1 files changed, 19 insertions, 11 deletions

diff --git a/source/installer/sources/dropbear/dropbear_emptypass.patch b/source/installer/sources/dropbear/dropbear_emptypass.patch
index 25924008..a3f27f47 100644
--- a/source/installer/sources/dropbear/dropbear_emptypass.patch
+++ b/source/installer/sources/dropbear/dropbear_emptypass.patch
@@ -1,12 +1,20 @@
-diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h
---- dropbear-2012.55.orig/options.h	2012-02-23 07:47:06.000000000 -0600
-+++ dropbear-2012.55/options.h	2012-04-07 15:09:15.676322495 -0500
-@@ -180,7 +180,7 @@
-  * Public key logins are allowed for blank-password accounts regardless of this
-  * setting.  PAM is not affected by this setting, it uses the normal pam.d
-  * settings ('nullok' option) */
--/* #define ALLOW_BLANK_PASSWORD */
-+#define ALLOW_BLANK_PASSWORD
+diff -Nur dropbear-20171018_fa3b0dd3.orig/svr-authpasswd.c dropbear-20171018_fa3b0dd3/svr-authpasswd.c
+--- dropbear-20171018_fa3b0dd3.orig/svr-authpasswd.c	2018-01-13 19:19:59.000000000 -0600
++++ dropbear-20171018_fa3b0dd3/svr-authpasswd.c	2018-01-13 23:07:16.441369958 -0600
+@@ -88,12 +88,16 @@
+ 	}
  
- #define ENABLE_CLI_PASSWORD_AUTH
- #define ENABLE_CLI_PUBKEY_AUTH
+ 	/* check for empty password */
++	/* Yep, good idea, but for our usage, it's okay - dropbear has to be
++	   started manually in the installer, so setting a password or not is
++	   up to the admin
+ 	if (passwdcrypt[0] == '\0') {
+ 		dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
+ 				ses.authstate.pw_name);
+ 		send_msg_userauth_failure(0, 1);
+ 		return;
+ 	}
++	*/
+ 
+ 	if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
+ 		/* successful authentication */