package/network/services/dropbear/patches/100-pubkey_path.patch

   1 --- a/svr-authpubkey.c
   2 +++ b/svr-authpubkey.c
   3 @@ -338,14 +338,19 @@ static int checkpubkey(const char* algo,
   4                 goto out;
   5         }
   6
   7 -       /* we don't need to check pw and pw_dir for validity, since
   8 -        * its been done in checkpubkeyperms. */
   9 -       len = strlen(ses.authstate.pw_dir);
  10 -       /* allocate max required pathname storage,
  11 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  12 -       filename = m_malloc(len + 22);
  13 -       snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
  14 -                               ses.authstate.pw_dir);
  15 +       if (ses.authstate.pw_uid != 0) {
  16 +               /* we don't need to check pw and pw_dir for validity, since
  17 +                * its been done in checkpubkeyperms. */
  18 +               len = strlen(ses.authstate.pw_dir);
  19 +               /* allocate max required pathname storage,
  20 +                * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  21 +               filename = m_malloc(len + 22);
  22 +               snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
  23 +                                       ses.authstate.pw_dir);
  24 +       } else {
  25 +               filename = m_malloc(30);
  26 +               strncpy(filename, "/etc/dropbear/authorized_keys", 30);
  27 +       }
  28
  29  #if DROPBEAR_SVR_MULTIUSER
  30         /* open the file as the authenticating user. */
  31 @@ -426,27 +431,36 @@ static int checkpubkeyperms() {
  32                 goto out;
  33         }
  34
  35 -       /* allocate max required pathname storage,
  36 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  37 -       len += 22;
  38 -       filename = m_malloc(len);
  39 -       strlcpy(filename, ses.authstate.pw_dir, len);
  40 -
  41 -       /* check ~ */
  42 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  43 -               goto out;
  44 -       }
  45 +       if (ses.authstate.pw_uid == 0) {
  46 +               if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
  47 +                       goto out;
  48 +               }
  49 +               if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
  50 +                       goto out;
  51 +               }
  52 +       } else {
  53 +               /* allocate max required pathname storage,
  54 +                * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  55 +               len += 22;
  56 +               filename = m_malloc(len);
  57 +               strlcpy(filename, ses.authstate.pw_dir, len);
  58 +
  59 +               /* check ~ */
  60 +               if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  61 +                       goto out;
  62 +               }
  63
  64 -       /* check ~/.ssh */
  65 -       strlcat(filename, "/.ssh", len);
  66 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  67 -               goto out;
  68 -       }
  69 +               /* check ~/.ssh */
  70 +               strlcat(filename, "/.ssh", len);
  71 +               if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  72 +                       goto out;
  73 +               }
  74
  75 -       /* now check ~/.ssh/authorized_keys */
  76 -       strlcat(filename, "/authorized_keys", len);
  77 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  78 -               goto out;
  79 +               /* now check ~/.ssh/authorized_keys */
  80 +               strlcat(filename, "/authorized_keys", len);
  81 +               if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  82 +                       goto out;
  83 +               }
  84         }
  85
  86         /* file looks ok, return success */