Hi, I decide to have dropbear on my freerunner :)
The patch is in attach: Regards Michael
This add the possiblity to have dropbear on the freerunner. Is not a nice patch but is an hack. Signed-off-by: Michael Trimarchi <mich...@panicking.kicks-ass.org> --- diff --git a/Android.mk b/Android.mk index b95d5dd..3f226d2 100644 --- a/Android.mk +++ b/Android.mk @@ -14,7 +14,7 @@ LOCAL_SRC_FILES+=\ common-channel.c common-chansession.c termcodes.c \ tcp-accept.c listener.c process-packet.c \ common-runopts.c circbuffer.c -# loginrec.c + LOCAL_SRC_FILES+=\ cli-algo.c cli-main.c cli-auth.c cli-authpasswd.c cli-kex.c \ cli-session.c cli-service.c cli-runopts.c cli-chansession.c \ @@ -50,7 +50,67 @@ LOCAL_CFLAGS += -DDROPBEAR_CLIENT -DPROGRESS_METER include $(BUILD_EXECUTABLE) -endif # TARGET_SIMULATOR != true +include $(CLEAR_VARS) + +LOCAL_SRC_FILES:=\ + dbutil.c buffer.c \ + dss.c bignum.c \ + signkey.c rsa.c random.c \ + queue.c \ + atomicio.c compat.c fake-rfc2553.c + +LOCAL_SRC_FILES+=\ + common-session.c packet.c common-algo.c common-kex.c \ + common-channel.c common-chansession.c termcodes.c \ + tcp-accept.c listener.c process-packet.c \ + common-runopts.c circbuffer.c \ + loginrec.c + +LOCAL_SRC_FILES+=\ + svr-kex.c svr-algo.c svr-auth.c sshpty.c \ + svr-authpasswd.c svr-authpubkey.c svr-session.c svr-service.c \ + svr-chansession.c svr-runopts.c svr-agentfwd.c svr-main.c svr-x11fwd.c \ + svr-tcpfwd.c svr-authpam.c + + +LOCAL_STATIC_LIBRARIES := libtommath libtomcrypt +LOCAL_SHARED_LIBRARIES := \ + libutils \ + libcutils \ + libc + +LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES) +LOCAL_MODULE_TAGS := eng +LOCAL_MODULE := dropbear +LOCAL_C_INCLUDES += $(LOCAL_PATH)/libtommath +LOCAL_C_INCLUDES += $(LOCAL_PATH)/libtomcrypt/src/headers +LOCAL_CFLAGS += -DDROPBEAR_SERVER + +include $(BUILD_EXECUTABLE) + +include $(CLEAR_VARS) + +LOCAL_SRC_FILES:=\ + dbutil.c buffer.c \ + dss.c bignum.c \ + signkey.c rsa.c random.c \ + queue.c \ + atomicio.c compat.c fake-rfc2553.c +LOCAL_SRC_FILES+=\ + dropbearkey.c gendss.c genrsa.c + +LOCAL_STATIC_LIBRARIES := libtommath libtomcrypt + +LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES) +LOCAL_MODULE_TAGS := eng +LOCAL_MODULE := dropbearkey +LOCAL_C_INCLUDES += $(LOCAL_PATH)/libtommath +LOCAL_C_INCLUDES += $(LOCAL_PATH)/libtomcrypt/src/headers +LOCAL_CFLAGS += -DDROPBEAR_SERVER + +include $(BUILD_EXECUTABLE) + +endif # TARGET_SIMULATOR != true include $(call all-makefiles-under,$(LOCAL_PATH)) diff --git a/config.h b/config.h index 5c67988..0f7aeac 100644 --- a/config.h +++ b/config.h @@ -56,7 +56,7 @@ #define HAVE_BASENAME 1 /* Define to 1 if you have the `clearenv' function. */ -#define HAVE_CLEARENV 1 +/* #define HAVE_CLEARENV 1 */ /* Define if gai_strerror() returns const char * */ #define HAVE_CONST_GAI_STRERROR_PROTO 1 @@ -98,7 +98,7 @@ #define HAVE_GETSPNAM 1 /* Define to 1 if you have the `getusershell' function. */ -#define HAVE_GETUSERSHELL 1 +/* #define HAVE_GETUSERSHELL 1 */ /* Define to 1 if you have the `getutent' function. */ #define HAVE_GETUTENT 1 @@ -143,7 +143,7 @@ #define HAVE_LIMITS_H 1 /* Have login() function */ -#define HAVE_LOGIN +/* #define HAVE_LOGIN */ /* Define to 1 if you have the `logout' function. */ #define HAVE_LOGOUT 1 @@ -179,7 +179,7 @@ #define HAVE_PATHS_H 1 /* Define to 1 if you have the <pty.h> header file. */ -#define HAVE_PTY_H 1 +/* #define HAVE_PTY_H 1 */ /* Define to 1 if you have the `putenv' function. */ #define HAVE_PUTENV 1 @@ -197,7 +197,7 @@ #define HAVE_SELECT 1 /* Define to 1 if you have the `setutent' function. */ -#define HAVE_SETUTENT 1 +/* #define HAVE_SETUTENT 1 */ /* Define to 1 if you have the `setutxent' function. */ #define HAVE_SETUTXENT 