys.patch \ 20 file://fix-2kb-keys.patch \
21 ${@base_contains("DISTRO_TYPE", "debug", "file://allow-nopw.patch", "",d)} \ 21 file://nopw-option.patch \
22 file://init \ 22 file://init \
23 ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} " 23 ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} "
24 24
@@ -40,8 +40,6 @@ EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
40EXTRA_OECONF += "\ 40EXTRA_OECONF += "\
41 ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}" 41 ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
42 42
43DISTRO_TYPE ?= "${@base_contains("IMAGE_FEATURES", "debug-tweaks", "debug", "",d)}"
44
45do_install() { 43do_install() {
46 install -d ${D}${sysconfdir} \ 44 install -d ${D}${sysconfdir} \
47 ${D}${sysconfdir}/init.d \ 45 ${D}${sysconfdir}/init.d \
diff --git a/meta/recipes-core/dropbear/dropbear/allow-nopw.patch b/meta/recipes-core/dropbear/dropbear/allow-nopw.patch
deleted file mode 100644
index a175ee14da..0000000000
--- a/meta/recipes-core/dropbear/dropbear/allow-nopw.patch
+++ /dev/null
@@ -1,19 +0,0 @@
1Enable blank password login function for new release dropbear.
2
3Upstream-Status: Inappropriate [configuration]
4
5Signed-off-by: Mei Lei <lei.mei@intel.com>
6
7diff --git a/options.h b/options.h
8index 73689ad..041ddaa 100644
9--- a/options.h
10+++ b/options.h
11@@ -180,7 +180,7 @@ much traffic. */
12 * Public key logins are allowed for blank-password accounts regardless of this
13 * setting. PAM is not affected by this setting, it uses the normal pam.d
14 * settings ('nullok' option) */
15-/* #define ALLOW_BLANK_PASSWORD */
16+#define ALLOW_BLANK_PASSWORD
17
18 #define ENABLE_CLI_PASSWORD_AUTH
19 #define ENABLE_CLI_PUBKEY_AUTH
diff --git a/meta/recipes-core/dropbear/dropbear/nopw-option.patch b/meta/recipes-core/dropbear/dropbear/nopw-option.patch
new file mode 100644
index 0000000000..e7fcbb3f69
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/nopw-option.patch
@@ -0,0 +1,106 @@
1Allow configuring "allow blank password option" at runtime
2
3Changes this from a compile-time switch to a command-line option.
4
5Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
6
7Upstream-Status: Pending
8
9diff --git a/options.h b/options.h
10index 00f6179..b8d0ccb 100644
11--- a/options.h
12+++ b/options.h
13@@ -176,12 +176,6 @@ much traffic. */
14 #define ENABLE_SVR_PUBKEY_OPTIONS
15 #endif
16
17-/* Define this to allow logging in to accounts that have no password specified.
18- * Public key logins are allowed for blank-password accounts regardless of this
19- * setting. PAM is not affected by this setting, it uses the normal pam.d
20- * settings ('nullok' option) */
21-/* #define ALLOW_BLANK_PASSWORD */
22-
23 #define ENABLE_CLI_PASSWORD_AUTH
24 #define ENABLE_CLI_PUBKEY_AUTH
25 #define ENABLE_CLI_INTERACT_AUTH
26diff --git a/runopts.h b/runopts.h
27index 83b5861..126585b 100644
28--- a/runopts.h
29+++ b/runopts.h
30@@ -85,6 +85,7 @@ typedef struct svr_runopts {
31
32 int noauthpass;
33 int norootpass;
34+ int allowblankpass;
35
36 #ifdef ENABLE_SVR_REMOTETCPFWD
37 int noremotetcp;
38diff --git a/svr-authpasswd.c b/svr-authpasswd.c
39index 54b4889..d9b7928 100644
40--- a/svr-authpasswd.c
41+++ b/svr-authpasswd.c
42@@ -29,6 +29,7 @@
43 #include "buffer.h"
44 #include "dbutil.h"
45 #include "auth.h"
46+#include "runopts.h"
47
48 #ifdef ENABLE_SVR_PASSWORD_AUTH
49
50@@ -78,16 +79,17 @@ void svr_auth_password() {
51
52 /* check for empty password */
53 if (passwdcrypt[0] == '\0') {
54-#ifdef ALLOW_BLANK_PASSWORD
55- if (passwordlen == 0) {
56- success_blank = 1;
57+ if (svr_opts.allowblankpass) {
58+ if (passwordlen == 0) {
59+ success_blank = 1;
60+ }
61+ }
62+ else {
63+ dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
64+ ses.authstate.pw_name);
65+ send_msg_userauth_failure(0, 1);
66+ return;
67 }
68-#else
69- dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
70- ses.authstate.pw_name);
71- send_msg_userauth_failure(0, 1);
72- return;
73-#endif
74 }
75
76 if (success_blank || strcmp(testcrypt, passwdcrypt) == 0) {
77diff --git a/svr-runopts.c b/svr-runopts.c
78index c6e3508..b39ffb2 100644
79--- a/svr-runopts.c
80+++ b/svr-runopts.c
81@@ -63,6 +63,7 @@ static void printhelp(const char * progname) {
82 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
83 "-s Disable password logins\n"
84 "-g Disable password logins for root\n"
85+ "-B Allow blank password logins\n"
86 #endif
87 #ifdef ENABLE_SVR_LOCALTCPFWD
88 "-j Disable local port forwarding\n"
89@@ -115,6 +116,7 @@ void svr_getopts(int argc, char ** argv) {
90 svr_opts.norootlogin = 0;
91 svr_opts.noauthpass = 0;
92 svr_opts.norootpass = 0;
93+ svr_opts.allowblankpass = 0;
94 svr_opts.inetdmode = 0;
95 svr_opts.portcount = 0;
96 svr_opts.hostkey = NULL;
97@@ -234,6 +236,9 @@ void svr_getopts(int argc, char ** argv) {
98 case 'g':
99 svr_opts.norootpass = 1;
100 break;
101+ case 'B':
102+ svr_opts.allowblankpass = 1;
103+ break;
104 #endif
105 case 'h':
106 printhelp(argv[0]);