[package] firewall:
[openwrt.git] / package / dropbear / patches / 100-pubkey_path.patch
1 --- a/svr-authpubkey.c
2 +++ b/svr-authpubkey.c
3 @@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
4 goto out;
5 }
6
7 - /* we don't need to check pw and pw_dir for validity, since
8 - * its been done in checkpubkeyperms. */
9 - len = strlen(ses.authstate.pw_dir);
10 - /* allocate max required pathname storage,
11 - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
12 - filename = m_malloc(len + 22);
13 - snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
14 - ses.authstate.pw_dir);
15 -
16 - /* open the file */
17 - authfile = fopen(filename, "r");
18 + if (ses.authstate.pw_uid != 0) {
19 + /* we don't need to check pw and pw_dir for validity, since
20 + * its been done in checkpubkeyperms. */
21 + len = strlen(ses.authstate.pw_dir);
22 + /* allocate max required pathname storage,
23 + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
24 + filename = m_malloc(len + 22);
25 + snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
26 + ses.authstate.pw_dir);
27 +
28 + /* open the file */
29 + authfile = fopen(filename, "r");
30 + } else {
31 + authfile = fopen("/etc/dropbear/authorized_keys","r");
32 + }
33 if (authfile == NULL) {
34 goto out;
35 }
36 @@ -372,26 +376,35 @@ static int checkpubkeyperms() {
37 goto out;
38 }
39
40 - /* allocate max required pathname storage,
41 - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
42 - filename = m_malloc(len + 22);
43 - strncpy(filename, ses.authstate.pw_dir, len+1);
44 -
45 - /* check ~ */
46 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
47 - goto out;
48 - }
49 -
50 - /* check ~/.ssh */
51 - strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
52 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
53 - goto out;
54 - }
55 -
56 - /* now check ~/.ssh/authorized_keys */
57 - strncat(filename, "/authorized_keys", 16);
58 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
59 - goto out;
60 + if (ses.authstate.pw_uid == 0) {
61 + if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
62 + goto out;
63 + }
64 + if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
65 + goto out;
66 + }
67 + } else {
68 + /* allocate max required pathname storage,
69 + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
70 + filename = m_malloc(len + 22);
71 + strncpy(filename, ses.authstate.pw_dir, len+1);
72 +
73 + /* check ~ */
74 + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
75 + goto out;
76 + }
77 +
78 + /* check ~/.ssh */
79 + strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
80 + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
81 + goto out;
82 + }
83 +
84 + /* now check ~/.ssh/authorized_keys */
85 + strncat(filename, "/authorized_keys", 16);
86 + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
87 + goto out;
88 + }
89 }
90
91 /* file looks ok, return success */
This page took 0.045812 seconds and 5 git commands to generate.