[package] firewall:
[openwrt.git] / package / dropbear / patches / 100-pubkey_path.patch
index cbe525b..c1802f5 100644 (file)
@@ -1,45 +1,91 @@
---- dropbear.old/svr-authpubkey.c.orig 2006-06-03 14:54:43.000000000 +0000
-+++ dropbear.dev/svr-authpubkey.c      2006-06-03 15:03:19.000000000 +0000
-@@ -176,6 +176,8 @@
+--- a/svr-authpubkey.c
++++ b/svr-authpubkey.c
+@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
                goto out;
        }
  
-+      if (ses.authstate.pw->pw_uid != 0) {
+-      /* we don't need to check pw and pw_dir for validity, since
+-       * its been done in checkpubkeyperms. */
+-      len = strlen(ses.authstate.pw_dir);
+-      /* allocate max required pathname storage,
+-       * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-      filename = m_malloc(len + 22);
+-      snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
+-                              ses.authstate.pw_dir);
+-
+-      /* open the file */
+-      authfile = fopen(filename, "r");
++      if (ses.authstate.pw_uid != 0) {
++              /* we don't need to check pw and pw_dir for validity, since
++               * its been done in checkpubkeyperms. */
++              len = strlen(ses.authstate.pw_dir);
++              /* allocate max required pathname storage,
++               * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++              filename = m_malloc(len + 22);
++              snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
++                       ses.authstate.pw_dir);
 +
-       /* we don't need to check pw and pw_dir for validity, since
-        * its been done in checkpubkeyperms. */
-       len = strlen(ses.authstate.pw->pw_dir);
-@@ -187,6 +189,9 @@
-       /* open the file */
-       authfile = fopen(filename, "r");
++              /* open the file */
++              authfile = fopen(filename, "r");
 +      } else {
 +              authfile = fopen("/etc/dropbear/authorized_keys","r");
 +      }
        if (authfile == NULL) {
                goto out;
        }
-@@ -274,6 +279,8 @@
+@@ -372,26 +376,35 @@ static int checkpubkeyperms() {
                goto out;
        }
  
-+      if (ses.authstate.pw->pw_uid != 0) {
-+
-       /* allocate max required pathname storage,
-        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
-       filename = m_malloc(len + 22);
-@@ -295,6 +302,14 @@
-       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
-               goto out;
-       }
-+      } else {
+-      /* allocate max required pathname storage,
+-       * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-      filename = m_malloc(len + 22);
+-      strncpy(filename, ses.authstate.pw_dir, len+1);
+-
+-      /* check ~ */
+-      if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-              goto out;
+-      }
+-
+-      /* check ~/.ssh */
+-      strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
+-      if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-              goto out;
+-      }
+-
+-      /* now check ~/.ssh/authorized_keys */
+-      strncat(filename, "/authorized_keys", 16);
+-      if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-              goto out;
++      if (ses.authstate.pw_uid == 0) {
 +              if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
 +                      goto out;
 +              }
 +              if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
 +                      goto out;
 +              }
-+      }
++      } else {
++              /* allocate max required pathname storage,
++               * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++              filename = m_malloc(len + 22);
++              strncpy(filename, ses.authstate.pw_dir, len+1);
++
++              /* check ~ */
++              if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++                      goto out;
++              }
++
++              /* check ~/.ssh */
++              strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
++              if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++                      goto out;
++              }
++
++              /* now check ~/.ssh/authorized_keys */
++              strncat(filename, "/authorized_keys", 16);
++              if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++                      goto out;
++              }
+       }
  
        /* file looks ok, return success */
-       ret = DROPBEAR_SUCCESS;
This page took 0.022514 seconds and 4 git commands to generate.