new package: shellinabox
Requested in https://github.com/termux/termux-packages/issues/934.
This commit is contained in:
parent
8462adbc70
commit
50006bd1f2
18
packages/shellinabox/build.sh
Normal file
18
packages/shellinabox/build.sh
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
TERMUX_PKG_HOMEPAGE=https://github.com/shellinabox/shellinabox
|
||||||
|
TERMUX_PKG_DESCRIPTION="Implementation of a web server that can export arbitrary command line tools to a web based terminal emulator"
|
||||||
|
TERMUX_PKG_LICENSE="GPL-2.0"
|
||||||
|
TERMUX_PKG_VERSION=2.20
|
||||||
|
TERMUX_PKG_SRCURL=https://github.com/shellinabox/shellinabox/archive/v$TERMUX_PKG_VERSION.tar.gz
|
||||||
|
TERMUX_PKG_SHA256=27a5ec6c3439f87aee238c47cc56e7357a6249e5ca9ed0f044f0057ef389d81e
|
||||||
|
TERMUX_PKG_DEPENDS="openssl, openssl-tool, termux-auth (>= 1.2), zlib"
|
||||||
|
TERMUX_PKG_EXTRA_CONFIGURE_ARGS="
|
||||||
|
--enable-login
|
||||||
|
--disable-pam
|
||||||
|
--disable-utmp
|
||||||
|
--disable-runtime-loading
|
||||||
|
"
|
||||||
|
|
||||||
|
termux_step_pre_configure() {
|
||||||
|
export LIBS="-lssl -lcrypto"
|
||||||
|
autoreconf -i
|
||||||
|
}
|
13
packages/shellinabox/shellinabox-2.20_Makefile.am.patch
Normal file
13
packages/shellinabox/shellinabox-2.20_Makefile.am.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -uNr shellinabox-2.20/Makefile.am shellinabox-2.20.mod/Makefile.am
|
||||||
|
--- shellinabox-2.20/Makefile.am 2016-11-09 21:40:33.000000000 +0200
|
||||||
|
+++ shellinabox-2.20.mod/Makefile.am 2020-01-03 01:28:00.029246370 +0200
|
||||||
|
@@ -208,8 +208,7 @@
|
||||||
|
@rm -f "$@"
|
||||||
|
ln "$?" "$@"
|
||||||
|
|
||||||
|
-shellinaboxd.1: ${top_srcdir}/shellinabox/shellinaboxd.man.in \
|
||||||
|
- ${top_srcdir}/config.h
|
||||||
|
+shellinaboxd.1: ${top_srcdir}/shellinabox/shellinaboxd.man.in
|
||||||
|
@src="${top_srcdir}/shellinabox/shellinaboxd.man.in"; \
|
||||||
|
echo preprocess "$$src" '>'"$@"; \
|
||||||
|
if sed -e 's/^#define \([^ ]*\).*/\1/' -e t -e d config.h | \
|
12
packages/shellinabox/shellinabox-2.20_libhttp_ssl.c.patch
Normal file
12
packages/shellinabox/shellinabox-2.20_libhttp_ssl.c.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -uNr shellinabox-2.20/libhttp/ssl.c shellinabox-2.20.mod/libhttp/ssl.c
|
||||||
|
--- shellinabox-2.20/libhttp/ssl.c 2016-11-09 21:40:33.000000000 +0200
|
||||||
|
+++ shellinabox-2.20.mod/libhttp/ssl.c 2020-01-03 01:52:35.381088443 +0200
|
||||||
|
@@ -398,7 +398,7 @@
|
||||||
|
check(NOINTR(dup2(fd, STDIN_FILENO)) == STDIN_FILENO);
|
||||||
|
check(NOINTR(close(fd)) == 0);
|
||||||
|
umask(077);
|
||||||
|
- check(setenv("PATH", "/usr/bin:/usr/sbin", 1) == 0);
|
||||||
|
+ check(setenv("PATH", "@TERMUX_PREFIX@/bin:@TERMUX_PREFIX@/bin/applets", 1) == 0);
|
||||||
|
char *subject;
|
||||||
|
check(subject = stringPrintf(NULL, "/CN=%s/", serverName));
|
||||||
|
if (execlp("openssl", "openssl", "req", "-x509", "-nodes", "-days", "7300",
|
@ -0,0 +1,87 @@
|
|||||||
|
diff -uNr shellinabox-2.20/shellinabox/launcher.c shellinabox-2.20.mod/shellinabox/launcher.c
|
||||||
|
--- shellinabox-2.20/shellinabox/launcher.c 2016-11-09 21:40:33.000000000 +0200
|
||||||
|
+++ shellinabox-2.20.mod/shellinabox/launcher.c 2020-01-03 01:31:45.220824399 +0200
|
||||||
|
@@ -676,10 +676,13 @@
|
||||||
|
// Temporarily regain privileges to update the utmp database
|
||||||
|
uid_t r_uid, e_uid, s_uid;
|
||||||
|
uid_t r_gid, e_gid, s_gid;
