shellinabox and Administrator user

board/PSG/iot2050/post-build.sh

@@ -66,5 +66,8 @@ then
 	rm "$TARGET_DIR/$TOREMOVE"
 fi	
 
+echo "=========="
+sudo chown 0:10 $TARGET_DIR/home/Administrator/startapp.sh
+
 #----------------------------
 echo "$BUILD ($BUILDDATE)" > $TARGET_DIR/etc/BUILD

board/PSG/iot2050/rootfs/etc/group

@@ -0,0 +1,35 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+kmem:x:9:
+wheel:x:10:root,Administrator
+cdrom:x:11:
+dialout:x:18:
+floppy:x:19:
+video:x:28:
+audio:x:29:
+tape:x:32:
+www-data:x:33:
+operator:x:37:
+utmp:x:43:
+plugdev:x:46:
+staff:x:50:
+lock:x:54:
+netdev:x:82:
+users:x:100:
+nobody:x:65534:
+mysql:x:102:
+ntp:x:103:
+sshd:x:104:
+saned:x:105:
+sudo:x:106:
+input:x:107:
+kvm:x:108:
+weston-launch:x:109:
+dbus:x:101:dbus

board/PSG/iot2050/rootfs/etc/ssh/sshd_config

@@ -110,6 +110,10 @@ ChallengeResponseAuthentication no
 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
 
+Match User Administrator
+PasswordAuthentication yes
+Match all
+
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #	X11Forwarding no

board/PSG/iot2050/rootfs/etc/sudoers

@@ -0,0 +1,99 @@
+## sudoers file.
+##
+## This file MUST be edited with the 'visudo' command as root.
+## Failure to use 'visudo' may result in syntax or file permission errors
+## that prevent sudo from running.
+##
+## See the sudoers man page for the details on how to write a sudoers file.
+##
+
+##
+## Host alias specification
+##
+## Groups of machines. These may include host names (optionally with wildcards),
+## IP addresses, network numbers or netgroups.
+# Host_Alias	WEBSERVERS = www1, www2, www3
+
+##
+## User alias specification
+##
+## Groups of users.  These may consist of user names, uids, Unix groups,
+## or netgroups.
+# User_Alias	ADMINS = millert, dowdy, mikef
+
+##
+## Cmnd alias specification
+##
+## Groups of commands.  Often used to group related commands together.
+# Cmnd_Alias	PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
+# 			    /usr/bin/pkill, /usr/bin/top
+# Cmnd_Alias	REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
+
+##
+## Defaults specification
+##
+## You may wish to keep some of the following environment variables
+## when running commands via sudo.
+##
+## Locale settings
+# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
+##
+## Run X applications through sudo; HOME is used to find the
+## .Xauthority file.  Note that other programs use HOME to find   
+## configuration files and this may lead to privilege escalation!
+# Defaults env_keep += "HOME"
+##
+## X11 resource path settings
+# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
+##
+## Desktop path settings
+# Defaults env_keep += "QTDIR KDEDIR"
+##
+## Allow sudo-run commands to inherit the callers' ConsoleKit session
+# Defaults env_keep += "XDG_SESSION_COOKIE"
+##
+## Uncomment to enable special input methods.  Care should be taken as
+## this may allow users to subvert the command being run via sudo.
+# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
+##
+## Uncomment to use a hard-coded PATH instead of the user's to find commands
+# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+##
+## Uncomment to send mail if the user does not enter the correct password.
+# Defaults mail_badpass
+##
+## Uncomment to enable logging of a command's output, except for
+## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
+## Sudo will create up to 2,176,782,336 I/O logs before recycling them.
+## Set maxseq to a smaller number if you don't have unlimited disk space.
+# Defaults log_output
+# Defaults!/usr/bin/sudoreplay !log_output
+# Defaults!/usr/local/bin/sudoreplay !log_output
+# Defaults!REBOOT !log_output
+# Defaults maxseq = 1000
+
+##
+## Runas alias specification
+##
+
+##
+## User privilege specification
+##
+root ALL=(ALL:ALL) ALL
+
+## Uncomment to allow members of group wheel to execute any command
+#%wheel ALL=(ALL:ALL) ALL
+
+## Same thing without a password
+%wheel ALL=(ALL:ALL) NOPASSWD: ALL
+
+## Uncomment to allow members of group sudo to execute any command
+%sudo	ALL=(ALL:ALL) ALL
+
+## Uncomment to allow any user to run sudo if they know the password
+## of the user they are running the command as (root by default).
+# Defaults targetpw  # Ask for the password of the target user
+# ALL ALL=(ALL:ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
+
+## Read drop-in files from /etc/sudoers.d
+@includedir /etc/sudoers.d

