projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5b64a48)
dropbear: enable PAM authentication if linux-pam is selected
authorCarlos Santos <casantos@datacom.com.br>
Fri, 29 Jun 2018 12:21:09 +0000 (09:21 -0300)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Sat, 30 Jun 2018 16:28:23 +0000 (18:28 +0200)
- Disable password file authentication, since it's not possible to have
  both at once.
- Install a /etc/pam.d/sshd file, based on the one installed by openssh.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/dropbear/dropbear.mk patch | blob | history
package/dropbear/etc-pam.d-sshd [new file with mode: 0644] patch | blob

diff --git a/package/dropbear/dropbear.mk b/package/dropbear/dropbear.mk
index fc41a84c1ff62e9f7f34f5eab14c4cb2e6ec6440..bb902bc7ce16b80e110dedaf3976875e1b58bb53 100644 (file)
--- a/package/dropbear/dropbear.mk
+++ b/package/dropbear/dropbear.mk
@@ -34,6 +34,19 @@ ifeq ($(BR2_SHARED_STATIC_LIBS),y)
 DROPBEAR_CONF_OPTS += --disable-static
 endif
 
+ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
+define DROPBEAR_SVR_PAM_AUTH
+       echo '#define DROPBEAR_SVR_PASSWORD_AUTH 0'     >> $(@D)/localoptions.h
+       echo '#define DROPBEAR_SVR_PAM_AUTH 1'          >> $(@D)/localoptions.h
+endef
+define DROPBEAR_INSTALL_PAM_CONF
+       $(INSTALL) -D -m 644 package/dropbear/etc-pam.d-sshd $(TARGET_DIR)/etc/pam.d/sshd
+endef
+DROPBEAR_DEPENDENCIES += linux-pam
+DROPBEAR_CONF_OPTS += --enable-pam
+DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_SVR_PAM_AUTH
+DROPBEAR_POST_INSTALL_TARGET_HOOKS += DROPBEAR_INSTALL_PAM_CONF
+else
 # Ensure that dropbear doesn't use crypt() when it's not available
 define DROPBEAR_SVR_PASSWORD_AUTH
        echo '#if !HAVE_CRYPT'                          >> $(@D)/localoptions.h
@@ -41,6 +54,7 @@ define DROPBEAR_SVR_PASSWORD_AUTH
        echo '#endif'                                   >> $(@D)/localoptions.h
 endef
 DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_SVR_PASSWORD_AUTH
+endif
 
 define DROPBEAR_ENABLE_REVERSE_DNS
        echo '#define DO_HOST_LOOKUP 1'                 >> $(@D)/localoptions.h
diff --git a/package/dropbear/etc-pam.d-sshd b/package/dropbear/etc-pam.d-sshd
new file mode 100644 (file)
index 0000000..5e13fc0
--- /dev/null
+++ b/package/dropbear/etc-pam.d-sshd
@@ -0,0 +1,7 @@
+#%PAM-1.0
+auth       required     pam_unix.so shadow nodelay
+account    required     pam_nologin.so
+account    required     pam_unix.so
+password   required     pam_unix.so shadow nullok use_authtok
+session    required     pam_unix.so
+session    required     pam_limits.so