Domů Procházet Nápověda
Přihlásit se
jahway603
/
libreCMC
rozštěpen z libreCMC/libreCMC
1
0
Rozštěpit 0
Soubory
Strom: 5739ca0500
Větve Značky
libreCMC
/
package
/
network
/
services
/
dropbear
/
patches
/
100-pubkey_path.patch

100-pubkey_path.patch 2.5 KB
Historie Surový

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. --- a/svr-authpubkey.c
    2. 

  2. +++ b/svr-authpubkey.c
    3. 

  3. @@ -338,14 +338,19 @@ static int checkpubkey(const char* algo,
    4. 

  4.  		goto out;
    5. 

  5.  	}
    6. 

  6.  
    7. 

  7. -	/* we don't need to check pw and pw_dir for validity, since
    8. 

  8. -	 * its been done in checkpubkeyperms. */
    9. 

  9. -	len = strlen(ses.authstate.pw_dir);
    10. 

  10. -	/* allocate max required pathname storage,
    11. 

  11. -	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    12. 

  12. -	filename = m_malloc(len + 22);
    13. 

  13. -	snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
    14. 

  14. -				ses.authstate.pw_dir);
    15. 

  15. +	if (ses.authstate.pw_uid != 0) {
    16. 

  16. +		/* we don't need to check pw and pw_dir for validity, since
    17. 

  17. +		 * its been done in checkpubkeyperms. */
    18. 

  18. +		len = strlen(ses.authstate.pw_dir);
    19. 

  19. +		/* allocate max required pathname storage,
    20. 

  20. +		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    21. 

  21. +		filename = m_malloc(len + 22);
    22. 

  22. +		snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
    23. 

  23. +					ses.authstate.pw_dir);
    24. 

  24. +	} else {
    25. 

  25. +		filename = m_malloc(30);
    26. 

  26. +		strncpy(filename, "/etc/dropbear/authorized_keys", 30);
    27. 

  27. +	}
    28. 

  28.  
    29. 

  29.  #if DROPBEAR_SVR_MULTIUSER
    30. 

  30.  	/* open the file as the authenticating user. */
    31. 

  31. @@ -426,27 +431,36 @@ static int checkpubkeyperms() {
    32. 

  32.  		goto out;
    33. 

  33.  	}
    34. 

  34.  
    35. 

  35. -	/* allocate max required pathname storage,
    36. 

  36. -	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    37. 

  37. -	len += 22;
    38. 

  38. -	filename = m_malloc(len);
    39. 

  39. -	strlcpy(filename, ses.authstate.pw_dir, len);
    40. 

  40. -
    41. 

  41. -	/* check ~ */
    42. 

  42. -	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    43. 

  43. -		goto out;
    44. 

  44. -	}
    45. 

  45. +	if (ses.authstate.pw_uid == 0) {
    46. 

  46. +		if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
    47. 

  47. +			goto out;
    48. 

  48. +		}
    49. 

  49. +		if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
    50. 

  50. +			goto out;
    51. 

  51. +		}
    52. 

  52. +	} else {
    53. 

  53. +		/* allocate max required pathname storage,
    54. 

  54. +		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    55. 

  55. +		len += 22;
    56. 

  56. +		filename = m_malloc(len);
    57. 

  57. +		strlcpy(filename, ses.authstate.pw_dir, len);
    58. 

  58. +
    59. 

  59. +		/* check ~ */
    60. 

  60. +		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    61. 

  61. +			goto out;
    62. 

  62. +		}
    63. 

  63.  
    64. 

  64. -	/* check ~/.ssh */
    65. 

  65. -	strlcat(filename, "/.ssh", len);
    66. 

  66. -	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    67. 

  67. -		goto out;
    68. 

  68. -	}
    69. 

  69. +		/* check ~/.ssh */
    70. 

  70. +		strlcat(filename, "/.ssh", len);
    71. 

  71. +		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    72. 

  72. +			goto out;
    73. 

  73. +		}
    74. 

  74.  
    75. 

  75. -	/* now check ~/.ssh/authorized_keys */
    76. 

  76. -	strlcat(filename, "/authorized_keys", len);
    77. 

  77. -	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    78. 

  78. -		goto out;
    79. 

  79. +		/* now check ~/.ssh/authorized_keys */
    80. 

  80. +		strlcat(filename, "/authorized_keys", len);
    81. 

  81. +		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    82. 

  82. +			goto out;
    83. 

  83. +		}
    84. 

  84.  	}
    85. 

  85.  
    86. 

  86.  	/* file looks ok, return success */
    87.