configs/iot2050_V2_defconfig

@@ -286,6 +286,7 @@ BR2_PACKAGE_GNUTLS_TOOLS=y
 BR2_PACKAGE_LIBARGON2=y
 BR2_PACKAGE_LIBNSS=y
 BR2_PACKAGE_LIBSODIUM=y
+BR2_PACKAGE_MYSQL=y
 BR2_PACKAGE_MARIADB=y
 BR2_PACKAGE_MARIADB_SERVER=y
 BR2_PACKAGE_SQLITE_ENABLE_COLUMN_METADATA=y
@@ -365,6 +366,10 @@ BR2_PACKAGE_IPTABLES_NFTABLES=y
 BR2_PACKAGE_IPTRAF_NG=y
 BR2_PACKAGE_IPUTILS=y
 BR2_PACKAGE_IW=y
+BR2_PACKAGE_LFTP=y
+BR2_PACKAGE_LFTP_PROTO_FISH=y
+BR2_PACKAGE_LFTP_PROTO_HTTP=y
+BR2_PACKAGE_LFTP_PROTO_SFTP=y
 BR2_PACKAGE_NETPLUG=y
 BR2_PACKAGE_NETSTAT_NAT=y
 BR2_PACKAGE_NTP=y
@@ -423,41 +428,3 @@ BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_UBOOT_TOOLS=y
 BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT=y
 BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT_SOURCE="../PSG/board/PSG/iot2050/boot.cmd"
-BR2_PACKAGE_PHP56=y
-BR2_PACKAGE_PHP56_SAPI_APACHE=y
-BR2_PACKAGE_PHP56_EXT_CALENDAR=y
-BR2_PACKAGE_PHP56_EXT_FILEINFO=y
-BR2_PACKAGE_PHP56_EXT_OPCACHE=y
-BR2_PACKAGE_PHP56_EXT_READLINE=y
-BR2_PACKAGE_PHP56_EXT_BZIP2=y
-BR2_PACKAGE_PHP56_EXT_PHAR=y
-BR2_PACKAGE_PHP56_EXT_ZIP=y
-BR2_PACKAGE_PHP56_EXT_HASH=y
-BR2_PACKAGE_PHP56_EXT_MYSQL=y
-BR2_PACKAGE_PHP56_EXT_SQLITE=y
-BR2_PACKAGE_PHP56_EXT_PDO=y
-BR2_PACKAGE_PHP56_EXT_PDO_MYSQL=y
-BR2_PACKAGE_PHP56_EXT_PDO_SQLITE=y
-BR2_PACKAGE_PHP56_EXT_GETTEXT=y
-BR2_PACKAGE_PHP56_EXT_ICONV=y
-BR2_PACKAGE_PHP56_EXT_MBSTRING=y
-BR2_PACKAGE_PHP56_EXT_EXIF=y
-BR2_PACKAGE_PHP56_EXT_GD=y
-BR2_PACKAGE_PHP56_EXT_BCMATH=y
-BR2_PACKAGE_PHP56_EXT_GMP=y
-BR2_PACKAGE_PHP56_EXT_JSON=y
-BR2_PACKAGE_PHP56_EXT_TOKENIZER=y
-BR2_PACKAGE_PHP56_EXT_CURL=y
-BR2_PACKAGE_PHP56_EXT_FTP=y
-BR2_PACKAGE_PHP56_EXT_SOCKETS=y
-BR2_PACKAGE_PHP56_EXT_CTYPE=y
-BR2_PACKAGE_PHP56_EXT_FILTER=y
-BR2_PACKAGE_PHP56_EXT_SOAP=y
-BR2_PACKAGE_PHP56_EXT_XMLRPC=y
-BR2_PACKAGE_PHP56_EXT_SIMPLEXML=y
-BR2_PACKAGE_PHP56_EXT_WDDX=y
-BR2_PACKAGE_PHP56_EXT_XML=y
-BR2_PACKAGE_PHP56_EXT_XMLREADER=y
-BR2_PACKAGE_PHP56_EXT_XMLWRITER=y
-BR2_PACKAGE_PHP56_EXT_XSL=y
-BR2_PACKAGE_PHP56_SAPI_CLI_CGI=y

