+++ /dev/null
-#
-# Copyright (C) 2006-2011 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=openssh
-PKG_VERSION:=6.6p1
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
- ftp://openbsd.wiretapped.net/pub/OpenBSD/OpenSSH/portable/ \
- ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ \
- ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/
-PKG_MD5SUM:=3e9800e6bca1fbac0eea4d41baa7f239
-
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
-
-PKG_BUILD_DEPENDS:=libopenssl
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/openssh/Default
- SECTION:=net
- CATEGORY:=Network
- DEPENDS:=+libopenssl +zlib +SSP_SUPPORT:libssp
- TITLE:=OpenSSH
- MAINTAINER:=Peter Wagner <tripolar@gmx.at>
- URL:=http://www.openssh.com/
- SUBMENU:=SSH
- VARIANT:=without-pam
-endef
-
-define Package/openssh-moduli
- $(call Package/openssh/Default)
- DEPENDS+= +openssh-keygen
- TITLE+= moduli file
-endef
-
-define Package/openssh-moduli/description
-OpenSSH server moduli file.
-endef
-
-define Package/openssh-client
- $(call Package/openssh/Default)
- TITLE+= client
-endef
-
-define Package/openssh-client/description
-OpenSSH client.
-endef
-
-define Package/openssh-client/conffiles
-/etc/ssh/ssh_config
-endef
-
-define Package/openssh-client-utils
- $(call Package/openssh/Default)
- DEPENDS+= +openssh-client +openssh-keygen
- TITLE+= client utilities
-endef
-
-define Package/openssh-client-utils/description
-OpenSSH client utilities.
-endef
-
-define Package/openssh-keygen
- $(call Package/openssh/Default)
- TITLE+= keygen
-endef
-
-define Package/openssh-keygen/description
-OpenSSH keygen.
-endef
-
-define Package/openssh-server
- $(call Package/openssh/Default)
- DEPENDS+= +openssh-keygen
- TITLE+= server
-endef
-
-define Package/openssh-server/description
-OpenSSH server.
-endef
-
-define Package/openssh-server/conffiles
-/etc/ssh/sshd_config
-endef
-
-define Package/openssh-server-pam
- $(call Package/openssh/Default)
- DEPENDS+= +libpthread +openssh-keygen +libpam
- TITLE+= server (with PAM support)
- VARIANT:=with-pam
-endef
-
-define Package/openssh-server-pam/description
-OpenSSH server (with PAM support).
-endef
-
-define Package/openssh-server-pam/conffiles
-/etc/pam.d/sshd
-/etc/security/access-sshd-local.conf
-/etc/ssh/sshd_config
-endef
-
-define Package/openssh-sftp-client
- $(call Package/openssh/Default)
- TITLE+= SFTP client
-endef
-
-define Package/openssh-sftp-client/description
-OpenSSH SFTP client.
-endef
-
-define Package/openssh-sftp-server
- $(call Package/openssh/Default)
- TITLE+= SFTP server
-endef
-
-define Package/openssh-sftp-server/description
-OpenSSH SFTP server.
