mkj · Oct 30, 2015 · Oct 30, 2015 · Oct 30, 2015 · Oct 30, 2015 · Dec 18, 2015
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,6 @@
+autom4te.cache/
+config.h.in
+configure
+build/
+*.o
+*.swp
diff --git a/CONFIGURE_AKAROS b/CONFIGURE_AKAROS
@@ -0,0 +1,58 @@
+#!/bin/bash
+set -e
+
+if [ "x${AKAROS_ROOT}" == "x" ]
+then
+    echo AKAROS_ROOT is empty!  You must set it!
+	exit
+fi
+
+KFS=${AKAROS_ROOT}/kern/kfs/
+XCC=x86_64-ucb-akaros-gcc
+AKAROS_CFLAGS="-fno-omit-frame-pointer -g -std=gnu99"
+AKAROS_LDFLAGS=""
+AKAROS_LIBS="-liplib -lpthread"
+
+function bootstrap()
+{
+	autoreconf --install
+}
+
+function configure()
+{
+	rm -rf build; mkdir build; cd build
+	CC=${XCC} CFLAGS=${AKAROS_CFLAGS} LDFLAGS=${AKAROS_LDFLAGS} \
+	LIBS=$AKAROS_LIBS ../configure \
+	  --prefix=${KFS} \
+	  --sbindir=${KFS}/bin \
+	  --host=$(basename ${XCC%-gcc}) \
+	  --disable-zlib \
+	  --disable-openpty \
+	  --disable-syslog   \
+	  --disable-shadow    \
+	  --enable-bundled-libtom \
+	  --disable-lastlog \
+	  --disable-utmp     \
+	  --disable-utmpx     \
+	  --disable-wtmp       \
+	  --disable-wtmpx    \
+	  --disable-loginfunc \
+	  --disable-pututline  \
+	  --disable-pututxline
+	cd -
+}
+
+bootstrap
+configure
+
+cat << EndOfMessage
+
+Dropbear has now been configured for Akaros!
+Please cd into the 'build' directory and run the following 
+commands to install it into the KFS of your Akaros tree.
+
+$ cd build
+$ make
+$ make install
+
+EndOfMessage
diff --git a/Makefile.in b/Makefile.in
@@ -10,9 +10,11 @@
 # Hopefully that seems intuitive.
 
 ifndef PROGRAMS
-	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert
+	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert scp
 endif
 
+akaros-detect=$(findstring akaros,$(notdir @CC@))
+
 STATIC_LTC=libtomcrypt/libtomcrypt.a
 STATIC_LTM=libtommath/libtommath.a
 
@@ -24,7 +26,7 @@ CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/
 LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM) 
 endif
 
-ifneq ($(wildcard localoptions.h),)
+ifneq ($(wildcard ../localoptions.h),)
 CFLAGS+=-DLOCALOPTIONS_H_EXISTS
 endif
 
@@ -35,11 +37,19 @@ COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
 		atomicio.o compat.o fake-rfc2553.o \
 		ltc_prng.o ecc.o ecdsa.o crypto_desc.o \
 		gensignkey.o gendss.o genrsa.o
+ifeq ($(akaros-detect), akaros)
+COMMONOBJS += akaros.o
+endif
 
-SVROBJS=svr-kex.o svr-auth.o sshpty.o \
+SVROBJS=svr-kex.o svr-auth.o \
 		svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \
 		svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\
 		svr-tcpfwd.o svr-authpam.o
+ifeq ($(akaros-detect), akaros)
+SVROBJS += tty.o
+else
+SVROBJS += sshpty.o
+endif
 
 CLIOBJS=cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
 		cli-session.o cli-runopts.o cli-chansession.o \
@@ -56,6 +66,9 @@ KEYOBJS=dropbearkey.o
 CONVERTOBJS=dropbearconvert.o keyimport.o
 
 SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o compat.o
+ifeq ($(akaros-detect), akaros)
+SCPOBJS += akaros.o
+endif
 
 HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \
 		dss.h bignum.h signkey.h rsa.h dbrandom.h service.h auth.h \
@@ -174,7 +187,7 @@ dbclient: $(HEADERS) $(LIBTOM_DEPS) Makefile
 	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
 
 dropbearkey dropbearconvert: $(HEADERS) $(LIBTOM_DEPS) Makefile
-	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS)
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
 
 # scp doesn't use the libs so is special.
 scp: $(SCPOBJS)  $(HEADERS) Makefile

diff --git a/README.akaros b/README.akaros
@@ -0,0 +1,54 @@
+README.akaros
+
+
+Environment prep:
+-----------------------
+Set and export AKAROS_ROOT.  AKAROS_ROOT is the path to the Akaros git repo.
+
+
+Put a server key in KFS:
+-----------------------
+A default one is in KFS already, but everyone in the world has that key.  If
+you want your own to avoid MITM attacks, you'll need to make the Linux version
+of Dropbear and use its key generator.
+
+$ rm -r build/ &&  mkdir build && cd build && ../configure && make
+$ ./dropbearkey -t rsa -f $AKAROS_ROOT/kern/kfs/etc/dropbear/dropbear_rsa_host_key
+$ cd -
+
+
+Build Dropbear for Akaros:
+-----------------------
+./CONFIGURE_AKAROS
+cd build ; make clean ; make install ; cd -
+
+
+Put an authorized key in KFS:
+-----------------------
+If you don't want to use an existing key, you can build a new one:
+
+$ ssh-keygen -t rsa -b 4096 -C "your@email.com" -f $HOME/.ssh/id_db_akaros_rsa
+
+Either way, put a key in KFS:
+$ cat $HOME/.ssh/id_db_akaros_rsa.pub >> $AKAROS_ROOT/kern/kfs/.ssh/authorized_keys
+
+
+Set up your SSH config:
+-----------------------
+You might want entries in .ssh/config, especially if you have a lot of keys or
+are using qemu.  The entry for qemu assumes you're using usermode networking
+with port forwarding.
+
+~/.ssh/config
+	Host qemu
+		Hostname 127.0.0.1
+		User root
+		Port 5555
+		IdentityFile ~/.ssh/id_db_akaros_rsa
+		IdentitiesOnly yes
+
+	Host some-machine-name
+		Hostname SOME-IP
+		User root
+		IdentityFile ~/.ssh/id_db_akaros_rsa
+		IdentitiesOnly yes
diff --git a/akaros.c b/akaros.c
@@ -0,0 +1,152 @@
+/* Copyright (c) 2016 Google, Inc.
+ * Barret Rhoden <brho@cs.berkeley.edu>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its contributors
+ * may be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE. */
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <string.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+/* TODO: we can move most of these into glibc. */
+
+struct passwd default_user = {
+	.pw_name = "root",
+	.pw_passwd = "x",
+	.pw_uid = 0,
+	.pw_gid = 0,
+	.pw_gecos = "",
+	.pw_dir = "/",
+	.pw_shell = "/bin/sh",
+};
+
+static int getpwd_r_foobar(struct passwd *pwd, char *buf, size_t buflen,
+                           struct passwd **result)
+{
+	memcpy(pwd, &default_user, sizeof(struct passwd));
+	*result = pwd;
+	return 0;
+}
+
+struct passwd *getpwnam(const char *name)
+{
+	return &default_user;
+}
+
+struct passwd *getpwuid(uid_t uid)
+{
+	return &default_user;
+}
+
+int getpwnam_r(const char *name, struct passwd *pwd,
+               char *buf, size_t buflen, struct passwd **result)
+{
+	return getpwd_r_foobar(pwd, buf, buflen, result);
+}
+
+int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf, size_t buflen,
+               struct passwd **result)
+{
+	return getpwd_r_foobar(pwd, buf, buflen, result);
+}
+
+uid_t getuid(void)
+{
+	return 0;
+}
+
+uid_t geteuid(void)
+{
+	return 0;
+}
+
+gid_t getgid(void)
+{
+	return 0;
+}
+
+gid_t getegid(void)
+{
+	return 0;
+}
+
+int seteuid(uid_t euid)
+{
+	return 0;
+}
+
+int setegid(gid_t egid)
+{
+	return 0;
+}
+
+int setrlimit(int resource, const struct rlimit *rlim)
+{
+	return 0;
+}
+
+/* TODO: probably need session support or something */
+pid_t setsid(void)
+{
+	return 0x1337;
+}
+
+/* The daemon func is from compat.c.
+ *
+ * Once we do setsid in glibc, we don't need to do this anymore and can use
+ * glibc's version. */
+#include "includes.h"
+int daemon(int nochdir, int noclose) {
+
+	int fd;
+
+	switch (fork()) {
+		case -1:
+			return (-1);
+		case 0:
+			break;
+		default:
+			_exit(0);
+	}
+
+	if (setsid() == -1)
+		return -1;
+
+	if (!nochdir)
+		(void)chdir("/");
+
+	if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
+		(void)dup2(fd, STDIN_FILENO);
+		(void)dup2(fd, STDOUT_FILENO);
+		(void)dup2(fd, STDERR_FILENO);
+		if (fd > STDERR_FILENO)
+			(void)close(fd);
+	}
+	return 0;
+}
diff --git a/common-channel.c b/common-channel.c
@@ -760,7 +760,7 @@ static void send_msg_channel_data(struct Channel *channel, int isextended) {
 	len = read(fd, buf_getwriteptr(ses.writepayload, maxlen), maxlen);
 
