diff options
-rw-r--r-- | meta/recipes-core/dropbear/dropbear.inc | 6 | ||||
-rw-r--r-- | meta/recipes-core/dropbear/dropbear/allow-nopw.patch | 19 | ||||
-rw-r--r-- | meta/recipes-core/dropbear/dropbear/nopw-option.patch | 106 |
3 files changed, 108 insertions, 23 deletions
diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc index aa313df316..3e430f22bf 100644 --- a/meta/recipes-core/dropbear/dropbear.inc +++ b/meta/recipes-core/dropbear/dropbear.inc | |||
@@ -2,7 +2,7 @@ DESCRIPTION = "Dropbear is a lightweight SSH and SCP implementation" | |||
2 | HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" | 2 | HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" |
3 | SECTION = "console/network" | 3 | SECTION = "console/network" |
4 | 4 | ||
5 | INC_PR = "r0" | 5 | INC_PR = "r1" |
6 | 6 | ||
7 | # some files are from other projects and have others license terms: | 7 | # some files are from other projects and have others license terms: |
8 | # public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY | 8 | # public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY |
@@ -18,7 +18,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \ | |||
18 | file://dropbear-0.53.1-static_build_fix.patch \ | 18 | file://dropbear-0.53.1-static_build_fix.patch \ |
19 | file://configure.patch \ | 19 | file://configure.patch \ |
20 | file://fix-2kb-keys.patch \ | 20 | file://fix-2kb-keys.patch \ |
21 | ${@base_contains("DISTRO_TYPE", "debug", "file://allow-nopw.patch", "",d)} \ | 21 | file://nopw-option.patch \ |
22 | file://init \ | 22 | file://init \ |
23 | ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} " | 23 | ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} " |
24 | 24 | ||
@@ -40,8 +40,6 @@ EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' | |||
40 | EXTRA_OECONF += "\ | 40 | EXTRA_OECONF += "\ |
41 | ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}" | 41 | ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}" |
42 | 42 | ||
43 | DISTRO_TYPE ?= "${@base_contains("IMAGE_FEATURES", "debug-tweaks", "debug", "",d)}" | ||
44 | |||
45 | do_install() { | 43 | do_install() { |
46 | install -d ${D}${sysconfdir} \ | 44 | install -d ${D}${sysconfdir} \ |
47 | ${D}${sysconfdir}/init.d \ | 45 | ${D}${sysconfdir}/init.d \ |
diff --git a/meta/recipes-core/dropbear/dropbear/allow-nopw.patch b/meta/recipes-core/dropbear/dropbear/allow-nopw.patch deleted file mode 100644 index a175ee14da..0000000000 --- a/meta/recipes-core/dropbear/dropbear/allow-nopw.patch +++ /dev/null | |||
@@ -1,19 +0,0 @@ | |||
1 | Enable blank password login function for new release dropbear. | ||
2 | |||
3 | Upstream-Status: Inappropriate [configuration] | ||
4 | |||
5 | Signed-off-by: Mei Lei <lei.mei@intel.com> | ||
6 | |||
7 | diff --git a/options.h b/options.h | ||
8 | index 73689ad..041ddaa 100644 | ||
9 | --- a/options.h | ||
10 | +++ b/options.h | ||
11 | @@ -180,7 +180,7 @@ much traffic. */ | ||
12 | * Public key logins are allowed for blank-password accounts regardless of this | ||
13 | * setting. PAM is not affected by this setting, it uses the normal pam.d | ||
14 | * settings ('nullok' option) */ | ||
15 | -/* #define ALLOW_BLANK_PASSWORD */ | ||
16 | +#define ALLOW_BLANK_PASSWORD | ||
17 | |||
18 | #define ENABLE_CLI_PASSWORD_AUTH | ||
19 | #define ENABLE_CLI_PUBKEY_AUTH | ||
diff --git a/meta/recipes-core/dropbear/dropbear/nopw-option.patch b/meta/recipes-core/dropbear/dropbear/nopw-option.patch new file mode 100644 index 0000000000..e7fcbb3f69 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/nopw-option.patch | |||
@@ -0,0 +1,106 @@ | |||
1 | Allow configuring "allow blank password option" at runtime | ||
2 | |||
