/branches/gl-inet/package/network/services/dropbear/patches/100-pubkey_path.patch |
@@ -0,0 +1,87 @@ |
--- a/svr-authpubkey.c |
+++ b/svr-authpubkey.c |
@@ -220,14 +220,20 @@ static int checkpubkey(char* algo, unsig |
goto out; |
} |
|
- /* we don't need to check pw and pw_dir for validity, since |
- * its been done in checkpubkeyperms. */ |
- len = strlen(ses.authstate.pw_dir); |
- /* allocate max required pathname storage, |
- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
- filename = m_malloc(len + 22); |
- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", |
- ses.authstate.pw_dir); |
+ if (ses.authstate.pw_uid != 0) { |
+ /* we don't need to check pw and pw_dir for validity, since |
+ * its been done in checkpubkeyperms. */ |
+ len = strlen(ses.authstate.pw_dir); |
+ /* allocate max required pathname storage, |
+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
+ filename = m_malloc(len + 22); |
+ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", |
+ ses.authstate.pw_dir); |
+ } else { |
+ filename = m_malloc(30); |
+ strncpy(filename, "/etc/dropbear/authorized_keys", 30); |
+ } |
+ |
|
/* open the file as the authenticating user. */ |
origuid = getuid(); |
@@ -396,26 +402,35 @@ static int checkpubkeyperms() { |
goto out; |
} |
|
- /* allocate max required pathname storage, |
- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
- filename = m_malloc(len + 22); |
- strncpy(filename, ses.authstate.pw_dir, len+1); |
- |
- /* check ~ */ |
- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
- goto out; |
- } |
- |
- /* check ~/.ssh */ |
- strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ |
- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
- goto out; |
- } |
- |
- /* now check ~/.ssh/authorized_keys */ |
- strncat(filename, "/authorized_keys", 16); |
- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
- goto out; |
+ if (ses.authstate.pw_uid == 0) { |
+ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { |
+ goto out; |
+ } |
+ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { |
+ goto out; |
+ } |
+ } else { |
+ /* allocate max required pathname storage, |
+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
+ filename = m_malloc(len + 22); |
+ strncpy(filename, ses.authstate.pw_dir, len+1); |
+ |
+ /* check ~ */ |
+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
+ goto out; |
+ } |
+ |
+ /* check ~/.ssh */ |
+ strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ |
+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
+ goto out; |
+ } |
+ |
+ /* now check ~/.ssh/authorized_keys */ |
+ strncat(filename, "/authorized_keys", 16); |
+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
+ goto out; |
+ } |
} |
|
/* file looks ok, return success */ |