diff options
Diffstat (limited to 'meta/recipes-core/dropbear/dropbear')
4 files changed, 167 insertions, 0 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/allow-nopw.patch b/meta/recipes-core/dropbear/dropbear/allow-nopw.patch new file mode 100644 index 0000000000..2ae361c63e --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/allow-nopw.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | diff --git a/svr-auth.c b/svr-auth.c | ||
2 | index 5da0aa7..4de4964 100644 | ||
3 | --- a/svr-auth.c | ||
4 | +++ b/svr-auth.c | ||
5 | @@ -249,6 +249,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) { | ||
6 | } | ||
7 | |||
8 | /* check for an empty password */ | ||
9 | +#ifdef DISALLOW_EMPTY_PW | ||
10 | if (ses.authstate.pw_passwd[0] == '\0') { | ||
11 | TRACE(("leave checkusername: empty pword")) | ||
12 | dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", | ||
13 | @@ -256,6 +257,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) { | ||
14 | send_msg_userauth_failure(0, 1); | ||
15 | return DROPBEAR_FAILURE; | ||
16 | } | ||
17 | +#endif | ||
18 | |||
19 | TRACE(("shell is %s", ses.authstate.pw_shell)) | ||
20 | |||
21 | diff --git a/svr-authpasswd.c b/svr-authpasswd.c | ||
22 | index 53550a2..7b896bd 100644 | ||
23 | --- a/svr-authpasswd.c | ||
24 | +++ b/svr-authpasswd.c | ||
25 | @@ -64,9 +64,13 @@ void svr_auth_password() { | ||
26 | * since the shadow password may differ to that tested | ||
27 | * in auth.c */ | ||
28 | if (passwdcrypt[0] == '\0') { | ||
29 | +#ifdef DISALLOW_EMPTY_PASSWD | ||
30 | dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", | ||
31 | ses.authstate.pw_name); | ||
32 | send_msg_userauth_failure(0, 1); | ||
33 | +#else | ||
34 | + send_msg_userauth_success(); | ||
35 | +#endif | ||
36 | return; | ||
37 | } | ||
38 | |||
diff --git a/meta/recipes-core/dropbear/dropbear/fix-2kb-keys.patch b/meta/recipes-core/dropbear/dropbear/fix-2kb-keys.patch new file mode 100644 index 0000000000..ba2b19d44a --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/fix-2kb-keys.patch | |||
@@ -0,0 +1,11 @@ | |||
1 | diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h | ||
2 | --- dropbear-0.45/kex.h 2005-03-06 20:27:02.000000000 -0800 | ||
3 | +++ dropbear-0.45.patched/kex.h 2005-03-08 15:22:44.064583279 -0800 | ||
4 | @@ -64,6 +64,6 @@ | ||
5 | |||
6 | }; | ||
7 | |||
8 | -#define MAX_KEXHASHBUF 2000 | ||
9 | +#define MAX_KEXHASHBUF 3000 | ||
10 | |||
11 | #endif /* _KEX_H_ */ | ||
diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init new file mode 100755 index 0000000000..e882bae689 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/init | |||
@@ -0,0 +1,106 @@ | |||
1 | #!/bin/sh | ||
2 | ### BEGIN INIT INFO | ||
3 | # Provides: sshd | ||
4 | # Required-Start: $remote_fs $syslog $networking | ||
5 | # Required-Stop: $remote_fs $syslog | ||
6 | # Default-Start: 2 3 4 5 | ||
7 | # Default-Stop: 1 | ||
8 | # Short-Description: Dropbear Secure Shell server | ||
9 | ### END INIT INFO | ||
10 | # | ||
11 | # Do not configure this file. Edit /etc/default/dropbear instead! | ||
12 | # | ||
13 | |||
14 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin | ||
15 | DAEMON=/usr/sbin/dropbear | ||
16 | NAME=dropbear | ||
17 | DESC="Dropbear SSH server" | ||
18 | |||
19 | DROPBEAR_PORT=22 | ||
20 | DROPBEAR_EXTRA_ARGS= | ||
21 | NO_START=0 | ||
22 | |||
23 | set -e | ||
24 | |||
25 | test ! -r /etc/default/dropbear || . /etc/default/dropbear | ||
26 | test "$NO_START" = "0" || exit 0 | ||
