source:
tt-tools/patchs/dropbear-0.50.patch
@
12
Last change on this file since 12 was 6, checked in by guillaume, 17 years ago | |
---|---|
File size: 9.7 KB |
-
dropbear-0.
diff -Naurw dropbear-0.50/options.h dropbear-0.50-tt/options.h
old new 21 21 22 22 /* Default hostkey paths - these can be specified on the command line */ 23 23 #ifndef DSS_PRIV_FILENAME 24 #define DSS_PRIV_FILENAME "/ etc/dropbear/dropbear_dss_host_key"24 #define DSS_PRIV_FILENAME "/usr/share/config/dropbear/dropbear_dss_host_key" 25 25 #endif 26 26 #ifndef RSA_PRIV_FILENAME 27 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" 27 #define RSA_PRIV_FILENAME "/usr/share/config/dropbear/dropbear_rsa_host_key" 28 #endif 29 30 #ifdef TWINTACT 31 /* Add few tweak for TwinTact device */ 32 #ifndef AUTHORIZED_KEYS 33 #define AUTHORIZED_KEYS "/usr/share/config/dropbear/authorized_keys" 34 #endif 35 36 #ifndef FORCED_SHELL 37 #define FORCED_SHELL "/usr/share/config/dropbear/shell" 38 #endif 39 40 #ifndef FORCED_HOME 41 #define FORCED_HOME "/usr/share" 42 #endif 28 43 #endif 29 44 30 45 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens … … 38 53 * Both of these flags can be defined at once, don't compile without at least 39 54 * one of them. */ 40 55 #define NON_INETD_MODE 41 #define INETD_MODE56 //#define INETD_MODE 42 57 43 58 /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is 44 59 * perhaps 20% slower for pubkey operations (it is probably worth experimenting … … 51 66 #define DROPBEAR_SMALL_CODE 52 67 53 68 /* Enable X11 Forwarding - server only */ 54 #define ENABLE_X11FWD69 //#define ENABLE_X11FWD 55 70 56 71 /* Enable TCP Fowarding */ 57 72 /* 'Local' is "-L" style (client listening port forwarded via server) … … 64 79 #define ENABLE_SVR_REMOTETCPFWD 65 80 66 81 /* Enable Authentication Agent Forwarding - server only for now */ 67 #define ENABLE_AGENTFWD82 //#define ENABLE_AGENTFWD 68 83 69 84 /* Encryption - at least one required. 70 85 * RFC Draft requires 3DES and recommends AES128 for interoperability. … … 73 88 #define DROPBEAR_AES128_CBC 74 89 #define DROPBEAR_3DES_CBC 75 90 #define DROPBEAR_AES256_CBC 76 #define DROPBEAR_BLOWFISH_CBC77 #define DROPBEAR_TWOFISH256_CBC78 #define DROPBEAR_TWOFISH128_CBC91 //#define DROPBEAR_BLOWFISH_CBC 92 //#define DROPBEAR_TWOFISH256_CBC 93 //#define DROPBEAR_TWOFISH128_CBC 79 94 80 95 /* Message Integrity - at least one required. 81 96 * RFC Draft requires sha1 and recommends sha1-96. … … 112 127 /* #define DSS_PROTOK */ 113 128 114 129 /* Whether to do reverse DNS lookups. */ 115 #define DO_HOST_LOOKUP130 //#define DO_HOST_LOOKUP 116 131 117 132 /* Whether to print the message of the day (MOTD). This doesn't add much code 118 133 * size */ … … 120 135 121 136 /* The MOTD file path */ 122 137 #ifndef MOTD_FILENAME 123 #define MOTD_FILENAME "/ etc/motd"138 #define MOTD_FILENAME "/usr/share/config/dropbear/motd" 124 139 #endif 125 140 126 141 /* Authentication Types - at least one required. … … 174 189 * not yet authenticated. After this limit, connections are rejected */ 175 190 /* The first setting is per-IP, to avoid denial of service */ 176 191 #ifndef MAX_UNAUTH_PER_IP 177 #define MAX_UNAUTH_PER_IP 5192 #define MAX_UNAUTH_PER_IP 2 178 193 #endif 179 194 180 195 /* And then a global limit to avoid chewing memory if connections 181 196 * come from many IPs */ 182 197 #ifndef MAX_UNAUTH_CLIENTS 183 #define MAX_UNAUTH_CLIENTS 