3 @@ -386,14 +386,19 @@ static int checkpubkey(const char* keyal
7 - /* we don't need to check pw and pw_dir for validity, since
8 - * its been done in checkpubkeyperms. */
9 - len = strlen(ses.authstate.pw_dir);
10 - /* allocate max required pathname storage,
11 - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
12 - filename = m_malloc(len + 22);
13 - snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
14 - ses.authstate.pw_dir);
15 + if (ses.authstate.pw_uid != 0) {
16 + /* we don't need to check pw and pw_dir for validity, since
17 + * its been done in checkpubkeyperms. */
18 + len = strlen(ses.authstate.pw_dir);
19 + /* allocate max required pathname storage,
20 + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
21 + filename = m_malloc(len + 22);
22 + snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
23 + ses.authstate.pw_dir);
25 + filename = m_malloc(30);
26 + strncpy(filename, "/etc/dropbear/authorized_keys", 30);
29 #if DROPBEAR_SVR_MULTIUSER
30 /* open the file as the authenticating user. */
31 @@ -474,27 +479,36 @@ static int checkpubkeyperms() {
35 - /* allocate max required pathname storage,
36 - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
38 - filename = m_malloc(len);
39 - strlcpy(filename, ses.authstate.pw_dir, len);
42 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
45 + if (ses.authstate.pw_uid == 0) {
46 + if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
49 + if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
53 + /* allocate max required pathname storage,
54 + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
56 + filename = m_malloc(len);
57 + strlcpy(filename, ses.authstate.pw_dir, len);
60 + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
65 - strlcat(filename, "/.ssh", len);
66 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
70 + strlcat(filename, "/.ssh", len);
71 + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
75 - /* now check ~/.ssh/authorized_keys */
76 - strlcat(filename, "/authorized_keys", len);
77 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
79 + /* now check ~/.ssh/authorized_keys */
80 + strlcat(filename, "/authorized_keys", len);
81 + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
86 /* file looks ok, return success */