123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 |
- --- dropbear-2017.75.orig/svr-authpubkey.c 2017-05-18 16:47:02.000000000 +0200
- +++ dropbear-2017.75/svr-authpubkey.c 2017-07-06 19:45:36.765143131 +0200
- @@ -220,24 +220,33 @@ static int checkpubkey(char* algo, unsig
- goto out;
- }
-
- - /* we don't need to check pw and pw_dir for validity, since
- - * its been done in checkpubkeyperms. */
- - len = strlen(ses.authstate.pw_dir);
- - /* allocate max required pathname storage,
- - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
- - filename = m_malloc(len + 22);
- - snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
- - ses.authstate.pw_dir);
- + /* special case for root authorized_keys in /etc/dropbear/authorized_keys */
- + if (ses.authstate.pw_uid != 0) {
-
- - /* open the file as the authenticating user. */
- - origuid = getuid();
- - origgid = getgid();
- - if ((setegid(ses.authstate.pw_gid)) < 0 ||
- - (seteuid(ses.authstate.pw_uid)) < 0) {
- - dropbear_exit("Failed to set euid");
- - }
- + /* we don't need to check pw and pw_dir for validity, since
- + * its been done in checkpubkeyperms. */
- + len = strlen(ses.authstate.pw_dir);
- + /* allocate max required pathname storage,
- + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
- + filename = m_malloc(len + 22);
- + snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
- + ses.authstate.pw_dir);
-
- - authfile = fopen(filename, "r");
- + /* open the file as the authenticating user. */
- + origuid = getuid();
- + origgid = getgid();
- + if ((setegid(ses.authstate.pw_gid)) < 0 ||
- + (seteuid(ses.authstate.pw_uid)) < 0) {
- + dropbear_exit("Failed to set euid");
- + }
- +
- + authfile = fopen(filename, "r");
- +
- + } else {
- + origuid = getuid();
- + origgid = getgid();
- + authfile = fopen("/etc/dropbear/authorized_keys","r");
- + }
-
- if ((seteuid(origuid)) < 0 ||
- (setegid(origgid)) < 0) {
- @@ -396,26 +405,39 @@ static int checkpubkeyperms() {
- goto out;
- }
-
- - /* allocate max required pathname storage,
- - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
- - filename = m_malloc(len + 22);
- - strncpy(filename, ses.authstate.pw_dir, len+1);
- + if (ses.authstate.pw_uid != 0) {
-
- - /* check ~ */
- - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
- - goto out;
- - }
- + /* allocate max required pathname storage,
- + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
- + filename = m_malloc(len + 22);
- + strncpy(filename, ses.authstate.pw_dir, len+1);
-
- - /* check ~/.ssh */
- - strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
- - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
- - goto out;
- - }
- + /* check ~ */
- + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
- + goto out;
- + }
- +
- + /* check ~/.ssh */
- + strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
- + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
- + goto out;
- + }
- +
- + /* now check ~/.ssh/authorized_keys */
- + strncat(filename, "/authorized_keys", 16);
- + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
- + goto out;
- + }
- +
- + } else {
- +
- + if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
- + goto out;
- + }
- + if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
- + goto out;
- + }
-
- - /* now check ~/.ssh/authorized_keys */
- - strncat(filename, "/authorized_keys", 16);
- - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
- - goto out;
- }
-
- /* file looks ok, return success */
|