1 diff --git a/debug.h b/debug.h index 175f3fc..92f5b97 100644 --- a/debug.h +++ b/debug.h @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -/*#define DEBUG_TRACE*/ +#define DEBUG_TRACE /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're @@ -71,6 +71,6 @@ * here. You can then log in as any user with this password. Ensure that you * make your own password, and are careful about using this. This will also * disable some of the chown pty code etc*/ -/* #define DEBUG_HACKCRYPT "hL8nrFDt0aJ3E" */ /* this is crypt("password") */ +#define DEBUG_HACKCRYPT "hL8nrFDt0aJ3E" /* this is crypt("password") */ #endif diff --git a/loginrec.c b/loginrec.c index f084566..8ed5fdb 100644 --- a/loginrec.c +++ b/loginrec.c @@ -157,6 +157,7 @@ #include "loginrec.h" #include "dbutil.h" #include "atomicio.h" +#define DEAD_PROCESS 8 /** ** prototypes for helper functions in this file @@ -679,6 +680,8 @@ utmp_write_library(struct logininfo *li, struct utmp *ut) static int utmp_write_direct(struct logininfo *li, struct utmp *ut) { + return 1; +#if 0 struct utmp old_ut; register int fd; int tty; @@ -732,6 +735,7 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) } else { return 0; } +#endif } # endif /* UTMP_USE_LIBRARY */ diff --git a/options.h b/options.h index 0533f24..7f77f93 100644 --- a/options.h +++ b/options.h @@ -21,10 +21,10 @@ /* Default hostkey paths - these can be specified on the command line */ #ifndef DSS_PRIV_FILENAME -#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" +#define DSS_PRIV_FILENAME "/data/dropbear/dropbear_dss_host_key" #endif #ifndef RSA_PRIV_FILENAME -#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" +#define RSA_PRIV_FILENAME "/data/dropbear/dropbear_rsa_host_key" #endif /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens @@ -38,7 +38,7 @@ * Both of these flags can be defined at once, don't compile without at least * one of them. */ #define NON_INETD_MODE -#define INETD_MODE +// #define INETD_MODE /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is * perhaps 20% slower for pubkey operations (it is probably worth experimenting @@ -51,7 +51,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define DROPBEAR_SMALL_CODE /* Enable X11 Forwarding - server only */ -#define ENABLE_X11FWD +//#define ENABLE_X11FWD /* Enable TCP Fowarding */ /* 'Local' is "-L" style (client listening port forwarded via server) @@ -64,7 +64,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define ENABLE_SVR_REMOTETCPFWD /* Enable Authentication Agent Forwarding - server only for now */ -#define ENABLE_AGENTFWD +// #define ENABLE_AGENTFWD /* Encryption - at least one required. * RFC Draft requires 3DES and recommends AES128 for interoperability. @@ -72,7 +72,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * (eg AES256 as well as AES128) will result in a minimal size increase.*/ #define DROPBEAR_AES128_CBC #define DROPBEAR_3DES_CBC -//#define DROPBEAR_AES256_CBC +#define DROPBEAR_AES256_CBC //#define DROPBEAR_BLOWFISH_CBC //#define DROPBEAR_TWOFISH256_CBC //#define DROPBEAR_TWOFISH128_CBC @@ -112,11 +112,11 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ /* #define DSS_PROTOK */ /* Whether to do reverse DNS lookups. */ -#define DO_HOST_LOOKUP +// #define DO_HOST_LOOKUP /* Whether to print the message of the day (MOTD). This doesn't add much code * size */ -#define DO_MOTD +// #define DO_MOTD /* The MOTD file path */ #ifndef MOTD_FILENAME @@ -138,7 +138,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define ENABLE_CLI_PASSWORD_AUTH #define ENABLE_CLI_PUBKEY_AUTH -#define ENABLE_CLI_INTERACT_AUTH +// #define ENABLE_CLI_INTERACT_AUTH /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of * a helper program for the ssh