package/cyassl: refresh patches
[openwrt.git] / package / dropbear / patches / 100-pubkey_path.patch
1 diff -ur dropbear-0.52.orig/svr-authpubkey.c dropbear-0.52/svr-authpubkey.c
2 --- dropbear-0.52.orig/svr-authpubkey.c 2009-04-08 00:32:16.000000000 +0200
3 +++ dropbear-0.52/svr-authpubkey.c 2009-04-08 00:44:11.000000000 +0200
4 @@ -209,17 +209,21 @@
5 goto out;
6 }
7
8 - /* we don't need to check pw and pw_dir for validity, since
9 - * its been done in checkpubkeyperms. */
10 - len = strlen(ses.authstate.pw_dir);
11 - /* allocate max required pathname storage,
12 - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
13 - filename = m_malloc(len + 22);
14 - snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
15 - ses.authstate.pw_dir);
16 -
17 - /* open the file */
18 - authfile = fopen(filename, "r");
19 + if (ses.authstate.pw_uid != 0) {
20 + /* we don't need to check pw and pw_dir for validity, since
21 + * its been done in checkpubkeyperms. */
22 + len = strlen(ses.authstate.pw_dir);
23 + /* allocate max required pathname storage,
24 + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
25 + filename = m_malloc(len + 22);
26 + snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
27 + ses.authstate.pw_dir);
28 +
29 + /* open the file */
30 + authfile = fopen(filename, "r");
31 + } else {
32 + authfile = fopen("/etc/dropbear/authorized_keys","r");
33 + }
34 if (authfile == NULL) {
35 goto out;
36 }
37 @@ -372,26 +376,35 @@
38 goto out;
39 }
40
41 - /* allocate max required pathname storage,
42 - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
43 - filename = m_malloc(len + 22);
44 - strncpy(filename, ses.authstate.pw_dir, len+1);
45 -
46 - /* check ~ */
47 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
48 - goto out;
49 - }
50 -
51 - /* check ~/.ssh */
52 - strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
53 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
54 - goto out;
55 - }
56 -
57 - /* now check ~/.ssh/authorized_keys */
58 - strncat(filename, "/authorized_keys", 16);
59 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
60 - goto out;
61 + if (ses.authstate.pw_uid == 0) {
62 + if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
63 + goto out;
64 + }
65 + if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
66 + goto out;
67 + }
68 + } else {
69 + /* allocate max required pathname storage,
70 + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
71 + filename = m_malloc(len + 22);
72 + strncpy(filename, ses.authstate.pw_dir, len+1);
73 +
74 + /* check ~ */
75 + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
76 + goto out;
77 + }
78 +
79 + /* check ~/.ssh */
80 + strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
81 + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
82 + goto out;
83 + }
84 +
85 + /* now check ~/.ssh/authorized_keys */
86 + strncat(filename, "/authorized_keys", 16);
87 + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
88 + goto out;
89 + }
90 }
91
92 /* file looks ok, return success */
This page took 0.047825 seconds and 5 git commands to generate.