SHARE
TWEET

Dropbear Android patch

a guest Mar 30th, 2009 1,872 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # A couple of hints for this script.
  2. # debug.h - you want to set a password at the bottom
  3. # I prefer to build STATIC=1 MULTICALL=1 but you can do what you want.
  4. #
  5. # It still checks /etc/shells so unfortunately you have to create that file
  6. # and put your shell in it. (by default I use /system/bin/rootsh. Which you
  7. # will want to create.)
  8. # If you want key-based authentication, there's some additional prep work:
  9. # /data/dropbear needs to be root:root 744 and
  10. # /data/dropbear/.ssh root:root 700
  11.  
  12. diff --git a/options.h b/options.h
  13. index 0533f24..7f77f93 100644
  14. --- a/options.h
  15. +++ b/options.h
  16.  -21,10 +21,10 @@
  17.  
  18.  /* Default hostkey paths - these can be specified on the command line */
  19.  #ifndef DSS_PRIV_FILENAME
  20. -#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
  21. +#define DSS_PRIV_FILENAME "/system/etc/dropbear/dropbear_dss_host_key"
  22.  #endif
  23.  #ifndef RSA_PRIV_FILENAME
  24. -#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
  25. +#define RSA_PRIV_FILENAME "/system/etc/dropbear/dropbear_rsa_host_key"
  26.  #endif
  27.  
  28.  /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
  29.  -38,7 +38,7 @@
  30.   * Both of these flags can be defined at once, don't compile without at least
  31.   * one of them. */
  32.  #define NON_INETD_MODE
  33. -#define INETD_MODE
  34. +// #define INETD_MODE
  35.  
  36.  /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
  37.   * perhaps 20% slower for pubkey operations (it is probably worth experimenting
  38.  -51,7 +51,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  39.  #define DROPBEAR_SMALL_CODE
  40.  
  41.  /* Enable X11 Forwarding - server only */
  42. -#define ENABLE_X11FWD
  43. +//#define ENABLE_X11FWD
  44.  
  45.  /* Enable TCP Fowarding */
  46.  /* 'Local' is "-L" style (client listening port forwarded via server)
  47.  -64,7 +64,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  48.  #define ENABLE_SVR_REMOTETCPFWD
  49.  
  50.  /* Enable Authentication Agent Forwarding - server only for now */
  51. -#define ENABLE_AGENTFWD
  52. +// #define ENABLE_AGENTFWD
  53.  
  54.  /* Encryption - at least one required.
  55.   * RFC Draft requires 3DES and recommends AES128 for interoperability.
  56.  -72,7 +72,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  57.   * (eg AES256 as well as AES128) will result in a minimal size increase.*/
  58.  #define DROPBEAR_AES128_CBC
  59.  #define DROPBEAR_3DES_CBC
  60. -//#define DROPBEAR_AES256_CBC
  61. +#define DROPBEAR_AES256_CBC
  62.  //#define DROPBEAR_BLOWFISH_CBC
  63.  //#define DROPBEAR_TWOFISH256_CBC
  64.  //#define DROPBEAR_TWOFISH128_CBC
  65.  -112,11 +112,11 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  66.  /* #define DSS_PROTOK */
  67.  
  68.  /* Whether to do reverse DNS lookups. */
  69. -#define DO_HOST_LOOKUP
  70. +// #define DO_HOST_LOOKUP
  71.  
  72.  /* Whether to print the message of the day (MOTD). This doesn't add much code
  73.   * size */
  74. -#define DO_MOTD
  75. +// #define DO_MOTD
  76.  
  77.  /* The MOTD file path */
  78.  #ifndef MOTD_FILENAME
  79.  -138,7 +138,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  80.  
  81.  #define ENABLE_CLI_PASSWORD_AUTH
  82.  #define ENABLE_CLI_PUBKEY_AUTH
  83. -#define ENABLE_CLI_INTERACT_AUTH
  84. +// #define ENABLE_CLI_INTERACT_AUTH
  85.  
  86.  /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
  87.   * a helper program for the ssh client. The helper program should be
  88.  -159,7 +159,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  89.   * however significantly reduce the security of your ssh connections
  90.   * if the PRNG state becomes guessable - make sure you know what you are
  91.   * doing if you change this. */
  92. -#define DROPBEAR_RANDOM_DEV "/dev/random"
  93. +#define DROPBEAR_RANDOM_DEV "/dev/urandom"
  94.  
  95.  /* prngd must be manually set up to produce output */
  96.  /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
  97.  -174,7 +174,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  98.  /* And then a global limit to avoid chewing memory if connections
  99.   * come from many IPs */
  100.  #ifndef MAX_UNAUTH_CLIENTS
  101. -#define MAX_UNAUTH_CLIENTS 30
  102. +#define MAX_UNAUTH_CLIENTS 10
  103.  #endif
  104.  
  105.  /* Maximum number of failed authentication tries (server option) */
  106.  -185,7 +185,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  107.  /* The default file to store the daemon's process ID, for shutdown
  108.     scripts etc. This can be overridden with the -P flag */
  109.  #ifndef DROPBEAR_PIDFILE
  110. -#define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
  111. +#define DROPBEAR_PIDFILE "/data/dropbear/dropbear.pid"
  112.  #endif
  113.  
