termux-packages/packages/dropbear/dropbear.patch

191 lines
5.9 KiB
Diff
Raw Normal View History

2015-06-13 01:03:31 +02:00
diff -u -r ../dropbear-2013.62/cli-auth.c ./cli-auth.c
--- ../dropbear-2013.62/cli-auth.c 2013-12-03 14:39:15.000000000 +0100
+++ ./cli-auth.c 2014-01-05 21:21:37.926812382 +0100
@@ -32,6 +32,10 @@
#include "packet.h"
#include "runopts.h"
+char * getpass (const char *prompt) {
+ return "";
+}
+
void cli_authinitialise() {
memset(&ses.authstate, 0, sizeof(ses.authstate));
#ifdef ENABLE_CLI_ANYTCPFWD
diff -u -r ../dropbear-2013.62/options.h ./options.h
--- ../dropbear-2013.62/options.h 2013-12-03 14:39:15.000000000 +0100
+++ ./options.h 2014-01-05 21:21:37.930812382 +0100
@@ -10,8 +10,10 @@
/* IMPORTANT: Many options will require "make clean" after changes */
+
+
#ifndef DROPBEAR_DEFPORT
-#define DROPBEAR_DEFPORT "22"
+#define DROPBEAR_DEFPORT "8022"
#endif
#ifndef DROPBEAR_DEFADDRESS
@@ -21,13 +23,13 @@
/* Default hostkey paths - these can be specified on the command line */
#ifndef DSS_PRIV_FILENAME
-#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
+#define DSS_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_dss_host_key"
#endif
#ifndef RSA_PRIV_FILENAME
-#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
+#define RSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_rsa_host_key"
#endif
#ifndef ECDSA_PRIV_FILENAME
-#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
+#define ECDSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_ecdsa_host_key"
#endif
/* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
@@ -41,7 +43,7 @@
* Both of these flags can be defined at once, don't compile without at least
* one of them. */
#define NON_INETD_MODE
-#define INETD_MODE
+#undef INETD_MODE
/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
* perhaps 20% slower for pubkey operations (it is probably worth experimenting
@@ -55,7 +57,7 @@
#define DROPBEAR_SMALL_CODE
/* Enable X11 Forwarding - server only */
-#define ENABLE_X11FWD
+#undef ENABLE_X11FWD
/* Enable TCP Fowarding */
/* 'Local' is "-L" style (client listening port forwarded via server)
@@ -179,7 +181,7 @@
/* The MOTD file path */
#ifndef MOTD_FILENAME
-#define MOTD_FILENAME "/etc/motd"
+#define MOTD_FILENAME "@TERMUX_PREFIX@/etc/motd"
#endif
/* Authentication Types - at least one required.
@@ -192,7 +194,7 @@
* PAM challenge/response.
* You can't enable both PASSWORD and PAM. */
-#define ENABLE_SVR_PASSWORD_AUTH
+#undef ENABLE_SVR_PASSWORD_AUTH
/* PAM requires ./configure --enable-pam */
/*#define ENABLE_SVR_PAM_AUTH */
#define ENABLE_SVR_PUBKEY_AUTH
@@ -259,7 +261,7 @@
/* The default file to store the daemon's process ID, for shutdown
scripts etc. This can be overridden with the -P flag */
#ifndef DROPBEAR_PIDFILE
-#define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
+#define DROPBEAR_PIDFILE "@TERMUX_PREFIX@/var/run/dropbear.pid"
#endif
/* The command to invoke for xauth when using X11 forwarding.
@@ -277,7 +279,7 @@
/* This is used by the scp binary when used as a client binary. If you're
* not using the Dropbear client, you'll need to change it */
-#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
+#define _PATH_SSH_PROGRAM "@TERMUX_PREFIX@/bin/dbclient"
/* Whether to log commands executed by a client. This only logs the
* (single) command sent to the server, not what a user did in a
@@ -314,7 +316,7 @@
#define DEFAULT_IDLE_TIMEOUT 0
/* The default path. This will often get replaced by the shell */
-#define DEFAULT_PATH "/usr/bin:/bin"
+#define DEFAULT_PATH "@TERMUX_PREFIX@:/system/bin"
/* Some other defines (that mostly should be left alone) are defined
* in sysoptions.h */
diff -u -r ../dropbear-2013.62/sshpty.c ./sshpty.c
--- ../dropbear-2013.62/sshpty.c 2013-12-03 14:39:15.000000000 +0100
+++ ./sshpty.c 2014-01-05 21:21:37.930812382 +0100
@@ -22,6 +22,10 @@
#include "errno.h"
#include "sshpty.h"
+#ifdef __ANDROID__
+# define USE_DEV_PTMX 1
+#endif
+
/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
#undef HAVE_DEV_PTMX
@@ -380,6 +384,7 @@
tty_name, strerror(errno));
}
+ /*
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
if (chown(tty_name, pw->pw_uid, gid) < 0) {
if (errno == EROFS &&
@@ -409,4 +414,5 @@
}
}
}
+ */
}
diff -u -r ../dropbear-2013.62/svr-agentfwd.c ./svr-agentfwd.c
--- ../dropbear-2013.62/svr-agentfwd.c 2013-12-03 14:39:15.000000000 +0100
+++ ./svr-agentfwd.c 2014-01-05 21:21:37.930812382 +0100
@@ -218,10 +218,12 @@
/* drop to user privs to make the dir/file */
uid = getuid();
gid = getgid();
+ /*
if ((setegid(ses.authstate.pw_gid)) < 0 ||
(seteuid(ses.authstate.pw_uid)) < 0) {
dropbear_exit("Failed to set euid");
}
+ */
memset((void*)&addr, 0x0, sizeof(addr));
addr.sun_family = AF_UNIX;
diff -u -r ../dropbear-2013.62/svr-chansession.c ./svr-chansession.c
--- ../dropbear-2013.62/svr-chansession.c 2013-12-03 14:39:15.000000000 +0100
+++ ./svr-chansession.c 2014-01-05 21:32:15.438797159 +0100
@@ -874,6 +874,8 @@
#endif
/* clear environment */
+ /* termux: do not clear environment on android */
+#ifndef __ANDROID__
/* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD
* etc. This is hazardous, so should only be used for debugging. */
#ifndef DEBUG_VALGRIND
@@ -886,6 +888,7 @@
}
#endif /* HAVE_CLEARENV */
#endif /* DEBUG_VALGRIND */
+#endif /* __ANDROID__ */
/* We can only change uid/gid as root ... */
if (getuid() == 0) {
@@ -911,12 +914,14 @@
}
}
+ /* termux: do not modify environment since we did not clean it */
+#ifndef __ANDROID__
/* set env vars */
addnewvar("USER", ses.authstate.pw_name);
addnewvar("LOGNAME", ses.authstate.pw_name);
addnewvar("HOME", ses.authstate.pw_dir);
addnewvar("SHELL", get_user_shell());
- addnewvar("PATH", DEFAULT_PATH);
+#endif /* __ANDROID__ */
if (chansess->term != NULL) {
addnewvar("TERM", chansess->term);
}