Browse Source

openssh: import from packages

Signed-off-by: Peter Wagner <tripolar@gmx.at>
Peter Wagner 10 years ago
parent
commit
fe62d146fa

+ 265
- 0
net/openssh/Makefile View File

1
+#
2
+# Copyright (C) 2006-2011 OpenWrt.org
3
+#
4
+# This is free software, licensed under the GNU General Public License v2.
5
+# See /LICENSE for more information.
6
+#
7
+
8
+include $(TOPDIR)/rules.mk
9
+
10
+PKG_NAME:=openssh
11
+PKG_VERSION:=6.6p1
12
+PKG_RELEASE:=1
13
+
14
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
15
+PKG_SOURCE_URL:=ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
16
+		ftp://openbsd.wiretapped.net/pub/OpenBSD/OpenSSH/portable/ \
17
+		ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ \
18
+		ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/
19
+PKG_MD5SUM:=3e9800e6bca1fbac0eea4d41baa7f239
20
+
21
+
22
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
23
+
24
+PKG_BUILD_DEPENDS:=libopenssl
25
+
26
+include $(INCLUDE_DIR)/package.mk
27
+
28
+define Package/openssh/Default
29
+	SECTION:=net
30
+	CATEGORY:=Network
31
+	DEPENDS:=+libopenssl +zlib +SSP_SUPPORT:libssp
32
+	TITLE:=OpenSSH
33
+	MAINTAINER:=Peter Wagner <tripolar@gmx.at>
34
+	URL:=http://www.openssh.com/
35
+	SUBMENU:=SSH
36
+	VARIANT:=without-pam
37
+endef
38
+
39
+define Package/openssh-moduli
40
+	$(call Package/openssh/Default)
41
+	DEPENDS+= +openssh-keygen
42
+	TITLE+= moduli file
43
+endef
44
+
45
+define Package/openssh-moduli/description
46
+OpenSSH server moduli file.
47
+endef
48
+
49
+define Package/openssh-client
50
+	$(call Package/openssh/Default)
51
+	TITLE+= client
52
+endef
53
+
54
+define Package/openssh-client/description
55
+OpenSSH client.
56
+endef
57
+
58
+define Package/openssh-client/conffiles
59
+/etc/ssh/ssh_config
60
+endef
61
+
62
+define Package/openssh-client-utils
63
+	$(call Package/openssh/Default)
64
+	DEPENDS+= +openssh-client +openssh-keygen
65
+	TITLE+= client utilities
66
+endef
67
+
68
+define Package/openssh-client-utils/description
69
+OpenSSH client utilities.
70
+endef
71
+
72
+define Package/openssh-keygen
73
+	$(call Package/openssh/Default)
74
+	TITLE+= keygen
75
+endef
76
+
77
+define Package/openssh-keygen/description
78
+OpenSSH keygen.
79
+endef
80
+
81
+define Package/openssh-server
82
+	$(call Package/openssh/Default)
83
+	DEPENDS+= +openssh-keygen
84
+	TITLE+= server
85
+endef
86
+
87
+define Package/openssh-server/description
88
+OpenSSH server.
89
+endef
90
+
91
+define Package/openssh-server/conffiles
92
+/etc/ssh/sshd_config
93
+endef
94
+
95
+define Package/openssh-server-pam
96
+	$(call Package/openssh/Default)
97
+	DEPENDS+= +libpthread +openssh-keygen +libpam
98
+	TITLE+= server (with PAM support)
99
+	VARIANT:=with-pam
100
+endef
101
+
102
+define Package/openssh-server-pam/description
103
+OpenSSH server (with PAM support).
104
+endef
105
+
106
+define Package/openssh-server-pam/conffiles
107
+/etc/pam.d/sshd
108
+/etc/security/access-sshd-local.conf
109
+/etc/ssh/sshd_config
110
+endef
111
+
112
+define Package/openssh-sftp-client
113
+	$(call Package/openssh/Default)
114
+	TITLE+= SFTP client
115
+endef
116
+
117
+define Package/openssh-sftp-client/description
118
+OpenSSH SFTP client.
119
+endef
120
+
121
+define Package/openssh-sftp-server
122
+	$(call Package/openssh/Default)
123
+	TITLE+= SFTP server
124
+endef
125
+
126
+define Package/openssh-sftp-server/description
127
+OpenSSH SFTP server.
128
+endef
129
+
130
+CONFIGURE_ARGS+= \
131
+	$(DISABLE_NLS) \
132
+	--sysconfdir=/etc/ssh \
133
+	--with-privsep-user=sshd \
134
+	--with-privsep-path=/var/empty \
135
+	--enable-shared \
136
+	--disable-static \
137
+	--disable-debug \
138
+	--disable-strip \
139
+	--disable-etc-default-login \
140
+	--disable-lastlog \
141
+	--disable-utmp \
142
+	--disable-utmpx \
143
+	--disable-wtmp \
144
+	--disable-wtmpx \
145
+	--without-bsd-auth \
146
+	--without-kerberos5 \
147
+	--without-x
148
+
149
+ifeq ($(BUILD_VARIANT),with-pam)
150
+CONFIGURE_ARGS += \
151
+	--with-pam
