Dropbear patch suggestion

Jeff Tope jeff.tope at btopenworld.com
Thu Apr 3 12:47:06 WST 2008 

Hi,

I found an issue when you only want to use an ssh key on a system with only root and no root password.  I have pasted a diff of my suggested changes for you to review below.  

Basically, if you are not using passwords, it removes the checks for empty password.  

There may be a better way of doing this as I am new to dropbear.

Regards

Jeff

diff -Nru dropbear-0.51.orig/options.h dropbear-0.51/options.h
--- dropbear-0.51.orig/options.h        2008-03-27 13:34:39.000000000 +0000
+++ dropbear-0.51/options.h     2008-03-28 10:21:06.000000000 +0000
@@ -132,7 +132,7 @@
  * but there's an interface via a PAM module - don't bother using it otherwise.
  * You can't enable both PASSWORD and PAM. */
 
-#define ENABLE_SVR_PASSWORD_AUTH
+/*#define ENABLE_SVR_PASSWORD_AUTH */
 /*#define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */
 #define ENABLE_SVR_PUBKEY_AUTH
 
diff -Nru dropbear-0.51.orig/svr-auth.c dropbear-0.51/svr-auth.c
--- dropbear-0.51.orig/svr-auth.c       2008-03-27 13:17:16.000000000 +0000
+++ dropbear-0.51/svr-auth.c    2008-03-28 10:21:09.000000000 +0000
@@ -271,14 +271,18 @@
                return DROPBEAR_FAILURE;
        }
 
-       /* check for an empty password */
-       if (ses.authstate.pw_passwd[0] == '\0') {
+#ifdef ENABLE_SVR_PASSWORD_AUTH
+/* only care if using passwords! */
+/* check for an empty password */
+       if (!svr_opts.noauthpass &&
+               ses.authstate.pw->pw_passwd[0] == '\0') {
                TRACE(("leave checkusername: empty pword"))
                dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
                                ses.authstate.pw_name);
                send_msg_userauth_failure(0, 1);
                return DROPBEAR_FAILURE;
        }
+#endif
 
        TRACE(("shell is %s", ses.authstate.pw_shell))
 
diff -Nru dropbear-0.51.orig/svr-runopts.c dropbear-0.51/svr-runopts.c
--- dropbear-0.51.orig/svr-runopts.c    2008-03-27 13:17:16.000000000 +0000
+++ dropbear-0.51/svr-runopts.c 2008-03-28 10:29:24.000000000 +0000
@@ -111,8 +111,13 @@
        svr_opts.banner = NULL;
        svr_opts.forkbg = 1;
        svr_opts.norootlogin = 0;
+#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
        svr_opts.noauthpass = 0;
        svr_opts.norootpass = 0;
+#else
+       svr_opts.noauthpass = 1;
+       svr_opts.norootpass = 1;
+#endif
        svr_opts.inetdmode = 0;
        svr_opts.portcount = 0;
        svr_opts.hostkey = NULL;

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20080403/18cb43c5/attachment.htm

More information about the Dropbear mailing list