0006-dropbear-add-a-failsafe-mode-that-will-always-allow-password-less-root-login.patch 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. From: Matthias Schiffer <mschiffer@universe-factory.net>
  2. Date: Tue, 27 Sep 2016 03:55:55 +0200
  3. Subject: dropbear: add a failsafe mode that will always allow password-less root login
  4. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
  5. diff --git a/package/network/services/dropbear/patches/700-failsafe-mode.patch b/package/network/services/dropbear/patches/700-failsafe-mode.patch
  6. new file mode 100644
  7. index 0000000000000000000000000000000000000000..c6e45423e2dba1258549a5bfe4b5a59ac32d73d8
  8. --- /dev/null
  9. +++ b/package/network/services/dropbear/patches/700-failsafe-mode.patch
  10. @@ -0,0 +1,57 @@
  11. +--- a/runopts.h
  12. ++++ b/runopts.h
  13. +@@ -97,6 +97,8 @@ typedef struct svr_runopts {
  14. + int norootpass;
  15. + int allowblankpass;
  16. +
  17. ++ int failsafe_mode;
  18. ++
  19. + #ifdef ENABLE_SVR_REMOTETCPFWD
  20. + int noremotetcp;
  21. + #endif
  22. +--- a/svr-auth.c
  23. ++++ b/svr-auth.c
  24. +@@ -149,10 +149,11 @@ void recv_msg_userauth_request() {
  25. + AUTH_METHOD_NONE_LEN) == 0) {
  26. + TRACE(("recv_msg_userauth_request: 'none' request"))
  27. + if (valid_user
  28. +- && (svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root"))
  29. +- && !svr_opts.noauthpass
  30. +- && !(svr_opts.norootpass && ses.authstate.pw_uid == 0)
  31. +- && ses.authstate.pw_passwd[0] == '\0')
  32. ++ && ((svr_opts.failsafe_mode && !strcmp(ses.authstate.pw_name, "root"))
  33. ++ || ((svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root"))
  34. ++ && !svr_opts.noauthpass
  35. ++ && !(svr_opts.norootpass && ses.authstate.pw_uid == 0)
  36. ++ && ses.authstate.pw_passwd[0] == '\0')))
  37. + {
  38. + dropbear_log(LOG_NOTICE,
  39. + "Auth succeeded with blank password for '%s' from %s",
  40. +--- a/svr-runopts.c
  41. ++++ b/svr-runopts.c
  42. +@@ -72,6 +72,7 @@ static void printhelp(const char * progn
  43. + "-s Disable password logins\n"
  44. + "-g Disable password logins for root\n"
  45. + "-B Allow blank password logins\n"
  46. ++ "-f Failsafe mode: always allow password-less root login\n"
  47. + #endif
  48. + #ifdef ENABLE_SVR_LOCALTCPFWD
  49. + "-j Disable local port forwarding\n"
  50. +@@ -130,6 +131,7 @@ void svr_getopts(int argc, char ** argv)
  51. + svr_opts.noauthpass = 0;
  52. + svr_opts.norootpass = 0;
  53. + svr_opts.allowblankpass = 0;
  54. ++ svr_opts.failsafe_mode = 0;
  55. + svr_opts.inetdmode = 0;
  56. + svr_opts.portcount = 0;
  57. + svr_opts.hostkey = NULL;
  58. +@@ -244,6 +246,9 @@ void svr_getopts(int argc, char ** argv)
  59. + case 'B':
  60. + svr_opts.allowblankpass = 1;
  61. + break;
  62. ++ case 'f':
  63. ++ svr_opts.failsafe_mode = 1;
  64. ++ break;
  65. + #endif
  66. + case 'h':
  67. + printhelp(argv[0]);