152
+else
153
+CONFIGURE_ARGS += \
154
+	--without-pam
155
+endif
156
+
157
+ifeq ($(CONFIG_OPENSSL_ENGINE),y)
158
+CONFIGURE_ARGS+= \
159
+	--with-ssl-engine
160
+endif
161
+
162
+ifneq ($(CONFIG_SSP_SUPPORT),y)
163
+CONFIGURE_ARGS += \
164
+	--without-stackprotect
165
+endif
166
+
167
+CONFIGURE_VARS += LD="$(TARGET_CC)"
168
+
169
+ifeq ($(BUILD_VARIANT),with-pam)
170
+TARGET_LDFLAGS += -lpthread
171
+endif
172
+
173
+define Build/Compile
174
+	$(MAKE) -C $(PKG_BUILD_DIR) \
175
+		DESTDIR="$(PKG_INSTALL_DIR)" \
176
+		LIBS="" \
177
+		sftp-server
178
+	$(MAKE) -C $(PKG_BUILD_DIR) \
179
+		DESTDIR="$(PKG_INSTALL_DIR)" \
180
+		STRIP_OPT="" \
181
+		all install
182
+endef
183
+
184
+define Package/openssh-client/preinst
185
+#!/bin/sh
186
+if [ -L $${IPKG_INSTROOT}/usr/bin/ssh ] && [ -L $${IPKG_INSTROOT}/usr/bin/scp ]; then
187
+	rm -f $${IPKG_INSTROOT}/usr/bin/ssh $${IPKG_INSTROOT}/usr/bin/scp;
188
+fi
189
+exit 0
190
+endef
191
+
192
+define Package/openssh-client/postrm
193
+#!/bin/sh
194
+rm -f $${IPKG_INSTROOT}/usr/bin/ssh $${IPKG_INSTROOT}/usr/bin/scp;
195
+if [ -x $${IPKG_INSTROOT}/usr/sbin/dropbear ] ; then
196
+	ln -s /usr/sbin/dropbear $${IPKG_INSTROOT}/usr/bin/ssh;
197
+	ln -s /usr/sbin/dropbear $${IPKG_INSTROOT}/usr/bin/scp;
198
+fi
199
+exit 0
200
+endef
201
+
202
+define Package/openssh-moduli/install
203
+	$(INSTALL_DIR) $(1)/etc/ssh
204
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/moduli $(1)/etc/ssh/
205
+endef
206
+
207
+define Package/openssh-client/install
208
+	$(INSTALL_DIR) $(1)/etc/ssh
209
+	chmod 0700 $(1)/etc/ssh
210
+	$(CP) $(PKG_INSTALL_DIR)/etc/ssh/ssh_config $(1)/etc/ssh/
211
+	$(INSTALL_DIR) $(1)/usr/bin
212
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ssh $(1)/usr/bin/
213
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/scp $(1)/usr/bin/
214
+endef
215
+
216
+define Package/openssh-client-utils/install
217
+	$(INSTALL_DIR) $(1)/usr/bin
218
+	$(INSTALL_BIN) $(foreach bin,add agent keyscan keysign,$(PKG_BUILD_DIR)/ssh-$(bin)) $(1)/usr/bin/
219
+endef
220
+
221
+define Package/openssh-keygen/install
222
+	$(INSTALL_DIR) $(1)/usr/bin
223
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ssh-keygen $(1)/usr/bin/
224
+endef
225
+
226
+define Package/openssh-server/install
227
+	$(INSTALL_DIR) $(1)/etc/ssh
228
+	chmod 0700 $(1)/etc/ssh
229
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/sshd_config $(1)/etc/ssh/
230
+	$(INSTALL_DIR) $(1)/etc/init.d
231
+	$(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd
232
+	$(INSTALL_DIR) $(1)/usr/sbin
233
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/
234
+endef
235
+
236
+define Package/openssh-server-pam/install
237
+	$(call Package/openssh-server/install,$(1))
238
+	sed -i 's,#PasswordAuthentication yes,PasswordAuthentication no,g' $(1)/etc/ssh/sshd_config
239
+	sed -i 's,#UsePAM no,UsePAM yes,g' $(1)/etc/ssh/sshd_config
240
+	$(INSTALL_DIR) $(1)/etc/pam.d
241
+	$(INSTALL_DATA) ./files/sshd.pam $(1)/etc/pam.d/sshd
242
+	$(INSTALL_DIR) $(1)/etc/security
243
+	$(INSTALL_DATA) ./files/sshd.pam-access $(1)/etc/security/access-sshd-local.conf
244
+endef
245
+
246
+define Package/openssh-sftp-client/install
247
+	$(INSTALL_DIR) $(1)/usr/bin
248
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sftp $(1)/usr/bin/
249
+endef
250
+
251
+define Package/openssh-sftp-server/install
252
+	$(INSTALL_DIR) $(1)/usr/lib
253
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/sftp-server $(1)/usr/lib/
254
+	$(INSTALL_DIR) $(1)/usr/libexec
255
+	ln -sf ../lib/sftp-server $(1)/usr/libexec/sftp-server
256
+endef
257
+
258
+$(eval $(call BuildPackage,openssh-client))
259
+$(eval $(call BuildPackage,openssh-moduli))
260
+$(eval $(call BuildPackage,openssh-client-utils))
261
+$(eval $(call BuildPackage,openssh-keygen))
262
+$(eval $(call BuildPackage,openssh-server))
263
+$(eval $(call BuildPackage,openssh-server-pam))
264
+$(eval $(call BuildPackage,openssh-sftp-client))
265
+$(eval $(call BuildPackage,openssh-sftp-server))

