Strona główna Odkrywaj Pomoc
Zaloguj się
ableton-dir
/
openadk
sklonowany z oss/openadk
1
0
Forkuj 0
Pliki
Drzewo: 13062b648c
Gałęzie Tagi
openadk
/
package
/
dropbear
/
patches
/
patch-svr-authpubkey_c

patch-svr-authpubkey_c 3.3 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 
  1. --- dropbear-2017.75.orig/svr-authpubkey.c	2017-05-18 16:47:02.000000000 +0200
    2. 

  2. +++ dropbear-2017.75/svr-authpubkey.c	2017-07-06 19:45:36.765143131 +0200
    3. 

  3. @@ -220,24 +220,33 @@ static int checkpubkey(char* algo, unsig
    4. 

  4.  		goto out;
    5. 

  5.  	}
    6. 

  6.  
    7. 

  7. -	/* we don't need to check pw and pw_dir for validity, since
    8. 

  8. -	 * its been done in checkpubkeyperms. */
    9. 

  9. -	len = strlen(ses.authstate.pw_dir);
    10. 

  10. -	/* allocate max required pathname storage,
    11. 

  11. -	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    12. 

  12. -	filename = m_malloc(len + 22);
    13. 

  13. -	snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
    14. 

  14. -				ses.authstate.pw_dir);
    15. 

  15. +	/* special case for root authorized_keys in /etc/dropbear/authorized_keys */
    16. 

  16. +	if (ses.authstate.pw_uid != 0) {
    17. 

  17.  
    18. 

  18. -	/* open the file as the authenticating user. */
    19. 

  19. -	origuid = getuid();
    20. 

  20. -	origgid = getgid();
    21. 

  21. -	if ((setegid(ses.authstate.pw_gid)) < 0 ||
    22. 

  22. -		(seteuid(ses.authstate.pw_uid)) < 0) {
    23. 

  23. -		dropbear_exit("Failed to set euid");
    24. 

  24. -	}
    25. 

  25. +		/* we don't need to check pw and pw_dir for validity, since
    26. 

  26. +		 * its been done in checkpubkeyperms. */
    27. 

  27. +		len = strlen(ses.authstate.pw_dir);
    28. 

  28. +		/* allocate max required pathname storage,
    29. 

  29. +		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    30. 

  30. +		filename = m_malloc(len + 22);
    31. 

  31. +		snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
    32. 

  32. +					ses.authstate.pw_dir);
    33. 

  33.  
    34. 

  34. -	authfile = fopen(filename, "r");
    35. 

  35. +		/* open the file as the authenticating user. */
    36. 

  36. +		origuid = getuid();
    37. 

  37. +		origgid = getgid();
    38. 

  38. +		if ((setegid(ses.authstate.pw_gid)) < 0 ||
    39. 

  39. +			(seteuid(ses.authstate.pw_uid)) < 0) {
    40. 

  40. +			dropbear_exit("Failed to set euid");
    41. 

  41. +		}
    42. 

  42. +
    43. 

  43. +		authfile = fopen(filename, "r");
    44. 

  44. +
    45. 

  45. +	} else {
    46. 

  46. +		origuid = getuid();
    47. 

  47. +		origgid = getgid();
    48. 

  48. +		authfile = fopen("/etc/dropbear/authorized_keys","r");
    49. 

  49. +	}
    50. 

  50.  
    51. 

  51.  	if ((seteuid(origuid)) < 0 ||
    52. 

  52.  		(setegid(origgid)) < 0) {
    53. 

  53. @@ -396,26 +405,39 @@ static int checkpubkeyperms() {
    54. 

  54.  		goto out;
    55. 

  55.  	}
    56. 

  56.  
    57. 

  57. -	/* allocate max required pathname storage,
    58. 

  58. -	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    59. 

  59. -	filename = m_malloc(len + 22);
    60. 

  60. -	strncpy(filename, ses.authstate.pw_dir, len+1);
    61. 

  61. +	if (ses.authstate.pw_uid != 0) {
    62. 

  62.  
    63. 

  63. -	/* check ~ */
    64. 

  64. -	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    65. 

  65. -		goto out;
    66. 

  66. -	}
    67. 

  67. +		/* allocate max required pathname storage,
    68. 

  68. +		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    69. 

  69. +		filename = m_malloc(len + 22);
    70. 

  70. +		strncpy(filename, ses.authstate.pw_dir, len+1);
    71. 

  71.  
    72. 

  72. -	/* check ~/.ssh */
    73. 

  73. -	strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
    74. 

  74. -	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    75. 

  75. -		goto out;
    76. 

  76. -	}
    77. 

  77. +		/* check ~ */
    78. 

  78. +		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    79. 

  79. +			goto out;
    80. 

  80. +		}
    81. 

  81. +
    82. 

  82. +		/* check ~/.ssh */
    83. 

  83. +		strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
    84. 

  84. +		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    85. 

  85. +			goto out;
    86. 

  86. +		}
    87. 

  87. +
    88. 

  88. +		/* now check ~/.ssh/authorized_keys */
    89. 

  89. +		strncat(filename, "/authorized_keys", 16);
    90. 

  90. +		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    91. 

  91. +			goto out;
    92. 

  92. +		}
    93. 

  93. +
    94. 

  94. +	} else {
    95. 

  95. +
    96. 

  96. +		if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
    97. 

  97. +			goto out;
    98. 

  98. +		}
    99. 

  99. +		if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
    100. 

  100. +			goto out;
    101. 

  101. +		}
    102. 

  102.  
    103. 

  103. -	/* now check ~/.ssh/authorized_keys */
    104. 

  104. -	strncat(filename, "/authorized_keys", 16);
    105. 

  105. -	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    106. 

  106. -		goto out;
    107. 

  107.  	}
    108. 

  108.  
    109. 

  109.  	/* file looks ok, return success */
    110.