diff options
Diffstat (limited to 'source/installer/sources/dropbear')
8 files changed, 296 insertions, 0 deletions
diff --git a/source/installer/sources/dropbear/doinst.sh b/source/installer/sources/dropbear/doinst.sh new file mode 100644 index 000000000..af326c6ab --- /dev/null +++ b/source/installer/sources/dropbear/doinst.sh @@ -0,0 +1,13 @@ +config() { + NEW="$1" + OLD="`dirname $NEW`/`basename $NEW .new`" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +config etc/rc.d/rc.dropbear.new diff --git a/source/installer/sources/dropbear/dropbear.Slackbuild b/source/installer/sources/dropbear/dropbear.Slackbuild new file mode 100755 index 000000000..9cc78b3ed --- /dev/null +++ b/source/installer/sources/dropbear/dropbear.Slackbuild @@ -0,0 +1,142 @@ +#!/bin/sh +# $Id: dropbear.Slackbuild,v 1.7 2008/03/13 13:42:33 root Exp root $ +# Copyright 2007, Piter Punk, São Paulo, Brazil +# Adaptations for Slackware installer: +# Copyright 2008, Eric Hameleers, Eindhoven, Netherlands +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=dropbear +VERSION=2012.55 +BUILD=${BUILD:-11} +TAG=${TAG:-''} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +# The programs we want to have as symlinks to dropbearmulti binary: +PROGS="dropbear dbclient dropbearkey dropbearconvert scp ssh" + +# We build for the Slackware installer: +# This means, installing into /bin and /sbin ; +# and adding symlinks for ssh and scp without worry +# about overwriting any pre-existing binaries. + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/pkg-$PRGNAM + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +rm -rf $PKG +mkdir -p $TMP $PKG +cd $TMP || exit 1 +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.bz2 || exit 1 +cd $PRGNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +# Patch to allow empty passwords (used in Slackware's installer): +patch -p1 < $CWD/dropbear_emptypass.patch +# Apply xauth path patch +patch -p0 < $CWD/dropbear.xauth.patch +# Change the path used for dbclient because our prefix is '/' not '/usr': +patch -p1 < $CWD/dropbear_dbclientpath.patch +# Patch for new glibc crypt() that may return NULL: +patch -p1 < $CWD/dropbear.glibc.crypt.diff + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/ \ + --mandir=/usr/man \ + --disable-syslog \ + --disable-utmp \ + --disable-utmpx \ + --disable-wtmp \ + --disable-wtmpx \ + --disable-pututline \ + --disable-pututxline \ + --build=$ARCH-slackware-linux + +make PROGRAMS="$PROGS" MULTI="1" SCPPROGRESS="1" || exit 1 +mkdir -p $PKG/sbin $PKG/bin $PKG/lib +make DESTDIR=$PKG MULTI="1" install || exit 1 + +# Copy manpages to package +mkdir -p $PKG/usr/man/man1 +mkdir -p $PKG/usr/man/man8 +cp dbclient.1 $PKG/usr/man/man1 +cp dropbearkey.8 dropbear.8 $PKG/usr/man/man8 + +if [ -d $PKG/usr/man ]; then + find $PKG/usr/man -type f -exec gzip -9 {} \; + for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done +fi + +# Link binaries to dropbearmulti since the 'make install' does not do that +# if we build a multicall binary. +(cd $PKG/bin + ln -s ../bin/dropbearmulti ../sbin/dropbear + for i in $(echo $PROGS | sed -e 's/dropbear //') ; do + ln -s dropbearmulti $i + done +) + +make install DESTDIR=$PKG + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | \ + grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mkdir -p $PKG/etc/rc.d $PKG/etc/dropbear +cp $CWD/rc.dropbear.new $PKG/etc/rc.d/ # doinst.sh will handle .new + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a CHANGES INSTALL LICENSE MULTI README SMALL TODO \ + $PKG/usr/doc/$PRGNAM-$VERSION + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz diff --git a/source/installer/sources/dropbear/dropbear.glibc.crypt.diff b/source/installer/sources/dropbear/dropbear.glibc.crypt.diff new file mode 100644 index 000000000..3184210dd --- /dev/null +++ b/source/installer/sources/dropbear/dropbear.glibc.crypt.diff @@ -0,0 +1,28 @@ + +# HG changeset patch +# User Matt Johnston <matt@ucc.asn.au> +# Date 1367250157 -28800 +# Node ID 7bd88d546627ff31d0e2d91e6022b3e77a943efb +# Parent ea04e3eb03e2c3d59d82e361882711de844068a4 +Avoid segfault for locked accounts (invalid salt to crypt()) + +diff -r ea04e3eb03e2 -r 7bd88d546627 svr-authpasswd.c +--- a/svr-authpasswd.c Thu Apr 18 23:15:17 2013 +0800 ++++ b/svr-authpasswd.c Mon Apr 29 23:42:37 2013 +0800 +@@ -66,6 +66,14 @@ + m_burn(password, passwordlen); + m_free(password); + ++ if (testcrypt == NULL) { ++ /* crypt() with an invalid salt like "!!" */ ++ dropbear_log(LOG_WARNING, "User account '%s' is locked", ++ ses.authstate.pw_name); ++ send_msg_userauth_failure(0, 1); ++ return; ++ } ++ + /* check for empty password */ + if (passwdcrypt[0] == '\0') { + dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", + + diff --git a/source/installer/sources/dropbear/dropbear.xauth.patch b/source/installer/sources/dropbear/dropbear.xauth.patch new file mode 100644 index 