package/network/services/dropbear/patches/100-pubkey_path.patch

   1 --- a/svr-authpubkey.c
   2 +++ b/svr-authpubkey.c
   3 @@ -77,6 +77,13 @@ static void send_msg_userauth_pk_ok(cons
   4                 const unsigned char* keyblob, unsigned int keybloblen);
   5  static int checkfileperm(char * filename);
   6
   7 +static const char * const global_authkeys_dir = "/etc/dropbear";
   8 +static const int        n_global_authkeys_dir = 14; /* + 1 extra byte */
   9 +static const char * const user_authkeys_dir = ".ssh";
  10 +static const int        n_user_authkeys_dir = 5; /* + 1 extra byte */
  11 +static const char * const authkeys_file = "authorized_keys";
  12 +static const int        n_authkeys_file = 16; /* + 1 extra byte */
  13 +
  14  /* process a pubkey auth request, sending success or failure message as
  15   * appropriate */
  16  void svr_auth_pubkey(int valid_user) {
  17 @@ -439,14 +446,21 @@ static int checkpubkey(const char* keyal
  18         if (checkpubkeyperms() == DROPBEAR_FAILURE) {
  19                 TRACE(("bad authorized_keys permissions, or file doesn't exist"))
  20         } else {
  21 -               /* we don't need to check pw and pw_dir for validity, since
  22 -                * its been done in checkpubkeyperms. */
  23 -               len = strlen(ses.authstate.pw_dir);
  24 -               /* allocate max required pathname storage,
  25 -                * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  26 -               filename = m_malloc(len + 22);
  27 -               snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
  28 -                                       ses.authstate.pw_dir);
  29 +               if (ses.authstate.pw_uid == 0) {
  30 +                       len = n_global_authkeys_dir + n_authkeys_file;
  31 +                       filename = m_malloc(len);
  32 +                       snprintf(filename, len, "%s/%s", global_authkeys_dir, authkeys_file);
  33 +               } else {
  34 +                       /* we don't need to check pw and pw_dir for validity, since
  35 +                        * its been done in checkpubkeyperms. */
  36 +                       len = strlen(ses.authstate.pw_dir);
  37 +                       /* allocate max required pathname storage,
  38 +                        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  39 +                       len += n_user_authkeys_dir + n_authkeys_file + 1;
  40 +                       filename = m_malloc(len);
  41 +                       snprintf(filename, len, "%s/%s/%s", ses.authstate.pw_dir,
  42 +                               user_authkeys_dir, authkeys_file);
  43 +               }
  44
  45                 authfile = fopen(filename, "r");
  46                 if (!authfile) {
  47 @@ -520,27 +534,41 @@ static int checkpubkeyperms() {
  48                 goto out;
  49         }
  50
  51 -       /* allocate max required pathname storage,
  52 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  53 -       len += 22;
  54 -       filename = m_malloc(len);
  55 -       strlcpy(filename, ses.authstate.pw_dir, len);
  56 +       if (ses.authstate.pw_uid == 0) {
  57 +               if (checkfileperm(global_authkeys_dir) != DROPBEAR_SUCCESS) {
  58 +                       goto out;
  59 +               }
  60
  61 -       /* check ~ */
  62 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  63 -               goto out;
  64 -       }
  65 +               len = n_global_authkeys_dir + n_authkeys_file;
  66 +               filename = m_malloc(len);
  67
  68 -       /* check ~/.ssh */
  69 -       strlcat(filename, "/.ssh", len);
  70 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  71 -               goto out;
  72 -       }
  73 +               snprintf(filename, len, "%s/%s", global_authkeys_dir, authkeys_file);
  74 +               if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  75 +                       goto out;
  76 +               }
  77 +       } else {
  78 +               /* check ~ */
  79 +               if (checkfileperm(ses.authstate.pw_dir) != DROPBEAR_SUCCESS) {
  80 +                       goto out;
  81 +               }
  82
  83 -       /* now check ~/.ssh/authorized_keys */
  84 -       strlcat(filename, "/authorized_keys", len);
  85 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  86 -               goto out;
  87 +               /* allocate max required pathname storage,
  88 +                * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  89 +               len += n_user_authkeys_dir + n_authkeys_file + 1;
  90 +               filename = m_malloc(len);
  91 +
  92 +               /* check ~/.ssh */
  93 +               snprintf(filename, len, "%s/%s", ses.authstate.pw_dir, user_authkeys_dir);
  94 +               if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  95 +                       goto out;
  96 +               }
  97 +
  98 +               /* now check ~/.ssh/authorized_keys */
  99 +               snprintf(filename, len, "%s/%s/%s", ses.authstate.pw_dir,
 100 +                        user_authkeys_dir, authkeys_file);
 101 +               if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
 102 +                       goto out;
 103 +               }
 104         }
 105
 106         /* file looks ok, return success */