package/dropbear/patches/100-pubkey_path.patch

   1 Index: dropbear-0.52/svr-authpubkey.c
   2 ===================================================================
   3 --- dropbear-0.52.orig/svr-authpubkey.c 2008-04-22 17:29:49.000000000 -0700
   4 +++ dropbear-0.52/svr-authpubkey.c      2008-04-22 17:29:49.000000000 -0700
   5 @@ -209,6 +209,8 @@
   6                 goto out;
   7         }
   8
   9 +       if (ses.authstate.pw_uid != 0) {
  10 +
  11         /* we don't need to check pw and pw_dir for validity, since
  12          * its been done in checkpubkeyperms. */
  13         len = strlen(ses.authstate.pw_dir);
  14 @@ -220,6 +222,9 @@
  15
  16         /* open the file */
  17         authfile = fopen(filename, "r");
  18 +       } else {
  19 +               authfile = fopen("/etc/dropbear/authorized_keys","r");
  20 +       }
  21         if (authfile == NULL) {
  22                 goto out;
  23         }
  24 @@ -372,6 +377,8 @@
  25                 goto out;
  26         }
  27
  28 +       if (ses.authstate.pw_uid != 0) {
  29 +
  30         /* allocate max required pathname storage,
  31          * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
  32         filename = m_malloc(len + 22);
  33 @@ -381,6 +388,14 @@
  34         if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
  35                 goto out;
  36         }
  37 +       } else {
  38 +               if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
  39 +                       goto out;
  40 +               }
  41 +               if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
  42 +                       goto out;
  43 +               }
  44 +       }
  45
  46         /* check ~/.ssh */
  47         strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */