- # A couple of hints for this script.
- # debug.h - you want to set a password at the bottom
- # I prefer to build STATIC=1 MULTICALL=1 but you can do what you want.
- #
- # It still checks /etc/shells so unfortunately you have to create that file
- # and put your shell in it. (by default I use /system/bin/rootsh. Which you
- # will want to create.)
- # If you want key-based authentication, there's some additional prep work:
- # /data/dropbear needs to be root:root 744 and
- # /data/dropbear/.ssh root:root 700
- diff --git a/options.h b/options.h
- index 0533f24..7f77f93 100644
- --- a/options.h
- +++ b/options.h
- -21,10 +21,10 @@
- /* Default hostkey paths - these can be specified on the command line */
- #ifndef DSS_PRIV_FILENAME
- -#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
- +#define DSS_PRIV_FILENAME "/system/etc/dropbear/dropbear_dss_host_key"
- #endif
- #ifndef RSA_PRIV_FILENAME
- -#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
- +#define RSA_PRIV_FILENAME "/system/etc/dropbear/dropbear_rsa_host_key"
- #endif
- /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
- -38,7 +38,7 @@
- * Both of these flags can be defined at once, don't compile without at least
- * one of them. */
- #define NON_INETD_MODE
- -#define INETD_MODE
- +// #define INETD_MODE
- /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
- * perhaps 20% slower for pubkey operations (it is probably worth experimenting
- -51,7 +51,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
- #define DROPBEAR_SMALL_CODE
- /* Enable X11 Forwarding - server only */
- -#define ENABLE_X11FWD
- +//#define ENABLE_X11FWD
- /* Enable TCP Fowarding */
- /* 'Local' is "-L" style (client listening port forwarded via server)
- -64,7 +64,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
- #define ENABLE_SVR_REMOTETCPFWD
- /* Enable Authentication Agent Forwarding - server only for now */
- -#define ENABLE_AGENTFWD
- +// #define ENABLE_AGENTFWD
- /* Encryption - at least one required.
- * RFC Draft requires 3DES and recommends AES128 for interoperability.
- -72,7 +72,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
- * (eg AES256 as well as AES128) will result in a minimal size increase.*/
- #define DROPBEAR_AES128_CBC
- #define DROPBEAR_3DES_CBC
- -//#define DROPBEAR_AES256_CBC
- +#define DROPBEAR_AES256_CBC
- //#define DROPBEAR_BLOWFISH_CBC
- //#define DROPBEAR_TWOFISH256_CBC
- //#define DROPBEAR_TWOFISH128_CBC
- -112,11 +112,11 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
- /* #define DSS_PROTOK */
- /* Whether to do reverse DNS lookups. */
- -#define DO_HOST_LOOKUP
- +// #define DO_HOST_LOOKUP
- /* Whether to print the message of the day (MOTD). This doesn't add much code
- * size */
- -#define DO_MOTD
- +// #define DO_MOTD
- /* The MOTD file path */
- #ifndef MOTD_FILENAME
- -138,7 +138,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
- #define ENABLE_CLI_PASSWORD_AUTH
- #define ENABLE_CLI_PUBKEY_AUTH
- -#define ENABLE_CLI_INTERACT_AUTH
- +// #define ENABLE_CLI_INTERACT_AUTH
- /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
- * a helper program for the ssh client. The helper program should be
- -159,7 +159,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
- * however significantly reduce the security of your ssh connections
- * if the PRNG state becomes guessable - make sure you know what you are
- * doing if you change this. */
- -#define DROPBEAR_RANDOM_DEV "/dev/random"
- +#define DROPBEAR_RANDOM_DEV "/dev/urandom"
- /* prngd must be manually set up to produce output */
- /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
- -174,7 +174,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
- /* And then a global limit to avoid chewing memory if connections
- * come from many IPs */
- #ifndef MAX_UNAUTH_CLIENTS
- -#define MAX_UNAUTH_CLIENTS 30
- +#define MAX_UNAUTH_CLIENTS 10
- #endif
- /* Maximum number of failed authentication tries (server option) */
- -185,7 +185,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
- /* The default file to store the daemon's process ID, for shutdown
- scripts etc. This can be overridden with the -P flag */
- #ifndef DROPBEAR_PIDFILE
- -#define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
- +#define DROPBEAR_PIDFILE "/data/dropbear/dropbear.pid"
- #endif
- /* The command to invoke for xauth when using X11 forwarding.
- -198,12 +198,12 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
- * OpenSSH), set the path below. If the path isn't defined, sftp will not
- * be enabled */
- #ifndef SFTPSERVER_PATH
- -#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
- +//#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
- #endif
- /* This is used by the scp binary when used as a client binary. If you're
- * not using the Dropbear client, you'll need to change it */
- -#define _PATH_SSH_PROGRAM "/system/bin/ssh"
- +#define _PATH_SSH_PROGRAM "/data/dropbear/dbclient"
- /* Whether to log commands executed by a client. This only logs the
- * (single) command sent to the server, not what a user did in a
- -263,7 +263,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
- #define _PATH_TTY "/dev/tty"
- -#define _PATH_CP "/bin/cp"
- +#define _PATH_CP "/data/busybox cp"
- /* Timeouts in seconds */
- #define SELECT_TIMEOUT 20
- diff --git a/svr-auth.c b/svr-auth.c
- index d0eba9b..262cc04 100644
- --- a/svr-auth.c
- +++ b/svr-auth.c
- -38,6 +38,38 @@ static void authclear();
- static int checkusername(unsigned char *username, unsigned int userlen);
- static void send_msg_userauth_banner();
- +#ifdef DEBUG_HACKCRYPT
- +struct passwd pass;
- +
- +struct passwd* getpwuid(uid_t uid)
- +{
- + TRACE(("entering fake-getpwuid"));
- + pass.pw_name = "root";
- + pass.pw_dir = "/data/dropbear";
- + pass.pw_shell = "/system/bin/sh";
- + pass.pw_passwd = DEBUG_HACKCRYPT;
- + pass.pw_uid = 0;
- + pass.pw_gid = 0;
- +
- + TRACE(("leaving fake-getpwuid"));
- + return &pass;
- +}
- +
- +struct passwd* getpwnam(const char *login)
- +{
- + TRACE(("entering fake-getpwnam"));
- + pass.pw_name = m_strdup(login);
- + pass.pw_uid = 0;
- + pass.pw_gid = 0;
- + pass.pw_dir = "/data/dropbear";
- + pass.pw_passwd = DEBUG_HACKCRYPT;
- + pass.pw_shell = "/system/bin/sh";
- + TRACE(("leaving fake-getpwnam"));
- + return &pass;
- +}
- +
- +#endif
- +
- /* initialise the first time for a session, resetting all parameters */
- void svr_authinitialise() {
- -226,7 +258,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
- }
- /* We can set it once we know its a real user */
- - ses.authstate.printableuser = m_strdup(ses.authstate.pw->pw_name);
- + ses.authstate.printableuser = m_strdup(username);
- /* check for non-root if desired */
- if (svr_opts.norootlogin && ses.authstate.pw->pw_uid == 0) {
- diff --git a/svr-chansession.c b/svr-chansession.c
- index 619a451..06aa9d2 100644
- --- a/svr-chansession.c
- +++ b/svr-chansession.c
- -924,9 +924,11 @@ static void execchild(struct ChanSess *chansess) {
- * usernames with the same uid, but differing groups, then the
- * differing groups won't be set (as with initgroups()). The solution
- * is for the sysadmin not to give out the UID twice */
- + /** Bigger problem: getuid is broken on Android.
- if (getuid() != ses.authstate.pw->pw_uid) {
- dropbear_exit("couldn't change user as non-root");
- }
- + **/
- }
- /* an empty shell should be interpreted as "/bin/sh" */
- diff -Naur a/debug.h b/debug.h
- --- a/debug.h 2009-03-12 14:57:47.000000000 +0100
- +++ b/debug.h 2009-03-26 17:18:09.000000000 +0100
- -71,6 +71,6 @@
- * here. You can then log in as any user with this password. Ensure that you
- * make your own password, and are careful about using this. This will also
- * disable some of the chown pty code etc*/
- -/* #define DEBUG_HACKCRYPT "hL8nrFDt0aJ3E" */ /* this is crypt("password") */
- +#define DEBUG_HACKCRYPT "hL8nrFDt0aJ3E" /* this is crypt("password") */
- #endif
SHARE
TWEET

Dropbear Android patch




Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.