Select Git revision
packages.rst
-
Matthias Schiffer authoredExplain the magic of gluon.mk. The feature flag documention is moved into this new page.
Matthias Schiffer authoredExplain the magic of gluon.mk. The feature flag documention is moved into this new page.
0003-dropbear-add-a-failsafe-mode-that-will-always-allow-password-less-root-login.patch 2.60 KiB
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Tue, 27 Sep 2016 03:55:55 +0200
Subject: dropbear: add a failsafe mode that will always allow password-less root login
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
diff --git a/package/network/services/dropbear/patches/700-failsafe-mode.patch b/package/network/services/dropbear/patches/700-failsafe-mode.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9b619ce80b2963c67ac62bcf95b33b28b505ad2a
--- /dev/null
+++ b/package/network/services/dropbear/patches/700-failsafe-mode.patch
@@ -0,0 +1,57 @@
+--- a/src/svr-auth.c
++++ b/src/svr-auth.c
+@@ -124,10 +124,11 @@ void recv_msg_userauth_request() {
+ AUTH_METHOD_NONE_LEN) == 0) {
+ TRACE(("recv_msg_userauth_request: 'none' request"))
+ if (valid_user
+- && (svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root"))
+- && !svr_opts.noauthpass
+- && !(svr_opts.norootpass && ses.authstate.pw_uid == 0)
+- && ses.authstate.pw_passwd[0] == '\0')
++ && ((svr_opts.failsafe_mode && !strcmp(ses.authstate.pw_name, "root"))
++ || ((svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root"))
++ && !svr_opts.noauthpass
++ && !(svr_opts.norootpass && ses.authstate.pw_uid == 0)
++ && ses.authstate.pw_passwd[0] == '\0')))
+ {
+ dropbear_log(LOG_NOTICE,
+ "Auth succeeded with blank password for '%s' from %s",
+--- a/src/svr-runopts.c
++++ b/src/svr-runopts.c
+@@ -82,6 +82,7 @@ static void printhelp(const char * progn
+ "-s Disable password logins\n"
+ "-g Disable password logins for root\n"
+ "-B Allow blank password logins\n"
++ "-f Failsafe mode: always allow password-less root login\n"
+ "-t Enable two-factor authentication (both password and public key required)\n"
+ #endif
+ "-T Maximum authentication tries (default %d)\n"
+@@ -166,6 +167,7 @@ void svr_getopts(int argc, char ** argv)
+ svr_opts.noauthpass = 0;
+ svr_opts.norootpass = 0;
+ svr_opts.allowblankpass = 0;
++ svr_opts.failsafe_mode = 0;
+ svr_opts.multiauthmethod = 0;
+ svr_opts.maxauthtries = MAX_AUTH_TRIES;
+ svr_opts.inetdmode = 0;
+@@ -263,6 +265,9 @@ void svr_getopts(int argc, char ** argv)
+ case '2':
+ next = &reexec_fd_arg;
+ break;
++ case 'f':
++ svr_opts.failsafe_mode = 1;
++ break;
+ #endif
+ case 'p':
+ nextisport = 1;
+--- a/src/runopts.h
++++ b/src/runopts.h
+@@ -110,6 +110,8 @@ typedef struct svr_runopts {
+ int multiauthmethod;
+ unsigned int maxauthtries;
+
++ int failsafe_mode;
++
+ #if DROPBEAR_SVR_REMOTETCPFWD
+ int noremotetcp;
+ #endif