| 1 | diff -u -r ../dropbear-2013.62/cli-auth.c ./cli-auth.c |
| 2 | --- ../dropbear-2013.62/cli-auth.c 2013-12-03 14:39:15.000000000 +0100 |
| 3 | +++ ./cli-auth.c 2014-01-05 21:21:37.926812382 +0100 |
| 4 | @@ -32,6 +32,10 @@ |
| 5 | #include "packet.h" |
| 6 | #include "runopts.h" |
| 7 | |
| 8 | +char * getpass (const char *prompt) { |
| 9 | + return ""; |
| 10 | +} |
| 11 | + |
| 12 | void cli_authinitialise() { |
| 13 | |
| 14 | memset(&ses.authstate, 0, sizeof(ses.authstate)); |
| 15 | #ifdef ENABLE_CLI_ANYTCPFWD |
| 16 | diff -u -r ../dropbear-2013.62/options.h ./options.h |
| 17 | --- ../dropbear-2013.62/options.h 2013-12-03 14:39:15.000000000 +0100 |
| 18 | +++ ./options.h 2014-01-05 21:21:37.930812382 +0100 |
| 19 | @@ -10,8 +10,10 @@ |
| 20 | |
| 21 | /* IMPORTANT: Many options will require "make clean" after changes */ |
| 22 | + |
| 23 | + |
| 24 | |
| 25 | #ifndef DROPBEAR_DEFPORT |
| 26 | -#define DROPBEAR_DEFPORT "22" |
| 27 | +#define DROPBEAR_DEFPORT "8022" |
| 28 | #endif |
| 29 | |
| 30 | #ifndef DROPBEAR_DEFADDRESS |
| 31 | @@ -21,13 +23,13 @@ |
| 32 | |
| 33 | /* Default hostkey paths - these can be specified on the command line */ |
| 34 | #ifndef DSS_PRIV_FILENAME |
| 35 | -#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" |
| 36 | +#define DSS_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_dss_host_key" |
| 37 | #endif |
| 38 | #ifndef RSA_PRIV_FILENAME |
| 39 | -#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" |
| 40 | +#define RSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_rsa_host_key" |
| 41 | #endif |
| 42 | #ifndef ECDSA_PRIV_FILENAME |
| 43 | -#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key" |
| 44 | +#define ECDSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_ecdsa_host_key" |
| 45 | #endif |
| 46 | |
| 47 | /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens |
| 48 | @@ -41,7 +43,7 @@ |
| 49 | * Both of these flags can be defined at once, don't compile without at least |
| 50 | * one of them. */ |
| 51 | #define NON_INETD_MODE |
| 52 | -#define INETD_MODE |
| 53 | +#undef INETD_MODE |
| 54 | |
| 55 | /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is |
| 56 | * perhaps 20% slower for pubkey operations (it is probably worth experimenting |
| 57 | @@ -55,7 +57,7 @@ |
| 58 | #define DROPBEAR_SMALL_CODE |
| 59 | |
| 60 | /* Enable X11 Forwarding - server only */ |
| 61 | -#define ENABLE_X11FWD |
| 62 | +#undef ENABLE_X11FWD |
| 63 | |
| 64 | /* Enable TCP Fowarding */ |
| 65 | /* 'Local' is "-L" style (client listening port forwarded via server) |
| 66 | @@ -179,7 +181,7 @@ |
| 67 | |
| 68 | /* The MOTD file path */ |
| 69 | #ifndef MOTD_FILENAME |
| 70 | -#define MOTD_FILENAME "/etc/motd" |
| 71 | +#define MOTD_FILENAME "@TERMUX_PREFIX@/etc/motd" |
| 72 | #endif |
| 73 | |
| 74 | /* Authentication Types - at least one required. |
| 75 | @@ -192,7 +194,7 @@ |
| 76 | * PAM challenge/response. |
| 77 | * You can't enable both PASSWORD and PAM. */ |
| 78 | |
| 79 | -#define ENABLE_SVR_PASSWORD_AUTH |
| 80 | +#undef ENABLE_SVR_PASSWORD_AUTH |
| 81 | /* PAM requires ./configure --enable-pam */ |
| 82 | /*#define ENABLE_SVR_PAM_AUTH */ |
| 83 | #define ENABLE_SVR_PUBKEY_AUTH |
| 84 | @@ -259,7 +261,7 @@ |
| 85 | /* The default file to store the daemon's process ID, for shutdown |
| 86 | scripts etc. This can be overridden with the -P flag */ |
| 87 | #ifndef DROPBEAR_PIDFILE |
| 88 | -#define DROPBEAR_PIDFILE "/var/run/dropbear.pid" |
| 89 | +#define DROPBEAR_PIDFILE "@TERMUX_PREFIX@/var/run/dropbear.pid" |
| 90 | #endif |
| 91 | |
| 92 | /* The command to invoke for xauth when using X11 forwarding. |
| 93 | @@ -277,7 +279,7 @@ |
| 94 | |
| 95 | /* This is used by the scp binary when used as a client binary. If you're |
