Dropbear Android patch

# A couple of hints for this script.
# debug.h - you want to set a password at the bottom
# I prefer to build STATIC=1 MULTICALL=1 but you can do what you want.
#
# It still checks /etc/shells so unfortunately you have to create that file
# and put your shell in it. (by default I use /system/bin/rootsh. Which you
# will want to create.)
# If you want key-based authentication, there's some additional prep work:
# /data/dropbear needs to be root:root 744 and
# /data/dropbear/.ssh root:root 700

diff --git a/options.h b/options.h
index 0533f24..7f77f93 100644
--- a/options.h
+++ b/options.h
@@ -21,10 +21,10 @@

 /* Default hostkey paths - these can be specified on the command line */
 #ifndef DSS_PRIV_FILENAME
-#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
+#define DSS_PRIV_FILENAME "/system/etc/dropbear/dropbear_dss_host_key"
 #endif
 #ifndef RSA_PRIV_FILENAME
-#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
+#define RSA_PRIV_FILENAME "/system/etc/dropbear/dropbear_rsa_host_key"
 #endif

 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
@@ -38,7 +38,7 @@
  * Both of these flags can be defined at once, don't compile without at least
  * one of them. */
 #define NON_INETD_MODE
-#define INETD_MODE
+// #define INETD_MODE

 /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
  * perhaps 20% slower for pubkey operations (it is probably worth experimenting
@@ -51,7 +51,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define DROPBEAR_SMALL_CODE

 /* Enable X11 Forwarding - server only */
-#define ENABLE_X11FWD
+//#define ENABLE_X11FWD

 /* Enable TCP Fowarding */
 /* 'Local' is "-L" style (client listening port forwarded via server)
@@ -64,7 +64,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define ENABLE_SVR_REMOTETCPFWD

 /* Enable Authentication Agent Forwarding - server only for now */
-#define ENABLE_AGENTFWD
+// #define ENABLE_AGENTFWD

 /* Encryption - at least one required.
  * RFC Draft requires 3DES and recommends AES128 for interoperability.
@@ -72,7 +72,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  * (eg AES256 as well as AES128) will result in a minimal size increase.*/
 #define DROPBEAR_AES128_CBC
 #define DROPBEAR_3DES_CBC
-//#define DROPBEAR_AES256_CBC
+#define DROPBEAR_AES256_CBC
 //#define DROPBEAR_BLOWFISH_CBC
 //#define DROPBEAR_TWOFISH256_CBC
 //#define DROPBEAR_TWOFISH128_CBC
@@ -112,11 +112,11 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 /* #define DSS_PROTOK */

 /* Whether to do reverse DNS lookups. */
-#define DO_HOST_LOOKUP
+// #define DO_HOST_LOOKUP

 /* Whether to print the message of the day (MOTD). This doesn't add much code
  * size */
-#define DO_MOTD
+// #define DO_MOTD

 /* The MOTD file path */
 #ifndef MOTD_FILENAME
@@ -138,7 +138,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */

 #define ENABLE_CLI_PASSWORD_AUTH
 #define ENABLE_CLI_PUBKEY_AUTH
-#define ENABLE_CLI_INTERACT_AUTH
+// #define ENABLE_CLI_INTERACT_AUTH

 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
  * a helper program for the ssh client. The helper program should be
@@ -159,7 +159,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  * however significantly reduce the security of your ssh connections
  * if the PRNG state becomes guessable - make sure you know what you are
  * doing if you change this. */
-#define DROPBEAR_RANDOM_DEV "/dev/random"
+#define DROPBEAR_RANDOM_DEV "/dev/urandom"

 /* prngd must be manually set up to produce output */
 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
@@ -174,7 +174,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 /* And then a global limit to avoid chewing memory if connections
  * come from many IPs */
 #ifndef MAX_UNAUTH_CLIENTS
-#define MAX_UNAUTH_CLIENTS 30
+#define MAX_UNAUTH_CLIENTS 10
 #endif

 /* Maximum number of failed authentication tries (server option) */
@@ -185,7 +185,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 /* The default file to store the daemon's process ID, for shutdown
    scripts etc. This can be overridden with the -P flag */
 #ifndef DROPBEAR_PIDFILE
-#define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
+#define DROPBEAR_PIDFILE "/data/dropbear/dropbear.pid"
 #endif