-endef
-
-CONFIGURE_ARGS+= \
- $(DISABLE_NLS) \
- --sysconfdir=/etc/ssh \
- --with-privsep-user=sshd \
- --with-privsep-path=/var/empty \
- --enable-shared \
- --disable-static \
- --disable-debug \
- --disable-strip \
- --disable-etc-default-login \
- --disable-lastlog \
- --disable-utmp \
- --disable-utmpx \
- --disable-wtmp \
- --disable-wtmpx \
- --without-bsd-auth \
- --without-kerberos5 \
- --without-x
-
-ifeq ($(BUILD_VARIANT),with-pam)
-CONFIGURE_ARGS += \
- --with-pam
-else
-CONFIGURE_ARGS += \
- --without-pam
-endif
-
-ifeq ($(CONFIG_OPENSSL_ENGINE),y)
-CONFIGURE_ARGS+= \
- --with-ssl-engine
-endif
-
-ifneq ($(CONFIG_SSP_SUPPORT),y)
-CONFIGURE_ARGS += \
- --without-stackprotect
-endif
-
-CONFIGURE_VARS += LD="$(TARGET_CC)"
-
-ifeq ($(BUILD_VARIANT),with-pam)
-TARGET_LDFLAGS += -lpthread
-endif
-
-define Build/Compile
- $(MAKE) -C $(PKG_BUILD_DIR) \
- DESTDIR="$(PKG_INSTALL_DIR)" \
- LIBS="" \
- sftp-server
- $(MAKE) -C $(PKG_BUILD_DIR) \
- DESTDIR="$(PKG_INSTALL_DIR)" \
- STRIP_OPT="" \
- all install
-endef
-
-define Package/openssh-client/preinst
-#!/bin/sh
-if [ -L $${IPKG_INSTROOT}/usr/bin/ssh ] && [ -L $${IPKG_INSTROOT}/usr/bin/scp ]; then
- rm -f $${IPKG_INSTROOT}/usr/bin/ssh $${IPKG_INSTROOT}/usr/bin/scp;
-fi
-exit 0
-endef
-
-define Package/openssh-client/postrm
-#!/bin/sh
-rm -f $${IPKG_INSTROOT}/usr/bin/ssh $${IPKG_INSTROOT}/usr/bin/scp;
-if [ -x $${IPKG_INSTROOT}/usr/sbin/dropbear ] ; then
- ln -s /usr/sbin/dropbear $${IPKG_INSTROOT}/usr/bin/ssh;
- ln -s /usr/sbin/dropbear $${IPKG_INSTROOT}/usr/bin/scp;
-fi
-exit 0
-endef
-
-define Package/openssh-moduli/install
- $(INSTALL_DIR) $(1)/etc/ssh
- $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/moduli $(1)/etc/ssh/
-endef
-
-define Package/openssh-client/install
- $(INSTALL_DIR) $(1)/etc/ssh
- chmod 0700 $(1)/etc/ssh
- $(CP) $(PKG_INSTALL_DIR)/etc/ssh/ssh_config $(1)/etc/ssh/
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ssh $(1)/usr/bin/
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/scp $(1)/usr/bin/
-endef
-
-define Package/openssh-client-utils/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(foreach bin,add agent keyscan keysign,$(PKG_BUILD_DIR)/ssh-$(bin)) $(1)/usr/bin/
-endef
-
-define Package/openssh-keygen/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ssh-keygen $(1)/usr/bin/
-endef
-
-define Package/openssh-server/install
- $(INSTALL_DIR) $(1)/etc/ssh
- chmod 0700 $(1)/etc/ssh
- $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/sshd_config $(1)/etc/ssh/
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/
-endef
-
-define Package/openssh-server-pam/install
- $(call Package/openssh-server/install,$(1))
- sed -i 's,#PasswordAuthentication yes,PasswordAuthentication no,g' $(1)/etc/ssh/sshd_config
- sed -i 's,#UsePAM no,UsePAM yes,g' $(1)/etc/ssh/sshd_config
- $(INSTALL_DIR) $(1)/etc/pam.d
- $(INSTALL_DATA) ./files/sshd.pam $(1)/etc/pam.d/sshd
- $(INSTALL_DIR) $(1)/etc/security
