100-pubkey_path.patch 2.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
  1. --- a/svr-authpubkey.c
  2. +++ b/svr-authpubkey.c
  3. @@ -229,14 +229,20 @@ static int checkpubkey(char* algo, unsig
  4. goto out;
  5. }
  6. - /* we don't need to check pw and pw_dir for validity, since
  7. - * its been done in checkpubkeyperms. */
  8. - len = strlen(ses.authstate.pw_dir);
  9. - /* allocate max required pathname storage,
  10. - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  11. - filename = m_malloc(len + 22);
  12. - snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
  13. - ses.authstate.pw_dir);
  14. + if (ses.authstate.pw_uid != 0) {
  15. + /* we don't need to check pw and pw_dir for validity, since
  16. + * its been done in checkpubkeyperms. */
  17. + len = strlen(ses.authstate.pw_dir);
  18. + /* allocate max required pathname storage,
  19. + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  20. + filename = m_malloc(len + 22);
  21. + snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
  22. + ses.authstate.pw_dir);
  23. + } else {
  24. + filename = m_malloc(30);
  25. + strncpy(filename, "/etc/dropbear/authorized_keys", 30);
  26. + }
  27. +
  28. /* open the file as the authenticating user. */
  29. origuid = getuid();
  30. @@ -405,26 +411,35 @@ static int checkpubkeyperms() {
  31. goto out;
  32. }
  33. - /* allocate max required pathname storage,
  34. - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  35. - filename = m_malloc(len + 22);
  36. - strncpy(filename, ses.authstate.pw_dir, len+1);
  37. -
  38. - /* check ~ */
  39. - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  40. - goto out;
  41. - }
  42. -
  43. - /* check ~/.ssh */
  44. - strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
  45. - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  46. - goto out;
  47. - }
  48. -
  49. - /* now check ~/.ssh/authorized_keys */
  50. - strncat(filename, "/authorized_keys", 16);
  51. - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  52. - goto out;
  53. + if (ses.authstate.pw_uid == 0) {
  54. + if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
  55. + goto out;
  56. + }
  57. + if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
  58. + goto out;
  59. + }
  60. + } else {
  61. + /* allocate max required pathname storage,
  62. + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  63. + filename = m_malloc(len + 22);
  64. + strncpy(filename, ses.authstate.pw_dir, len+1);
  65. +
  66. + /* check ~ */
  67. + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  68. + goto out;
  69. + }
  70. +
  71. + /* check ~/.ssh */
  72. + strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
  73. + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  74. + goto out;
  75. + }
  76. +
  77. + /* now check ~/.ssh/authorized_keys */
  78. + strncat(filename, "/authorized_keys", 16);
  79. + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  80. + goto out;
  81. + }
  82. }
  83. /* file looks ok, return success */