patches/0013-shellinabox.patch

@@ -0,0 +1,48 @@
+diff --git a/package/shellinabox/0003-cr-lf-problem-android.patch b/package/shellinabox/0003-cr-lf-problem-android.patch
+new file mode 100644
+index 0000000000..6c986a33c4
+--- /dev/null
++++ b/package/shellinabox/0003-cr-lf-problem-android.patch
+@@ -0,0 +1,16 @@
++diff --git a/shellinabox/vt100.jspp b/shellinabox/vt100.jspp
++index fe31cb5..5924871 100755
++--- a/shellinabox/vt100.jspp
+++++ b/shellinabox/vt100.jspp
++@@ -916,8 +916,9 @@ VT100.prototype.initializeElements = function(container) {
++                        '<div class="hidden">' +
++                          '<div id="usercss"></div>' +
++                          '<pre><div><span id="space"></span></div></pre>' +
++-                         '<input type="text" id="input" autocorrect="off" autocapitalize="off" />' +
++-                         '<input type="text" id="cliphelper" />' +
+++                         '<input type="text" id="input" autocorrect="off" autocapitalize="off" ' +
+++                                'autocomplete="off" spellcheck="false" />' +
+++                         '<input type="text" id="cliphelper" tabindex="-1" />' +
++                          (typeof suppressAllAudio != 'undefined' &&
++                           suppressAllAudio ? "" :
++                          embed + '<bgsound id="beep_bgsound" loop=1 />') +
+diff --git a/package/shellinabox/0004-remove-some-auth-modules-from-ssh.patch b/package/shellinabox/0004-remove-some-auth-modules-from-ssh.patch
+new file mode 100644
+index 0000000000..39cd922f69
+--- /dev/null
++++ b/package/shellinabox/0004-remove-some-auth-modules-from-ssh.patch
+@@ -0,0 +1,20 @@
++diff --git a/shellinabox/service.c b/shellinabox/service.c
++index cdf946e..f1609f8 100644
++--- a/shellinabox/service.c
+++++ b/shellinabox/service.c
++@@ -171,12 +171,12 @@ void initService(struct Service *service, const char *arg) {
++     service->cmdline                        = stringPrintf(NULL,
++       "ssh -a -e none -i /dev/null -x -oChallengeResponseAuthentication=no "
++           "-oCheckHostIP=no -oClearAllForwardings=yes -oCompression=no "
++-          "-oControlMaster=no -oGSSAPIAuthentication=no "
+++          "-oControlMaster=no "
++           "-oHostbasedAuthentication=no -oIdentitiesOnly=yes "
++           "-oKbdInteractiveAuthentication=yes -oPasswordAuthentication=yes "
++           "-oPreferredAuthentications=keyboard-interactive,password "
++-          "-oPubkeyAuthentication=no -oRhostsRSAAuthentication=no "
++-          "-oRSAAuthentication=no -oStrictHostKeyChecking=no -oTunnel=no "
+++          "-oPubkeyAuthentication=no "
+++          "-oStrictHostKeyChecking=no -oTunnel=no "
++           "-oUserKnownHostsFile=/dev/null -oVerifyHostKeyDNS=no "
++ // beewoolie-2012.03.30: while it would be nice to disable this
++ //          feature, we cannot be sure that it is available on the