30198 #define MAX_UNAUTH_CLIENTS 10 184 199 #endif 185 200 186 201 /* Maximum number of failed authentication tries (server option) */ … … 204 219 * OpenSSH), set the path below. If the path isn't defined, sftp will not 205 220 * be enabled */ 206 221 #ifndef SFTPSERVER_PATH 207 #define SFTPSERVER_PATH "/usr/ libexec/sftp-server"222 #define SFTPSERVER_PATH "/usr/share/bin/sftp-server" 208 223 #endif 209 224 210 225 /* This is used by the scp binary when used as a client binary. If you're 211 226 * not using the Dropbear client, you'll need to change it */ 212 #define _PATH_SSH_PROGRAM "/usr/ bin/dbclient"227 #define _PATH_SSH_PROGRAM "/usr/share/bin/dbclient" 213 228 214 229 /* Whether to log commands executed by a client. This only logs the 215 230 * (single) command sent to the server, not what a user did in a 216 231 * shell/sftp session etc. */ 217 /* #define LOG_COMMANDS */ 232 #define LOG_COMMANDS 218 233 219 234 /* Window size limits. These tend to be a trade-off between memory 220 235 usage and network performance: */ … … 233 248 234 249 /* Ensure that data is transmitted every KEEPALIVE seconds. This can 235 250 be overridden at runtime with -K. 0 disables keepalives */ 236 #define DEFAULT_KEEPALIVE 0251 #define DEFAULT_KEEPALIVE 30 237 252 238 253 /******************************************************************* 239 254 * You shouldn't edit below here unless you know you need to. 240 255 *******************************************************************/ 241 256 242 257 #ifndef DROPBEAR_VERSION 243 #define DROPBEAR_VERSION "0.50 "258 #define DROPBEAR_VERSION "0.50-TwinTact" 244 259 #endif 245 260 246 261 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION -
svr-auth.c
diff -Naurw dropbear-0.50/svr-auth.c dropbear-0.50-tt/svr-auth.c
old new 215 215 m_free(ses.authstate.printableuser); 216 216 } 217 217 218 #ifdef FORCED_SHELL 219 TRACE(("Forcing shell to %s", FORCED_SHELL)) 220 ses.authstate.pw->pw_shell = FORCED_SHELL ; 221 #endif 222 218 223 /* check that user exists */ 219 224 if (ses.authstate.pw == NULL) { 220 225 TRACE(("leave checkusername: user '%s' doesn't exist", username)) … … 236 241 return DROPBEAR_FAILURE; 237 242 } 238 243 244 /* Skip password check on twintact */ 245 #ifndef TWINTACT 239 246 /* check for an empty password */ 240 247 if (ses.authstate.pw->pw_passwd[0] == '\0') { 241 248 TRACE(("leave checkusername: empty pword")) … … 244 251 send_msg_userauth_failure(0, 1); 245 252 return DROPBEAR_FAILURE; 246 253 } 254 #endif 247 255 248 256 TRACE(("shell is %s", ses.authstate.pw->pw_shell)) 249 257 … … 254 262 usershell = "/bin/sh"; 255 263 } 256 264 265 #ifdef FORCED_SHELL 266 // Skip checking the shell... just trust it 267 goto goodshell; 268 #endif 269 257 270 /* check the shell is valid. If /etc/shells doesn't exist, getusershell() 258 271 * should return some standard shells like "/bin/sh" and "/bin/csh" (this 259 272 * is platform-specific) */ -
svr-authpasswd.c
diff -Naurw dropbear-0.50/svr-authpasswd.c dropbear-0.50-tt/svr-authpasswd.c
old new 60 60 passwdcrypt = DEBUG_HACKCRYPT; 61 61 #endif 62 62 63 #ifndef TWINTACT 63 64 /* check for empty password - need to do this again here 64 65 * since the shadow password may differ to that tested 65 66 * in auth.c */ … … 69 70 send_msg_userauth_failure(0, 1); 70 71 return; 71 72 } 73 #endif 72 74 73 75 /* check if client wants to change password */ 74 76 changepw = buf_getbool(ses.payload); -
