Mercurial > dropbear
annotate tcpfwd.h @ 1930:299f4f19ba19
Add /usr/sbin and /sbin to default root PATH
When dropbear is used in a very restricted environment (such as in a
initrd), the default user shell is often also very restricted
and doesn't take care of setting the PATH so the user ends up
with the PATH set by dropbear. Unfortunately, dropbear always
sets "/usr/bin:/bin" as default PATH even for the root user
which should have /usr/sbin and /sbin too.
For a concrete instance of this problem, see the "Remote Unlocking"
section in this tutorial: https://paxswill.com/blog/2013/11/04/encrypted-raspberry-pi/
It speaks of a bug in the initramfs script because it's written "blkid"
instead of "/sbin/blkid"... this is just because the scripts from the
initramfs do not expect to have a PATH without the sbin directories and
because dropbear is not setting the PATH appropriately for the root user.
I'm thus suggesting to use the attached patch to fix this misbehaviour (I
did not test it, but it's easy enough). It might seem anecdotic but
multiple Kali users have been bitten by this.
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403
| author | Raphael Hertzog <hertzog@debian.org> |
|---|---|
| date | Mon, 09 Jul 2018 16:27:53 +0200 |
| parents | 1d86a58fb52d |
| children |
| rev | line source |
|---|---|
| 64 | 1 /* |
| 2 * Dropbear - a SSH2 server | |
| 3 * | |
| 4 * Copyright (c) 2002,2003 Matt Johnston | |
| 5 * All rights reserved. | |
| 6 * | |
| 7 * Permission is hereby granted, free of charge, to any person obtaining a copy | |
| 8 * of this software and associated documentation files (the "Software"), to deal | |
| 9 * in the Software without restriction, including without limitation the rights | |
| 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| 11 * copies of the Software, and to permit persons to whom the Software is | |
| 12 * furnished to do so, subject to the following conditions: | |
| 13 * | |
| 14 * The above copyright notice and this permission notice shall be included in | |
| 15 * all copies or substantial portions of the Software. | |
| 16 * | |
| 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
| 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
| 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
| 20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
| 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
| 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
| 23 * SOFTWARE. */ | |
|
1036
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
948
diff
changeset
|
24 #ifndef DROPBEAR_TCPFWD_H |
|
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
948
diff
changeset
|
25 #define DROPBEAR_TCPFWD_H |
| 64 | 26 |
| 27 #include "channel.h" | |
|
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
28 #include "list.h" |
|
1620
572a7aefa188
FIx remote forward listeners
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
29 #include "listener.h" |
| 64 | 30 |
| 31 struct TCPListener { | |
| 32 | |
|
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
33 /* For a direct-tcpip request, it's the addr/port we want the other |
| 64 | 34 * end to connect to */ |
|
1099
4b21d9067162
Turn sendaddr, listenaddr and request_listenaddr local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1036
diff
changeset
|
35 char *sendaddr; |
| 64 | 36 unsigned int sendport; |
| 37 | |
|
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
38 /* This is the address/port that we listen on. The address has special |
|
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
39 * meanings as per the rfc, "" for all interfaces, "localhost" for |
|
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
40 * localhost, or a normal interface name. */ |
|
1099
4b21d9067162
Turn sendaddr, listenaddr and request_listenaddr local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1036
diff
changeset
|
41 char *listenaddr; |
| 64 | 42 unsigned int listenport; |
|
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
579
diff
changeset
|
43 /* The address that the remote host asked to listen on */ |
|
1099
4b21d9067162
Turn sendaddr, listenaddr and request_listenaddr local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1036
diff
changeset
|
44 char *request_listenaddr; |
| 64 | 45 |
| 46 const struct ChanType *chantype; | |
|
259
c049490e43fe
* fix -L forwarding on the client, broke last rev
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
47 enum {direct, forwarded} tcp_type; |
| 64 | 48 }; |
| 49 | |
|
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
50 /* A forwarding entry */ |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
51 struct TCPFwdEntry { |
|
1116
3d9519ec2b85
Turn TCPFwdEntry's connectaddr and listenaddr attributes into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1099
diff
changeset
|
52 const char *connectaddr; |
| 64 | 53 unsigned int connectport; |
|
1116
3d9519ec2b85
Turn TCPFwdEntry's connectaddr and listenaddr attributes into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1099
diff
changeset
|
54 const char *listenaddr; |
| 64 | 55 unsigned int listenport; |
|
505
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
56 unsigned int have_reply; /* is set to 1 after a reply has been received |
|
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
57 when setting up the forwarding */ |
| 64 | 58 }; |
| 59 | |
| 60 /* Server */ | |
|
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1116
diff
changeset
|
61 void recv_msg_global_request_remotetcp(void); |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
62 |
| 64 | 63 extern const struct ChanType svr_chan_tcpdirect; |
| 64 | |
| 65 /* Client */ | |
|
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1116
diff
changeset
|
66 void setup_localtcp(void); |
|
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1116
diff
changeset
|
67 void setup_remotetcp(void); |
| 64 | 68 extern const struct ChanType cli_chan_tcpremote; |
|
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1116
diff
changeset
|
69 void cli_recv_msg_request_success(void); |
|
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1116
diff
changeset
|
70 void cli_recv_msg_request_failure(void); |
| 64 | 71 |
| 72 /* Common */ | |
|
1620
572a7aefa188
FIx remote forward listeners
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
73 int listen_tcpfwd(struct TCPListener* tcpinfo, struct Listener **ret_listener); |
|
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
855
diff
changeset
|
74 |
|
948
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
941
diff
changeset
|
75 /* A random identifier */ |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
941
diff
changeset
|
76 #define CHANNEL_ID_TCPFORWARDED 0x43612c67 |
| 64 | 77 |
| 78 #endif |