- $(INSTALL_DATA) ./files/sshd.pam-access $(1)/etc/security/access-sshd-local.conf
-endef
-
-define Package/openssh-sftp-client/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sftp $(1)/usr/bin/
-endef
-
-define Package/openssh-sftp-server/install
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/sftp-server $(1)/usr/lib/
- $(INSTALL_DIR) $(1)/usr/libexec
- ln -sf ../lib/sftp-server $(1)/usr/libexec/sftp-server
-endef
-
-$(eval $(call BuildPackage,openssh-client))
-$(eval $(call BuildPackage,openssh-moduli))
-$(eval $(call BuildPackage,openssh-client-utils))
-$(eval $(call BuildPackage,openssh-keygen))
-$(eval $(call BuildPackage,openssh-server))
-$(eval $(call BuildPackage,openssh-server-pam))
-$(eval $(call BuildPackage,openssh-sftp-client))
-$(eval $(call BuildPackage,openssh-sftp-server))
+++ /dev/null
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2006-2011 OpenWrt.org
-
-START=50
-STOP=50
-
-USE_PROCD=1
-PROG=/usr/sbin/sshd
-
-start_service() {
- for type in rsa dsa; do {
- # check for keys
- key=/etc/ssh/ssh_host_${type}_key
- [ ! -f $key ] && {
- # generate missing keys
- [ -x /usr/bin/ssh-keygen ] && {
- /usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
- }
- }
- }; done
- user_exists sshd 22 || user_add sshd 22 22 sshd /var/empty
- group_exists sshd 22 || group_add sshd 22
- mkdir -m 0700 -p /var/empty
-
- procd_open_instance
- procd_set_param command $PROG -D
- procd_close_instance
-}
-
-shutdown() {
- local pid
- local pids
- local pid_mine
-
- stop
-
- # kill active clients
- pid_mine="$$"
- pids="$(pidof sshd)"
- for pid in $pids; do
- [ "$pid" = "$pid_mine" ] && continue
- [ -e "/proc/$pid/stat" ] && kill $pid
- done
-}
+++ /dev/null
-# PAM configuration for the Secure Shell service
-
-# Read environment variables from /etc/environment and
-# /etc/security/pam_env.conf.
-auth required pam_env.so
-
-# Skip Google Authenticator if logging in from the local network.
-# auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-sshd-local.conf
-# Google Authenticator 2-step verification.
-# auth requisite pam_google_authenticator.so
-
-# Standard Un*x authentication.
-auth include common-auth
-
-# Disallow non-root logins when /etc/nologin exists.
-account required pam_nologin.so
-
-# Uncomment and edit /etc/security/access.conf if you need to set complex
-# access limits that are hard to express in sshd_config.
-# account required pam_access.so
-
-# Standard Un*x authorization.
-account include common-account
-
-# Standard Un*x session setup and teardown.
-session include common-session
-
-# Print the message of the day upon successful login.
-session optional pam_motd.so
-
-# Print the status of the user's mailbox upon successful login.
-session optional pam_mail.so standard noenv
-
-# Set up user limits from /etc/security/limits.conf.
-session required pam_limits.so
-
-# Set up SELinux capabilities (need modified pam)
-# session required pam_selinux.so multiple
-
-# Standard Un*x password updating.
