SHARE
TWEET

Dropbear Android patch

a guest Mar 30th, 2009 1,941 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # A couple of hints for this script.
  2. # debug.h - you want to set a password at the bottom
  3. # I prefer to build STATIC=1 MULTICALL=1 but you can do what you want.
  4. #
  5. # It still checks /etc/shells so unfortunately you have to create that file
  6. # and put your shell in it. (by default I use /system/bin/rootsh. Which you
  7. # will want to create.)
  8. # If you want key-based authentication, there's some additional prep work:
  9. # /data/dropbear needs to be root:root 744 and
  10. # /data/dropbear/.ssh root:root 700
  11.  
  12. diff --git a/options.h b/options.h
  13. index 0533f24..7f77f93 100644
  14. --- a/options.h
  15. +++ b/options.h
  16.  -21,10 +21,10 @@
  17.  
  18.  /* Default hostkey paths - these can be specified on the command line */
  19.  #ifndef DSS_PRIV_FILENAME
  20. -#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
  21. +#define DSS_PRIV_FILENAME "/system/etc/dropbear/dropbear_dss_host_key"
  22.  #endif
  23.  #ifndef RSA_PRIV_FILENAME
  24. -#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
  25. +#define RSA_PRIV_FILENAME "/system/etc/dropbear/dropbear_rsa_host_key"
  26.  #endif
  27.  
  28.  /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
  29.  -38,7 +38,7 @@
  30.   * Both of these flags can be defined at once, don't compile without at least
  31.   * one of them. */
  32.  #define NON_INETD_MODE
  33. -#define INETD_MODE
  34. +// #define INETD_MODE
  35.  
  36.  /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
  37.   * perhaps 20% slower for pubkey operations (it is probably worth experimenting
  38.  -51,7 +51,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  39.  #define DROPBEAR_SMALL_CODE
  40.  
  41.  /* Enable X11 Forwarding - server only */
  42. -#define ENABLE_X11FWD
  43. +//#define ENABLE_X11FWD
  44.  
  45.  /* Enable TCP Fowarding */
  46.  /* 'Local' is "-L" style (client listening port forwarded via server)
  47.  -64,7 +64,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  48.  #define ENABLE_SVR_REMOTETCPFWD
  49.  
  50.  /* Enable Authentication Agent Forwarding - server only for now */
  51. -#define ENABLE_AGENTFWD
  52. +// #define ENABLE_AGENTFWD
  53.  
  54.  /* Encryption - at least one required.
  55.   * RFC Draft requires 3DES and recommends AES128 for interoperability.
  56.  -72,7 +72,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  57.   * (eg AES256 as well as AES128) will result in a minimal size increase.*/
  58.  #define DROPBEAR_AES128_CBC
  59.  #define DROPBEAR_3DES_CBC
  60. -//#define DROPBEAR_AES256_CBC
  61. +#define DROPBEAR_AES256_CBC
  62.  //#define DROPBEAR_BLOWFISH_CBC
  63.  //#define DROPBEAR_TWOFISH256_CBC
  64.  //#define DROPBEAR_TWOFISH128_CBC
  65.  -112,11 +112,11 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  66.  /* #define DSS_PROTOK */
  67.  
  68.  /* Whether to do reverse DNS lookups. */
  69. -#define DO_HOST_LOOKUP
  70. +// #define DO_HOST_LOOKUP
  71.  
  72.  /* Whether to print the message of the day (MOTD). This doesn't add much code
  73.   * size */
  74. -#define DO_MOTD
  75. +// #define DO_MOTD
  76.  
  77.  /* The MOTD file path */
  78.  #ifndef MOTD_FILENAME
  79.  -138,7 +138,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  80.  
  81.  #define ENABLE_CLI_PASSWORD_AUTH
  82.  #define ENABLE_CLI_PUBKEY_AUTH
  83. -#define ENABLE_CLI_INTERACT_AUTH
  84. +// #define ENABLE_CLI_INTERACT_AUTH
  85.  
  86.  /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
  87.   * a helper program for the ssh client. The helper program should be
  88.  -159,7 +159,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  89.   * however significantly reduce the security of your ssh connections
  90.   * if the PRNG state becomes guessable - make sure you know what you are
  91.   * doing if you change this. */
  92. -#define DROPBEAR_RANDOM_DEV "/dev/random"
  93. +#define DROPBEAR_RANDOM_DEV "/dev/urandom"
  94.  
  95.  /* prngd must be manually set up to produce output */
  96.  /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
  97.  -174,7 +174,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  98.  /* And then a global limit to avoid chewing memory if connections
  99.   * come from many IPs */
  100.  #ifndef MAX_UNAUTH_CLIENTS
  101. -#define MAX_UNAUTH_CLIENTS 30
  102. +#define MAX_UNAUTH_CLIENTS 10
  103.  #endif
  104.  
  105.  /* Maximum number of failed authentication tries (server option) */
  106.  -185,7 +185,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  107.  /* The default file to store the daemon's process ID, for shutdown
  108.     scripts etc. This can be overridden with the -P flag */
  109.  #ifndef DROPBEAR_PIDFILE
  110. -#define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
  111. +#define DROPBEAR_PIDFILE "/data/dropbear/dropbear.pid"
  112.  #endif
  113.  