  114.  /* The command to invoke for xauth when using X11 forwarding.
  115.  -198,12 +198,12 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  116.   * OpenSSH), set the path below. If the path isn't defined, sftp will not
  117.   * be enabled */
  118.  #ifndef SFTPSERVER_PATH
  119. -#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
  120. +//#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
  121.  #endif
  122.  
  123.  /* This is used by the scp binary when used as a client binary. If you're
  124.   * not using the Dropbear client, you'll need to change it */
  125. -#define _PATH_SSH_PROGRAM "/system/bin/ssh"
  126. +#define _PATH_SSH_PROGRAM "/data/dropbear/dbclient"
  127.  
  128.  /* Whether to log commands executed by a client. This only logs the
  129.   * (single) command sent to the server, not what a user did in a
  130.  -263,7 +263,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  131.  
  132.  #define _PATH_TTY "/dev/tty"
  133.  
  134. -#define _PATH_CP "/bin/cp"
  135. +#define _PATH_CP "/data/busybox cp"
  136.  
  137.  /* Timeouts in seconds */
  138.  #define SELECT_TIMEOUT 20
  139. diff --git a/svr-auth.c b/svr-auth.c
  140. index d0eba9b..262cc04 100644
  141. --- a/svr-auth.c
  142. +++ b/svr-auth.c
  143.  -38,6 +38,38 @@ static void authclear();
  144.  static int checkusername(unsigned char *username, unsigned int userlen);
  145.  static void send_msg_userauth_banner();
  146.  
  147. +#ifdef DEBUG_HACKCRYPT
  148. +struct passwd pass;
  149. +
  150. +struct passwd* getpwuid(uid_t uid)
  151. +{
  152. +    TRACE(("entering fake-getpwuid"));
  153. +    pass.pw_name  = "root";
  154. +    pass.pw_dir   = "/data/dropbear";
  155. +    pass.pw_shell = "/system/bin/sh";
  156. +    pass.pw_passwd = DEBUG_HACKCRYPT;
  157. +    pass.pw_uid   = 0;
  158. +    pass.pw_gid   = 0;
  159. +
  160. +    TRACE(("leaving fake-getpwuid"));
  161. +    return &pass;
  162. +}
  163. +
  164. +struct passwd* getpwnam(const char *login)
  165. +{
  166. +    TRACE(("entering fake-getpwnam"));
  167. +    pass.pw_name  = m_strdup(login);
  168. +    pass.pw_uid   = 0;
  169. +    pass.pw_gid   = 0;
  170. +    pass.pw_dir   = "/data/dropbear";
  171. +    pass.pw_passwd = DEBUG_HACKCRYPT;
  172. +    pass.pw_shell = "/system/bin/sh";
  173. +    TRACE(("leaving fake-getpwnam"));
  174. +    return &pass;
  175. +}
  176. +
  177. +#endif
  178. +
  179.  /* initialise the first time for a session, resetting all parameters */
  180.  void svr_authinitialise() {
  181.  
  182.  -226,7 +258,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
  183.         }
  184.  
  185.         /* We can set it once we know its a real user */
  186. -       ses.authstate.printableuser = m_strdup(ses.authstate.pw->pw_name);
  187. +       ses.authstate.printableuser = m_strdup(username);
  188.  
  189.         /* check for non-root if desired */
  190.         if (svr_opts.norootlogin && ses.authstate.pw->pw_uid == 0) {
  191. diff --git a/svr-chansession.c b/svr-chansession.c
  192. index 619a451..06aa9d2 100644
  193. --- a/svr-chansession.c
  194. +++ b/svr-chansession.c
  195.  -924,9 +924,11 @@ static void execchild(struct ChanSess *chansess) {
  196.                  * usernames with the same uid, but differing groups, then the
  197.                  * differing groups won't be set (as with initgroups()). The solution
  198.                  * is for the sysadmin not to give out the UID twice */
  199. +               /** Bigger problem: getuid is broken on Android.
  200.                 if (getuid() != ses.authstate.pw->pw_uid) {
  201.                         dropbear_exit("couldn't change user as non-root");
  202.                 }
  203. +               **/
  204.         }
  205.  
  206.         /* an empty shell should be interpreted as "/bin/sh" */
  207. diff -Naur a/debug.h b/debug.h
  208. --- a/debug.h 2009-03-12 14:57:47.000000000 +0100
  209. +++ b/debug.h     2009-03-26 17:18:09.000000000 +0100
  210.  -71,6 +71,6 @@
  211.   * here. You can then log in as any user with this password. Ensure that you
  212.   * make your own password, and are careful about using this. This will also
  213.   * disable some of the chown pty code etc*/
  214. -/* #define DEBUG_HACKCRYPT "hL8nrFDt0aJ3E" */ /* this is crypt("password") */
  215. +#define DEBUG_HACKCRYPT "hL8nrFDt0aJ3E" /* this is crypt("password") */
  216.  
  217.  #endif
RAW Paste Data
Top