| 96 | * not using the Dropbear client, you'll need to change it */ |
| 97 | -#define _PATH_SSH_PROGRAM "/usr/bin/dbclient" |
| 98 | +#define _PATH_SSH_PROGRAM "@TERMUX_PREFIX@/bin/dbclient" |
| 99 | |
| 100 | /* Whether to log commands executed by a client. This only logs the |
| 101 | * (single) command sent to the server, not what a user did in a |
| 102 | @@ -314,7 +316,7 @@ |
| 103 | #define DEFAULT_IDLE_TIMEOUT 0 |
| 104 | |
| 105 | /* The default path. This will often get replaced by the shell */ |
| 106 | -#define DEFAULT_PATH "/usr/bin:/bin" |
| 107 | +#define DEFAULT_PATH "@TERMUX_PREFIX@:/system/bin" |
| 108 | |
| 109 | /* Some other defines (that mostly should be left alone) are defined |
| 110 | * in sysoptions.h */ |
| 111 | diff -u -r ../dropbear-2013.62/sshpty.c ./sshpty.c |
| 112 | --- ../dropbear-2013.62/sshpty.c 2013-12-03 14:39:15.000000000 +0100 |
| 113 | +++ ./sshpty.c 2014-01-05 21:21:37.930812382 +0100 |
| 114 | @@ -22,6 +22,10 @@ |
| 115 | #include "errno.h" |
| 116 | #include "sshpty.h" |
| 117 | |
| 118 | +#ifdef __ANDROID__ |
| 119 | +# define USE_DEV_PTMX 1 |
| 120 | +#endif |
| 121 | + |
| 122 | /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ |
| 123 | #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) |
| 124 | #undef HAVE_DEV_PTMX |
| 125 | @@ -380,6 +384,7 @@ |
| 126 | tty_name, strerror(errno)); |
| 127 | } |
| 128 | |
| 129 | + /* |
| 130 | if (st.st_uid != pw->pw_uid || st.st_gid != gid) { |
| 131 | if (chown(tty_name, pw->pw_uid, gid) < 0) { |
| 132 | if (errno == EROFS && |
| 133 | @@ -409,4 +414,5 @@ |
| 134 | } |
| 135 | } |
| 136 | } |
| 137 | + */ |
| 138 | } |
| 139 | diff -u -r ../dropbear-2013.62/svr-agentfwd.c ./svr-agentfwd.c |
| 140 | --- ../dropbear-2013.62/svr-agentfwd.c 2013-12-03 14:39:15.000000000 +0100 |
| 141 | +++ ./svr-agentfwd.c 2014-01-05 21:21:37.930812382 +0100 |
| 142 | @@ -218,10 +218,12 @@ |
| 143 | /* drop to user privs to make the dir/file */ |
| 144 | uid = getuid(); |
| 145 | gid = getgid(); |
| 146 | + /* |
| 147 | if ((setegid(ses.authstate.pw_gid)) < 0 || |
| 148 | (seteuid(ses.authstate.pw_uid)) < 0) { |
| 149 | dropbear_exit("Failed to set euid"); |
| 150 | } |
| 151 | + */ |
| 152 | |
| 153 | memset((void*)&addr, 0x0, sizeof(addr)); |
| 154 | addr.sun_family = AF_UNIX; |
| 155 | diff -u -r ../dropbear-2013.62/svr-chansession.c ./svr-chansession.c |
| 156 | --- ../dropbear-2013.62/svr-chansession.c 2013-12-03 14:39:15.000000000 +0100 |
| 157 | +++ ./svr-chansession.c 2014-01-05 21:32:15.438797159 +0100 |
| 158 | @@ -874,6 +874,8 @@ |
| 159 | #endif |
| 160 | |
| 161 | /* clear environment */ |
| 162 | + /* termux: do not clear environment on android */ |
| 163 | +#ifndef __ANDROID__ |
| 164 | /* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD |
| 165 | * etc. This is hazardous, so should only be used for debugging. */ |
| 166 | #ifndef DEBUG_VALGRIND |
| 167 | @@ -886,6 +888,7 @@ |
| 168 | } |
| 169 | #endif /* HAVE_CLEARENV */ |
| 170 | #endif /* DEBUG_VALGRIND */ |
| 171 | +#endif /* __ANDROID__ */ |
| 172 | |
| 173 | /* We can only change uid/gid as root ... */ |
| 174 | if (getuid() == 0) { |
| 175 | @@ -911,12 +914,14 @@ |
| 176 | } |
| 177 | } |
| 178 | |
| 179 | + /* termux: do not modify environment since we did not clean it */ |
| 180 | +#ifndef __ANDROID__ |
| 181 | /* set env vars */ |
| 182 | addnewvar("USER", ses.authstate.pw_name); |
| 183 | addnewvar("LOGNAME", ses.authstate.pw_name); |
| 184 | addnewvar("HOME", ses.authstate.pw_dir); |
| 185 | addnewvar("SHELL", get_user_shell()); |
| 186 | - addnewvar("PATH", DEFAULT_PATH); |
| 187 | +#endif /* __ANDROID__ */ |
| 188 | if (chansess->term != NULL) { |
| 189 | addnewvar("TERM", chansess->term); |
| 190 | } |