diff options
Diffstat (limited to 'package/network/services/dropbear/patches/100-pubkey_path.patch')
-rw-r--r-- | package/network/services/dropbear/patches/100-pubkey_path.patch | 116 |
1 files changed, 68 insertions, 48 deletions
diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch b/package/network/services/dropbear/patches/100-pubkey_path.patch index af3fbb336b..0403198062 100644 --- a/package/network/services/dropbear/patches/100-pubkey_path.patch +++ b/package/network/services/dropbear/patches/100-pubkey_path.patch @@ -1,34 +1,50 @@ --- a/svr-authpubkey.c +++ b/svr-authpubkey.c -@@ -386,14 +386,19 @@ static int checkpubkey(const char* keyal - goto out; - } +@@ -77,6 +77,13 @@ static void send_msg_userauth_pk_ok(cons + const unsigned char* keyblob, unsigned int keybloblen); + static int checkfileperm(char * filename); -- /* we don't need to check pw and pw_dir for validity, since -- * its been done in checkpubkeyperms. */ -- len = strlen(ses.authstate.pw_dir); -- /* allocate max required pathname storage, -- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -- filename = m_malloc(len + 22); -- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -- ses.authstate.pw_dir); -+ if (ses.authstate.pw_uid != 0) { -+ /* we don't need to check pw and pw_dir for validity, since -+ * its been done in checkpubkeyperms. */ -+ len = strlen(ses.authstate.pw_dir); -+ /* allocate max required pathname storage, -+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -+ filename = m_malloc(len + 22); -+ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -+ ses.authstate.pw_dir); -+ } else { -+ filename = m_malloc(30); -+ strncpy(filename, "/etc/dropbear/authorized_keys", 30); -+ } ++static const char * const global_authkeys_dir = "/etc/dropbear"; ++static const int n_global_authkeys_dir = 14; /* + 1 extra byte */ ++static const char * const user_authkeys_dir = ".ssh"; ++static const int n_user_authkeys_dir = 5; /* + 1 extra byte */ ++static const char * const authkeys_file = "authorized_keys"; ++static const int n_authkeys_file = 16; /* + 1 extra byte */ ++ + /* process a pubkey auth request, sending success or failure message as + * appropriate */ + void svr_auth_pubkey(int valid_user) { +@@ -439,14 +446,21 @@ static int checkpubkey(const char* keyal + if (checkpubkeyperms() == DROPBEAR_FAILURE) { + TRACE(("bad authorized_keys permissions, or file doesn't exist")) + } else { +- /* we don't need to check pw and pw_dir for validity, since +- * its been done in checkpubkeyperms. */ +- len = strlen(ses.authstate.pw_dir); +- /* allocate max required pathname storage, +- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ +- filename = m_malloc(len + 22); +- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", +- ses.authstate.pw_dir); ++ if (ses.authstate.pw_uid == 0) { ++ len = n_global_authkeys_dir + n_authkeys_file; ++ filename = m_malloc(len); ++ snprintf(filename, len, "%s/%s", global_authkeys_dir, authkeys_file); ++ } else { ++ /* we don't need to check pw and pw_dir for validity, since ++ * its been done in checkpubkeyperms. */ ++ len = strlen(ses.authstate.pw_dir); ++ /* allocate max required pathname storage, ++ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ ++ len += n_user_authkeys_dir + n_authkeys_file + 1; ++ filename = m_malloc(len); ++ snprintf(filename, len, "%s/%s/%s", ses.authstate.pw_dir, ++ user_authkeys_dir, authkeys_file); ++ } - #if DROPBEAR_SVR_MULTIUSER - /* open the file as the authenticating user. */ -@@ -474,27 +479,36 @@ static int checkpubkeyperms() { + authfile = fopen(filename, "r"); + if (!authfile) { +@@ -520,27 +534,41 @@ static int checkpubkeyperms() { goto out; } @@ -37,47 +53,51 @@ - len += 22; - filename = m_malloc(len); - strlcpy(filename, ses.authstate.pw_dir, len); -- ++ if (ses.authstate.pw_uid == 0) { ++ if (checkfileperm(global_authkeys_dir) != DROPBEAR_SUCCESS) { ++ goto out; ++ } + - /* check ~ */ - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; - } -+ if (ses.authstate.pw_uid == 0) { -+ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ } else { -+ /* allocate max required pathname storage, -+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -+ len += 22; ++ len = n_global_authkeys_dir + n_authkeys_file; + filename = m_malloc(len); -+ strlcpy(filename, ses.authstate.pw_dir, len); -+ -+ /* check ~ */ -+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -+ goto out; -+ } - /* check ~/.ssh */ - strlcat(filename, "/.ssh", len); - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; - } -+ /* check ~/.ssh */ -+ strlcat(filename, "/.ssh", len); ++ snprintf(filename, len, "%s/%s", global_authkeys_dir, authkeys_file); + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { + goto out; + } ++ } else { ++ /* check ~ */ ++ if (checkfileperm(ses.authstate.pw_dir) != DROPBEAR_SUCCESS) { ++ goto out; ++ } - /* now check ~/.ssh/authorized_keys */ - strlcat(filename, "/authorized_keys", len); - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; ++ /* allocate max required pathname storage, ++ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ ++ len += n_user_authkeys_dir + n_authkeys_file + 1; ++ filename = m_malloc(len); ++ ++ /* check ~/.ssh */ ++ snprintf(filename, len, "%s/%s", ses.authstate.pw_dir, user_authkeys_dir); ++ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { ++ goto out; ++ } ++ + /* now check ~/.ssh/authorized_keys */ -+ strlcat(filename, "/authorized_keys", len); ++ snprintf(filename, len, "%s/%s/%s", ses.authstate.pw_dir, ++ user_authkeys_dir, authkeys_file); + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { + goto out; + } |