27 | test -x "$DAEMON" || exit 0 | ||
28 | test ! -h /var/service/dropbear || exit 0 | ||
29 | |||
30 | readonly_rootfs=0 | ||
31 | for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do | ||
32 | case $flag in | ||
33 | ro) | ||
34 | readonly_rootfs=1 | ||
35 | ;; | ||
36 | esac | ||
37 | done | ||
38 | |||
39 | if [ $readonly_rootfs = "1" ]; then | ||
40 | mkdir -p /var/lib/dropbear | ||
41 | DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key" | ||
42 | DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key" | ||
43 | else | ||
44 | DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key" | ||
45 | DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key" | ||
46 | fi | ||
47 | |||
48 | test -z "$DROPBEAR_BANNER" || \ | ||
49 | DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" | ||
50 | test -n "$DROPBEAR_RSAKEY" || \ | ||
51 | DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT | ||
52 | test -n "$DROPBEAR_DSSKEY" || \ | ||
53 | DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT | ||
54 | test -n "$DROPBEAR_KEYTYPES" || \ | ||
55 | DROPBEAR_KEYTYPES="rsa" | ||
56 | |||
57 | gen_keys() { | ||
58 | for t in $DROPBEAR_KEYTYPES; do | ||
59 | case $t in | ||
60 | rsa) | ||
61 | test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY | ||
62 | ;; | ||
63 | dsa) | ||
64 | test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY | ||
65 | ;; | ||
66 | esac | ||
67 | done | ||
68 | } | ||
69 | |||
70 | case "$1" in | ||
71 | start) | ||
72 | echo -n "Starting $DESC: " | ||
73 | gen_keys | ||
74 | KEY_ARGS="" | ||
75 | test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" | ||
76 | test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" | ||
77 | start-stop-daemon -S \ | ||
78 | -x "$DAEMON" -- $KEY_ARGS \ | ||
79 | -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS | ||
80 | echo "$NAME." | ||
81 | ;; | ||
82 | stop) | ||
83 | echo -n "Stopping $DESC: " | ||
84 | start-stop-daemon -K -x "$DAEMON" | ||
85 | echo "$NAME." | ||
86 | ;; | ||
87 | restart|force-reload) | ||
88 | echo -n "Restarting $DESC: " | ||
89 | start-stop-daemon -K -x "$DAEMON" | ||
90 | sleep 1 | ||
91 | KEY_ARGS="" | ||
92 | test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" | ||
93 | test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" | ||
94 | start-stop-daemon -S \ | ||
95 | -x "$DAEMON" -- $KEY_ARGS \ | ||
96 | -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS | ||
97 | echo "$NAME." | ||
98 | ;; | ||
99 | *) | ||
100 | N=/etc/init.d/$NAME | ||
101 | echo "Usage: $N {start|stop|restart|force-reload}" >&2 | ||
102 | exit 1 | ||
103 | ;; | ||
104 | esac | ||
105 | |||
106 | exit 0 | ||
diff --git a/meta/recipes-core/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch new file mode 100644 index 0000000000..75ba306565 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch | |||
@@ -0,0 +1,12 @@ | |||
1 | diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h | ||
2 | --- dropbear-0.45/options.h 2005-03-06 20:27:02.000000000 -0800 | ||
3 | +++ dropbear-0.45.patched/options.h 2005-03-08 15:25:09.368742090 -0800 | ||
4 | @@ -167,7 +167,7 @@ | ||
5 | /* The command to invoke for xauth when using X11 forwarding. | ||
6 | * "-q" for quiet */ | ||
7 | #ifndef XAUTH_COMMAND | ||
8 | -#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q" | ||
9 | +#define XAUTH_COMMAND "xauth -q" | ||
10 | #endif | ||
11 | |||
12 | /* if you want to enable running an sftp server (such as the one included with | ||