000000000..e32f0c644 --- /dev/null +++ b/source/installer/sources/dropbear/dropbear.xauth.patch @@ -0,0 +1,11 @@ +--- options.h.orig 2013-06-21 21:50:34.859528230 -0500 ++++ options.h 2013-06-21 21:52:59.208516285 -0500 +@@ -243,7 +243,7 @@ + /* The command to invoke for xauth when using X11 forwarding. + * "-q" for quiet */ + #ifndef XAUTH_COMMAND +-#define XAUTH_COMMAND "/usr/bin/X11/xauth -q" ++#define XAUTH_COMMAND "/usr/bin/xauth -q" + #endif + + /* if you want to enable running an sftp server (such as the one included with diff --git a/source/installer/sources/dropbear/dropbear_dbclientpath.patch b/source/installer/sources/dropbear/dropbear_dbclientpath.patch new file mode 100644 index 000000000..781349f83 --- /dev/null +++ b/source/installer/sources/dropbear/dropbear_dbclientpath.patch @@ -0,0 +1,12 @@ +diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h +--- dropbear-2012.55.orig/options.h 2012-02-23 07:47:06.000000000 -0600 ++++ dropbear-2012.55/options.h 2012-04-07 15:12:46.040452209 -0500 +@@ -255,7 +255,7 @@ + + /* This is used by the scp binary when used as a client binary. If you're + * not using the Dropbear client, you'll need to change it */ +-#define _PATH_SSH_PROGRAM "/usr/bin/dbclient" ++#define _PATH_SSH_PROGRAM "/bin/dbclient" + + /* Whether to log commands executed by a client. This only logs the + * (single) command sent to the server, not what a user did in a diff --git a/source/installer/sources/dropbear/dropbear_emptypass.patch b/source/installer/sources/dropbear/dropbear_emptypass.patch new file mode 100644 index 000000000..259240082 --- /dev/null +++ b/source/installer/sources/dropbear/dropbear_emptypass.patch @@ -0,0 +1,12 @@ +diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h +--- dropbear-2012.55.orig/options.h 2012-02-23 07:47:06.000000000 -0600 ++++ dropbear-2012.55/options.h 2012-04-07 15:09:15.676322495 -0500 +@@ -180,7 +180,7 @@ + * Public key logins are allowed for blank-password accounts regardless of this + * setting. PAM is not affected by this setting, it uses the normal pam.d + * settings ('nullok' option) */ +-/* #define ALLOW_BLANK_PASSWORD */ ++#define ALLOW_BLANK_PASSWORD + + #define ENABLE_CLI_PASSWORD_AUTH + #define ENABLE_CLI_PUBKEY_AUTH diff --git a/source/installer/sources/dropbear/rc.dropbear.new b/source/installer/sources/dropbear/rc.dropbear.new new file mode 100644 index 000000000..3a695b811 --- /dev/null +++ b/source/installer/sources/dropbear/rc.dropbear.new @@ -0,0 +1,58 @@ +#!/bin/sh +# Start/stop/restart the dropbear secure shell server: + +# Terminate the script now if we have no interface with an IP address: +if ! `ip -f inet -o addr show | grep -v " lo " 1>/dev/null 2>/dev/null` ; then + exit 1 +fi + +dropbear_start() { + # Create host keys if needed. + if [ ! -f /etc/dropbear/dropbear_rsa_host_key ]; then + /bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key + fi + if [ ! -f /etc/dropbear/dropbear_dss_host_key ]; then + /bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key + fi + touch /var/log/lastlog # The file is missing in the installer + /sbin/dropbear 2>> /var/log/dropbear.log +} + +dropbear_stop() { + killall dropbear +} + +dropbear_restart() { + if [ -r /var/run/dropbear.pid ]; then + echo "WARNING: killing listener process only. To kill every dropbear process, you " + echo " must use 'rc.dropbear stop'. 'rc.dropbear restart' kills only the " + echo " parent dropbear to allow an admin logged in through dropbear to use " + echo " 'rc.dropbear restart' without being cut off. If dropbear has been " + echo " upgraded, new connections will now use the new version, which should " + echo " be a safe enough approach." + kill `cat /var/run/dropbear.pid` + else + echo "WARNING: There does not appear to be a parent instance of dropbear running." + echo " If you really want to kill all running instances of dropbear " + echo " (including any sessions currently in use), run " + echo " '/etc/rc.d/rc.dropbear stop' instead." + exit 1 + fi + sleep 1 + dropbear_start +} + +case "$1" in +'start') + dropbear_start + ;; +'stop') + dropbear_stop + ;; +'restart') + dropbear_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac + diff --git a/source/installer/sources/dropbear/slack-desc b/source/installer/sources/dropbear/slack-desc new file mode 100644 index 000000000..ca2619023 --- /dev/null +++ b/source/installer/sources/dropbear/slack-desc @@ -0,0 +1,20 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +dropbear: dropbear (SSH server and client) +dropbear: +dropbear: Dropbear is a relatively small SSH 2 server and client. It runs on a +dropbear: variety of POSIX-based platforms. Dropbear is open source software, +dropbear: distributed under a MIT-style license. Dropbear is particularly +dropbear: useful for "embedded"-type Linux (or other Unix) systems, such as +dropbear: wireless routers. +dropbear: +dropbear: +dropbear: +dropbear: + |