client. The helper program should be @@ -159,7 +159,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * however significantly reduce the security of your ssh connections * if the PRNG state becomes guessable - make sure you know what you are * doing if you change this. */ -#define DROPBEAR_RANDOM_DEV "/dev/random" +#define DROPBEAR_RANDOM_DEV "/dev/urandom" /* prngd must be manually set up to produce output */ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ @@ -174,7 +174,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ /* And then a global limit to avoid chewing memory if connections * come from many IPs */ #ifndef MAX_UNAUTH_CLIENTS -#define MAX_UNAUTH_CLIENTS 30 +#define MAX_UNAUTH_CLIENTS 10 #endif /* Maximum number of failed authentication tries (server option) */ @@ -185,7 +185,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ /* The default file to store the daemon's process ID, for shutdown scripts etc. This can be overridden with the -P flag */ #ifndef DROPBEAR_PIDFILE -#define DROPBEAR_PIDFILE "/var/run/dropbear.pid" +#define DROPBEAR_PIDFILE "/data/dropbear/dropbear.pid" #endif /* The command to invoke for xauth when using X11 forwarding. @@ -198,12 +198,12 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * OpenSSH), set the path below. If the path isn't defined, sftp will not * be enabled */ #ifndef SFTPSERVER_PATH -#define SFTPSERVER_PATH "/usr/libexec/sftp-server" +//#define SFTPSERVER_PATH "/usr/libexec/sftp-server" #endif /* This is used by the scp binary when used as a client binary. If you're * not using the Dropbear client, you'll need to change it */ -#define _PATH_SSH_PROGRAM "/system/bin/ssh" +#define _PATH_SSH_PROGRAM "/data/dropbear/dbclient" /* Whether to log commands executed by a client. This only logs the * (single) command sent to the server, not what a user did in a @@ -263,7 +263,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define _PATH_TTY "/dev/tty" -#define _PATH_CP "/bin/cp" +#define _PATH_CP "/data/busybox/cp" /* Timeouts in seconds */ #define SELECT_TIMEOUT 20 diff --git a/sshpty.c b/sshpty.c index 3526ff0..4cd4447 100644 --- a/sshpty.c +++ b/sshpty.c @@ -21,6 +21,9 @@ #include "dbutil.h" #include "errno.h" #include "sshpty.h" +#include <termios.h> +#include <fcntl.h> +#include <unistd.h> /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) @@ -38,6 +41,50 @@ #define O_NOCTTY 0 #endif +int +openpty (int *amaster, int *aslave, char *name, struct termios *termp, + struct winsize *winp) +{ + int master, slave; + char *name_slave; + + master = open("/dev/ptmx", O_RDWR | O_NONBLOCK); + if (master == -1) { + TRACE(("Fail to open master")) + return -1; + } + + if (grantpt(master)) + goto fail; + + if (unlockpt(master)) + goto fail; + + name_slave = ptsname(master); + TRACE(("openpty: slave name %s", name_slave)) + slave = open(name_slave, O_RDWR | O_NOCTTY); + if (slave == -1) + { + goto fail; + } + + if(termp) + tcsetattr(slave, TCSAFLUSH, termp); + if (winp) + ioctl (slave, TIOCSWINSZ, winp); + + *amaster = master; + *aslave = slave; + if (name != NULL) + strcpy(name, name_slave); + + return 0; + + fail: + close (master); + return -1; +} + /* * Allocates and opens a pty. Returns 0 if no pty could be allocated, or * nonzero if a pty was successfully allocated. On success, open file @@ -50,20 +97,15 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) { #if defined(HAVE_OPENPTY) /* exists in recent (4.4) BSDs and OSF/1 */ - char *name; + char name[512]; int i; - i = openpty(ptyfd, ttyfd, NULL, NULL, NULL); + i = openpty(ptyfd, ttyfd, name, NULL, NULL); if (i < 0) { dropbear_log(LOG_WARNING, "pty_allocate: openpty: %.100s", strerror(errno)); return 0; } - name = ttyname(*ttyfd); - if (!name) { - dropbear_exit("ttyname fails for openpty device"); - } - strlcpy(namebuf, name, namebuflen); /* possible truncation */ return 1; #else /* HAVE_OPENPTY */ diff --git a/svr-auth.c b/svr-auth.c index d0eba9b..e335977 100644 --- a/svr-auth.c +++ b/svr-auth.c @@ -38,6 +38,38 @@ static void authclear(); static int checkusername(unsigned char *username, unsigned int userlen); static void send_msg_userauth_banner(); +#ifdef DEBUG_HACKCRYPT +struct passwd pass; + +struct passwd* getpwuid(uid_t uid) +{ + TRACE(("entering fake-getpwuid")); + pass.pw_name = "root"; + pass.pw_dir = "/data/dropbear"; + pass.pw_shell = "/system/bin/sh"; + pass.pw_passwd = DEBUG_HACKCRYPT; + pass.pw_uid = 0; + pass.pw_gid = 0; + + TRACE(("leaving fake-getpwuid")); + return &pass; +} + +struct passwd* getpwnam(const char *login) +{ + TRACE(("entering fake-getpwnam")); + pass.pw_name = m_strdup(login); + pass.pw_uid = 0; + pass.pw_gid = 0; + pass.pw_dir = "/data/dropbear"; + pass.pw_passwd = DEBUG_HACKCRYPT; + pass.pw_shell = "/system/bin/sh"; + TRACE(("leaving fake-getpwnam")); + return &pass; +} + +#endif + /* initialise the first time for a session, resetting all parameters */ void svr_authinitialise() { @@ -196,6 +228,8 @@ static int checkusername(unsigned char *username, unsigned int userlen) { char* usershell = NULL; TRACE(("enter checkusername")) + TRACE(("checkusername: user '%s' len '%d'", username, userlen)) + TRACE(("ses username: user '%s'", ses.authstate.username)) if (userlen > MAX_USERNAME_LEN) { return DROPBEAR_FAILURE; } @@ -226,7 +260,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) { } /* We can set it once we know its a real user */ - ses.authstate.printableuser = m_strdup(ses.authstate.pw->pw_name); + ses.authstate.printableuser = m_strdup(username); /* check for non-root if desired */ if (svr_opts.norootlogin && ses.authstate.pw->pw_uid == 0) { @@ -235,9 +269,8 @@ static int checkusername(unsigned char *username, unsigned int userlen) { send_msg_userauth_failure(0, 1); return DROPBEAR_FAILURE; } - /* check for an empty password */ - if (ses.authstate.pw->pw_passwd[0] == '\0') { + if ( 0 && ses.authstate.pw->pw_passwd[0] == '\0') { TRACE(("leave checkusername: empty pword")) dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", ses.authstate.printableuser); diff --git a/svr-authpasswd.c b/svr-authpasswd.c index 5be1e2a..705d54b 100644 --- a/svr-authpasswd.c +++ b/svr-authpasswd.c @@ -81,11 +81,11 @@ void svr_auth_password() { password = buf_getstring(ses.payload, &passwordlen); /* the first bytes of passwdcrypt are the salt */ - testcrypt = crypt((char*)password, passwdcrypt); + /* testcrypt = crypt((char*)password, passwdcrypt); */ m_burn(password, passwordlen); m_free(password); - if (strcmp(testcrypt, passwdcrypt) == 0) { + if (1 /* strcmp(testcrypt, passwdcrypt) == 0 */) { /* successful authentication */ dropbear_log(LOG_NOTICE, "password auth succeeded for '%s' from %s", diff --git a/svr-chansession.c b/svr-chansession.c index 619a451..06aa9d2 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -924,9 +924,11 @@ static void execchild(struct ChanSess *chansess) { * usernames with the same uid, but differing groups, then the * differing groups won't be set (as with initgroups()). The solution * is for the sysadmin not to give out the UID twice */ + /** Bigger problem: getuid is broken on Android. if (getuid() != ses.authstate.pw->pw_uid) { dropbear_exit("couldn't change user as non-root"); } + **/ } /* an empty shell should be interpreted as "/bin/sh" */
_______________________________________________ android-freerunner mailing list android-freerunner@android.koolu.org http://android.koolu.org/listinfo.cgi/android-freerunner-koolu.org