Dropbear patch suggestion
Jeff Tope
jeff.tope at btopenworld.com
Thu Apr 3 12:47:06 WST 2008
Hi,
I found an issue when you only want to use an ssh key on a system with only root and no root password. I have pasted a diff of my suggested changes for you to review below.
Basically, if you are not using passwords, it removes the checks for empty password.
There may be a better way of doing this as I am new to dropbear.
Regards
Jeff
diff -Nru dropbear-0.51.orig/options.h dropbear-0.51/options.h
--- dropbear-0.51.orig/options.h 2008-03-27 13:34:39.000000000 +0000
+++ dropbear-0.51/options.h 2008-03-28 10:21:06.000000000 +0000
@@ -132,7 +132,7 @@
* but there's an interface via a PAM module - don't bother using it otherwise.
* You can't enable both PASSWORD and PAM. */
-#define ENABLE_SVR_PASSWORD_AUTH
+/*#define ENABLE_SVR_PASSWORD_AUTH */
/*#define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */
#define ENABLE_SVR_PUBKEY_AUTH
diff -Nru dropbear-0.51.orig/svr-auth.c dropbear-0.51/svr-auth.c
--- dropbear-0.51.orig/svr-auth.c 2008-03-27 13:17:16.000000000 +0000
+++ dropbear-0.51/svr-auth.c 2008-03-28 10:21:09.000000000 +0000
@@ -271,14 +271,18 @@
return DROPBEAR_FAILURE;
}
- /* check for an empty password */
- if (ses.authstate.pw_passwd[0] == '\0') {
+#ifdef ENABLE_SVR_PASSWORD_AUTH
+/* only care if using passwords! */
+/* check for an empty password */
+ if (!svr_opts.noauthpass &&
+ ses.authstate.pw->pw_passwd[0] == '\0') {
TRACE(("leave checkusername: empty pword"))
dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
ses.authstate.pw_name);
send_msg_userauth_failure(0, 1);
return DROPBEAR_FAILURE;
}
+#endif
TRACE(("shell is %s", ses.authstate.pw_shell))
diff -Nru dropbear-0.51.orig/svr-runopts.c dropbear-0.51/svr-runopts.c
--- dropbear-0.51.orig/svr-runopts.c 2008-03-27 13:17:16.000000000 +0000
+++ dropbear-0.51/svr-runopts.c 2008-03-28 10:29:24.000000000 +0000
@@ -111,8 +111,13 @@
svr_opts.banner = NULL;
svr_opts.forkbg = 1;
svr_opts.norootlogin = 0;
+#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
svr_opts.noauthpass = 0;
svr_opts.norootpass = 0;
+#else
+ svr_opts.noauthpass = 1;
+ svr_opts.norootpass = 1;
+#endif
svr_opts.inetdmode = 0;
svr_opts.portcount = 0;
svr_opts.hostkey = NULL;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20080403/18cb43c5/attachment.htm
More information about the Dropbear
mailing list