+ 44
- 0
net/openssh/files/sshd.init View File

1
+#!/bin/sh /etc/rc.common
2
+# Copyright (C) 2006-2011 OpenWrt.org
3
+
4
+START=50
5
+STOP=50
6
+
7
+USE_PROCD=1
8
+PROG=/usr/sbin/sshd
9
+
10
+start_service() {
11
+	for type in rsa dsa; do {
12
+		# check for keys
13
+		key=/etc/ssh/ssh_host_${type}_key
14
+		[ ! -f $key ] && {
15
+			# generate missing keys
16
+			[ -x /usr/bin/ssh-keygen ] && {
17
+				/usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
18
+			}
19
+		}
20
+	}; done
21
+	user_exists sshd 22 || user_add sshd 22 22 sshd /var/empty
22
+	group_exists sshd 22 || group_add sshd 22 
23
+	mkdir -m 0700 -p /var/empty
24
+
25
+	procd_open_instance
26
+	procd_set_param command $PROG -D
27
+	procd_close_instance
28
+}
29
+
30
+shutdown() {
31
+	local pid
32
+	local pids
33
+	local pid_mine
34
+
35
+	stop
36
+
37
+	# kill active clients
38
+	pid_mine="$$"
39
+	pids="$(pidof sshd)"
40
+	for pid in $pids; do
41
+		[ "$pid" = "$pid_mine" ] && continue
42
+		[ -e "/proc/$pid/stat" ] && kill $pid
43
+	done
44
+}

