Commit | Line | Data |
---|---|---|
59f0d218 FF |
1 | diff -u -r ../dropbear-2013.62/cli-auth.c ./cli-auth.c |
2 | --- ../dropbear-2013.62/cli-auth.c 2013-12-03 14:39:15.000000000 +0100 | |
3 | +++ ./cli-auth.c 2014-01-05 21:21:37.926812382 +0100 | |
4 | @@ -32,6 +32,10 @@ | |
5 | #include "packet.h" | |
6 | #include "runopts.h" | |
7 | ||
8 | +char * getpass (const char *prompt) { | |
9 | + return ""; | |
10 | +} | |
11 | + | |
12 | void cli_authinitialise() { | |
13 | ||
14 | memset(&ses.authstate, 0, sizeof(ses.authstate)); | |
15 | #ifdef ENABLE_CLI_ANYTCPFWD | |
16 | diff -u -r ../dropbear-2013.62/options.h ./options.h | |
17 | --- ../dropbear-2013.62/options.h 2013-12-03 14:39:15.000000000 +0100 | |
18 | +++ ./options.h 2014-01-05 21:21:37.930812382 +0100 | |
19 | @@ -10,8 +10,10 @@ | |
20 | ||
21 | /* IMPORTANT: Many options will require "make clean" after changes */ | |
22 | + | |
23 | + | |
24 | ||
25 | #ifndef DROPBEAR_DEFPORT | |
26 | -#define DROPBEAR_DEFPORT "22" | |
27 | +#define DROPBEAR_DEFPORT "8022" | |
28 | #endif | |
29 | ||
30 | #ifndef DROPBEAR_DEFADDRESS | |
31 | @@ -21,13 +23,13 @@ | |
32 | ||
33 | /* Default hostkey paths - these can be specified on the command line */ | |
34 | #ifndef DSS_PRIV_FILENAME | |
35 | -#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" | |
36 | +#define DSS_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_dss_host_key" | |
37 | #endif | |
38 | #ifndef RSA_PRIV_FILENAME | |
39 | -#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" | |
40 | +#define RSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_rsa_host_key" | |
41 | #endif | |
42 | #ifndef ECDSA_PRIV_FILENAME | |
43 | -#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key" | |
44 | +#define ECDSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_ecdsa_host_key" | |
45 | #endif | |
46 | ||
47 | /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens | |
48 | @@ -41,7 +43,7 @@ | |
49 | * Both of these flags can be defined at once, don't compile without at least | |
50 | * one of them. */ | |
51 | #define NON_INETD_MODE | |
52 | -#define INETD_MODE | |
53 | +#undef INETD_MODE | |
54 | ||
55 | /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is | |
56 | * perhaps 20% slower for pubkey operations (it is probably worth experimenting | |
57 | @@ -55,7 +57,7 @@ | |
58 | #define DROPBEAR_SMALL_CODE | |
59 | ||
60 | /* Enable X11 Forwarding - server only */ | |
61 | -#define ENABLE_X11FWD | |
62 | +#undef ENABLE_X11FWD | |
63 | ||
64 | /* Enable TCP Fowarding */ | |
65 | /* 'Local' is "-L" style (client listening port forwarded via server) | |
66 | @@ -179,7 +181,7 @@ | |
67 | ||
68 | /* The MOTD file path */ | |
69 | #ifndef MOTD_FILENAME | |
70 | -#define MOTD_FILENAME "/etc/motd" | |
71 | +#define MOTD_FILENAME "@TERMUX_PREFIX@/etc/motd" | |
72 | #endif | |
73 | ||
74 | /* Authentication Types - at least one required. | |
75 | @@ -192,7 +194,7 @@ | |
76 | * PAM challenge/response. | |
77 | * You can't enable both PASSWORD and PAM. */ | |
78 | ||
79 | -#define ENABLE_SVR_PASSWORD_AUTH | |
80 | +#undef ENABLE_SVR_PASSWORD_AUTH | |
81 | /* PAM requires ./configure --enable-pam */ | |
82 | /*#define ENABLE_SVR_PAM_AUTH */ | |
83 | #define ENABLE_SVR_PUBKEY_AUTH | |
84 | @@ -259,7 +261,7 @@ | |
85 | /* The default file to store the daemon's process ID, for shutdown | |
86 | scripts etc. This can be overridden with the -P flag */ | |
87 | #ifndef DROPBEAR_PIDFILE | |
88 | -#define DROPBEAR_PIDFILE "/var/run/dropbear.pid" | |
89 | +#define DROPBEAR_PIDFILE "@TERMUX_PREFIX@/var/run/dropbear.pid" | |
90 | #endif | |
91 | ||
92 | /* The command to invoke for xauth when using X11 forwarding. | |
93 | @@ -277,7 +279,7 @@ | |
94 | ||
