Changeset 3916


Ignore:
Timestamp:
2006-06-09T02:29:26+02:00 (10 years ago)
Author:
nbd
Message:

add dropbear pubkey auth patch from #582

Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/buildroot-ng/openwrt/package/dropbear/patches/100-pubkey_path.patch

    r2660 r3916  
    1 diff -urN dropbear.old/svr-authpubkey.c dropbear.dev/svr-authpubkey.c 
    2 --- dropbear.old/svr-authpubkey.c       2005-12-09 06:42:33.000000000 +0100 
    3 +++ dropbear.dev/svr-authpubkey.c       2005-12-12 01:35:32.139358750 +0100 
    4 @@ -155,7 +155,6 @@ 
    5                 unsigned char* keyblob, unsigned int keybloblen) { 
    6   
    7         FILE * authfile = NULL; 
    8 -       char * filename = NULL; 
    9         int ret = DROPBEAR_FAILURE; 
    10         buffer * line = NULL; 
    11         unsigned int len, pos; 
    12 @@ -176,17 +175,8 @@ 
     1--- dropbear.old/svr-authpubkey.c.orig  2006-06-03 14:54:43.000000000 +0000 
     2+++ dropbear.dev/svr-authpubkey.c       2006-06-03 15:03:19.000000000 +0000 
     3@@ -176,6 +176,8 @@ 
    134                goto out; 
    145        } 
    156  
    16 -       /* we don't need to check pw and pw_dir for validity, since 
    17 -        * its been done in checkpubkeyperms. */ 
    18 -       len = strlen(ses.authstate.pw->pw_dir); 
    19 -       /* allocate max required pathname storage, 
    20 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 
    21 -       filename = m_malloc(len + 22); 
    22 -       snprintf(filename, len + 22, "%s/.ssh/authorized_keys",  
    23 -                               ses.authstate.pw->pw_dir); 
    24 - 
     7+       if (ses.authstate.pw->pw_uid != 0) { 
     8+ 
     9        /* we don't need to check pw and pw_dir for validity, since 
     10         * its been done in checkpubkeyperms. */ 
     11        len = strlen(ses.authstate.pw->pw_dir); 
     12@@ -187,6 +189,9 @@ 
     13  
    2514        /* open the file */ 
    26 -       authfile = fopen(filename, "r"); 
    27 +       authfile = fopen("/etc/dropbear/authorized_keys", "r"); 
     15        authfile = fopen(filename, "r"); 
     16+       } else { 
     17+               authfile = fopen("/etc/dropbear/authorized_keys","r"); 
     18+       } 
    2819        if (authfile == NULL) { 
    2920                goto out; 
    3021        } 
    31 @@ -247,7 +237,6 @@ 
    32         if (line) { 
    33                 buf_free(line); 
    34         } 
    35 -       m_free(filename); 
    36         TRACE(("leave checkpubkey: ret=%d", ret)) 
    37         return ret; 
    38  } 
    39 @@ -255,12 +244,11 @@ 
    40   
    41  /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok, 
    42   * DROPBEAR_FAILURE otherwise. 
    43 - * Checks that the user's homedir, ~/.ssh, and 
    44 - * ~/.ssh/authorized_keys are all owned by either root or the user, and are 
    45 + * Checks that /etc/dropbear and /etc/dropbear/authorized_keys 
    46 + * are all owned by either root or the user, and are 
    47   * g-w, o-w */ 
    48  static int checkpubkeyperms() { 
    49   
    50 -       char* filename = NULL;  
    51         int ret = DROPBEAR_FAILURE; 
    52         unsigned int len; 
    53   
    54 @@ -274,25 +262,11 @@ 
     22@@ -274,6 +279,8 @@ 
    5523                goto out; 
    5624        } 
    5725  
    58 -       /* allocate max required pathname storage, 
    59 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 
    60 -       filename = m_malloc(len + 22); 
    61 -       strncpy(filename, ses.authstate.pw->pw_dir, len+1); 
    62 - 
    63 -       /* check ~ */ 
    64 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 
    65 -               goto out; 
    66 -       } 
    67 - 
    68 -       /* check ~/.ssh */ 
    69 -       strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ 
    70 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 
    71 +       if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { 
     26+       if (ses.authstate.pw->pw_uid != 0) { 
     27+ 
     28        /* allocate max required pathname storage, 
     29         * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 
     30        filename = m_malloc(len + 22); 
     31@@ -295,6 +302,14 @@ 
     32        if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 
    7233                goto out; 
    7334        } 
     35+       } else { 
     36+               if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { 
     37+                       goto out; 
     38+               } 
     39+               if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { 
     40+                       goto out; 
     41+               } 
     42+       } 
    7443  
    75 -       /* now check ~/.ssh/authorized_keys */ 
    76 -       strncat(filename, "/authorized_keys", 16); 
    77 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 
    78 +       if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { 
    79                 goto out; 
    80         } 
    81   
    82 @@ -300,7 +274,6 @@ 
     44        /* file looks ok, return success */ 
    8345        ret = DROPBEAR_SUCCESS; 
    84          
    85  out: 
    86 -       m_free(filename); 
    87   
    88         TRACE(("leave checkpubkeyperms")) 
    89         return ret; 
  • branches/whiterussian/openwrt/package/dropbear/patches/100-pubkey_path.patch

