update dropbear to 0.47 (adds keyboard-interactive auth, fixes a potential security...

[openwrt.git] / openwrt / package / dropbear / patches / authpubkey.patch

diff --git a/openwrt/package/dropbear/patches/authpubkey.patch b/openwrt/package/dropbear/patches/authpubkey.patch
deleted file mode 100644 (file)
index 07beefe..0000000
--- a/openwrt/package/dropbear/patches/authpubkey.patch
+++ /dev/null
@@ -1,73 +0,0 @@
---- dropbear-0.45.old/svr-authpubkey.c 2005-09-27 12:45:20.863639072 +0200
-+++ dropbear-0.45/svr-authpubkey.c     2005-09-27 13:15:09.066790872 +0200
-@@ -176,14 +176,10 @@
-               goto out;
-       }
- 
--      /* we don't need to check pw and pw_dir for validity, since
--       * its been done in checkpubkeyperms. */
--      len = strlen(ses.authstate.pw->pw_dir);
-       /* allocate max required pathname storage,
--       * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
--      filename = m_malloc(len + 22);
--      snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
--                              ses.authstate.pw->pw_dir);
-+       * = "/etc/dropbear/authorized_keys" + '\0' = 30 */
-+      filename = m_malloc(30);
-+      strncpy(filename, "/etc/dropbear/authorized_keys", 30);
- 
-       /* open the file */
-       authfile = fopen(filename, "r");
-@@ -255,43 +251,33 @@
- 
- /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok,
-  * DROPBEAR_FAILURE otherwise.
-- * Checks that the user's homedir, ~/.ssh, and
-- * ~/.ssh/authorized_keys are all owned by either root or the user, and are
-+ * Checks that /etc, /etc/dropbear and /etc/dropbear/authorized_keys
-+ * are all owned by either root or the user, and are
-  * g-w, o-w */
- static int checkpubkeyperms() {
- 
-       char* filename = NULL; 
-       int ret = DROPBEAR_FAILURE;
--      unsigned int len;
- 
-       TRACE(("enter checkpubkeyperms"))
- 
--      assert(ses.authstate.pw);
--      if (ses.authstate.pw->pw_dir == NULL) {
--              goto out;
--      }
--
--      if ((len = strlen(ses.authstate.pw->pw_dir)) == 0) {
--              goto out;
--      }
--
-       /* allocate max required pathname storage,
--       * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
--      filename = m_malloc(len + 22);
--      strncpy(filename, ses.authstate.pw->pw_dir, len+1);
-+       * = "/etc/dropbear/authorized_keys" + '\0' = 30 */
-+      filename = m_malloc(30);
-+      strncpy(filename, "/etc", 4); /* strlen("/etc") == 4 */
- 
--      /* check ~ */
-+      /* check /etc */
-       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
-               goto out;
-       }
- 
--      /* check ~/.ssh */
--      strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
-+      /* check /etc/dropbear */
-+      strncat(filename, "/dropbear", 9); /* strlen("/dropbear") == 9 */
-       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
-               goto out;
-       }
- 
--      /* now check ~/.ssh/authorized_keys */
-+      /* now check /etc/dropbear/authorized_keys */
-       strncat(filename, "/authorized_keys", 16);
-       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
-               goto out;