From patchwork Sat Nov 9 03:57:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Richard via openwrt-devel X-Patchwork-Id: 1192364 X-Patchwork-Delegate: blogic@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=lists.openwrt.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="CLVtSp+6"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4793KR4lKqz9sPF for ; Sat, 9 Nov 2019 14:58:50 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender:Content-Type:Subject: List-Help:Reply-To:List-Archive:List-Unsubscribe:List-Subscribe:From: List-Post:List-Id:Message-ID:MIME-Version:Date:To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=HuXbCEWygz9WlrDmJGs31S2Q3GXGKdBY9nXKfJ/wKmY=; b=CLV tSp+6Y76gB1fAYJn79rciGAo4Utc/OdWBV40JVA0i5xeJW2AGR0dXZddAgVC0nUj+hWTtoGFa531X PKfXlBTKo1AgTLi7+6NubEu4VMmViXz8fZdhDtUR9On6fxLVmBI9X+AnH0QDlULzkYq11jUAdd10v NGM4pemgUo4T5T+fMG7wCUrDdBqvDopiln5R7kb1+I5z5fztBPWUnOOJC5OJ/TcQTemyYXUZZf6ue ltXG9Aiodllb7hrc4or2vEFoFcQVgDZkEaBPfaHiDMaRECDMWf17C4KPeG9WHRMldgarlw++JiXe0 iO0PVoATtduy4plpUbwx/f99FBELlVA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iTHtT-0005ve-0x; Sat, 09 Nov 2019 03:58:35 +0000 To: openwrt-devel@lists.openwrt.org Date: Fri, 8 Nov 2019 19:57:07 -0800 MIME-Version: 1.0 Message-ID: List-Id: List-Post: X-Patchwork-Original-From: Kyle Copperfield via openwrt-devel From: Thomas Richard via openwrt-devel Precedence: list X-Mailman-Version: 2.1.29 X-BeenThere: openwrt-devel@lists.openwrt.org List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Kyle Copperfield List-Help: Subject: [OpenWrt-Devel] [PATCH] dropbear: move failsafe code out of base-files Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Move dropbear failsafe code out of base-files and into dropbear where it should be. Signed-off-by: Kyle Copperfield --- package/base-files/files/lib/preinit/99_10_failsafe_login | 6 ------ package/network/services/dropbear/Makefile | 1 + package/network/services/dropbear/files/dropbear.failsafe | 8 ++++++++ 3 files changed, 9 insertions(+), 6 deletions(-) create mode 100755 package/network/services/dropbear/files/dropbear.failsafe diff --git a/package/base-files/files/lib/preinit/99_10_failsafe_login b/package/base-files/files/lib/preinit/99_10_failsafe_login index 728c63b2e8..16ad84f4ba 100644 --- a/package/base-files/files/lib/preinit/99_10_failsafe_login +++ b/package/base-files/files/lib/preinit/99_10_failsafe_login @@ -2,11 +2,6 @@ # Copyright (C) 2006-2015 OpenWrt.org # Copyright (C) 2010 Vertical Communications -failsafe_netlogin () { - dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key - dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1 -} - failsafe_shell() { local console="$(sed -e 's/ /\n/g' /proc/cmdline | grep '^console=' | head -1 | sed -e 's/^console=//' -e 's/,.*//')" [ -n "$console" ] || console=console @@ -17,5 +12,4 @@ failsafe_shell() { done & } -boot_hook_add failsafe failsafe_netlogin boot_hook_add failsafe failsafe_shell diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 75a3264ebb..8c2918e8ab 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -156,6 +156,7 @@ define Package/dropbear/install $(INSTALL_BIN) ./files/dropbear.init $(1)/etc/init.d/dropbear $(INSTALL_DIR) $(1)/usr/lib/opkg/info $(INSTALL_DIR) $(1)/etc/dropbear + $(INSTALL_DIR) ./files/dropbear.failsafe $(1)/lib/preinit/99_10_failsafe_dropbear $(if $(CONFIG_DROPBEAR_ECC),touch $(1)/etc/dropbear/dropbear_ecdsa_host_key) touch $(1)/etc/dropbear/dropbear_rsa_host_key endef diff --git a/package/network/services/dropbear/files/dropbear.failsafe b/package/network/services/dropbear/files/dropbear.failsafe new file mode 100755 index 0000000000..a98ede459a --- /dev/null +++ b/package/network/services/dropbear/files/dropbear.failsafe @@ -0,0 +1,8 @@ +#!/bin/sh + +failsafe_dropbear () { + dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key + dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1 +} + +boot_hook_add failsafe failsafe_dropbear