  114.  /* The command to invoke for xauth when using X11 forwarding.
  115.  -198,12 +198,12 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  116.   * OpenSSH), set the path below. If the path isn't defined, sftp will not
  117.   * be enabled */
  118.  #ifndef SFTPSERVER_PATH
  119. -#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
  120. +//#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
  121.  #endif
  122.  
  123.  /* This is used by the scp binary when used as a client binary. If you're
  124.   * not using the Dropbear client, you'll need to change it */
  125. -#define _PATH_SSH_PROGRAM "/system/bin/ssh"
  126. +#define _PATH_SSH_PROGRAM "/data/dropbear/dbclient"
  127.  
  128.  /* Whether to log commands executed by a client. This only logs the
  129.   * (single) command sent to the server, not what a user did in a
  130.  -263,7 +263,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  131.  
  132.  #define _PATH_TTY "/dev/tty"
  133.  
  134. -#define _PATH_CP "/bin/cp"
  135. +#define _PATH_CP "/data/busybox cp"
  136.  
  137.  /* Timeouts in seconds */
  138.  #define SELECT_TIMEOUT 20
  139. diff --git a/svr-auth.c b/svr-auth.c
  140. index d0eba9b..262cc04 100644
  141. --- a/svr-auth.c
  142. +++ b/svr-auth.c
  143.  -38,6 +38,38 @@ static void authclear();
  144.  static int checkusername(unsigned char *username, unsigned int userlen);
  145.  static void send_msg_userauth_banner();
  146.  
  147. +#ifdef DEBUG_HACKCRYPT
  148. +struct passwd pass;
  149. +
  150. +struct passwd* getpwuid(uid_t uid)
  151. +{
  152. +    TRACE(("entering fake-getpwuid"));
  153. +    pass.pw_name  = "root";
  154. +    pass.pw_dir   = "/data/dropbear";
  155. +    pass.pw_shell = "/system/bin/sh";
  156. +    pass.pw_passwd = DEBUG_HACKCRYPT;
  157. +    pass.pw_uid   = 0;
  158. +    pass.pw_gid   = 0;
  159. +
  160. +    TRACE(("leaving fake-getpwuid"));
  161. +    return &pass;
  162. +}
  163. +
  164. +struct passwd* getpwnam(const char *login)
  165. +{
  166. +    TRACE(("entering fake-getpwnam"));
  167. +    pass.pw_name  = m_strdup(login);
  168. +    pass.pw_uid   = 0;
  169. +    pass.pw_gid   = 0;
  170. +    pass.pw_dir   = "/data/dropbear";
  171. +    pass.pw_passwd = DEBUG_HACKCRYPT;
  172. +    pass.pw_shell = "/system/bin/sh";
  173. +    TRACE(("leaving fake-getpwnam"));
  174. +    return &pass;
  175. +}
  176. +
  177. +#endif
  178. +
  179.  /* initialise the first time for a session, resetting all parameters */
  180.  void svr_authinitialise() {
  181.  
  182.  -226,7 +258,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
  183.         }
  184.  
  185.         /* We can set it once we know its a real user */
  186. -       ses.authstate.printableuser = m_strdup(ses.authstate.pw->pw_name);
  187. +       ses.authstate.printableuser = m_strdup(username);
  188.  
  189.         /* check for non-root if desired */
  190.         if (svr_opts.norootlogin && ses.authstate.pw->pw_uid == 0) {
  191. diff --git a/svr-chansession.c b/svr-chansession.c
  192. index 619a451..06aa9d2 100644
  193. --- a/svr-chansession.c
  194. +++ b/svr-chansession.c
  195.  -924,9 +924,11 @@ static void execchild(struct ChanSess *chansess) {
  196.                  * usernames with the same uid, but differing groups, then the
  197.                  * differing groups won't be set (as with initgroups()). The solution
  198.                  * is for the sysadmin not to give out the UID twice */
  199. +               /** Bigger problem: getuid is broken on Android.
  200.                 if (getuid() != ses.authstate.pw->pw_uid) {
  201.                         dropbear_exit("couldn't change user as non-root");
  202.                 }
  203. +               **/
  204.         }
  205.  
  206.         /* an empty shell should be interpreted as "/bin/sh" */
  207. diff -Naur a/debug.h b/debug.h
  208. --- a/debug.h 2009-03-12 14:57:47.000000000 +0100
  209. +++ b/debug.h     2009-03-26 17:18:09.000000000 +0100
  210.  -71,6 +71,6 @@
  211.   * here. You can then log in as any user with this password. Ensure that you
  212.   * make your own password, and are careful about using this. This will also
  213.   * disable some of the chown pty code etc*/
  214. -/* #define DEBUG_HACKCRYPT "hL8nrFDt0aJ3E" */ /* this is crypt("password") */
  215. +#define DEBUG_HACKCRYPT "hL8nrFDt0aJ3E" /* this is crypt("password") */
  216.  
  217.  #endif
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top