svr-authpubkey.c
diff -Naurw dropbear-0.50/svr-authpubkey.c dropbear-0.50-tt/svr-authpubkey.c
old new 176 176 goto out; 177 177 } 178 178 179 #ifdef AUTHORIZED_KEYS 180 filename = (char *) AUTHORIZED_KEYS ; 181 #else 179 182 /* we don't need to check pw and pw_dir for validity, since 180 183 * its been done in checkpubkeyperms. */ 181 184 len = strlen(ses.authstate.pw->pw_dir); … … 184 187 filename = m_malloc(len + 22); 185 188 snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 186 189 ses.authstate.pw->pw_dir); 190 #endif 187 191 188 192 /* open the file */ 189 193 authfile = fopen(filename, "r"); … … 247 251 if (line) { 248 252 buf_free(line); 249 253 } 254 #ifndef AUTHORIZED_KEYS 250 255 m_free(filename); 256 #endif 251 257 TRACE(("leave checkpubkey: ret=%d", ret)) 252 258 return ret; 253 259 } … … 274 280 goto out; 275 281 } 276 282 283 #ifdef AUTHORIZED_KEYS 284 filename = (char *) AUTHORIZED_KEYS ; 285 #else 277 286 /* allocate max required pathname storage, 278 287 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 279 288 filename = m_malloc(len + 22); … … 292 301 293 302 /* now check ~/.ssh/authorized_keys */ 294 303 strncat(filename, "/authorized_keys", 16); 304 #endif 295 305 if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 296 306 goto out; 297 307 } … … 300 310 ret = DROPBEAR_SUCCESS; 301 311 302 312 out: 313 #ifndef AUTHORIZED_KEYS 303 314 m_free(filename); 315 #endif 304 316 305 317 TRACE(("leave checkpubkeyperms")) 306 318 return ret; -
svr-chansession.c
diff -Naurw dropbear-0.50/svr-chansession.c dropbear-0.50-tt/svr-chansession.c
old new 929 929 } 930 930 } 931 931 932 #ifdef FORCED_SHELL 933 usershell = FORCED_SHELL ; 934 #else 932 935 /* an empty shell should be interpreted as "/bin/sh" */ 933 936 if (ses.authstate.pw->pw_shell[0] == '\0') { 934 937 usershell = "/bin/sh"; 935 938 } else { 936 939 usershell = ses.authstate.pw->pw_shell; 937 940 } 941 #endif 938 942 939 943 /* set env vars */ 940 944 addnewvar("USER", ses.authstate.pw->pw_name); 941 945 addnewvar("LOGNAME", ses.authstate.pw->pw_name); 946 #ifdef FORCED_HOME 947 addnewvar("HOME", FORCED_HOME ); 948 #else 942 949 addnewvar("HOME", ses.authstate.pw->pw_dir); 950 #endif 943 951 addnewvar("SHELL", usershell); 944 952 if (chansess->term != NULL) { 945 953 addnewvar("TERM", chansess->term); -
svr-runopts.c
diff -Naurw dropbear-0.50/svr-runopts.c dropbear-0.50-tt/svr-runopts.c
old new 61 61 #endif 62 62 "-w Disallow root logins\n" 63 63 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) 64 #ifdef TWINTACT 65 "-s Enable password logins\n" 66 #else 64 67 "-s Disable password logins\n" 68 #endif 65 69 "-g Disable password logins for root\n" 66 70 #endif 67 71 #ifdef ENABLE_SVR_LOCALTCPFWD … … 111 115 svr_opts.banner = NULL; 112 116 svr_opts.forkbg = 1; 113 117 svr_opts.norootlogin = 0; 118 #ifdef TWINTACT 119 svr_opts.noauthpass = 1; 120 #else 114 121 svr_opts.noauthpass = 0; 122 #endif 115 123 svr_opts.norootpass = 0; 116 124 svr_opts.inetdmode = 0; 117 125 svr_opts.portcount = 0; … … 220 228 break; 221 229 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) 222 230 case 's': 231 #ifdef TWINTACT 232 svr_opts.noauthpass = 0; 233 #else 223 234 svr_opts.noauthpass = 1; 235 #endif 224 236 break; 225 237 case 'g': 226 238 svr_opts.norootpass = 1;
Note: See TracBrowser
for help on using the repository browser.