    r2659 r3916  
    1 diff -urN dropbear.old/svr-authpubkey.c dropbear.dev/svr-authpubkey.c 
    2 --- dropbear.old/svr-authpubkey.c       2005-12-09 06:42:33.000000000 +0100 
    3 +++ dropbear.dev/svr-authpubkey.c       2005-12-12 01:35:32.139358750 +0100 
    4 @@ -155,7 +155,6 @@ 
    5                 unsigned char* keyblob, unsigned int keybloblen) { 
    6   
    7         FILE * authfile = NULL; 
    8 -       char * filename = NULL; 
    9         int ret = DROPBEAR_FAILURE; 
    10         buffer * line = NULL; 
    11         unsigned int len, pos; 
    12 @@ -176,17 +175,8 @@ 
     1--- dropbear.old/svr-authpubkey.c.orig  2006-06-03 14:54:43.000000000 +0000 
     2+++ dropbear.dev/svr-authpubkey.c       2006-06-03 15:03:19.000000000 +0000 
     3@@ -176,6 +176,8 @@ 
    134                goto out; 
    145        } 
    156  
    16 -       /* we don't need to check pw and pw_dir for validity, since 
    17 -        * its been done in checkpubkeyperms. */ 
    18 -       len = strlen(ses.authstate.pw->pw_dir); 
    19 -       /* allocate max required pathname storage, 
    20 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 
    21 -       filename = m_malloc(len + 22); 
    22 -       snprintf(filename, len + 22, "%s/.ssh/authorized_keys",  
    23 -                               ses.authstate.pw->pw_dir); 
    24 - 
     7+       if (ses.authstate.pw->pw_uid != 0) { 
     8+ 
     9        /* we don't need to check pw and pw_dir for validity, since 
     10         * its been done in checkpubkeyperms. */ 
     11        len = strlen(ses.authstate.pw->pw_dir); 
     12@@ -187,6 +189,9 @@ 
     13  
    2514        /* open the file */ 
    26 -       authfile = fopen(filename, "r"); 
    27 +       authfile = fopen("/etc/dropbear/authorized_keys", "r"); 
     15        authfile = fopen(filename, "r"); 
     16+       } else { 
     17+               authfile = fopen("/etc/dropbear/authorized_keys","r"); 
     18+       } 
    2819        if (authfile == NULL) { 
    2920                goto out; 
    3021        } 
    31 @@ -247,7 +237,6 @@ 
    32         if (line) { 
    33                 buf_free(line); 
    34         } 
    35 -       m_free(filename); 
    36         TRACE(("leave checkpubkey: ret=%d", ret)) 
    37         return ret; 
    38  } 
    39 @@ -255,12 +244,11 @@ 
    40   
    41  /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok, 
    42   * DROPBEAR_FAILURE otherwise. 
    43 - * Checks that the user's homedir, ~/.ssh, and 
    44 - * ~/.ssh/authorized_keys are all owned by either root or the user, and are 
    45 + * Checks that /etc/dropbear and /etc/dropbear/authorized_keys 
    46 + * are all owned by either root or the user, and are 
    47   * g-w, o-w */ 
    48  static int checkpubkeyperms() { 
    49   
    50 -       char* filename = NULL;  
    51         int ret = DROPBEAR_FAILURE; 
    52         unsigned int len; 
    53   
    54 @@ -274,25 +262,11 @@ 
     22@@ -274,6 +279,8 @@ 
    5523                goto out; 
    5624        } 
    5725  
    58 -       /* allocate max required pathname storage, 
    59 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 
    60 -       filename = m_malloc(len + 22); 
    61 -       strncpy(filename, ses.authstate.pw->pw_dir, len+1); 
    62 - 
    63 -       /* check ~ */ 
    64 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 
    65 -               goto out; 
    66 -       } 
    67 - 
    68 -       /* check ~/.ssh */ 
    69 -       strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ 
    70 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 
    71 +       if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { 
     26+       if (ses.authstate.pw->pw_uid != 0) { 
     27+ 
     28        /* allocate max required pathname storage, 
     29         * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 
     30        filename = m_malloc(len + 22); 
     31@@ -295,6 +302,14 @@ 
     32        if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 
    7233                goto out; 
    7334        } 
     35+       } else { 
     36+               if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { 
     37+                       goto out; 
     38+               } 
     39+               if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { 
     40+                       goto out; 
     41+               } 
     42+       } 
    7443  
    75 -       /* now check ~/.ssh/authorized_keys */ 
    76 -       strncat(filename, "/authorized_keys", 16); 
    77 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 
    78 +       if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { 
    79                 goto out; 
    80         } 
    81   
    82 @@ -300,7 +274,6 @@ 
     44        /* file looks ok, return success */ 
    8345        ret = DROPBEAR_SUCCESS; 
    84          
    85  out: 
    86 -       m_free(filename); 
    87   
    88         TRACE(("leave checkpubkeyperms")) 
    89         return ret; 
  • trunk/openwrt/package/dropbear/patches/100-pubkey_path.patch

