Merge remote-tracking branch 'origin/erp5scalabilitytestbed'
[slapos.git] / component / dropbear / userspace.patch
1 diff --git a/options.h b/options.h
2 index d309ab4..63048e1 100644
3 --- a/options.h
4 +++ b/options.h
5 @@ -287,6 +287,12 @@ be overridden at runtime with -I. 0 disables idle timeouts */
6  /* The default path. This will often get replaced by the shell */
7  #define DEFAULT_PATH "/usr/bin:/bin"
8  
9 +/* The prefix of dropbear environment variable overriding. */
10 +#define DROPBEAR_OVERRIDE_PREFIX "DROPBEAR_OVERRIDE_"
11 +#define DROPBEAR_OVERRIDE_PASSWORD DROPBEAR_OVERRIDE_PREFIX "PASSWORD"
12 +#define DROPBEAR_OVERRIDE_HOME DROPBEAR_OVERRIDE_PREFIX "HOME"
13 +#define DROPBEAR_OVERRIDE_SHELL DROPBEAR_OVERRIDE_PREFIX "SHELL"
14 +
15  /* Some other defines (that mostly should be left alone) are defined
16   * in sysoptions.h */
17  #include "sysoptions.h"
18 diff --git a/runopts.h b/runopts.h
19 index 83b5861..f8999b9 100644
20 --- a/runopts.h
21 +++ b/runopts.h
22 @@ -86,6 +86,15 @@ typedef struct svr_runopts {
23         int noauthpass;
24         int norootpass;
25  
26 +#ifdef ENABLE_SINGLEUSER
27 +       int singleuser;
28 +       struct {
29 +               char *password;
30 +               char *home;
31 +               char *shell;
32 +       } singleuserenv;
33 +#endif /* ifdef ENABLE_SINGLEUSER */
34 +
35  #ifdef ENABLE_SVR_REMOTETCPFWD
36         int noremotetcp;
37  #endif
38 diff --git a/svr-auth.c b/svr-auth.c
39 index 87e3c5e..adb2e8b 100644
40 --- a/svr-auth.c
41 +++ b/svr-auth.c
42 @@ -126,6 +126,14 @@ void recv_msg_userauth_request() {
43  
44         
45         username = buf_getstring(ses.payload, &userlen);
46 +#ifdef ENABLE_SINGLEUSER
47 +       /* If userspace enabled, ignore username */
48 +       if (svr_opts.singleuser) {
49 +               m_free(username);
50 +               /* Get the current login of the user running dropbear */
51 +               username = m_strdup(getlogin());
52 +       }
53 +#endif /* ifdef ENABLE_SINGLEUSER */
54         servicename = buf_getstring(ses.payload, &servicelen);
55         methodname = buf_getstring(ses.payload, &methodlen);
56  
57 @@ -228,6 +236,18 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
58                         }
59                         authclear();
60                         fill_passwd(username);
61 +#ifdef ENABLE_SINGLEUSER
62 +                       if (svr_opts.singleuser) {
63 +                               if (svr_opts.singleuserenv.home != NULL) {
64 +                                       m_free(ses.authstate.pw_dir);
65 +                                       ses.authstate.pw_dir = m_strdup(svr_opts.singleuserenv.home);
66 +                               }
67 +                               if (svr_opts.singleuserenv.shell != NULL) {
68 +                                       m_free(ses.authstate.pw_shell);
69 +                                       ses.authstate.pw_shell = m_strdup(svr_opts.singleuserenv.shell);
70 +                               }
71 +                       }
72 +#endif /* ifdef ENABLE_SINGLEUSER */
73                         ses.authstate.username = m_strdup(username);
74         }
75  
76 diff --git a/svr-runopts.c b/svr-runopts.c
77 index 2e836d2..1c21d7c 100644
78 --- a/svr-runopts.c
79 +++ b/svr-runopts.c
80 @@ -83,6 +83,9 @@ static void printhelp(const char * progname) {
81                                         "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
82                                         "-K <keepalive>  (0 is never, default %d)\n"
83                                         "-I <idle_timeout>  (0 is never, default %d)\n"
84 +#ifdef ENABLE_SINGLEUSER
85 +                                       "-n             Enable the single user mode.\n"
86 +#endif /* ifdef ENABLE_SINGLEUSER */
87  #ifdef DEBUG_TRACE
88                                         "-v             verbose (compiled with DEBUG_TRACE)\n"
89  #endif
90 @@ -128,6 +131,12 @@ void svr_getopts(int argc, char ** argv) {
91  #ifndef DISABLE_ZLIB
92         opts.enable_compress = 1;
93  #endif
94 +#ifdef ENABLE_SINGLEUSER
95 +       svr_opts.singleuser = 0;
96 +       svr_opts.singleuserenv.password = NULL;
97 +       svr_opts.singleuserenv.home = NULL;
98 +       svr_opts.singleuserenv.shell = NULL;
99 +#endif /* ifdef ENABLE_SINGLEUSER */
100         /* not yet
101         opts.ipv4 = 1;
102         opts.ipv6 = 1;
103 @@ -242,6 +251,17 @@ void svr_getopts(int argc, char ** argv) {
104                                 case 'u':
105                                         /* backwards compatibility with old urandom option */
106                                         break;
107 +#ifdef ENABLE_SINGLEUSER
108 +                               case 'n':
109 +#ifndef ENABLE_SINGLEUSER_ROOT
110 +                                       /* If current user is root */
111 +                                       if (getuid() == 0) {
112 +                                               dropbear_log(LOG_ERR, "Can't enable singleuser mode as root.");
113 +                                       }
114 +#endif /* ifndef ENABLE_SINGLEUSER_ROOT */
115 +                                       svr_opts.singleuser = 1;
116 +                                       break;
117 +#endif /* ifdef ENABLE_SINGLEUSER */
118  #ifdef DEBUG_TRACE
119                                 case 'v':
120                                         debug_trace = 1;
121 @@ -313,6 +333,20 @@ void svr_getopts(int argc, char ** argv) {
122                 }
123                 opts.idle_timeout_secs = val;
124         }
125 +#ifdef ENABLE_SINGLEUSER
126 +       if (svr_opts.singleuser) {
127 +               dropbear_log(LOG_INFO, "Starting dropbear as single user mode.");
128 +               svr_opts.singleuserenv.password = getenv(DROPBEAR_OVERRIDE_PASSWORD);
129 +               svr_opts.singleuserenv.home = getenv(DROPBEAR_OVERRIDE_HOME);
130 +               if (svr_opts.singleuserenv.home != NULL) {
131 +                       dropbear_log(LOG_INFO, "Single user home is '%s'", svr_opts.singleuserenv.home);
132 +               }
133 +               svr_opts.singleuserenv.shell = getenv(DROPBEAR_OVERRIDE_SHELL);
134 +               if (svr_opts.singleuserenv.shell != NULL) {
135 +                       dropbear_log(LOG_INFO, "Single user shell is '%s'", svr_opts.singleuserenv.shell);
136 +               }
137 +       }
138 +#endif /* ifdef ENABLE_SINGLEUSER */
139  }
140  
141  static void addportandaddress(char* spec) {