package/dropbear/patches/100-pubkey_path.patch

   1 diff -urN dropbear.old/svr-authpubkey.c dropbear.dev/svr-authpubkey.c
   2 --- dropbear.old/svr-authpubkey.c       2005-12-09 06:42:33.000000000 +0100
   3 +++ dropbear.dev/svr-authpubkey.c       2005-12-12 01:35:32.139358750 +0100
   4 @@ -155,7 +155,6 @@
   5                 unsigned char* keyblob, unsigned int keybloblen) {
   6
   7         FILE * authfile = NULL;
   8 -       char * filename = NULL;
   9         int ret = DROPBEAR_FAILURE;
  10         buffer * line = NULL;
  11         unsigned int len, pos;
  12 @@ -176,17 +175,8 @@
  13                 goto out;
  14         }
  15
  16 -       /* we don't need to check pw and pw_dir for validity, since
  17 -        * its been done in checkpubkeyperms. */
  18 -       len = strlen(ses.authstate.pw->pw_dir);
  19 -       /* allocate max required pathname storage,
  20 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  21 -       filename = m_malloc(len + 22);
  22 -       snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
  23 -                               ses.authstate.pw->pw_dir);
  24 -
  25         /* open the file */
  26 -       authfile = fopen(filename, "r");
  27 +       authfile = fopen("/etc/dropbear/authorized_keys", "r");
  28         if (authfile == NULL) {
  29                 goto out;
  30         }
  31 @@ -247,7 +237,6 @@
  32         if (line) {
  33                 buf_free(line);
  34         }
  35 -       m_free(filename);
  36         TRACE(("leave checkpubkey: ret=%d", ret))
  37         return ret;
  38  }
  39 @@ -255,12 +244,11 @@
  40
  41  /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok,
  42   * DROPBEAR_FAILURE otherwise.
  43 - * Checks that the user's homedir, ~/.ssh, and
  44 - * ~/.ssh/authorized_keys are all owned by either root or the user, and are
  45 + * Checks that /etc/dropbear and /etc/dropbear/authorized_keys
  46 + * are all owned by either root or the user, and are
  47   * g-w, o-w */
  48  static int checkpubkeyperms() {
  49
  50 -       char* filename = NULL;
  51         int ret = DROPBEAR_FAILURE;
  52         unsigned int len;
  53
  54 @@ -274,25 +262,11 @@
  55                 goto out;
  56         }
  57
  58 -       /* allocate max required pathname storage,
  59 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  60 -       filename = m_malloc(len + 22);
  61 -       strncpy(filename, ses.authstate.pw->pw_dir, len+1);
  62 -
  63 -       /* check ~ */
  64 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  65 -               goto out;
  66 -       }
  67 -
  68 -       /* check ~/.ssh */
  69 -       strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
  70 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  71 +       if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
  72                 goto out;
  73         }
  74
  75 -       /* now check ~/.ssh/authorized_keys */
  76 -       strncat(filename, "/authorized_keys", 16);
  77 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  78 +       if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
  79                 goto out;
  80         }
  81
  82 @@ -300,7 +274,6 @@
  83         ret = DROPBEAR_SUCCESS;
  84
  85  out:
  86 -       m_free(filename);
  87
  88         TRACE(("leave checkpubkeyperms"))
  89         return ret;