diff --git a/NOTES b/NOTES index 218dbe8..45508ab 100644 --- a/NOTES +++ b/NOTES @@ -73,7 +73,6 @@ whatever. It's not guaranteed to interrupt select(), and I'm not keen on adding an arbitrary timeout/polling feature to it. XXX - disable utmp/wtmp -XXX - disable /etc/passwd (accept all usernames the same, and use the explicitly-provided shell and home directories) XXX - visit XXX in jni/interface.c XXX - allow user to specify parameters for dropbear XXX - convert UI to use proper preferences templates, and have ...->settings instead of putting it on the home screen diff --git a/dropbear/common-session.c b/dropbear/common-session.c index 83fb7f4..bafd132 100644 --- a/dropbear/common-session.c +++ b/dropbear/common-session.c @@ -509,6 +509,7 @@ void fill_passwd(const char* username) { if (ses.authstate.pw_passwd) m_free(ses.authstate.pw_passwd); +#if 0 pw = getpwnam(username); if (!pw) { return; @@ -533,6 +534,14 @@ void fill_passwd(const char* username) { } ses.authstate.pw_passwd = m_strdup(passwd_crypt); } +#else /* 0 */ + ses.authstate.pw_uid = 0; + ses.authstate.pw_gid = 0; + ses.authstate.pw_name = m_strdup("user"); + ses.authstate.pw_dir = m_strdup(conf_home); + ses.authstate.pw_shell = m_strdup(conf_shell); + ses.authstate.pw_passwd = m_strdup("!!"); +#endif /* 0 */ } /* Called when channels are modified */ diff --git a/dropbear/options.h b/dropbear/options.h index 1b6ce53..18ccb78 100644 --- a/dropbear/options.h +++ b/dropbear/options.h @@ -5,8 +5,6 @@ #ifndef _OPTIONS_H_ #define _OPTIONS_H_ -extern const char *conf_path_file(const char *fn); /* in jni/interface.c */ - /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ diff --git a/dropbear/svr-auth.c b/dropbear/svr-auth.c index 89760ef..4fcfea6 100644 --- a/dropbear/svr-auth.c +++ b/dropbear/svr-auth.c @@ -261,6 +261,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) { } /* check if we are running as non-root, and login user is different from the server */ +#if 0 uid = geteuid(); if (uid != 0 && uid != ses.authstate.pw_uid) { TRACE(("running as nonroot, only server uid is allowed")) @@ -308,6 +309,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) { goodshell: endusershell(); TRACE(("matching shell")) +#endif /* 0 */ TRACE(("uid = %d", ses.authstate.pw_uid)) TRACE(("leave checkusername")) diff --git a/dropbear/svr-authpubkey.c b/dropbear/svr-authpubkey.c index 66fe5e5..bbb0a45 100644 --- a/dropbear/svr-authpubkey.c +++ b/dropbear/svr-authpubkey.c @@ -202,6 +202,7 @@ static int checkpubkey(unsigned char* algo, unsigned int algolen, goto out; } +#if 0 /* check file permissions, also whether file exists */ if (checkpubkeyperms() == DROPBEAR_FAILURE) { TRACE(("bad authorized_keys permissions, or file doesn't exist")) @@ -216,6 +217,11 @@ static int checkpubkey(unsigned char* algo, unsigned int algolen, filename = m_malloc(len + 22); snprintf(filename, len + 22, "%s/.ssh/authorized_keys", ses.authstate.pw_dir); +#else /* 0 */ + len = strlen(conf_path); + filename = m_malloc(len + 40); + snprintf(filename, len + 40, "%s/authorized_keys", conf_path); +#endif /* 0 */ /* open the file */ authfile = fopen(filename, "r"); diff --git a/dropbear/svr-chansession.c b/dropbear/svr-chansession.c index 67122bb..63d3cdb 100644 --- a/dropbear/svr-chansession.c +++ b/dropbear/svr-chansession.c @@ -588,10 +588,12 @@ static int sessionpty(struct ChanSess * chansess) { dropbear_exit("Out of memory"); /* TODO disconnect */ } +#if 0 pw = getpwnam(ses.authstate.pw_name); if (!pw) dropbear_exit("getpwnam failed after succeeding previously"); pty_setowner(pw, chansess->tty); +#endif /* 0 */ /* Set up the rows/col counts */ sessionwinchange(chansess); diff --git a/jni/config.h b/jni/config.h index 090c79e..b7b360a 100644 --- a/jni/config.h +++ b/jni/config.h @@ -28,4 +28,11 @@ #define DBMULTI_dropbear 1 #define DROPBEAR_MULTI 1 + +extern const char *conf_path_file(const char *fn); /* in jni/interface.c */ +extern const char *conf_path; +extern const char *conf_shell; +extern const char *conf_home; + + #endif /* __CONFIG_H__ */