 	if (len <= 0) {
-		if (len == 0 || errno != EINTR) {
+		if (len == 0 || (errno != EINTR && errno != EAGAIN)) {
 			/* This will also get hit in the case of EAGAIN. The only
 			time we expect to receive EAGAIN is when we're flushing a FD,
 			in which case it can be treated the same as EOF */

diff --git a/common-session.c b/common-session.c
@@ -348,7 +348,7 @@ static void read_session_identification() {
 	for (i = 0; i < 50; i++) {
 		len = ident_readln(ses.sock_in, linebuf, sizeof(linebuf));
 
-		if (len < 0 && errno != EINTR) {
+		if (len < 0 && (errno != EINTR && errno != EAGAIN)) {
 			/* It failed */
 			break;
 		}
@@ -425,7 +425,7 @@ static int ident_readln(int fd, char* buf, int count) {
 			 * so that it won't be read as part of the next line */
 			if (num < 0) {
 				/* error */
-				if (errno == EINTR) {
+				if ((errno == EINTR) || (errno == EAGAIN)) {
 					continue; /* not a real error */
 				}
 				TRACE(("leave ident_readln: read error"))

diff --git a/config.sub b/config.sub
@@ -140,6 +140,10 @@ esac
 ### recognize some manufacturers as not being operating systems, so we
 ### can provide default operating systems below.
 case $os in
+	-akaros*)
+		os=-akaros
+		basic_machine=x86_64
+		;;
 	-sun*os*)
 		# Prevent following clause from handling this invalid input.
 		;;
@@ -1329,6 +1333,9 @@ case $os in
 	# First match some system type aliases
 	# that might get confused with valid system types.
 	# -solaris* is a basic system type, with this one exception.
+	-akaros*)
+		os=-akaros
+		;;
 	-auroraux)
 		os=-auroraux
 		;;
@@ -1714,6 +1721,9 @@ vendor=unknown
 case $basic_machine in
 	*-unknown)
 		case $os in
+			-akaros*)
+				vendor=ucb
+				;;
 			-riscix*)
 				vendor=acorn
 				;;