openssh: only allow root login if sshd is started as root

termux · Jul 9, 2024 · 310357f · 310357f
1 parent 061a44b
commit 310357f
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 8 deletions.
diff --git a/packages/openssh/auth-passwd.c.patch b/packages/openssh/auth-passwd.c.patch
@@ -11,15 +11,20 @@
  extern struct sshbuf *loginmsg;
  extern ServerOptions options;
 
-@@ -187,6 +191,12 @@
+@@ -187,6 +191,17 @@
  		return (auth_close(as));
  	}
  }
 +#elif defined(__TERMUX__)
 +int
 +sys_auth_passwd(struct ssh *ssh, const char *password)
 +{
-+	return termux_auth(((Authctxt *)ssh->authctxt)->user, password);	
++	Authctxt *authctxt = ssh->authctxt;
++	/* If sshd is starting as root, only allow root login */
++	if (authctxt->pw->pw_uid == 0 && strcmp(authctxt->user, "root") != 0) {
++		return 0;
++	}
++	return termux_auth(authctxt->user, password);	
 +}
  #elif !defined(CUSTOM_SYS_AUTH_PASSWD)
  int

diff --git a/packages/openssh/auth.c.patch b/packages/openssh/auth.c.patch
@@ -1,17 +1,16 @@
 diff -uNr openssh-portable-V_9_5_P1/auth.c openssh-portable-V_9_5_P1.mod/auth.c
 --- openssh-portable-V_9_5_P1/auth.c	2023-10-04 07:34:10.000000000 +0300
 +++ openssh-portable-V_9_5_P1.mod/auth.c	2023-11-23 16:29:34.257875879 +0200
-@@ -485,7 +485,13 @@
+@@ -485,7 +485,12 @@
  	aix_setauthdb(user);
  #endif
 
 +#ifdef __ANDROID__
-+        /* Effectively a single-user system, use current user no matter supplied user */
-+        pw = getpwuid(getuid());
++	/* Effectively a single-user system, use current user no matter supplied user */
++	pw = getpwuid(getuid());
 +#else
  	pw = getpwnam(user);
 +#endif
-+
 
  #if defined(_AIX) && defined(HAVE_SETAUTHDB)
  	aix_restoreauthdb();
diff --git a/packages/openssh/build.sh b/packages/openssh/build.sh
@@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="Secure shell for logging into a remote machine"
 TERMUX_PKG_LICENSE="BSD"
 TERMUX_PKG_MAINTAINER="@termux"
 TERMUX_PKG_VERSION="9.8p1"
-TERMUX_PKG_REVISION=3
+TERMUX_PKG_REVISION=4
 TERMUX_PKG_SRCURL=https://github.com/openssh/openssh-portable/archive/refs/tags/V_$(sed 's/\./_/g; s/p/_P/g' <<< $TERMUX_PKG_VERSION).tar.gz
 TERMUX_PKG_SHA256=d8f6802914e4c344dc74599c29915651554bb318102d71cb4063e1f4a0d8286f
 TERMUX_PKG_AUTO_UPDATE=true

diff --git a/packages/openssh/sshd-session.c.patch b/packages/openssh/sshd-session.c.patch
@@ -0,0 +1,21 @@
+--- a/sshd-session.c
++++ b/sshd-session.c
+@@ -1074,7 +1074,18 @@
+
+ 	/* Store privilege separation user for later use if required. */
+ 	privsep_chroot = (getuid() == 0 || geteuid() == 0);
++#ifdef __ANDROID__
++	/* Let the privilege separation user be Termux on Android */
++	do {
++		struct stat st;
++		if (stat("@TERMUX_PREFIX@", &st) != -1) {
++			privsep_pw = getpwuid(st.st_uid);
++		}
++	} while (0);
++	if (privsep_pw == NULL) {
++#else
+ 	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
++#endif
+ 		if (privsep_chroot || options.kerberos_authentication)
+ 			fatal("Privilege separation user %s does not exist",
+ 			    SSH_PRIVSEP_USER);
diff --git a/packages/openssh/sshd.c.patch b/packages/openssh/sshd.c.patch
@@ -6,7 +6,7 @@ diff -uNr openssh-portable-V_9_8_P1/sshd.c openssh-portable-V_9_8_P1.mod/sshd.c
  	rexec_argc = ac;
  	saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
 -	for (i = 0; (int)i < ac; i++)
-+	saved_argv[0] = "@TERMUX_PREFIX@/bin/sshd";
++	saved_argv[0] = xstrdup("@TERMUX_PREFIX@/bin/sshd");
 +	for (i = 1; (int)i < ac; i++)
  		saved_argv[i] = xstrdup(av[i]);
  	saved_argv[i] = NULL;