|
||||||
|
+
|
||||||
|
+#ifndef __ANDROID__
|
||||||
|
check(!getresuid(&r_uid, &e_uid, &s_uid));
|
||||||
|
check(!getresgid(&r_gid, &e_gid, &s_gid));
|
||||||
|
UNUSED_RETURN(setresuid(0, 0, 0));
|
||||||
|
UNUSED_RETURN(setresgid(0, 0, 0));
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
if (enableUtmpLogging) {
|
||||||
|
setutxent();
|
||||||
|
@@ -693,10 +696,12 @@
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifndef __ANDROID__
|
||||||
|
// Switch back to the lower privileges
|
||||||
|
check(!setresgid(r_gid, e_gid, s_gid));
|
||||||
|
check(!setresuid(r_uid, e_uid, s_uid));
|
||||||
|
#endif
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
NOINTR(close(utmp->pty));
|
||||||
|
}
|
||||||
|
@@ -1162,8 +1167,7 @@
|
||||||
|
|
||||||
|
if (service->useDefaultShell) {
|
||||||
|
check(!service->cmdline);
|
||||||
|
- service->cmdline = strdup(*pw->pw_shell ?
|
||||||
|
- pw->pw_shell : "/bin/sh");
|
||||||
|
+ service->cmdline = strdup("@TERMUX_PREFIX@/bin/bash");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (restricted &&
|
||||||
|
@@ -1231,7 +1235,7 @@
|
||||||
|
(*environment)[numEnvVars++] = stringPrintf(NULL, "SHELL=%s", pw->pw_shell);
|
||||||
|
check(
|
||||||
|
(*environment)[numEnvVars++] = strdup(
|
||||||
|
- "PATH=/usr/local/bin:/usr/bin:/bin:/usr/games"));
|
||||||
|
+ "PATH=@TERMUX_PREFIX@/bin:@TERMUX_PREFIX@/bin/applets"));
|
||||||
|
(*environment)[numEnvVars++] = stringPrintf(NULL, "LOGNAME=%s",
|
||||||
|
service->user);
|
||||||
|
(*environment)[numEnvVars++] = stringPrintf(NULL, "USER=%s", service->user);
|
||||||
|
@@ -1566,10 +1570,13 @@
|
||||||
|
cfsetospeed(&tt, B38400);
|
||||||
|
tcsetattr(0, TCSAFLUSH, &tt);
|
||||||
|
|
||||||
|
+#ifndef __ANDROID__
|
||||||
|
// Assert root privileges in order to update utmp entry. We can only do that,
|
||||||
|
// if we have root permissions otherwise this fails.
|
||||||
|
UNUSED_RETURN(setresuid(0, 0, 0));
|
||||||
|
UNUSED_RETURN(setresgid(0, 0, 0));
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#ifdef HAVE_UTMPX_H
|
||||||
|
if (enableUtmpLogging) {
|
||||||
|
setutxent();
|
||||||
|
@@ -1641,9 +1648,11 @@
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifndef __ANDROID__
|
||||||
|
// Change user and group ids
|
||||||
|
check(!setresgid(service->gid, service->gid, service->gid));
|
||||||
|
check(!setresuid(service->uid, service->uid, service->uid));
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
// Change working directory
|
||||||
|
if (service->useHomeDir) {
|
||||||
|
@@ -1682,10 +1691,7 @@
|
||||||
|
snprintf(remoteHost, 256,
|
||||||
|
(*realIP) ? "%s, %s" : "%s%s", peerName,
|
||||||
|
(*realIP) ? realIP : "");
|
||||||
|
- execle("/bin/login", "login", "-p", "-h", remoteHost,
|
||||||
|
- (void *)0, environment);
|
||||||
|
- execle("/usr/bin/login", "login", "-p", "-h", remoteHost,
|
||||||
|
- (void *)0, environment);
|
||||||
|
+ execle("@TERMUX_PREFIX@/bin/pwlogin", "pwlogin", (void *)0, environment);
|
||||||
|
} else {
|
||||||
|
// Launch user provied service
|
||||||
|
execService(width, height, service, peerName, realIP, environment, url);
|
@ -0,0 +1,57 @@
|
|||||||
|
diff -uNr shellinabox-2.20/shellinabox/privileges.c shellinabox-2.20.mod/shellinabox/privileges.c
|
||||||
|
--- shellinabox-2.20/shellinabox/privileges.c 2016-11-09 21:40:33.000000000 +0200
|
||||||
|
+++ shellinabox-2.20.mod/shellinabox/privileges.c 2020-01-03 01:34:35.341048035 +0200
