openwrt/package/dropbear/patches/authpubkey.patch

   1 --- dropbear-0.45.old/svr-authpubkey.c  2005-09-27 12:45:20.863639072 +0200
   2 +++ dropbear-0.45/svr-authpubkey.c      2005-09-27 13:15:09.066790872 +0200
   3 @@ -176,14 +176,10 @@
   4                 goto out;
   5         }
   6
   7 -       /* we don't need to check pw and pw_dir for validity, since
   8 -        * its been done in checkpubkeyperms. */
   9 -       len = strlen(ses.authstate.pw->pw_dir);
  10         /* allocate max required pathname storage,
  11 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  12 -       filename = m_malloc(len + 22);
  13 -       snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
  14 -                               ses.authstate.pw->pw_dir);
  15 +        * = "/etc/dropbear/authorized_keys" + '\0' = 30 */
  16 +       filename = m_malloc(30);
  17 +       strncpy(filename, "/etc/dropbear/authorized_keys", 30);
  18
  19         /* open the file */
  20         authfile = fopen(filename, "r");
  21 @@ -255,43 +251,33 @@
  22
  23  /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok,
  24   * DROPBEAR_FAILURE otherwise.
  25 - * Checks that the user's homedir, ~/.ssh, and
  26 - * ~/.ssh/authorized_keys are all owned by either root or the user, and are
  27 + * Checks that /etc, /etc/dropbear and /etc/dropbear/authorized_keys
  28 + * are all owned by either root or the user, and are
  29   * g-w, o-w */
  30  static int checkpubkeyperms() {
  31
  32         char* filename = NULL;
  33         int ret = DROPBEAR_FAILURE;
  34 -       unsigned int len;
  35
  36         TRACE(("enter checkpubkeyperms"))
  37
  38 -       assert(ses.authstate.pw);
  39 -       if (ses.authstate.pw->pw_dir == NULL) {
  40 -               goto out;
  41 -       }
  42 -
  43 -       if ((len = strlen(ses.authstate.pw->pw_dir)) == 0) {
  44 -               goto out;
  45 -       }
  46 -
  47         /* allocate max required pathname storage,
  48 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  49 -       filename = m_malloc(len + 22);
  50 -       strncpy(filename, ses.authstate.pw->pw_dir, len+1);
  51 +        * = "/etc/dropbear/authorized_keys" + '\0' = 30 */
  52 +       filename = m_malloc(30);
  53 +       strncpy(filename, "/etc", 4); /* strlen("/etc") == 4 */
  54
  55 -       /* check ~ */
  56 +       /* check /etc */
  57         if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  58                 goto out;
  59         }
  60
  61 -       /* check ~/.ssh */
  62 -       strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
  63 +       /* check /etc/dropbear */
  64 +       strncat(filename, "/dropbear", 9); /* strlen("/dropbear") == 9 */
  65         if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  66                 goto out;
  67         }
  68
  69 -       /* now check ~/.ssh/authorized_keys */
  70 +       /* now check /etc/dropbear/authorized_keys */
  71         strncat(filename, "/authorized_keys", 16);
  72         if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  73                 goto out;