From patchwork Thu Jun 28 20:19:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Carlos Santos X-Patchwork-Id: 936414 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=datacom.com.br Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41Grjr71bMz9s01 for ; Fri, 29 Jun 2018 06:20:00 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 57048874C9; Thu, 28 Jun 2018 20:19:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zldy9qNEw0O5; Thu, 28 Jun 2018 20:19:57 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id C9399874C3; Thu, 28 Jun 2018 20:19:57 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id CED601CF2A9 for ; Thu, 28 Jun 2018 20:19:54 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id CB5E4874C3 for ; Thu, 28 Jun 2018 20:19:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1k0496NIYcI3 for ; Thu, 28 Jun 2018 20:19:53 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail.datacom.com.br (mx.datacom.ind.br [177.66.5.10]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 2A4FB874B4 for ; Thu, 28 Jun 2018 20:19:53 +0000 (UTC) Received: from mail.datacom.com.br (localhost [127.0.0.1]) by mail.datacom.com.br (Postfix) with ESMTPS id 046E21BA3E49; Thu, 28 Jun 2018 17:20:26 -0300 (-03) Received: from localhost (localhost [127.0.0.1]) by mail.datacom.com.br (Postfix) with ESMTP id E72921BA3E42; Thu, 28 Jun 2018 17:20:25 -0300 (-03) Received: from mail.datacom.com.br ([127.0.0.1]) by localhost (mail.datacom.com.br [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 5sQgg7aug8AU; Thu, 28 Jun 2018 17:20:25 -0300 (-03) Received: from pedeld202344.datacom.net (pedeld202344.datacom.net [10.0.120.87]) by mail.datacom.com.br (Postfix) with ESMTPSA id BECB61BA3BAC; Thu, 28 Jun 2018 17:20:25 -0300 (-03) From: Carlos Santos To: buildroot@buildroot.org Date: Thu, 28 Jun 2018 17:19:44 -0300 Message-Id: <20180628201944.31492-1-casantos@datacom.com.br> X-Mailer: git-send-email 2.14.4 Subject: [Buildroot] [PATCH] dropbear: enable PAM athentication if linux-pam is selected X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" - Disable password file athentication, since it's not possible to have both at once. - Install a /etc/pam.d/sshd file, based on the ofe from from openssh. Signed-off-by: Carlos Santos Reviewed-by: Baruch Siach --- package/dropbear/dropbear.mk | 14 ++++++++++++++ package/dropbear/etc-pam.d-sshd | 7 +++++++ 2 files changed, 21 insertions(+) create mode 100644 package/dropbear/etc-pam.d-sshd diff --git a/package/dropbear/dropbear.mk b/package/dropbear/dropbear.mk index fc41a84c1f..bb902bc7ce 100644 --- a/package/dropbear/dropbear.mk +++ b/package/dropbear/dropbear.mk @@ -34,6 +34,19 @@ ifeq ($(BR2_SHARED_STATIC_LIBS),y) DROPBEAR_CONF_OPTS += --disable-static endif +ifeq ($(BR2_PACKAGE_LINUX_PAM),y) +define DROPBEAR_SVR_PAM_AUTH + echo '#define DROPBEAR_SVR_PASSWORD_AUTH 0' >> $(@D)/localoptions.h + echo '#define DROPBEAR_SVR_PAM_AUTH 1' >> $(@D)/localoptions.h +endef +define DROPBEAR_INSTALL_PAM_CONF + $(INSTALL) -D -m 644 package/dropbear/etc-pam.d-sshd $(TARGET_DIR)/etc/pam.d/sshd +endef +DROPBEAR_DEPENDENCIES += linux-pam +DROPBEAR_CONF_OPTS += --enable-pam +DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_SVR_PAM_AUTH +DROPBEAR_POST_INSTALL_TARGET_HOOKS += DROPBEAR_INSTALL_PAM_CONF +else # Ensure that dropbear doesn't use crypt() when it's not available define DROPBEAR_SVR_PASSWORD_AUTH echo '#if !HAVE_CRYPT' >> $(@D)/localoptions.h @@ -41,6 +54,7 @@ define DROPBEAR_SVR_PASSWORD_AUTH echo '#endif' >> $(@D)/localoptions.h endef DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_SVR_PASSWORD_AUTH +endif define DROPBEAR_ENABLE_REVERSE_DNS echo '#define DO_HOST_LOOKUP 1' >> $(@D)/localoptions.h diff --git a/package/dropbear/etc-pam.d-sshd b/package/dropbear/etc-pam.d-sshd new file mode 100644 index 0000000000..5e13fc0d60 --- /dev/null +++ b/package/dropbear/etc-pam.d-sshd @@ -0,0 +1,7 @@ +#%PAM-1.0 +auth required pam_unix.so shadow nodelay +account required pam_nologin.so +account required pam_unix.so +password required pam_unix.so shadow nullok use_authtok +session required pam_unix.so +session required pam_limits.so