صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
OpenWrt
/
openwrt
mirrorاز https://github.com/openwrt/openwrt.git
2
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
درخت: 76ff676a1e
شاخه‌ها تگ‌ها
openwrt
/
package
/
dropbear
/
patches
/
100-pubkey_path.patch

100-pubkey_path.patch 2.7 KB
تاريخچه خام

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. diff -ur dropbear-0.52.orig/svr-authpubkey.c dropbear-0.52/svr-authpubkey.c
    2. 

  2. --- dropbear-0.52.orig/svr-authpubkey.c	2009-04-08 00:32:16.000000000 +0200
    3. 

  3. +++ dropbear-0.52/svr-authpubkey.c	2009-04-08 00:44:11.000000000 +0200
    4. 

  4. @@ -209,17 +209,21 @@
    5. 

  5.  		goto out;
    6. 

  6.  	}
    7. 

  7.  
    8. 

  8. -	/* we don't need to check pw and pw_dir for validity, since
    9. 

  9. -	 * its been done in checkpubkeyperms. */
    10. 

  10. -	len = strlen(ses.authstate.pw_dir);
    11. 

  11. -	/* allocate max required pathname storage,
    12. 

  12. -	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    13. 

  13. -	filename = m_malloc(len + 22);
    14. 

  14. -	snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
    15. 

  15. -				ses.authstate.pw_dir);
    16. 

  16. -
    17. 

  17. -	/* open the file */
    18. 

  18. -	authfile = fopen(filename, "r");
    19. 

  19. +	if (ses.authstate.pw_uid != 0) {
    20. 

  20. +		/* we don't need to check pw and pw_dir for validity, since
    21. 

  21. +		 * its been done in checkpubkeyperms. */
    22. 

  22. +		len = strlen(ses.authstate.pw_dir);
    23. 

  23. +		/* allocate max required pathname storage,
    24. 

  24. +		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    25. 

  25. +		filename = m_malloc(len + 22);
    26. 

  26. +		snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
    27. 

  27. +		         ses.authstate.pw_dir);
    28. 

  28. +
    29. 

  29. +		/* open the file */
    30. 

  30. +		authfile = fopen(filename, "r");
    31. 

  31. +	} else {
    32. 

  32. +		authfile = fopen("/etc/dropbear/authorized_keys","r");
    33. 

  33. +	}
    34. 

  34.  	if (authfile == NULL) {
    35. 

  35.  		goto out;
    36. 

  36.  	}
    37. 

  37. @@ -372,26 +376,35 @@
    38. 

  38.  		goto out;
    39. 

  39.  	}
    40. 

  40.  
    41. 

  41. -	/* allocate max required pathname storage,
    42. 

  42. -	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    43. 

  43. -	filename = m_malloc(len + 22);
    44. 

  44. -	strncpy(filename, ses.authstate.pw_dir, len+1);
    45. 

  45. -
    46. 

  46. -	/* check ~ */
    47. 

  47. -	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    48. 

  48. -		goto out;
    49. 

  49. -	}
    50. 

  50. -
    51. 

  51. -	/* check ~/.ssh */
    52. 

  52. -	strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
    53. 

  53. -	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    54. 

  54. -		goto out;
    55. 

  55. -	}
    56. 

  56. -
    57. 

  57. -	/* now check ~/.ssh/authorized_keys */
    58. 

  58. -	strncat(filename, "/authorized_keys", 16);
    59. 

  59. -	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    60. 

  60. -		goto out;
    61. 

  61. +	if (ses.authstate.pw_uid == 0) {
    62. 

  62. +		if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
    63. 

  63. +			goto out;
    64. 

  64. +		}
    65. 

  65. +		if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
    66. 

  66. +			goto out;
    67. 

  67. +		}
    68. 

  68. +	} else {
    69. 

  69. +		/* allocate max required pathname storage,
    70. 

  70. +		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
    71. 

  71. +		filename = m_malloc(len + 22);
    72. 

  72. +		strncpy(filename, ses.authstate.pw_dir, len+1);
    73. 

  73. +
    74. 

  74. +		/* check ~ */
    75. 

  75. +		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    76. 

  76. +			goto out;
    77. 

  77. +		}
    78. 

  78. +
    79. 

  79. +		/* check ~/.ssh */
    80. 

  80. +		strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
    81. 

  81. +		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    82. 

  82. +			goto out;
    83. 

  83. +		}
    84. 

  84. +
    85. 

  85. +		/* now check ~/.ssh/authorized_keys */
    86. 

  86. +		strncat(filename, "/authorized_keys", 16);
    87. 

  87. +		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
    88. 

  88. +			goto out;
    89. 

  89. +		}
    90. 

  90.  	}
    91. 

  91.  
    92. 

  92.  	/* file looks ok, return success */
    93.