+ 41
- 0
net/openssh/files/sshd.pam View File

1
+# PAM configuration for the Secure Shell service
2
+
3
+# Read environment variables from /etc/environment and
4
+# /etc/security/pam_env.conf.
5
+auth       required     pam_env.so
6
+
7
+# Skip Google Authenticator if logging in from the local network.
8
+# auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-sshd-local.conf
9
+# Google Authenticator 2-step verification.
10
+# auth       requisite    pam_google_authenticator.so
11
+
12
+# Standard Un*x authentication.
13
+auth       include      common-auth
14
+
15
+# Disallow non-root logins when /etc/nologin exists.
16
+account    required     pam_nologin.so
17
+
18
+# Uncomment and edit /etc/security/access.conf if you need to set complex
19
+# access limits that are hard to express in sshd_config.
20
+# account    required     pam_access.so
21
+
22
+# Standard Un*x authorization.
23
+account    include      common-account
24
+
25
+# Standard Un*x session setup and teardown.
26
+session    include      common-session
27
+
28
+# Print the message of the day upon successful login.
29
+session    optional     pam_motd.so
30
+
31
+# Print the status of the user's mailbox upon successful login.
32
+session    optional     pam_mail.so standard noenv
33
+
34
+# Set up user limits from /etc/security/limits.conf.
35
+session    required     pam_limits.so
36
+
37
+# Set up SELinux capabilities (need modified pam)
38
+# session    required     pam_selinux.so multiple
39
+
40
+# Standard Un*x password updating.
41
+password   include      common-password

+ 4
- 0
net/openssh/files/sshd.pam-access View File

1
+# Skip Google Authenticator for local network
2
+#+ : ALL : 192.168.1.0/24
3
++ : ALL : LOCAL
4
+- : ALL : ALL

+ 13
- 0
net/openssh/patches/100-no_cast_fix.patch View File

1
+--- a/cipher.c
2
++++ b/cipher.c
3
+@@ -80,8 +80,10 @@ static const struct Cipher ciphers[] = {
4
+ 	{ "3des-cbc",	SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
5
+ 	{ "blowfish-cbc",
6
+ 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
7
++#ifndef OPENSSL_NO_CAST
8
+ 	{ "cast128-cbc",
9
+ 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
10
++#endif
11
+ 	{ "arcfour",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
12
+ 	{ "arcfour128",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
13
+ 	{ "arcfour256",	SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },

+ 12
- 0
net/openssh/patches/130-implicit_memset_decl_fix.patch View File

1
+--- a/includes.h
2
++++ b/includes.h
3
+@@ -59,6 +59,9 @@
4
+ /*
5
+  *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively
6
+  */
7
++#ifdef HAVE_STRING_H
8
++# include <string.h>
9
++#endif
10
+ #ifdef HAVE_STRINGS_H
11
+ # include <strings.h>
12
+ #endif

