dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52...
authorJo-Philipp Wich <jow@openwrt.org>
Tue, 7 Apr 2009 23:04:29 +0000 (23:04 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Tue, 7 Apr 2009 23:04:29 +0000 (23:04 +0000)
SVN-Revision: 15144

package/dropbear/Makefile
package/dropbear/patches/100-pubkey_path.patch

index de4df22..6f9b9bb 100644 (file)
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dropbear
 PKG_VERSION:=0.52
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \
index 9346cc6..25a8161 100644 (file)
@@ -1,47 +1,92 @@
-Index: dropbear-0.52/svr-authpubkey.c
-===================================================================
---- dropbear-0.52.orig/svr-authpubkey.c        2008-04-22 17:29:49.000000000 -0700
-+++ dropbear-0.52/svr-authpubkey.c     2008-04-22 17:29:49.000000000 -0700
-@@ -209,6 +209,8 @@
+diff -ur dropbear-0.52.orig/svr-authpubkey.c dropbear-0.52/svr-authpubkey.c
+--- dropbear-0.52.orig/svr-authpubkey.c        2009-04-08 00:32:16.000000000 +0200
++++ dropbear-0.52/svr-authpubkey.c     2009-04-08 00:44:11.000000000 +0200
+@@ -209,17 +209,21 @@
                goto out;
        }
  
+-      /* we don't need to check pw and pw_dir for validity, since
+-       * its been done in checkpubkeyperms. */
+-      len = strlen(ses.authstate.pw_dir);
+-      /* allocate max required pathname storage,
+-       * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-      filename = m_malloc(len + 22);
+-      snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
+-                              ses.authstate.pw_dir);
+-
+-      /* open the file */
+-      authfile = fopen(filename, "r");
 +      if (ses.authstate.pw_uid != 0) {
++              /* we don't need to check pw and pw_dir for validity, since
++               * its been done in checkpubkeyperms. */
++              len = strlen(ses.authstate.pw_dir);
++              /* allocate max required pathname storage,
++               * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++              filename = m_malloc(len + 22);
++              snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
++                       ses.authstate.pw_dir);
 +
-       /* we don't need to check pw and pw_dir for validity, since
-        * its been done in checkpubkeyperms. */
-       len = strlen(ses.authstate.pw_dir);
-@@ -220,6 +222,9 @@
-       /* open the file */
-       authfile = fopen(filename, "r");
++              /* open the file */
++              authfile = fopen(filename, "r");
 +      } else {
 +              authfile = fopen("/etc/dropbear/authorized_keys","r");
 +      }
        if (authfile == NULL) {
                goto out;
        }
-@@ -372,6 +377,8 @@
+@@ -372,26 +376,35 @@
                goto out;
        }
  
-+      if (ses.authstate.pw_uid != 0) {
-+
-       /* allocate max required pathname storage,
-        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
-       filename = m_malloc(len + 22);
-@@ -381,6 +388,14 @@
-       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
-               goto out;
-       }
-+      } else {
+-      /* allocate max required pathname storage,
+-       * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-      filename = m_malloc(len + 22);
+-      strncpy(filename, ses.authstate.pw_dir, len+1);
+-
+-      /* check ~ */
+-      if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-              goto out;
+-      }
+-
+-      /* check ~/.ssh */
+-      strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
+-      if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-              goto out;
+-      }
+-
+-      /* now check ~/.ssh/authorized_keys */
+-      strncat(filename, "/authorized_keys", 16);
+-      if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-              goto out;
++      if (ses.authstate.pw_uid == 0) {
 +              if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
 +                      goto out;
 +              }
 +              if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
 +                      goto out;
 +              }
-+      }
++      } else {
++              /* allocate max required pathname storage,
++               * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++              filename = m_malloc(len + 22);
++              strncpy(filename, ses.authstate.pw_dir, len+1);
++
++              /* check ~ */
++              if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++                      goto out;
++              }
++
++              /* check ~/.ssh */
++              strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
++              if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++                      goto out;
++              }
++
++              /* now check ~/.ssh/authorized_keys */
++              strncat(filename, "/authorized_keys", 16);
++              if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++                      goto out;
++              }
+       }
  
-       /* check ~/.ssh */
-       strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
+       /* file looks ok, return success */