summaryrefslogtreecommitdiff
path: root/meta-phosphor/recipes-core/dropbear
diff options
context:
space:
mode:
Diffstat (limited to 'meta-phosphor/recipes-core/dropbear')
-rw-r--r--meta-phosphor/recipes-core/dropbear/dropbear/0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch42
-rw-r--r--meta-phosphor/recipes-core/dropbear/dropbear/0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch91
-rw-r--r--meta-phosphor/recipes-core/dropbear/dropbear/dropbearkey.service18
-rw-r--r--meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend7
4 files changed, 158 insertions, 0 deletions
diff --git a/meta-phosphor/recipes-core/dropbear/dropbear/0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch b/meta-phosphor/recipes-core/dropbear/dropbear/0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch
new file mode 100644
index 0000000000..e32baec83f
--- /dev/null
+++ b/meta-phosphor/recipes-core/dropbear/dropbear/0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch
@@ -0,0 +1,42 @@
+From 95eff1ca0beea55259c2cdc7f1bb9f930bf57bc8 Mon Sep 17 00:00:00 2001
+From: CamVan Nguyen <ctnguyen@us.ibm.com>
+Date: Tue, 13 Feb 2018 15:37:47 -0600
+Subject: [PATCH 1/1] Only load dropbear default host keys if a key is not
+ specified
+
+---
+ svr-runopts.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/svr-runopts.c b/svr-runopts.c
+index 8f60059..c5c2148 100644
+--- a/svr-runopts.c
++++ b/svr-runopts.c
+@@ -488,17 +488,21 @@ void load_all_hostkeys() {
+ m_free(hostkey_file);
+ }
+
++ /* Only load default host keys if a host key is not specified by the
++ * user */
++ if (0 == svr_opts.num_hostkey_files) {
+ #ifdef DROPBEAR_RSA
+- loadhostkey(RSA_PRIV_FILENAME, 0);
++ loadhostkey(RSA_PRIV_FILENAME, 0);
+ #endif
+
+ #ifdef DROPBEAR_DSS
+- loadhostkey(DSS_PRIV_FILENAME, 0);
++ loadhostkey(DSS_PRIV_FILENAME, 0);
+ #endif
+
+ #ifdef DROPBEAR_ECDSA
+- loadhostkey(ECDSA_PRIV_FILENAME, 0);
++ loadhostkey(ECDSA_PRIV_FILENAME, 0);
+ #endif
++ }
+
+ #ifdef DROPBEAR_DELAY_HOSTKEY
+ if (svr_opts.delay_hostkey) {
+--
+1.8.2.2
+
diff --git a/meta-phosphor/recipes-core/dropbear/dropbear/0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch b/meta-phosphor/recipes-core/dropbear/dropbear/0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch
new file mode 100644
index 0000000000..88d0ac0bb1
--- /dev/null
+++ b/meta-phosphor/recipes-core/dropbear/dropbear/0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch
@@ -0,0 +1,91 @@
+From b4e094381ec846f4387dc6a3c210c2205a8db58a Mon Sep 17 00:00:00 2001
+From: Jeremy Kerr <jk@ozlabs.org>
+Date: Tue, 12 Apr 2016 11:11:40 +0800
+Subject: [PATCH] dropbear: Add -c <command> option to force a specific command
+
+This change adds a -c option to dropbear, to force the session to use a
+specific command, in a similar fashion to OpenSSH's ForceCommand
+configuration option.
+
+This is useful to provide a simple fixed service over ssh, without
+requiring an authorized key file for the per-key forced_command option.
+
+This setting takes precedence over the channel session's provided
+command, and the per-key forced_command setting.
+
+Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
+---
+ runopts.h | 2 ++
+ svr-chansession.c | 12 ++++++++++--
+ svr-runopts.c | 5 +++++
+ 3 files changed, 17 insertions(+), 2 deletions(-)
+
+diff --git a/runopts.h b/runopts.h
+index f7c869d..ffb573e 100644
+--- a/runopts.h
++++ b/runopts.h
+@@ -114,6 +114,8 @@ typedef struct svr_runopts {
+ buffer * banner;
+ char * pidfile;
+
++ char * command;
++
+ } svr_runopts;
+
+ extern svr_runopts svr_opts;
+diff --git a/svr-chansession.c b/svr-chansession.c
+index bfaf7f6..d6c9330 100644
+--- a/svr-chansession.c
++++ b/svr-chansession.c
+@@ -671,8 +671,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
+ }
+ }
+
+- /* take public key option 'command' into account */
+- svr_pubkey_set_forced_command(chansess);
++
++ /* take global command into account */
++ if (svr_opts.command) {
++ chansess->original_command = chansess->cmd ? : m_strdup("");
++ chansess->cmd = m_strdup(svr_opts.command);
++ } else {
++ /* take public key option 'command' into account */
++ svr_pubkey_set_forced_command(chansess);
++ }
++
+
+ #ifdef LOG_COMMANDS
+ if (chansess->cmd) {
+diff --git a/svr-runopts.c b/svr-runopts.c
+index 8f60059..f845300 100644
+--- a/svr-runopts.c
++++ b/svr-runopts.c
+@@ -79,6 +79,7 @@ static void printhelp(const char * progname) {
+ #ifdef ENABLE_SVR_REMOTETCPFWD
+ "-k Disable remote port forwarding\n"
+ "-a Allow connections to forwarded ports from any host\n"
++ "-c command Force executed command\n"
+ #endif
+ "-p [address:]port\n"
+ " Listen on specified tcp port (and optionally address),\n"
+@@ -125,6 +126,7 @@ void svr_getopts(int argc, char ** argv) {
+ /* see printhelp() for options */
+ svr_opts.bannerfile = NULL;
+ svr_opts.banner = NULL;
++ svr_opts.command = NULL;
+ svr_opts.forkbg = 1;
+ svr_opts.norootlogin = 0;
+ svr_opts.noauthpass = 0;
+@@ -177,6 +179,9 @@ void svr_getopts(int argc, char ** argv) {
+ case 'b':
+ next = &svr_opts.bannerfile;
+ break;
++ case 'c':
++ next = &svr_opts.command;
++ break;
+ case 'd':
+ case 'r':
+ next = &keyfile;
+--
+2.5.0
+
diff --git a/meta-phosphor/recipes-core/dropbear/dropbear/dropbearkey.service b/meta-phosphor/recipes-core/dropbear/dropbear/dropbearkey.service
new file mode 100644
index 0000000000..dfeb17f41d
--- /dev/null
+++ b/meta-phosphor/recipes-core/dropbear/dropbear/dropbearkey.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=SSH Key Generation
+
+[Service]
+# Set the default RSA key path then load environment variables from the
+# environment file, which might override the default RSA key path.
+Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear"
+EnvironmentFile=-/etc/default/dropbear
+Type=oneshot
+ExecStart=@BASE_BINDIR@/sh -c \
+ "if [[ ! -f ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key ]]; then \
+ @BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR}; \
+ @SBINDIR@/dropbearkey -t rsa -f ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key; \
+ fi"
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend b/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend
new file mode 100644
index 0000000000..80714977b7
--- /dev/null
+++ b/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend
@@ -0,0 +1,7 @@
+# 0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch
+# has been upstreamed. This patch can be removed once we upgrade
+# to yocto 2.5 or later which will pull in the latest dropbear code.
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+SRC_URI += "file://dropbearkey.service \
+ file://0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch \
+ file://0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch"
generated by cgit v1.2.3 (git 2.39.0) at 2024-08-19 15:00:22 +0300