All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [git commit] dropbear: enable PAM authentication if linux-pam is selected
@ 2018-06-30 16:28 Thomas Petazzoni
  0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni @ 2018-06-30 16:28 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=037b8616257067282e375edca9af19418a0e7a4a
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

- Disable password file authentication, since it's not possible to have
  both at once.
- Install a /etc/pam.d/sshd file, based on the one installed by openssh.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/dropbear/dropbear.mk    | 14 ++++++++++++++
 package/dropbear/etc-pam.d-sshd |  7 +++++++
 2 files changed, 21 insertions(+)

diff --git a/package/dropbear/dropbear.mk b/package/dropbear/dropbear.mk
index fc41a84c1f..bb902bc7ce 100644
--- a/package/dropbear/dropbear.mk
+++ b/package/dropbear/dropbear.mk
@@ -34,6 +34,19 @@ ifeq ($(BR2_SHARED_STATIC_LIBS),y)
 DROPBEAR_CONF_OPTS += --disable-static
 endif
 
+ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
+define DROPBEAR_SVR_PAM_AUTH
+	echo '#define DROPBEAR_SVR_PASSWORD_AUTH 0'     >> $(@D)/localoptions.h
+	echo '#define DROPBEAR_SVR_PAM_AUTH 1'          >> $(@D)/localoptions.h
+endef
+define DROPBEAR_INSTALL_PAM_CONF
+	$(INSTALL) -D -m 644 package/dropbear/etc-pam.d-sshd $(TARGET_DIR)/etc/pam.d/sshd
+endef
+DROPBEAR_DEPENDENCIES += linux-pam
+DROPBEAR_CONF_OPTS += --enable-pam
+DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_SVR_PAM_AUTH
+DROPBEAR_POST_INSTALL_TARGET_HOOKS += DROPBEAR_INSTALL_PAM_CONF
+else
 # Ensure that dropbear doesn't use crypt() when it's not available
 define DROPBEAR_SVR_PASSWORD_AUTH
 	echo '#if !HAVE_CRYPT'                          >> $(@D)/localoptions.h
@@ -41,6 +54,7 @@ define DROPBEAR_SVR_PASSWORD_AUTH
 	echo '#endif'                                   >> $(@D)/localoptions.h
 endef
 DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_SVR_PASSWORD_AUTH
+endif
 
 define DROPBEAR_ENABLE_REVERSE_DNS
 	echo '#define DO_HOST_LOOKUP 1'                 >> $(@D)/localoptions.h
diff --git a/package/dropbear/etc-pam.d-sshd b/package/dropbear/etc-pam.d-sshd
new file mode 100644
index 0000000000..5e13fc0d60
--- /dev/null
+++ b/package/dropbear/etc-pam.d-sshd
@@ -0,0 +1,7 @@
+#%PAM-1.0
+auth       required     pam_unix.so shadow nodelay
+account    required     pam_nologin.so
+account    required     pam_unix.so
+password   required     pam_unix.so shadow nullok use_authtok
+session    required     pam_unix.so
+session    required     pam_limits.so

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2018-06-30 16:28 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-30 16:28 [Buildroot] [git commit] dropbear: enable PAM authentication if linux-pam is selected Thomas Petazzoni

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.