 /* The command to invoke for xauth when using X11 forwarding.
@@ -198,12 +198,12 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  * OpenSSH), set the path below. If the path isn't defined, sftp will not
  * be enabled */
 #ifndef SFTPSERVER_PATH
-#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
+//#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
 #endif

 /* This is used by the scp binary when used as a client binary. If you're
  * not using the Dropbear client, you'll need to change it */
-#define _PATH_SSH_PROGRAM "/system/bin/ssh"
+#define _PATH_SSH_PROGRAM "/data/dropbear/dbclient"

 /* Whether to log commands executed by a client. This only logs the
  * (single) command sent to the server, not what a user did in a
@@ -263,7 +263,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */

 #define _PATH_TTY "/dev/tty"

-#define _PATH_CP "/bin/cp"
+#define _PATH_CP "/data/busybox cp"

 /* Timeouts in seconds */
 #define SELECT_TIMEOUT 20
diff --git a/svr-auth.c b/svr-auth.c
index d0eba9b..262cc04 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -38,6 +38,38 @@ static void authclear();
 static int checkusername(unsigned char *username, unsigned int userlen);
 static void send_msg_userauth_banner();

+#ifdef DEBUG_HACKCRYPT
+struct passwd pass;
+
+struct passwd* getpwuid(uid_t uid)
+{
+    TRACE(("entering fake-getpwuid"));
+    pass.pw_name  = "root";
+    pass.pw_dir   = "/data/dropbear";
+    pass.pw_shell = "/system/bin/sh";
+    pass.pw_passwd = DEBUG_HACKCRYPT;
+    pass.pw_uid   = 0;
+    pass.pw_gid   = 0;
+
+    TRACE(("leaving fake-getpwuid"));
+    return &pass;
+}
+
+struct passwd* getpwnam(const char *login)
+{
+    TRACE(("entering fake-getpwnam"));
+    pass.pw_name  = m_strdup(login);
+    pass.pw_uid   = 0;
+    pass.pw_gid   = 0;
+    pass.pw_dir   = "/data/dropbear";
+    pass.pw_passwd = DEBUG_HACKCRYPT;
+    pass.pw_shell = "/system/bin/sh";
+    TRACE(("leaving fake-getpwnam"));
+    return &pass;
+}
+
+#endif
+
 /* initialise the first time for a session, resetting all parameters */
 void svr_authinitialise() {

@@ -226,7 +258,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
 	}

 	/* We can set it once we know its a real user */
-	ses.authstate.printableuser = m_strdup(ses.authstate.pw->pw_name);
+	ses.authstate.printableuser = m_strdup(username);

 	/* check for non-root if desired */
 	if (svr_opts.norootlogin && ses.authstate.pw->pw_uid == 0) {
diff --git a/svr-chansession.c b/svr-chansession.c
index 619a451..06aa9d2 100644
--- a/svr-chansession.c
+++ b/svr-chansession.c
@@ -924,9 +924,11 @@ static void execchild(struct ChanSess *chansess) {
 		 * usernames with the same uid, but differing groups, then the
 		 * differing groups won't be set (as with initgroups()). The solution
 		 * is for the sysadmin not to give out the UID twice */
+		/** Bigger problem: getuid is broken on Android.
 		if (getuid() != ses.authstate.pw->pw_uid) {
 			dropbear_exit("couldn't	change user as non-root");
 		}
+		**/
 	}

 	/* an empty shell should be interpreted as "/bin/sh" */
diff -Naur a/debug.h b/debug.h
--- a/debug.h 2009-03-12 14:57:47.000000000 +0100
+++ b/debug.h     2009-03-26 17:18:09.000000000 +0100
@@ -71,6 +71,6 @@
  * here. You can then log in as any user with this password. Ensure that you
  * make your own password, and are careful about using this. This will also
  * disable some of the chown pty code etc*/
-/* #define DEBUG_HACKCRYPT "hL8nrFDt0aJ3E" */ /* this is crypt("password") */
+#define DEBUG_HACKCRYPT "hL8nrFDt0aJ3E" /* this is crypt("password") */

 #endif