95 | /* This is used by the scp binary when used as a client binary. If you're | |
96 | * not using the Dropbear client, you'll need to change it */ | |
97 | -#define _PATH_SSH_PROGRAM "/usr/bin/dbclient" | |
98 | +#define _PATH_SSH_PROGRAM "@TERMUX_PREFIX@/bin/dbclient" | |
99 | ||
100 | /* Whether to log commands executed by a client. This only logs the | |
101 | * (single) command sent to the server, not what a user did in a | |
102 | @@ -314,7 +316,7 @@ | |
103 | #define DEFAULT_IDLE_TIMEOUT 0 | |
104 | ||
105 | /* The default path. This will often get replaced by the shell */ | |
106 | -#define DEFAULT_PATH "/usr/bin:/bin" | |
107 | +#define DEFAULT_PATH "@TERMUX_PREFIX@:/system/bin" | |
108 | ||
109 | /* Some other defines (that mostly should be left alone) are defined | |
110 | * in sysoptions.h */ | |
111 | diff -u -r ../dropbear-2013.62/sshpty.c ./sshpty.c | |
112 | --- ../dropbear-2013.62/sshpty.c 2013-12-03 14:39:15.000000000 +0100 | |
113 | +++ ./sshpty.c 2014-01-05 21:21:37.930812382 +0100 | |
114 | @@ -22,6 +22,10 @@ | |
115 | #include "errno.h" | |
116 | #include "sshpty.h" | |
117 | ||
118 | +#ifdef __ANDROID__ | |
119 | +# define USE_DEV_PTMX 1 | |
120 | +#endif | |
121 | + | |
122 | /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ | |
123 | #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) | |
124 | #undef HAVE_DEV_PTMX | |
125 | @@ -380,6 +384,7 @@ | |
126 | tty_name, strerror(errno)); | |
127 | } | |
128 | ||
129 | + /* | |
130 | if (st.st_uid != pw->pw_uid || st.st_gid != gid) { | |
131 | if (chown(tty_name, pw->pw_uid, gid) < 0) { | |
132 | if (errno == EROFS && | |
133 | @@ -409,4 +414,5 @@ | |
134 | } | |
135 | } | |
136 | } | |
137 | + */ | |
138 | } | |
139 | diff -u -r ../dropbear-2013.62/svr-agentfwd.c ./svr-agentfwd.c | |
140 | --- ../dropbear-2013.62/svr-agentfwd.c 2013-12-03 14:39:15.000000000 +0100 | |
141 | +++ ./svr-agentfwd.c 2014-01-05 21:21:37.930812382 +0100 | |
142 | @@ -218,10 +218,12 @@ | |
143 | /* drop to user privs to make the dir/file */ | |
144 | uid = getuid(); | |
145 | gid = getgid(); | |
146 | + /* | |
147 | if ((setegid(ses.authstate.pw_gid)) < 0 || | |
148 | (seteuid(ses.authstate.pw_uid)) < 0) { | |
149 | dropbear_exit("Failed to set euid"); | |
150 | } | |
151 | + */ | |
152 | ||
153 | memset((void*)&addr, 0x0, sizeof(addr)); | |
154 | addr.sun_family = AF_UNIX; | |
155 | diff -u -r ../dropbear-2013.62/svr-chansession.c ./svr-chansession.c | |
156 | --- ../dropbear-2013.62/svr-chansession.c 2013-12-03 14:39:15.000000000 +0100 | |
157 | +++ ./svr-chansession.c 2014-01-05 21:32:15.438797159 +0100 | |
158 | @@ -874,6 +874,8 @@ | |
159 | #endif | |
160 | ||
161 | /* clear environment */ | |
162 | + /* termux: do not clear environment on android */ | |
163 | +#ifndef __ANDROID__ | |
164 | /* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD | |
165 | * etc. This is hazardous, so should only be used for debugging. */ | |
166 | #ifndef DEBUG_VALGRIND | |
167 | @@ -886,6 +888,7 @@ | |
168 | } | |
169 | #endif /* HAVE_CLEARENV */ | |
170 | #endif /* DEBUG_VALGRIND */ | |
171 | +#endif /* __ANDROID__ */ | |
172 | ||
173 | /* We can only change uid/gid as root ... */ | |
174 | if (getuid() == 0) { | |
175 | @@ -911,12 +914,14 @@ | |
176 | } | |
177 | } | |
178 | ||
179 | + /* termux: do not modify environment since we did not clean it */ | |
180 | +#ifndef __ANDROID__ | |
181 | /* set env vars */ | |
182 | addnewvar("USER", ses.authstate.pw_name); | |
183 | addnewvar("LOGNAME", ses.authstate.pw_name); | |
184 | addnewvar("HOME", ses.authstate.pw_dir); | |
185 | addnewvar("SHELL", get_user_shell()); | |
186 | - addnewvar("PATH", DEFAULT_PATH); | |
187 | +#endif /* __ANDROID__ */ | |
188 | if (chansess->term != NULL) { | |
189 | addnewvar("TERM", chansess->term); | |
190 | } |