Changeset 14ccb40 in freewrt


Ignore:
Timestamp:
Jun 10, 2006, 2:48:01 PM (20 years ago)
Author:
Waldemar Brodkorb <wbx@…>
Branches:
freewrt_1_0, freewrt_2_0
Children:
6900408
Parents:
855544c
Message:

sync with OpenWrt

git-svn-id: svn://www.freewrt.org/trunk/freewrt@29 afb5a338-a214-0410-bd46-81f09a774fd1

File:
1 edited

Legend:

Unmodified
Added
Removed

  • package/dropbear/patches/100-pubkey_path.patch

    r855544c r14ccb40  
    1 diff -urN dropbear.old/svr-authpubkey.c dropbear.dev/svr-authpubkey.c
    2 --- dropbear.old/svr-authpubkey.c       2005-12-09 06:42:33.000000000 +0100
    3 +++ dropbear.dev/svr-authpubkey.c       2005-12-12 01:35:32.139358750 +0100
    4 @@ -155,7 +155,6 @@
    5                 unsigned char* keyblob, unsigned int keybloblen) {
    6  
    7         FILE * authfile = NULL;
    8 -       char * filename = NULL;
    9         int ret = DROPBEAR_FAILURE;
    10         buffer * line = NULL;
    11         unsigned int len, pos;
    12 @@ -176,17 +175,8 @@
     1--- dropbear.old/svr-authpubkey.c.orig  2006-06-03 14:54:43.000000000 +0000
     2+++ dropbear.dev/svr-authpubkey.c       2006-06-03 15:03:19.000000000 +0000
     3@@ -176,6 +176,8 @@
    134                goto out;
    145        }
    156 
    16 -       /* we don't need to check pw and pw_dir for validity, since
    17 -        * its been done in checkpubkeyperms. */
    18 -       len = strlen(ses.authstate.pw->pw_dir);
    19 -       /* allocate max required pathname storage,
    20 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    21 -       filename = m_malloc(len + 22);
    22 -       snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
    23 -                               ses.authstate.pw->pw_dir);
    24 -
     7+       if (ses.authstate.pw->pw_uid != 0) {
     8+
     9        /* we don't need to check pw and pw_dir for validity, since
     10         * its been done in checkpubkeyperms. */
     11        len = strlen(ses.authstate.pw->pw_dir);
     12@@ -187,6 +189,9 @@
     13 
    2514        /* open the file */
    26 -       authfile = fopen(filename, "r");
    27 +       authfile = fopen("/etc/dropbear/authorized_keys", "r");
     15        authfile = fopen(filename, "r");
     16+       } else {
     17+               authfile = fopen("/etc/dropbear/authorized_keys","r");
     18+       }
    2819        if (authfile == NULL) {
    2920                goto out;
    3021        }
    31 @@ -247,7 +237,6 @@
    32         if (line) {
    33                 buf_free(line);
    34         }
    35 -       m_free(filename);
    36         TRACE(("leave checkpubkey: ret=%d", ret))
    37         return ret;
    38  }
    39 @@ -255,12 +244,11 @@
    40  
    41  /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok,
    42   * DROPBEAR_FAILURE otherwise.
    43 - * Checks that the user's homedir, ~/.ssh, and
    44 - * ~/.ssh/authorized_keys are all owned by either root or the user, and are
    45 + * Checks that /etc/dropbear and /etc/dropbear/authorized_keys
    46 + * are all owned by either root or the user, and are
    47   * g-w, o-w */
    48  static int checkpubkeyperms() {
    49  
    50 -       char* filename = NULL;
    51         int ret = DROPBEAR_FAILURE;
    52         unsigned int len;
    53  
    54 @@ -274,25 +262,11 @@
     22@@ -274,6 +279,8 @@
    5523                goto out;
    5624        }
    5725 
    58 -       /* allocate max required pathname storage,
    59 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    60 -       filename = m_malloc(len + 22);
    61 -       strncpy(filename, ses.authstate.pw->pw_dir, len+1);
    62 -
    63 -       /* check ~ */
    64 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    65 -               goto out;
    66 -       }
    67 -
    68 -       /* check ~/.ssh */
    69 -       strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
    70 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    71 +       if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
     26+       if (ses.authstate.pw->pw_uid != 0) {
     27+
     28        /* allocate max required pathname storage,
     29         * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
     30        filename = m_malloc(len + 22);
     31@@ -295,6 +302,14 @@
     32        if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    7233                goto out;
    7334        }
     35+       } else {
     36+               if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
     37+                       goto out;
     38+               }
     39+               if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
     40+                       goto out;
     41+               }
     42+       }
    7443 
    75 -       /* now check ~/.ssh/authorized_keys */
    76 -       strncat(filename, "/authorized_keys", 16);
    77 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    78 +       if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
    79                 goto out;
    80         }
    81  
    82 @@ -300,7 +274,6 @@
     44        /* file looks ok, return success */
    8345        ret = DROPBEAR_SUCCESS;
    84        
    85  out:
    86 -       m_free(filename);
    87  
    88         TRACE(("leave checkpubkeyperms"))
    89         return ret;
Note: See TracChangeset for help on using the changeset viewer.