+ 84
- 0
net/openssh/patches/140-pam_uclibc_pthreads_fix.patch View File

1
+--- a/auth-pam.c
2
++++ b/auth-pam.c
3
+@@ -159,7 +159,7 @@ sshpam_sigchld_handler(int sig)
4
+ 	}
5
+ 	if (WIFSIGNALED(sshpam_thread_status) &&
6
+ 	    WTERMSIG(sshpam_thread_status) == SIGTERM)
7
+-		return;	/* terminated by pthread_cancel */
8
++		return;	/* terminated by pthread2_cancel */
9
+ 	if (!WIFEXITED(sshpam_thread_status))
10
+ 		sigdie("PAM: authentication thread exited unexpectedly");
11
+ 	if (WEXITSTATUS(sshpam_thread_status) != 0)
12
+@@ -168,14 +168,14 @@ sshpam_sigchld_handler(int sig)
13
+ 
14
+ /* ARGSUSED */
15
+ static void
16
+-pthread_exit(void *value)
17
++pthread2_exit(void *value)
18
+ {
19
+ 	_exit(0);
20
+ }
21
+ 
22
+ /* ARGSUSED */
23
+ static int
24
+-pthread_create(sp_pthread_t *thread, const void *attr,
25
++pthread2_create(sp_pthread_t *thread, const void *attr,
26
+     void *(*thread_start)(void *), void *arg)
27
+ {
28
+ 	pid_t pid;
29
+@@ -201,7 +201,7 @@ pthread_create(sp_pthread_t *thread, con
30
+ }
31
+ 
32
+ static int
33
+-pthread_cancel(sp_pthread_t thread)
34
++pthread2_cancel(sp_pthread_t thread)
35
+ {
36
+ 	signal(SIGCHLD, sshpam_oldsig);
37
+ 	return (kill(thread, SIGTERM));
38
+@@ -209,7 +209,7 @@ pthread_cancel(sp_pthread_t thread)
39
+ 
40
+ /* ARGSUSED */
41
+ static int
42
+-pthread_join(sp_pthread_t thread, void **value)
43
++pthread2_join(sp_pthread_t thread, void **value)
44
+ {
45
+ 	int status;
46
+ 
47
+@@ -510,7 +510,7 @@ sshpam_thread(void *ctxtp)
48
+ 	/* XXX - can't do much about an error here */
49
+ 	ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
50
+ 	buffer_free(&buffer);
51
+-	pthread_exit(NULL);
52
++	pthread2_exit(NULL);
53
+ 
54
+  auth_fail:
55
+ 	buffer_put_cstring(&buffer,
56
+@@ -521,7 +521,7 @@ sshpam_thread(void *ctxtp)
57
+ 	else
58
+ 		ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
59
+ 	buffer_free(&buffer);
60
+-	pthread_exit(NULL);
61
++	pthread2_exit(NULL);
62
+ 
63
+ 	return (NULL); /* Avoid warning for non-pthread case */
64
+ }
65
+@@ -533,8 +533,8 @@ sshpam_thread_cleanup(void)
66
+ 
67
+ 	debug3("PAM: %s entering", __func__);
68
+ 	if (ctxt != NULL && ctxt->pam_thread != 0) {
69
+-		pthread_cancel(ctxt->pam_thread);
70
+-		pthread_join(ctxt->pam_thread, NULL);
71
++		pthread2_cancel(ctxt->pam_thread);
72
++		pthread2_join(ctxt->pam_thread, NULL);
73
+ 		close(ctxt->pam_psock);
74
+ 		close(ctxt->pam_csock);
75
+ 		memset(ctxt, 0, sizeof(*ctxt));
76
+@@ -698,7 +698,7 @@ sshpam_init_ctx(Authctxt *authctxt)
77
+ 	}
78
+ 	ctxt->pam_psock = socks[0];
79
+ 	ctxt->pam_csock = socks[1];
80
+-	if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
81
++	if (pthread2_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
82
+ 		error("PAM: failed to start authentication thread: %s",
83
+ 		    strerror(errno));
84
+ 		close(socks[0]);

+ 21
- 0
net/openssh/patches/200-dscp-qos.patch View File

1
+--- a/ssh_config
2
++++ b/ssh_config
3
+@@ -46,3 +46,6 @@
4
+ #   VisualHostKey no
5
+ #   ProxyCommand ssh -q -W %h:%p gateway.example.com
6
+ #   RekeyLimit 1G 1h
7
++
8
++# enable DSCP QoS values (per RFC-4594)
9
++#IPQoS AF21 AF11
10
+--- a/sshd_config
11
++++ b/sshd_config
12
+@@ -122,6 +122,9 @@ UsePrivilegeSeparation sandbox		# Defaul
13
+ # no default banner path
14
+ #Banner none
15
+ 
16
++# enable DSCP QoS values (per RFC-4594)
17
++#IPQoS AF21 AF11
18
++
19
+ # override default of no subsystems
20
+ Subsystem	sftp	/usr/libexec/sftp-server
21
+