From 310357fe30b308d8cb0cfb108fa3fb2693fbc7cf Mon Sep 17 00:00:00 2001
From: Chongyun Lee <45286352+licy183@users.noreply.github.com>
Date: Mon, 8 Jul 2024 01:20:35 +0800
Subject: [PATCH] openssh: only allow root login if sshd is started as root

---
 packages/openssh/auth-passwd.c.patch  |  9 +++++++--
 packages/openssh/auth.c.patch         |  7 +++----
 packages/openssh/build.sh             |  2 +-
 packages/openssh/sshd-session.c.patch | 21 +++++++++++++++++++++
 packages/openssh/sshd.c.patch         |  2 +-
 5 files changed, 33 insertions(+), 8 deletions(-)
 create mode 100644 packages/openssh/sshd-session.c.patch

diff --git a/packages/openssh/auth-passwd.c.patch b/packages/openssh/auth-passwd.c.patch
index 3019f16e89c84a..2bf6ecfb8b33fc 100644
--- a/packages/openssh/auth-passwd.c.patch
+++ b/packages/openssh/auth-passwd.c.patch
@@ -11,7 +11,7 @@
  extern struct sshbuf *loginmsg;
  extern ServerOptions options;
  
-@@ -187,6 +191,12 @@
+@@ -187,6 +191,17 @@
  		return (auth_close(as));
  	}
  }
@@ -19,7 +19,12 @@
 +int
 +sys_auth_passwd(struct ssh *ssh, const char *password)
 +{
-+	return termux_auth(((Authctxt *)ssh->authctxt)->user, password);	
++	Authctxt *authctxt = ssh->authctxt;
++	/* If sshd is starting as root, only allow root login */
++	if (authctxt->pw->pw_uid == 0 && strcmp(authctxt->user, "root") != 0) {
++		return 0;
++	}
++	return termux_auth(authctxt->user, password);	
 +}
  #elif !defined(CUSTOM_SYS_AUTH_PASSWD)
  int
diff --git a/packages/openssh/auth.c.patch b/packages/openssh/auth.c.patch
index 6f63bda71fe600..e44fd9b25b4046 100644
--- a/packages/openssh/auth.c.patch
+++ b/packages/openssh/auth.c.patch
@@ -1,17 +1,16 @@
 diff -uNr openssh-portable-V_9_5_P1/auth.c openssh-portable-V_9_5_P1.mod/auth.c
 --- openssh-portable-V_9_5_P1/auth.c	2023-10-04 07:34:10.000000000 +0300
 +++ openssh-portable-V_9_5_P1.mod/auth.c	2023-11-23 16:29:34.257875879 +0200
-@@ -485,7 +485,13 @@
+@@ -485,7 +485,12 @@
  	aix_setauthdb(user);
  #endif
  
 +#ifdef __ANDROID__
-+        /* Effectively a single-user system, use current user no matter supplied user */
-+        pw = getpwuid(getuid());
++	/* Effectively a single-user system, use current user no matter supplied user */
++	pw = getpwuid(getuid());
 +#else
  	pw = getpwnam(user);
 +#endif
-+
  
  #if defined(_AIX) && defined(HAVE_SETAUTHDB)
  	aix_restoreauthdb();
diff --git a/packages/openssh/build.sh b/packages/openssh/build.sh
index 0797d535dd3a01..a20fbe38cfbcab 100644
--- a/packages/openssh/build.sh
+++ b/packages/openssh/build.sh
@@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="Secure shell for logging into a remote machine"
 TERMUX_PKG_LICENSE="BSD"
 TERMUX_PKG_MAINTAINER="@termux"
 TERMUX_PKG_VERSION="9.8p1"
-TERMUX_PKG_REVISION=3
+TERMUX_PKG_REVISION=4
 TERMUX_PKG_SRCURL=https://github.com/openssh/openssh-portable/archive/refs/tags/V_$(sed 's/\./_/g; s/p/_P/g' <<< $TERMUX_PKG_VERSION).tar.gz
 TERMUX_PKG_SHA256=d8f6802914e4c344dc74599c29915651554bb318102d71cb4063e1f4a0d8286f
 TERMUX_PKG_AUTO_UPDATE=true
diff --git a/packages/openssh/sshd-session.c.patch b/packages/openssh/sshd-session.c.patch
new file mode 100644
index 00000000000000..defff7e8e966d4
--- /dev/null
+++ b/packages/openssh/sshd-session.c.patch
@@ -0,0 +1,21 @@
+--- a/sshd-session.c
++++ b/sshd-session.c
+@@ -1074,7 +1074,18 @@
+ 
+ 	/* Store privilege separation user for later use if required. */
+ 	privsep_chroot = (getuid() == 0 || geteuid() == 0);
++#ifdef __ANDROID__
++	/* Let the privilege separation user be Termux on Android */
++	do {
++		struct stat st;
++		if (stat("@TERMUX_PREFIX@", &st) != -1) {
++			privsep_pw = getpwuid(st.st_uid);
++		}
++	} while (0);
++	if (privsep_pw == NULL) {
++#else
+ 	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
++#endif
+ 		if (privsep_chroot || options.kerberos_authentication)
+ 			fatal("Privilege separation user %s does not exist",
+ 			    SSH_PRIVSEP_USER);
diff --git a/packages/openssh/sshd.c.patch b/packages/openssh/sshd.c.patch
index afd7f7f12cf5f3..18ed0d133f748f 100644
--- a/packages/openssh/sshd.c.patch
+++ b/packages/openssh/sshd.c.patch
@@ -6,7 +6,7 @@ diff -uNr openssh-portable-V_9_8_P1/sshd.c openssh-portable-V_9_8_P1.mod/sshd.c
  	rexec_argc = ac;
  	saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
 -	for (i = 0; (int)i < ac; i++)
-+	saved_argv[0] = "@TERMUX_PREFIX@/bin/sshd";
++	saved_argv[0] = xstrdup("@TERMUX_PREFIX@/bin/sshd");
 +	for (i = 1; (int)i < ac; i++)
  		saved_argv[i] = xstrdup(av[i]);
  	saved_argv[i] = NULL;