dropbear: enable PAM

2019-03-13 16:11:11 +01:00 · 2019-03-13 16:11:11 +01:00 · 7a26eec621
commit 7a26eec621
parent 6612f55c16
5 changed files with 31 additions and 10 deletions
--- a/dropbear/.footprint
+++ b/dropbear/.footprint
@ -1,5 +1,7 @@
 drwxr-xr-x	root/root	etc/
 drwxr-xr-x	root/root	etc/dropbear/
+drwxr-xr-x	root/root	etc/pam.d/
+-rw-r--r--	root/root	etc/pam.d/dropbear
 drwxr-xr-x	root/root	etc/rc.d/
 -rwxr-xr-x	root/root	etc/rc.d/dropbear
 drwxr-xr-x	root/root	usr/
--- a/dropbear/.signature
+++ b/dropbear/.signature
@ -1,7 +1,8 @@
 untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/fYoSjOlXrVgdVZjSJWCm9ISaxGKVH365kFEj0OWUVRz5fTnuy3CfkroLhr8DzWaVMFqavELeCW0PE2EXJhHpwc=
-SHA256 (Pkgfile) = 6e5947b4c0a75449ab2677121757588e436f4420278b90f2427ddf43f2a338f2
-SHA256 (.footprint) = 62bfe7191a20fcd5f6ec3511c951dee47aefdae734f7d616302e6bfc3a0c1923
+RWSE3ohX2g5d/ZwHjbSnatGBORtIE4uG5o+PIXXWF5S+DlHlDX+7Fz3UDD6c3rOvcXIQeoc5loAsc52uNfW5wb3CEwcWtekLdAw=
+SHA256 (Pkgfile) = 0c088019d09c895614d2fe8e449a4ac61b3657ef3b53d5faacf85d6c76aa90e1
+SHA256 (.footprint) = 5d47799d69d21b860be70eb9e767298617679bcee2140d245cbc74f4a2a4502e
 SHA256 (dropbear-2018.76.tar.bz2) = f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65
-SHA256 (dropbear) = def8d4ebda5759a3bc55055957235fa47f7e40216badf07830f487f05e7fbd42
+SHA256 (dropbear.rc) = def8d4ebda5759a3bc55055957235fa47f7e40216badf07830f487f05e7fbd42
+SHA256 (dropbear.pam) = 0c0aff342e586e64f2d2a814ef127a2748b223e746c3efccfccc91a5aadbce4a
 SHA256 (CVE-2018-15599.diff) = 42b5720cf6c888638cfb84fdd862fc0d323b2e023cbe5f9ccdaa2e0c35b6873e
--- a/dropbear/Pkgfile
+++ b/dropbear/Pkgfile
@ -1,25 +1,29 @@
 # Description: Small and secure SSH2 server and client
 # URL:         http://matt.ucc.asn.au/dropbear/dropbear.html
 # Maintainer:  Juergen Daubert, jue at crux dot nu
-# Depends on:  zlib
+# Depends on:  zlib linux-pam

 name=dropbear
 version=2018.76
-release=2
+release=3
 source=(http://matt.ucc.asn.au/$name/releases/$name-$version.tar.bz2 \
-        $name CVE-2018-15599.diff)
+        dropbear.rc dropbear.pam CVE-2018-15599.diff)

 build () {
    cd $name-$version

    patch -p1 -i $SRC/CVE-2018-15599.diff

+    sed '/pam_start/s/sshd/dropbear/' -i svr-authpam.c
    echo '#define SFTPSERVER_PATH "/usr/lib/ssh/sftp-server"' > localoptions.h
+    echo '#define DROPBEAR_SVR_PASSWORD_AUTH 0' >> localoptions.h
+    echo '#define DROPBEAR_SVR_PAM_AUTH 1' >> localoptions.h

-    ./configure --prefix=/usr
+    ./configure --prefix=/usr --enable-pam
    make
    make DESTDIR=$PKG install

-    install -d $PKG/etc/{rc.d,dropbear}/
-    install -D -m 755 $SRC/dropbear $PKG/etc/rc.d/
+    install -d $PKG/etc/{rc.d,pam.d,dropbear}
+    install -m 755 $SRC/dropbear.rc $PKG/etc/rc.d/dropbear
+    install -m 644 $SRC/dropbear.pam $PKG/etc/pam.d/dropbear
 }
--- a/dropbear/dropbear.pam
+++ b/dropbear/dropbear.pam
@ -0,0 +1,14 @@
+#
+# /etc/pam.d/dropbear - dropbear service module configuration
+#
+
+auth       include    common-auth
+
+account    required   pam_nologin.so
+account    include    common-account
+
+password   include    common-password
+
+session    include    common-session
+session    required   pam_limits.so
+
--- a/dropbear/dropbear.rc
+++ b/dropbear/dropbear.rc