3 | Changes this from a compile-time switch to a command-line option. | ||
4 | |||
5 | Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> | ||
6 | |||
7 | Upstream-Status: Pending | ||
8 | |||
9 | diff --git a/options.h b/options.h | ||
10 | index 00f6179..b8d0ccb 100644 | ||
11 | --- a/options.h | ||
12 | +++ b/options.h | ||
13 | @@ -176,12 +176,6 @@ much traffic. */ | ||
14 | #define ENABLE_SVR_PUBKEY_OPTIONS | ||
15 | #endif | ||
16 | |||
17 | -/* Define this to allow logging in to accounts that have no password specified. | ||
18 | - * Public key logins are allowed for blank-password accounts regardless of this | ||
19 | - * setting. PAM is not affected by this setting, it uses the normal pam.d | ||
20 | - * settings ('nullok' option) */ | ||
21 | -/* #define ALLOW_BLANK_PASSWORD */ | ||
22 | - | ||
23 | #define ENABLE_CLI_PASSWORD_AUTH | ||
24 | #define ENABLE_CLI_PUBKEY_AUTH | ||
25 | #define ENABLE_CLI_INTERACT_AUTH | ||
26 | diff --git a/runopts.h b/runopts.h | ||
27 | index 83b5861..126585b 100644 | ||
28 | --- a/runopts.h | ||
29 | +++ b/runopts.h | ||
30 | @@ -85,6 +85,7 @@ typedef struct svr_runopts { | ||
31 | |||
32 | int noauthpass; | ||
33 | int norootpass; | ||
34 | + int allowblankpass; | ||
35 | |||
36 | #ifdef ENABLE_SVR_REMOTETCPFWD | ||
37 | int noremotetcp; | ||
38 | diff --git a/svr-authpasswd.c b/svr-authpasswd.c | ||
39 | index 54b4889..d9b7928 100644 | ||
40 | --- a/svr-authpasswd.c | ||
41 | +++ b/svr-authpasswd.c | ||
42 | @@ -29,6 +29,7 @@ | ||
43 | #include "buffer.h" | ||
44 | #include "dbutil.h" | ||
45 | #include "auth.h" | ||
46 | +#include "runopts.h" | ||
47 | |||
48 | #ifdef ENABLE_SVR_PASSWORD_AUTH | ||
49 | |||
50 | @@ -78,16 +79,17 @@ void svr_auth_password() { | ||
51 | |||
52 | /* check for empty password */ | ||
53 | if (passwdcrypt[0] == '\0') { | ||
54 | -#ifdef ALLOW_BLANK_PASSWORD | ||
55 | - if (passwordlen == 0) { | ||
56 | - success_blank = 1; | ||
57 | + if (svr_opts.allowblankpass) { | ||
58 | + if (passwordlen == 0) { | ||
59 | + success_blank = 1; | ||
60 | + } | ||
61 | + } | ||
62 | + else { | ||
63 | + dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", | ||
64 | + ses.authstate.pw_name); | ||
65 | + send_msg_userauth_failure(0, 1); | ||
66 | + return; | ||
67 | } | ||
68 | -#else | ||
69 | - dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", | ||
70 | - ses.authstate.pw_name); | ||
71 | - send_msg_userauth_failure(0, 1); | ||
72 | - return; | ||
73 | -#endif | ||
74 | } | ||
75 | |||
76 | if (success_blank || strcmp(testcrypt, passwdcrypt) == 0) { | ||
77 | diff --git a/svr-runopts.c b/svr-runopts.c | ||
78 | index c6e3508..b39ffb2 100644 | ||
79 | --- a/svr-runopts.c | ||
80 | +++ b/svr-runopts.c | ||
81 | @@ -63,6 +63,7 @@ static void printhelp(const char * progname) { | ||
82 | #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) | ||
83 | "-s Disable password logins\n" | ||
84 | "-g Disable password logins for root\n" | ||
85 | + "-B Allow blank password logins\n" | ||
86 | #endif | ||
87 | #ifdef ENABLE_SVR_LOCALTCPFWD | ||
88 | "-j Disable local port forwarding\n" | ||
89 | @@ -115,6 +116,7 @@ void svr_getopts(int argc, char ** argv) { | ||
90 | svr_opts.norootlogin = 0; | ||
91 | svr_opts.noauthpass = 0; | ||
92 | svr_opts.norootpass = 0; | ||
93 | + svr_opts.allowblankpass = 0; | ||
94 | svr_opts.inetdmode = 0; | ||
95 | svr_opts.portcount = 0; | ||
96 | svr_opts.hostkey = NULL; | ||
97 | @@ -234,6 +236,9 @@ void svr_getopts(int argc, char ** argv) { | ||
98 | case 'g': | ||
99 | svr_opts.norootpass = 1; | ||
100 | break; | ||
101 | + case 'B': | ||
102 | + svr_opts.allowblankpass = 1; | ||
103 | + break; | ||
104 | #endif | ||
105 | case 'h': | ||
106 | printhelp(argv[0]); | ||