| /branches/gl-inet/package/network/services/dropbear/patches/100-pubkey_path.patch |
|---|
| @@ -0,0 +1,87 @@ |
|---|
| --- a/svr-authpubkey.c |
| +++ b/svr-authpubkey.c |
| @@ -220,14 +220,20 @@ static int checkpubkey(char* algo, unsig |
| goto out; |
| } |
| |
| - /* we don't need to check pw and pw_dir for validity, since |
| - * its been done in checkpubkeyperms. */ |
| - len = strlen(ses.authstate.pw_dir); |
| - /* allocate max required pathname storage, |
| - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
| - filename = m_malloc(len + 22); |
| - snprintf(filename, len + 22, "%s/.ssh/authorized_keys", |
| - ses.authstate.pw_dir); |
| + if (ses.authstate.pw_uid != 0) { |
| + /* we don't need to check pw and pw_dir for validity, since |
| + * its been done in checkpubkeyperms. */ |
| + len = strlen(ses.authstate.pw_dir); |
| + /* allocate max required pathname storage, |
| + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
| + filename = m_malloc(len + 22); |
| + snprintf(filename, len + 22, "%s/.ssh/authorized_keys", |
| + ses.authstate.pw_dir); |
| + } else { |
| + filename = m_malloc(30); |
| + strncpy(filename, "/etc/dropbear/authorized_keys", 30); |
| + } |
| + |
| |
| /* open the file as the authenticating user. */ |
| origuid = getuid(); |
| @@ -396,26 +402,35 @@ static int checkpubkeyperms() { |
| goto out; |
| } |
| |
| - /* allocate max required pathname storage, |
| - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
| - filename = m_malloc(len + 22); |
| - strncpy(filename, ses.authstate.pw_dir, len+1); |
| - |
| - /* check ~ */ |
| - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
| - goto out; |
| - } |
| - |
| - /* check ~/.ssh */ |
| - strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ |
| - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
| - goto out; |
| - } |
| - |
| - /* now check ~/.ssh/authorized_keys */ |
| - strncat(filename, "/authorized_keys", 16); |
| - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
| - goto out; |
| + if (ses.authstate.pw_uid == 0) { |
| + if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { |
| + goto out; |
| + } |
| + if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { |
| + goto out; |
| + } |
| + } else { |
| + /* allocate max required pathname storage, |
| + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
| + filename = m_malloc(len + 22); |
| + strncpy(filename, ses.authstate.pw_dir, len+1); |
| + |
| + /* check ~ */ |
| + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
| + goto out; |
| + } |
| + |
| + /* check ~/.ssh */ |
| + strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ |
| + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
| + goto out; |
| + } |
| + |
| + /* now check ~/.ssh/authorized_keys */ |
| + strncat(filename, "/authorized_keys", 16); |
| + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
| + goto out; |
| + } |
| } |
| |
| /* file looks ok, return success */ |
