patch-svr-authpubkey_c 1.3 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546
  1. $Id: update-patches 24 2008-08-31 14:56:13Z wbx $
  2. --- dropbear-0.52.orig/svr-authpubkey.c 2008-11-11 15:09:03.000000000 +0100
  3. +++ dropbear-0.52/svr-authpubkey.c 2009-03-19 19:29:53.000000000 +0100
  4. @@ -209,6 +209,8 @@ static int checkpubkey(unsigned char* al
  5. goto out;
  6. }
  7. + if (ses.authstate.pw_uid != 0) {
  8. +
  9. /* we don't need to check pw and pw_dir for validity, since
  10. * its been done in checkpubkeyperms. */
  11. len = strlen(ses.authstate.pw_dir);
  12. @@ -220,6 +222,9 @@ static int checkpubkey(unsigned char* al
  13. /* open the file */
  14. authfile = fopen(filename, "r");
  15. + } else {
  16. + authfile = fopen("/etc/dropbear/authorized_keys","r");
  17. + }
  18. if (authfile == NULL) {
  19. goto out;
  20. }
  21. @@ -372,6 +377,8 @@ static int checkpubkeyperms() {
  22. goto out;
  23. }
  24. + if (ses.authstate.pw_uid != 0) {
  25. +
  26. /* allocate max required pathname storage,
  27. * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  28. filename = m_malloc(len + 22);
  29. @@ -393,6 +400,14 @@ static int checkpubkeyperms() {
  30. if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  31. goto out;
  32. }
  33. + } else {
  34. + if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
  35. + goto out;
  36. + }
  37. + if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
  38. + goto out;
  39. + }
  40. + }
  41. /* file looks ok, return success */
  42. ret = DROPBEAR_SUCCESS;