patch-svr-authpubkey_c 1.3 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546
  1. $Id: update-patches 24 2008-08-31 14:56:13Z wbx $
  2. --- dropbear-2014.63.orig/svr-authpubkey.c 2014-02-19 15:05:24.000000000 +0100
  3. +++ dropbear-2014.63/svr-authpubkey.c 2014-02-27 16:29:05.000000000 +0100
  4. @@ -208,6 +208,8 @@ static int checkpubkey(unsigned char* al
  5. goto out;
  6. }
  7. + if (ses.authstate.pw_uid != 0) {
  8. +
  9. /* we don't need to check pw and pw_dir for validity, since
  10. * its been done in checkpubkeyperms. */
  11. len = strlen(ses.authstate.pw_dir);
  12. @@ -219,6 +221,9 @@ static int checkpubkey(unsigned char* al
  13. /* open the file */
  14. authfile = fopen(filename, "r");
  15. + } else {
  16. + authfile = fopen("/etc/dropbear/authorized_keys","r");
  17. + }
  18. if (authfile == NULL) {
  19. goto out;
  20. }
  21. @@ -371,6 +376,8 @@ static int checkpubkeyperms() {
  22. goto out;
  23. }
  24. + if (ses.authstate.pw_uid != 0) {
  25. +
  26. /* allocate max required pathname storage,
  27. * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  28. filename = m_malloc(len + 22);
  29. @@ -392,6 +399,14 @@ static int checkpubkeyperms() {
  30. if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  31. goto out;
  32. }
  33. + } else {
  34. + if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
  35. + goto out;
  36. + }
  37. + if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
  38. + goto out;
  39. + }
  40. + }
  41. /* file looks ok, return success */
  42. ret = DROPBEAR_SUCCESS;