mirror of
https://github.com/termux-pacman/termux-packages.git
synced 2025-12-28 14:40:26 +00:00
6177c4de01
Updates the `sshd.c.patch` to align with upstream OpenSSH 10.0p2 and improves compatibility on Android. Specifically, the patch now conditionally compiles out certain privilege separation directory ownership/permission checks (`_PATH_PRIVSEP_CHROOT_DIR`) when building for Android. This aims to prevent errors like "Privilege separation user sshd does not exist" when running sshd as root on Android systems, where user and filesystem conventions differ.
102 lines
2.9 KiB
Diff
102 lines
2.9 KiB
Diff
diff --git a/sshd.c b/sshd.c
|
|
index 4a93e29e4..8e389f7c6 100644
|
|
--- a/sshd.c
|
|
+++ b/sshd.c
|
|
@@ -1324,7 +1324,8 @@ main(int ac, char **av)
|
|
saved_argc = ac;
|
|
rexec_argc = ac;
|
|
saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
|
|
- for (i = 0; (int)i < ac; i++)
|
|
+ saved_argv[0] = xstrdup("@TERMUX_PREFIX@/bin/sshd");
|
|
+ for (i = 1; (int)i < ac; i++)
|
|
saved_argv[i] = xstrdup(av[i]);
|
|
saved_argv[i] = NULL;
|
|
|
|
@@ -1333,10 +1334,10 @@ main(int ac, char **av)
|
|
compat_init_setproctitle(ac, av);
|
|
av = saved_argv;
|
|
#endif
|
|
-
|
|
+#ifndef __ANDROID__
|
|
if (geteuid() == 0 && setgroups(0, NULL) == -1)
|
|
debug("setgroups(): %.200s", strerror(errno));
|
|
-
|
|
+#endif
|
|
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
|
|
sanitise_stdfd();
|
|
|
|
@@ -1458,9 +1459,10 @@ main(int ac, char **av)
|
|
break;
|
|
}
|
|
}
|
|
+#ifndef __ANDROID__
|
|
if (!test_flag && !inetd_flag && !do_dump_cfg && !path_absolute(av[0]))
|
|
fatal("sshd requires execution with an absolute path");
|
|
-
|
|
+#endif
|
|
closefrom(STDERR_FILENO + 1);
|
|
|
|
/* Reserve fds we'll need later for reexec things */
|
|
@@ -1727,17 +1729,19 @@ main(int ac, char **av)
|
|
/* Ensure privsep directory is correctly configured. */
|
|
need_chroot = ((getuid() == 0 || geteuid() == 0) ||
|
|
options.kerberos_authentication);
|
|
+#ifndef __ANDROID__
|
|
if ((getpwnam(SSH_PRIVSEP_USER)) == NULL && need_chroot) {
|
|
fatal("Privilege separation user %s does not exist",
|
|
SSH_PRIVSEP_USER);
|
|
}
|
|
endpwent();
|
|
-
|
|
+#endif
|
|
if (need_chroot) {
|
|
if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &sb) == -1) ||
|
|
(S_ISDIR(sb.st_mode) == 0))
|
|
fatal("Missing privilege separation directory: %s",
|
|
_PATH_PRIVSEP_CHROOT_DIR);
|
|
+#ifndef __ANDROID__
|
|
#ifdef HAVE_CYGWIN
|
|
if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) &&
|
|
(sb.st_uid != getuid () ||
|
|
@@ -1747,6 +1751,7 @@ main(int ac, char **av)
|
|
#endif
|
|
fatal("%s must be owned by root and not group or "
|
|
"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
|
|
+#endif
|
|
}
|
|
|
|
if (test_flag > 1)
|
|
@@ -1763,9 +1768,10 @@ main(int ac, char **av)
|
|
* to create a file, and we can't control the code in every
|
|
* module which might be used).
|
|
*/
|
|
+#ifndef __ANDROID__
|
|
if (setgroups(0, NULL) < 0)
|
|
debug("setgroups() failed: %.200s", strerror(errno));
|
|
-
|
|
+#endif
|
|
/* Prepare arguments for sshd-session */
|
|
if (rexec_argc < 0)
|
|
fatal("rexec_argc %d < 0", rexec_argc);
|
|
@@ -1811,7 +1817,7 @@ main(int ac, char **av)
|
|
already_daemon = daemonized();
|
|
if (!(debug_flag || inetd_flag || no_daemon_flag || already_daemon)) {
|
|
|
|
- if (daemon(0, 0) == -1)
|
|
+ if (daemon(1, 0) == -1)
|
|
fatal("daemon() failed: %.200s", strerror(errno));
|
|
|
|
disconnect_controlling_tty();
|
|
@@ -1823,9 +1829,10 @@ main(int ac, char **av)
|
|
* Chdir to the root directory so that the current disk can be
|
|
* unmounted if desired.
|
|
*/
|
|
+#ifndef __ANDROID__
|
|
if (chdir("/") == -1)
|
|
error("chdir(\"/\"): %s", strerror(errno));
|
|
-
|
|
+#endif
|
|
/* ignore SIGPIPE */
|
|
ssh_signal(SIGPIPE, SIG_IGN);
|
|
|