fix wrong permissions on /etc (fixes from [3327])
[openwrt.git] / openwrt / package / dropbear / patches / 100-pubkey_path.patch
1 diff -urN dropbear.old/svr-authpubkey.c dropbear.dev/svr-authpubkey.c
2 --- dropbear.old/svr-authpubkey.c 2005-12-09 06:42:33.000000000 +0100
3 +++ dropbear.dev/svr-authpubkey.c 2005-12-12 01:35:32.139358750 +0100
4 @@ -155,7 +155,6 @@
5 unsigned char* keyblob, unsigned int keybloblen) {
6
7 FILE * authfile = NULL;
8 - char * filename = NULL;
9 int ret = DROPBEAR_FAILURE;
10 buffer * line = NULL;
11 unsigned int len, pos;
12 @@ -176,17 +175,8 @@
13 goto out;
14 }
15
16 - /* we don't need to check pw and pw_dir for validity, since
17 - * its been done in checkpubkeyperms. */
18 - len = strlen(ses.authstate.pw->pw_dir);
19 - /* allocate max required pathname storage,
20 - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
21 - filename = m_malloc(len + 22);
22 - snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
23 - ses.authstate.pw->pw_dir);
24 -
25 /* open the file */
26 - authfile = fopen(filename, "r");
27 + authfile = fopen("/etc/dropbear/authorized_keys", "r");
28 if (authfile == NULL) {
29 goto out;
30 }
31 @@ -247,7 +237,6 @@
32 if (line) {
33 buf_free(line);
34 }
35 - m_free(filename);
36 TRACE(("leave checkpubkey: ret=%d", ret))
37 return ret;
38 }
39 @@ -255,12 +244,11 @@
40
41 /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok,
42 * DROPBEAR_FAILURE otherwise.
43 - * Checks that the user's homedir, ~/.ssh, and
44 - * ~/.ssh/authorized_keys are all owned by either root or the user, and are
45 + * Checks that /etc/dropbear and /etc/dropbear/authorized_keys
46 + * are all owned by either root or the user, and are
47 * g-w, o-w */
48 static int checkpubkeyperms() {
49
50 - char* filename = NULL;
51 int ret = DROPBEAR_FAILURE;
52 unsigned int len;
53
54 @@ -274,25 +262,11 @@
55 goto out;
56 }
57
58 - /* allocate max required pathname storage,
59 - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
60 - filename = m_malloc(len + 22);
61 - strncpy(filename, ses.authstate.pw->pw_dir, len+1);
62 -
63 - /* check ~ */
64 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
65 - goto out;
66 - }
67 -
68 - /* check ~/.ssh */
69 - strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
70 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
71 + if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
72 goto out;
73 }
74
75 - /* now check ~/.ssh/authorized_keys */
76 - strncat(filename, "/authorized_keys", 16);
77 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
78 + if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
79 goto out;
80 }
81
82 @@ -300,7 +274,6 @@
83 ret = DROPBEAR_SUCCESS;
84
85 out:
86 - m_free(filename);
87
88 TRACE(("leave checkpubkeyperms"))
89 return ret;
This page took 0.047688 seconds and 5 git commands to generate.