package/dropbear/patches/100-pubkey_path.patch

   1 Index: dropbear-0.50/svr-authpubkey.c
   2 ===================================================================
   3 --- dropbear-0.50.orig/svr-authpubkey.c 2007-08-10 23:47:48.000000000 +0200
   4 +++ dropbear-0.50/svr-authpubkey.c      2007-08-10 23:47:48.000000000 +0200
   5 @@ -176,6 +176,8 @@
   6                 goto out;
   7         }
   8
   9 +       if (ses.authstate.pw->pw_uid != 0) {
  10 +
  11         /* we don't need to check pw and pw_dir for validity, since
  12          * its been done in checkpubkeyperms. */
  13         len = strlen(ses.authstate.pw->pw_dir);
  14 @@ -187,6 +189,9 @@
  15
  16         /* open the file */
  17         authfile = fopen(filename, "r");
  18 +       } else {
  19 +               authfile = fopen("/etc/dropbear/authorized_keys","r");
  20 +       }
  21         if (authfile == NULL) {
  22                 goto out;
  23         }
  24 @@ -274,6 +279,8 @@
  25                 goto out;
  26         }
  27
  28 +       if (ses.authstate.pw->pw_uid != 0) {
  29 +
  30         /* allocate max required pathname storage,
  31          * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  32         filename = m_malloc(len + 22);
  33 @@ -295,6 +302,14 @@
  34         if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  35                 goto out;
  36         }
  37 +       } else {
  38 +               if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
  39 +                       goto out;
  40 +               }
  41 +               if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
  42 +                       goto out;
  43 +               }
  44 +       }
  45
  46         /* file looks ok, return success */
  47         ret = DROPBEAR_SUCCESS;