bleeding sounds better ;)
[openwrt.git] / openwrt / package / dropbear / patches / authpubkey.patch
1 --- dropbear-0.45.old/svr-authpubkey.c 2005-09-27 12:45:20.863639072 +0200
2 +++ dropbear-0.45/svr-authpubkey.c 2005-09-27 13:15:09.066790872 +0200
3 @@ -176,14 +176,10 @@
4 goto out;
5 }
6
7 - /* we don't need to check pw and pw_dir for validity, since
8 - * its been done in checkpubkeyperms. */
9 - len = strlen(ses.authstate.pw->pw_dir);
10 /* allocate max required pathname storage,
11 - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
12 - filename = m_malloc(len + 22);
13 - snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
14 - ses.authstate.pw->pw_dir);
15 + * = "/etc/dropbear/authorized_keys" + '\0' = 30 */
16 + filename = m_malloc(30);
17 + strncpy(filename, "/etc/dropbear/authorized_keys", 30);
18
19 /* open the file */
20 authfile = fopen(filename, "r");
21 @@ -255,43 +251,33 @@
22
23 /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok,
24 * DROPBEAR_FAILURE otherwise.
25 - * Checks that the user's homedir, ~/.ssh, and
26 - * ~/.ssh/authorized_keys are all owned by either root or the user, and are
27 + * Checks that /etc, /etc/dropbear and /etc/dropbear/authorized_keys
28 + * are all owned by either root or the user, and are
29 * g-w, o-w */
30 static int checkpubkeyperms() {
31
32 char* filename = NULL;
33 int ret = DROPBEAR_FAILURE;
34 - unsigned int len;
35
36 TRACE(("enter checkpubkeyperms"))
37
38 - assert(ses.authstate.pw);
39 - if (ses.authstate.pw->pw_dir == NULL) {
40 - goto out;
41 - }
42 -
43 - if ((len = strlen(ses.authstate.pw->pw_dir)) == 0) {
44 - goto out;
45 - }
46 -
47 /* allocate max required pathname storage,
48 - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
49 - filename = m_malloc(len + 22);
50 - strncpy(filename, ses.authstate.pw->pw_dir, len+1);
51 + * = "/etc/dropbear/authorized_keys" + '\0' = 30 */
52 + filename = m_malloc(30);
53 + strncpy(filename, "/etc", 4); /* strlen("/etc") == 4 */
54
55 - /* check ~ */
56 + /* check /etc */
57 if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
58 goto out;
59 }
60
61 - /* check ~/.ssh */
62 - strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
63 + /* check /etc/dropbear */
64 + strncat(filename, "/dropbear", 9); /* strlen("/dropbear") == 9 */
65 if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
66 goto out;
67 }
68
69 - /* now check ~/.ssh/authorized_keys */
70 + /* now check /etc/dropbear/authorized_keys */
71 strncat(filename, "/authorized_keys", 16);
72 if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
73 goto out;
This page took 0.06122 seconds and 5 git commands to generate.