diff options
| author | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2009-04-07 23:04:29 +0000 | 
|---|---|---|
| committer | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2009-04-07 23:04:29 +0000 | 
| commit | 97fba8d644685bac3b042d47e707bbceedcead9d (patch) | |
| tree | 7e7c853d9d349af7885024291e37ca828fc4c762 /package/dropbear/patches | |
| parent | 38f9a602ab01d6cf82b829f83b31c197e6178f0a (diff) | |
[package] dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52 - thanks maniac103!
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15144 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/dropbear/patches')
| -rw-r--r-- | package/dropbear/patches/100-pubkey_path.patch | 97 | 
1 files changed, 71 insertions, 26 deletions
| diff --git a/package/dropbear/patches/100-pubkey_path.patch b/package/dropbear/patches/100-pubkey_path.patch index 9346cc60f..25a81614c 100644 --- a/package/dropbear/patches/100-pubkey_path.patch +++ b/package/dropbear/patches/100-pubkey_path.patch @@ -1,47 +1,92 @@ -Index: dropbear-0.52/svr-authpubkey.c -=================================================================== ---- dropbear-0.52.orig/svr-authpubkey.c	2008-04-22 17:29:49.000000000 -0700 -+++ dropbear-0.52/svr-authpubkey.c	2008-04-22 17:29:49.000000000 -0700 -@@ -209,6 +209,8 @@ +diff -ur dropbear-0.52.orig/svr-authpubkey.c dropbear-0.52/svr-authpubkey.c +--- dropbear-0.52.orig/svr-authpubkey.c	2009-04-08 00:32:16.000000000 +0200 ++++ dropbear-0.52/svr-authpubkey.c	2009-04-08 00:44:11.000000000 +0200 +@@ -209,17 +209,21 @@   		goto out;   	} +-	/* we don't need to check pw and pw_dir for validity, since +-	 * its been done in checkpubkeyperms. */ +-	len = strlen(ses.authstate.pw_dir); +-	/* allocate max required pathname storage, +-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ +-	filename = m_malloc(len + 22); +-	snprintf(filename, len + 22, "%s/.ssh/authorized_keys",  +-				ses.authstate.pw_dir); +- +-	/* open the file */ +-	authfile = fopen(filename, "r");  +	if (ses.authstate.pw_uid != 0) { ++		/* we don't need to check pw and pw_dir for validity, since ++		 * its been done in checkpubkeyperms. */ ++		len = strlen(ses.authstate.pw_dir); ++		/* allocate max required pathname storage, ++		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ ++		filename = m_malloc(len + 22); ++		snprintf(filename, len + 22, "%s/.ssh/authorized_keys",  ++		         ses.authstate.pw_dir);  + - 	/* we don't need to check pw and pw_dir for validity, since - 	 * its been done in checkpubkeyperms. */ - 	len = strlen(ses.authstate.pw_dir); -@@ -220,6 +222,9 @@ -  - 	/* open the file */ - 	authfile = fopen(filename, "r"); ++		/* open the file */ ++		authfile = fopen(filename, "r");  +	} else {  +		authfile = fopen("/etc/dropbear/authorized_keys","r");  +	}   	if (authfile == NULL) {   		goto out;   	} -@@ -372,6 +377,8 @@ +@@ -372,26 +376,35 @@   		goto out;   	} -+	if (ses.authstate.pw_uid != 0) { -+ - 	/* allocate max required pathname storage, - 	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ - 	filename = m_malloc(len + 22); -@@ -381,6 +388,14 @@ - 	if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - 		goto out; - 	} -+	} else { +-	/* allocate max required pathname storage, +-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ +-	filename = m_malloc(len + 22); +-	strncpy(filename, ses.authstate.pw_dir, len+1); +- +-	/* check ~ */ +-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) { +-		goto out; +-	} +- +-	/* check ~/.ssh */ +-	strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ +-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) { +-		goto out; +-	} +- +-	/* now check ~/.ssh/authorized_keys */ +-	strncat(filename, "/authorized_keys", 16); +-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) { +-		goto out; ++	if (ses.authstate.pw_uid == 0) {  +		if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {  +			goto out;  +		}  +		if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {  +			goto out;  +		} -+	} ++	} else { ++		/* allocate max required pathname storage, ++		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ ++		filename = m_malloc(len + 22); ++		strncpy(filename, ses.authstate.pw_dir, len+1); ++ ++		/* check ~ */ ++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) { ++			goto out; ++		} ++ ++		/* check ~/.ssh */ ++		strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ ++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) { ++			goto out; ++		} ++ ++		/* now check ~/.ssh/authorized_keys */ ++		strncat(filename, "/authorized_keys", 16); ++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) { ++			goto out; ++		} + 	} - 	/* check ~/.ssh */ - 	strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ + 	/* file looks ok, return success */ | 