-password include common-password
+++ /dev/null
-# Skip Google Authenticator for local network
-#+ : ALL : 192.168.1.0/24
-+ : ALL : LOCAL
-- : ALL : ALL
+++ /dev/null
---- a/cipher.c
-+++ b/cipher.c
-@@ -80,8 +80,10 @@ static const struct Cipher ciphers[] = {
- { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
- { "blowfish-cbc",
- SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
-+#ifndef OPENSSL_NO_CAST
- { "cast128-cbc",
- SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
-+#endif
- { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
- { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
- { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
+++ /dev/null
---- a/includes.h
-+++ b/includes.h
-@@ -59,6 +59,9 @@
- /*
- *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively
- */
-+#ifdef HAVE_STRING_H
-+# include <string.h>
-+#endif
- #ifdef HAVE_STRINGS_H
- # include <strings.h>
- #endif
+++ /dev/null
---- a/auth-pam.c
-+++ b/auth-pam.c
-@@ -159,7 +159,7 @@ sshpam_sigchld_handler(int sig)
- }
- if (WIFSIGNALED(sshpam_thread_status) &&
- WTERMSIG(sshpam_thread_status) == SIGTERM)
-- return; /* terminated by pthread_cancel */
-+ return; /* terminated by pthread2_cancel */
- if (!WIFEXITED(sshpam_thread_status))
- sigdie("PAM: authentication thread exited unexpectedly");
- if (WEXITSTATUS(sshpam_thread_status) != 0)
-@@ -168,14 +168,14 @@ sshpam_sigchld_handler(int sig)
-
- /* ARGSUSED */
- static void
--pthread_exit(void *value)
-+pthread2_exit(void *value)
- {
- _exit(0);
- }
-
- /* ARGSUSED */
- static int
--pthread_create(sp_pthread_t *thread, const void *attr,
-+pthread2_create(sp_pthread_t *thread, const void *attr,
- void *(*thread_start)(void *), void *arg)
- {
- pid_t pid;
-@@ -201,7 +201,7 @@ pthread_create(sp_pthread_t *thread, con
- }
-
- static int
--pthread_cancel(sp_pthread_t thread)
-+pthread2_cancel(sp_pthread_t thread)
- {
- signal(SIGCHLD, sshpam_oldsig);
- return (kill(thread, SIGTERM));
-@@ -209,7 +209,7 @@ pthread_cancel(sp_pthread_t thread)
-
- /* ARGSUSED */
- static int
--pthread_join(sp_pthread_t thread, void **value)
-+pthread2_join(sp_pthread_t thread, void **value)
- {
- int status;
-
-@@ -510,7 +510,7 @@ sshpam_thread(void *ctxtp)
- /* XXX - can't do much about an error here */
- ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
- buffer_free(&buffer);
-- pthread_exit(NULL);
-+ pthread2_exit(NULL);
-
- auth_fail:
- buffer_put_cstring(&buffer,
-@@ -521,7 +521,7 @@ sshpam_thread(void *ctxtp)
- else
- ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
- buffer_free(&buffer);
-- pthread_exit(NULL);
-+ pthread2_exit(NULL);
-
- return (NULL); /* Avoid warning for non-pthread case */
- }
-@@ -533,8 +533,8 @@ sshpam_thread_cleanup(void)
-
- debug3("PAM: %s entering", __func__);
- if (ctxt != NULL && ctxt->pam_thread != 0) {
-- pthread_cancel(ctxt->pam_thread);
-- pthread_join(ctxt->pam_thread, NULL);
-+ pthread2_cancel(ctxt->pam_thread);
-+ pthread2_join(ctxt->pam_thread, NULL);
- close(ctxt->pam_psock);
- close(ctxt->pam_csock);
- memset(ctxt, 0, sizeof(*ctxt));
-@@ -698,7 +698,7 @@ sshpam_init_ctx(Authctxt *authctxt)
- }
- ctxt->pam_psock = socks[0];
- ctxt->pam_csock = socks[1];
-- if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
-+ if (pthread2_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
- error("PAM: failed to start authentication thread: %s",
- strerror(errno));
- close(socks[0]);
+++ /dev/null
---- a/ssh_config
-+++ b/ssh_config
-@@ -46,3 +46,6 @@
- # VisualHostKey no
- # ProxyCommand ssh -q -W %h:%p gateway.example.com
- # RekeyLimit 1G 1h
-+
-+# enable DSCP QoS values (per RFC-4594)
-+#IPQoS AF21 AF11
---- a/sshd_config
-+++ b/sshd_config
-@@ -122,6 +122,9 @@ UsePrivilegeSeparation sandbox # Defaul
- # no default banner path
- #Banner none
-
-+# enable DSCP QoS values (per RFC-4594)
-+#IPQoS AF21 AF11
-+
- # override default of no subsystems
- Subsystem sftp /usr/libexec/sftp-server
-
projects / openwrt / svn-archive / archive.git / commitdiff