package/network/services/dropbear/patches/100-pubkey_path.patch

   1 --- a/svr-authpubkey.c
   2 +++ b/svr-authpubkey.c
   3 @@ -220,14 +220,20 @@ static int checkpubkey(char* algo, unsig
   4                 goto out;
   5         }
   6
   7 -       /* we don't need to check pw and pw_dir for validity, since
   8 -        * its been done in checkpubkeyperms. */
   9 -       len = strlen(ses.authstate.pw_dir);
  10 -       /* allocate max required pathname storage,
  11 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  12 -       filename = m_malloc(len + 22);
  13 -       snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
  14 -                               ses.authstate.pw_dir);
  15 +       if (ses.authstate.pw_uid != 0) {
  16 +               /* we don't need to check pw and pw_dir for validity, since
  17 +                * its been done in checkpubkeyperms. */
  18 +               len = strlen(ses.authstate.pw_dir);
  19 +               /* allocate max required pathname storage,
  20 +                * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  21 +               filename = m_malloc(len + 22);
  22 +               snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
  23 +                                       ses.authstate.pw_dir);
  24 +       } else {
  25 +               filename = m_malloc(30);
  26 +               strncpy(filename, "/etc/dropbear/authorized_keys", 30);
  27 +       }
  28 +
  29
  30         /* open the file as the authenticating user. */
  31         origuid = getuid();
  32 @@ -396,26 +402,35 @@ static int checkpubkeyperms() {
  33                 goto out;
  34         }
  35
  36 -       /* allocate max required pathname storage,
  37 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  38 -       filename = m_malloc(len + 22);
  39 -       strncpy(filename, ses.authstate.pw_dir, len+1);
  40 -
  41 -       /* check ~ */
  42 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  43 -               goto out;
  44 -       }
  45 -
  46 -       /* check ~/.ssh */
  47 -       strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
  48 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  49 -               goto out;
  50 -       }
  51 -
  52 -       /* now check ~/.ssh/authorized_keys */
  53 -       strncat(filename, "/authorized_keys", 16);
  54 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  55 -               goto out;
  56 +       if (ses.authstate.pw_uid == 0) {
  57 +               if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
  58 +                       goto out;
  59 +               }
  60 +               if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
  61 +                       goto out;
  62 +               }
  63 +       } else {
  64 +               /* allocate max required pathname storage,
  65 +                * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  66 +               filename = m_malloc(len + 22);
  67 +               strncpy(filename, ses.authstate.pw_dir, len+1);
  68 +
  69 +               /* check ~ */
  70 +               if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  71 +                       goto out;
  72 +               }
  73 +
  74 +               /* check ~/.ssh */
  75 +               strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
  76 +               if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  77 +                       goto out;
  78 +               }
  79 +
  80 +               /* now check ~/.ssh/authorized_keys */
  81 +               strncat(filename, "/authorized_keys", 16);
  82 +               if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  83 +                       goto out;
  84 +               }
  85         }
  86
  87         /* file looks ok, return success */