dropbear: enable PAM

5 files changed, 31 insertions, 10 deletions

diff --git a/dropbear/.footprint b/dropbear/.footprint
index 09ceeab9b..7ac4ff205 100644
--- a/dropbear/.footprint
+++ b/dropbear/.footprint
@@ -1,5 +1,7 @@
 drwxr-xr-x	root/root	etc/
 drwxr-xr-x	root/root	etc/dropbear/
+drwxr-xr-x	root/root	etc/pam.d/
+-rw-r--r--	root/root	etc/pam.d/dropbear
 drwxr-xr-x	root/root	etc/rc.d/
 -rwxr-xr-x	root/root	etc/rc.d/dropbear
 drwxr-xr-x	root/root	usr/
diff --git a/dropbear/.signature b/dropbear/.signature
index 704c6c267..6a75a82b7 100644
--- a/dropbear/.signature
+++ b/dropbear/.signature
@@ -1,7 +1,8 @@
 untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/fYoSjOlXrVgdVZjSJWCm9ISaxGKVH365kFEj0OWUVRz5fTnuy3CfkroLhr8DzWaVMFqavELeCW0PE2EXJhHpwc=
-SHA256 (Pkgfile) = 6e5947b4c0a75449ab2677121757588e436f4420278b90f2427ddf43f2a338f2
-SHA256 (.footprint) = 62bfe7191a20fcd5f6ec3511c951dee47aefdae734f7d616302e6bfc3a0c1923
+RWSE3ohX2g5d/ZwHjbSnatGBORtIE4uG5o+PIXXWF5S+DlHlDX+7Fz3UDD6c3rOvcXIQeoc5loAsc52uNfW5wb3CEwcWtekLdAw=
+SHA256 (Pkgfile) = 0c088019d09c895614d2fe8e449a4ac61b3657ef3b53d5faacf85d6c76aa90e1
+SHA256 (.footprint) = 5d47799d69d21b860be70eb9e767298617679bcee2140d245cbc74f4a2a4502e
 SHA256 (dropbear-2018.76.tar.bz2) = f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65
-SHA256 (dropbear) = def8d4ebda5759a3bc55055957235fa47f7e40216badf07830f487f05e7fbd42
+SHA256 (dropbear.rc) = def8d4ebda5759a3bc55055957235fa47f7e40216badf07830f487f05e7fbd42
+SHA256 (dropbear.pam) = 0c0aff342e586e64f2d2a814ef127a2748b223e746c3efccfccc91a5aadbce4a
 SHA256 (CVE-2018-15599.diff) = 42b5720cf6c888638cfb84fdd862fc0d323b2e023cbe5f9ccdaa2e0c35b6873e
diff --git a/dropbear/Pkgfile b/dropbear/Pkgfile
index 2315df8f0..a8349d886 100644
--- a/dropbear/Pkgfile
+++ b/dropbear/Pkgfile
@@ -1,25 +1,29 @@
 # Description: Small and secure SSH2 server and client
 # URL:         http://matt.ucc.asn.au/dropbear/dropbear.html
 # Maintainer:  Juergen Daubert, jue at crux dot nu
-# Depends on:  zlib
+# Depends on:  zlib linux-pam
 
 name=dropbear
 version=2018.76
-release=2
+release=3
 source=(http://matt.ucc.asn.au/$name/releases/$name-$version.tar.bz2 \
-        $name CVE-2018-15599.diff)
+        dropbear.rc dropbear.pam CVE-2018-15599.diff)
 
 build () {
     cd $name-$version
 
     patch -p1 -i $SRC/CVE-2018-15599.diff
 
+    sed '/pam_start/s/sshd/dropbear/' -i svr-authpam.c
     echo '#define SFTPSERVER_PATH "/usr/lib/ssh/sftp-server"' > localoptions.h
+    echo '#define DROPBEAR_SVR_PASSWORD_AUTH 0' >> localoptions.h
+    echo '#define DROPBEAR_SVR_PAM_AUTH 1' >> localoptions.h
 
-    ./configure --prefix=/usr
+    ./configure --prefix=/usr --enable-pam
     make
     make DESTDIR=$PKG install
 
-    install -d $PKG/etc/{rc.d,dropbear}/
-    install -D -m 755 $SRC/dropbear $PKG/etc/rc.d/
+    install -d $PKG/etc/{rc.d,pam.d,dropbear}
+    install -m 755 $SRC/dropbear.rc $PKG/etc/rc.d/dropbear
+    install -m 644 $SRC/dropbear.pam $PKG/etc/pam.d/dropbear
 }
diff --git a/dropbear/dropbear.pam b/dropbear/dropbear.pam
new file mode 100644
index 000000000..a739be471
--- /dev/null
+++ b/dropbear/dropbear.pam
@@ -0,0 +1,14 @@
+#
+# /etc/pam.d/dropbear - dropbear service module configuration
+#
+
+auth       include    common-auth
+
+account    required   pam_nologin.so
+account    include    common-account
+
+password   include    common-password
+
+session    include    common-session
+session    required   pam_limits.so
+
diff --git a/dropbear/dropbear b/dropbear/dropbear.rc
index 20f6b2246..20f6b2246 100644
--- a/dropbear/dropbear
+++ b/dropbear/dropbear.rc