    r2660 r3916  
    1 diff -urN dropbear.old/svr-authpubkey.c dropbear.dev/svr-authpubkey.c 
    2 --- dropbear.old/svr-authpubkey.c       2005-12-09 06:42:33.000000000 +0100 
    3 +++ dropbear.dev/svr-authpubkey.c       2005-12-12 01:35:32.139358750 +0100 
    4 @@ -155,7 +155,6 @@ 
    5                 unsigned char* keyblob, unsigned int keybloblen) { 
    6   
    7         FILE * authfile = NULL; 
    8 -       char * filename = NULL; 
    9         int ret = DROPBEAR_FAILURE; 
    10         buffer * line = NULL; 
    11         unsigned int len, pos; 
    12 @@ -176,17 +175,8 @@ 
     1--- dropbear.old/svr-authpubkey.c.orig  2006-06-03 14:54:43.000000000 +0000 
     2+++ dropbear.dev/svr-authpubkey.c       2006-06-03 15:03:19.000000000 +0000 
     3@@ -176,6 +176,8 @@ 
    134                goto out; 
    145        } 
    156  
    16 -       /* we don't need to check pw and pw_dir for validity, since 
    17 -        * its been done in checkpubkeyperms. */ 
    18 -       len = strlen(ses.authstate.pw->pw_dir); 
    19 -       /* allocate max required pathname storage, 
    20 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 
    21 -       filename = m_malloc(len + 22); 
    22 -       snprintf(filename, len + 22, "%s/.ssh/authorized_keys",  
    23 -                               ses.authstate.pw->pw_dir); 
    24 - 
     7+       if (ses.authstate.pw->pw_uid != 0) { 
     8+ 
     9        /* we don't need to check pw and pw_dir for validity, since 
     10         * its been done in checkpubkeyperms. */ 
     11        len = strlen(ses.authstate.pw->pw_dir); 
     12@@ -187,6 +189,9 @@ 
     13  
    2514        /* open the file */ 
    26 -       authfile = fopen(filename, "r"); 
    27 +       authfile = fopen("/etc/dropbear/authorized_keys", "r"); 
     15        authfile = fopen(filename, "r"); 
     16+       } else { 
     17+               authfile = fopen("/etc/dropbear/authorized_keys","r"); 
     18+       } 
    2819        if (authfile == NULL) { 
    2920                goto out; 
    3021        } 
    31 @@ -247,7 +237,6 @@ 
    32         if (line) { 
    33                 buf_free(line); 
    34         } 
    35 -       m_free(filename); 
    36         TRACE(("leave checkpubkey: ret=%d", ret)) 
    37         return ret; 
    38  } 
    39 @@ -255,12 +244,11 @@ 
    40   
    41  /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok, 
    42   * DROPBEAR_FAILURE otherwise. 
    43 - * Checks that the user's homedir, ~/.ssh, and 
    44 - * ~/.ssh/authorized_keys are all owned by either root or the user, and are 
    45 + * Checks that /etc/dropbear and /etc/dropbear/authorized_keys 
    46 + * are all owned by either root or the user, and are 
    47   * g-w, o-w */ 
    48  static int checkpubkeyperms() { 
    49   
    50 -       char* filename = NULL;  
    51         int ret = DROPBEAR_FAILURE; 
    52         unsigned int len; 
    53   
    54 @@ -274,25 +262,11 @@ 
     22@@ -274,6 +279,8 @@ 
    5523                goto out; 
    5624        } 
    5725  
    58 -       /* allocate max required pathname storage, 
    59 -        * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 
    60 -       filename = m_malloc(len + 22); 
    61 -       strncpy(filename, ses.authstate.pw->pw_dir, len+1); 
    62 - 
    63 -       /* check ~ */ 
    64 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 
    65 -               goto out; 
    66 -       } 
    67 - 
    68 -       /* check ~/.ssh */ 
    69 -       strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ 
    70 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 
    71 +       if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { 
     26+       if (ses.authstate.pw->pw_uid != 0) { 
     27+ 
     28        /* allocate max required pathname storage, 
     29         * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 
     30        filename = m_malloc(len + 22); 
     31@@ -295,6 +302,14 @@ 
     32        if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 
    7233                goto out; 
    7334        } 
     35+       } else { 
     36+               if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { 
     37+                       goto out; 
     38+               } 
     39+               if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { 
     40+                       goto out; 
     41+               } 
     42+       } 
    7443  
    75 -       /* now check ~/.ssh/authorized_keys */ 
    76 -       strncat(filename, "/authorized_keys", 16); 
    77 -       if (checkfileperm(filename) != DROPBEAR_SUCCESS) { 
    78 +       if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { 
    79                 goto out; 
    80         } 
    81   
    82 @@ -300,7 +274,6 @@ 
     44        /* file looks ok, return success */ 
    8345        ret = DROPBEAR_SUCCESS; 
    84          
    85  out: 
    86 -       m_free(filename); 
    87   
    88         TRACE(("leave checkpubkeyperms")) 
    89         return ret; 
Note: See TracChangeset for help on using the changeset viewer.