From patchwork Fri Nov 22 12:12:46 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: hurrhnn--- via openwrt-devel
 <openwrt-devel@lists.openwrt.org>
X-Patchwork-Id: 1199453
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=lists.openwrt.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=lists.openwrt.org
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="N5WAlikv";
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (4096 bits)
	server-digest SHA256) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 47KFj76xMwz9sPJ
	for <incoming@patchwork.ozlabs.org>;
	Fri, 22 Nov 2019 23:14:19 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209;
	h=Sender:Content-Type:Subject:
	List-Help:Reply-To:List-Archive:List-Unsubscribe:List-Subscribe:From:
	List-Post:List-Id:Message-ID:MIME-Version:Date:To:Cc:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Owner; bh=OlrxmdeEDm+cjTI3vnUpVV/axwdvEx9FQVk0cI2wCg0=;
	b=N5W
	Alikv4aDSWGKwAheAy543XRJjBOJObO9oQ1X0o5zzuNl39tMAkzedFDIGLeYAvZT220Cbi4xXjCKG
	FiqBvTwTZRNLqkA92fDb/u9oClDeYfcUYmXhusVEw8GxopzUaBqG7HExEKg5LdCoVP2CHX1h+O0yI
	eYeUaQixwd3kHp3x1Xb0BwjYs8nEEb1MAMizsdJqJAMak2/ZLw5wTKboqzRfQWBUDa4pkGKF4QY1p
	3AkEAyE9u8v6uP5CWV/z9JRvuBKS/fbsEk0miDczCqHx+sIfY+IpuzBi9zHFdihpyz8jb6rk6IX95
	Uoct+a4cDzv3y1owRw9IMSFEv1kSA3g==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1iY7p8-00026Q-3i; Fri, 22 Nov 2019 12:14:06 +0000
To: openwrt-devel@lists.openwrt.org
Date: Fri, 22 Nov 2019 12:12:46 +0000
MIME-Version: 1.0
Message-ID: <mailman.13433.1574424844.2486.openwrt-devel@lists.openwrt.org>
List-Id: <openwrt-devel.lists.openwrt.org>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
X-Patchwork-Original-From: Kyle Copperfield via openwrt-devel
 <openwrt-devel@lists.openwrt.org>
From: hurrhnn--- via openwrt-devel <openwrt-devel@lists.openwrt.org>
Precedence: list
X-Mailman-Version: 2.1.29
X-BeenThere: openwrt-devel@lists.openwrt.org
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/openwrt-devel/>
Reply-To: Kyle Copperfield <kmcopper@danwin1210.me>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
Subject: [OpenWrt-Devel] [PATCH RESEND packages 1/2] openssh: add openwrt
	failsafe support
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Adds failsafe support to the openssh package.
Roughly based on an earlier patch.

Ref: https://github.com/openwrt/openwrt/pull/865
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
---
 net/openssh/Makefile            |  1 +
 net/openssh/files/sshd.failsafe | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100755 net/openssh/files/sshd.failsafe

diff --git a/net/openssh/Makefile b/net/openssh/Makefile
index 97b7fc304..3273180af 100644
--- a/net/openssh/Makefile
+++ b/net/openssh/Makefile
@@ -231,6 +231,7 @@ define Package/openssh-server/install
 	sed -r -i 's,^#(HostKey /etc/ssh/ssh_host_(rsa|ecdsa|ed25519)_key)$$$$,\1,' $(1)/etc/ssh/sshd_config
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd
+	$(INSTALL_BIN) ./files/sshd.failsafe $(1)/lib/preinit/99_10_failsafe_sshd
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/
 endef
diff --git a/net/openssh/files/sshd.failsafe b/net/openssh/files/sshd.failsafe
new file mode 100755
index 000000000..aee7e7743
--- /dev/null
+++ b/net/openssh/files/sshd.failsafe
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+failsafe_sshd () {
+
+	sshd_tmpdir=/tmp/sshd
+	mkdir ${sshd_tmpdir}
+
+	sed -i 's/^root.*/root::0:17000:::::/g' /etc/shadow
+
+	for type in ecdsa ed25519; do
+		key=${sshd_tmpdir}/ssh_host_${type}_key
+		ssh-keygen -N '' -t ${type} -f ${key}
+	done
+
+	mkdir -m 0700 -p /var/empty
+
+	cat > ${sshd_tmpdir}/sshd_config <<EOF
+
+HostKey ${sshd_tmpdir}/ssh_host_ecdsa_key
+HostKey ${sshd_tmpdir}/ssh_host_ed25519_key
+
+PermitRootLogin	yes
+PermitEmptyPasswords yes
+
+EOF
+
+	/usr/sbin/sshd -f ${sshd_tmpdir}/sshd_config -E ${sshd_tmpdir}/sshd.log
+
+}
+
+boot_hook_add failsafe failsafe_sshd