source/installer/sources/dropbear/dropbear_emptypass.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

diff -Nur dropbear-20171018_fa3b0dd3.orig/svr-authpasswd.c dropbear-20171018_fa3b0dd3/svr-authpasswd.c
--- dropbear-20171018_fa3b0dd3.orig/svr-authpasswd.c	2018-01-13 19:19:59.000000000 -0600
+++ dropbear-20171018_fa3b0dd3/svr-authpasswd.c	2018-01-13 23:07:16.441369958 -0600
@@ -88,12 +88,16 @@
 	}
 
 	/* check for empty password */
+	/* Yep, good idea, but for our usage, it's okay - dropbear has to be
+	   started manually in the installer, so setting a password or not is
+	   up to the admin
 	if (passwdcrypt[0] == '\0') {
 		dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
 				ses.authstate.pw_name);
 		send_msg_userauth_failure(0, 1);
 		return;
 	}
+	*/
 
 	if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
 		/* successful authentication */