use configuration values instead of getpwnam()

2024-11-27 09:48:08 +00:00 · 2014-12-16 23:05:21 -05:00 · 2014-12-16 23:05:21 -05:00 · c222b4b074
commit c222b4b074
parent ff446269b3
7 changed files with 26 additions and 3 deletions
--- a/1
+++ b/1
@ -73,7 +73,6 @@ whatever.  It's not guaranteed to interrupt select(), and I'm not keen on
 adding an arbitrary timeout/polling feature to it.

 XXX - disable utmp/wtmp
-XXX - disable /etc/passwd (accept all usernames the same, and use the explicitly-provided shell and home directories)
 XXX - visit XXX in jni/interface.c
 XXX - allow user to specify parameters for dropbear
 XXX - convert UI to use proper preferences templates, and have ...->settings instead of putting it on the home screen
--- a/dropbear/common-session.c
+++ b/dropbear/common-session.c
@ -509,6 +509,7 @@ void fill_passwd(const char* username) {
 	if (ses.authstate.pw_passwd)
 		m_free(ses.authstate.pw_passwd);

+#if 0
 	pw = getpwnam(username);
 	if (!pw) {
 		return;
@ -533,6 +534,14 @@ void fill_passwd(const char* username) {
 		}
 		ses.authstate.pw_passwd = m_strdup(passwd_crypt);
 	}
+#else	/* 0 */
+	ses.authstate.pw_uid = 0;
+	ses.authstate.pw_gid = 0;
+	ses.authstate.pw_name = m_strdup("user");
+	ses.authstate.pw_dir = m_strdup(conf_home);
+	ses.authstate.pw_shell = m_strdup(conf_shell);
+	ses.authstate.pw_passwd = m_strdup("!!");
+#endif	/* 0 */
 }

 /* Called when channels are modified */
--- a/dropbear/options.h
+++ b/dropbear/options.h
@ -5,8 +5,6 @@
 #ifndef _OPTIONS_H_
 #define _OPTIONS_H_

-extern const char *conf_path_file(const char *fn);	/* in jni/interface.c */
-
 /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
 * parts are to allow for commandline -DDROPBEAR_XXX options etc. */

--- a/dropbear/svr-auth.c
+++ b/dropbear/svr-auth.c
@ -261,6 +261,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
 	}

 	/* check if we are running as non-root, and login user is different from the server */
+#if 0
 	uid = geteuid();
 	if (uid != 0 && uid != ses.authstate.pw_uid) {
 		TRACE(("running as nonroot, only server uid is allowed"))
@ -308,6 +309,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
 goodshell:
 	endusershell();
 	TRACE(("matching shell"))
+#endif /* 0 */

 	TRACE(("uid = %d", ses.authstate.pw_uid))
 	TRACE(("leave checkusername"))
--- a/dropbear/svr-authpubkey.c
+++ b/dropbear/svr-authpubkey.c
@ -202,6 +202,7 @@ static int checkpubkey(unsigned char* algo, unsigned int algolen,
 		goto out;
 	}

+#if 0
 	/* check file permissions, also whether file exists */
 	if (checkpubkeyperms() == DROPBEAR_FAILURE) {
 		TRACE(("bad authorized_keys permissions, or file doesn't exist"))
@ -216,6 +217,11 @@ static int checkpubkey(unsigned char* algo, unsigned int algolen,
 	filename = m_malloc(len + 22);
 	snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
 				ses.authstate.pw_dir);
+#else	/* 0 */
+	len = strlen(conf_path);
+	filename = m_malloc(len + 40);
+	snprintf(filename, len + 40, "%s/authorized_keys", conf_path);
+#endif	/* 0 */

 	/* open the file */
 	authfile = fopen(filename, "r");
--- a/dropbear/svr-chansession.c
+++ b/dropbear/svr-chansession.c
@ -588,10 +588,12 @@ static int sessionpty(struct ChanSess * chansess) {
 		dropbear_exit("Out of memory"); /* TODO disconnect */
 	}

+#if 0
 	pw = getpwnam(ses.authstate.pw_name);
 	if (!pw)
 		dropbear_exit("getpwnam failed after succeeding previously");
 	pty_setowner(pw, chansess->tty);
+#endif /* 0 */

 	/* Set up the rows/col counts */
 	sessionwinchange(chansess);
--- a/jni/config.h
+++ b/jni/config.h
@ -28,4 +28,11 @@
 #define DBMULTI_dropbear 1
 #define DROPBEAR_MULTI 1

+
+extern const char *conf_path_file(const char *fn);	/* in jni/interface.c */
+extern const char *conf_path;
+extern const char *conf_shell;
+extern const char *conf_home;
+
+
 #endif /* __CONFIG_H__ */