|
||||||
|
@@ -95,6 +95,10 @@
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static void removeGroupPrivileges(int showError) {
|
||||||
|
+#ifdef __ANDROID__
|
||||||
|
+ return;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
gid_t rg, eg, sg;
|
||||||
|
check(!getresgid(&rg, &eg, &sg));
|
||||||
|
|
||||||
|
@@ -128,6 +132,10 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
void lowerPrivileges(void) {
|
||||||
|
+#ifdef __ANDROID__
|
||||||
|
+ return;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
uid_t r, e, g;
|
||||||
|
check(!getresuid(&r, &e, &g));
|
||||||
|
|
||||||
|
@@ -159,6 +167,10 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
void dropPrivileges(void) {
|
||||||
|
+#ifdef __ANDROID__
|
||||||
|
+ return;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
uid_t r, e, s;
|
||||||
|
check(!getresuid(&r, &e, &s));
|
||||||
|
|
||||||
|
@@ -256,6 +268,10 @@
|
||||||
|
#endif
|
||||||
|
|
||||||
|
uid_t getUserId(const char *name) {
|
||||||
|
+#ifdef __ANDROID__
|
||||||
|
+ return getuid();
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
struct passwd pwbuf, *pw;
|
||||||
|
char *buf;
|
||||||
|
#ifdef _SC_GETPW_R_SIZE_MAX
|
||||||
|
@@ -364,6 +380,9 @@
|
||||||
|
#endif
|
||||||
|
|
||||||
|
gid_t getGroupId(const char *name) {
|
||||||
|
+#if __ANDROID__
|
||||||
|
+ return getgid();
|
||||||
|
+#endif
|
||||||
|
static const long gr_max = 64 * 1024;
|
||||||
|
struct group grbuf, *gr;
|
||||||
|
char *temp;
|
@ -0,0 +1,35 @@
|
|||||||
|
diff -uNr shellinabox-2.20/shellinabox/service.c shellinabox-2.20.mod/shellinabox/service.c
|
||||||
|
--- shellinabox-2.20/shellinabox/service.c 2016-11-09 21:40:33.000000000 +0200
|
||||||
|
+++ shellinabox-2.20.mod/shellinabox/service.c 2020-01-03 01:47:07.845623596 +0200
|
||||||
|
@@ -94,9 +94,11 @@
|
||||||
|
// The next part of the argument is either the word 'LOGIN' or the
|
||||||
|
// application definition.
|
||||||
|
if (!strcmp(arg, "LOGIN")) {
|
||||||
|
+#ifndef __ANDROID__
|
||||||
|
if (geteuid()) {
|
||||||
|
fatal("[config] Must be \"root\" to invoke LOGIN service!");
|
||||||
|
}
|
||||||
|
+#endif
|
||||||
|
service->useLogin = 1;
|
||||||
|
service->useHomeDir = 0;
|
||||||
|
service->authUser = 0;
|
||||||
|
@@ -106,8 +108,7 @@
|
||||||
|
check(service->user = strdup("root"));
|
||||||
|
check(service->group = strdup("root"));
|
||||||
|
check(service->cwd = strdup("/"));
|
||||||
|
- check(service->cmdline = strdup(
|
||||||
|
- "/bin/login -p -h ${peer}"));
|
||||||
|
+ check(service->cmdline = strdup("@TERMUX_PREFIX@/bin/pwlogin"));
|
||||||
|
} else
|
||||||
|
#endif
|
||||||
|
if (!strcmp(arg, "SSH") || !strncmp(arg, "SSH:", 4)) {
|
||||||
|
@@ -175,8 +176,7 @@
|
||||||
|
"-oHostbasedAuthentication=no -oIdentitiesOnly=yes "
|
||||||
|
"-oKbdInteractiveAuthentication=yes -oPasswordAuthentication=yes "
|
||||||
|
"-oPreferredAuthentications=keyboard-interactive,password "
|
||||||
|
- "-oPubkeyAuthentication=no -oRhostsRSAAuthentication=no "
|
||||||
|
- "-oRSAAuthentication=no -oStrictHostKeyChecking=no -oTunnel=no "
|
||||||
|
+ "-oPubkeyAuthentication=no -oStrictHostKeyChecking=no -oTunnel=no "
|
||||||
|
"-oUserKnownHostsFile=/dev/null -oVerifyHostKeyDNS=no "
|
||||||
|
// beewoolie-2012.03.30: while it would be nice to disable this
|
||||||
|
// feature, we cannot be sure that it is available on the
|
Loading…
Reference in New Issue
Block a user