diff options
Diffstat (limited to 'package/dropbear/patches/patch-svr-authpubkey_c')
-rw-r--r-- | package/dropbear/patches/patch-svr-authpubkey_c | 109 |
1 files changed, 0 insertions, 109 deletions
diff --git a/package/dropbear/patches/patch-svr-authpubkey_c b/package/dropbear/patches/patch-svr-authpubkey_c deleted file mode 100644 index 0de885cfb..000000000 --- a/package/dropbear/patches/patch-svr-authpubkey_c +++ /dev/null @@ -1,109 +0,0 @@ ---- dropbear-2017.75.orig/svr-authpubkey.c 2017-05-18 16:47:02.000000000 +0200 -+++ dropbear-2017.75/svr-authpubkey.c 2017-07-06 19:45:36.765143131 +0200 -@@ -220,24 +220,33 @@ static int checkpubkey(char* algo, unsig - goto out; - } - -- /* we don't need to check pw and pw_dir for validity, since -- * its been done in checkpubkeyperms. */ -- len = strlen(ses.authstate.pw_dir); -- /* allocate max required pathname storage, -- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -- filename = m_malloc(len + 22); -- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -- ses.authstate.pw_dir); -+ /* special case for root authorized_keys in /etc/dropbear/authorized_keys */ -+ if (ses.authstate.pw_uid != 0) { - -- /* open the file as the authenticating user. */ -- origuid = getuid(); -- origgid = getgid(); -- if ((setegid(ses.authstate.pw_gid)) < 0 || -- (seteuid(ses.authstate.pw_uid)) < 0) { -- dropbear_exit("Failed to set euid"); -- } -+ /* we don't need to check pw and pw_dir for validity, since -+ * its been done in checkpubkeyperms. */ -+ len = strlen(ses.authstate.pw_dir); -+ /* allocate max required pathname storage, -+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -+ filename = m_malloc(len + 22); -+ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -+ ses.authstate.pw_dir); - -- authfile = fopen(filename, "r"); -+ /* open the file as the authenticating user. */ -+ origuid = getuid(); -+ origgid = getgid(); -+ if ((setegid(ses.authstate.pw_gid)) < 0 || -+ (seteuid(ses.authstate.pw_uid)) < 0) { -+ dropbear_exit("Failed to set euid"); -+ } -+ -+ authfile = fopen(filename, "r"); -+ -+ } else { -+ origuid = getuid(); -+ origgid = getgid(); -+ authfile = fopen("/etc/dropbear/authorized_keys","r"); -+ } - - if ((seteuid(origuid)) < 0 || - (setegid(origgid)) < 0) { -@@ -396,26 +405,39 @@ static int checkpubkeyperms() { - goto out; - } - -- /* allocate max required pathname storage, -- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -- filename = m_malloc(len + 22); -- strncpy(filename, ses.authstate.pw_dir, len+1); -+ if (ses.authstate.pw_uid != 0) { - -- /* check ~ */ -- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -- goto out; -- } -+ /* allocate max required pathname storage, -+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -+ filename = m_malloc(len + 22); -+ strncpy(filename, ses.authstate.pw_dir, len+1); - -- /* check ~/.ssh */ -- strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ -- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -- goto out; -- } -+ /* check ~ */ -+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ -+ /* check ~/.ssh */ -+ strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ -+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ -+ /* now check ~/.ssh/authorized_keys */ -+ strncat(filename, "/authorized_keys", 16); -+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ -+ } else { -+ -+ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { -+ goto out; -+ } - -- /* now check ~/.ssh/authorized_keys */ -- strncat(filename, "/authorized_keys", 16); -- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -- goto out; - } - - /* file looks ok, return success */ |