| 1 | --- a/svr-authpubkey.c |
| 2 | +++ b/svr-authpubkey.c |
| 3 | @@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al |
| 4 | goto out; |
| 5 | } |
| 6 | |
| 7 | - /* we don't need to check pw and pw_dir for validity, since |
| 8 | - * its been done in checkpubkeyperms. */ |
| 9 | - len = strlen(ses.authstate.pw_dir); |
| 10 | - /* allocate max required pathname storage, |
| 11 | - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
| 12 | - filename = m_malloc(len + 22); |
| 13 | - snprintf(filename, len + 22, "%s/.ssh/authorized_keys", |
| 14 | - ses.authstate.pw_dir); |
| 15 | - |
| 16 | - /* open the file */ |
| 17 | - authfile = fopen(filename, "r"); |
| 18 | + if (ses.authstate.pw_uid != 0) { |
| 19 | + /* we don't need to check pw and pw_dir for validity, since |
| 20 | + * its been done in checkpubkeyperms. */ |
| 21 | + len = strlen(ses.authstate.pw_dir); |
| 22 | + /* allocate max required pathname storage, |
| 23 | + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
| 24 | + filename = m_malloc(len + 22); |
| 25 | + snprintf(filename, len + 22, "%s/.ssh/authorized_keys", |
| 26 | + ses.authstate.pw_dir); |
| 27 | + |
| 28 | + /* open the file */ |
| 29 | + authfile = fopen(filename, "r"); |
| 30 | + } else { |
| 31 | + authfile = fopen("/etc/dropbear/authorized_keys","r"); |
| 32 | + } |
| 33 | if (authfile == NULL) { |
| 34 | goto out; |
| 35 | } |
| 36 | @@ -372,26 +376,35 @@ static int checkpubkeyperms() { |
| 37 | goto out; |
| 38 | } |
| 39 | |
| 40 | - /* allocate max required pathname storage, |
| 41 | - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
| 42 | - filename = m_malloc(len + 22); |
| 43 | - strncpy(filename, ses.authstate.pw_dir, len+1); |
| 44 | - |
| 45 | - /* check ~ */ |
| 46 | - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
| 47 | - goto out; |
| 48 | - } |
| 49 | - |
| 50 | - /* check ~/.ssh */ |
| 51 | - strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ |
| 52 | - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
| 53 | - goto out; |
| 54 | - } |
| 55 | - |
| 56 | - /* now check ~/.ssh/authorized_keys */ |
| 57 | - strncat(filename, "/authorized_keys", 16); |
| 58 | - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
| 59 | - goto out; |
| 60 | + if (ses.authstate.pw_uid == 0) { |
| 61 | + if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { |
| 62 | + goto out; |
| 63 | + } |
| 64 | + if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { |
| 65 | + goto out; |
| 66 | + } |
| 67 | + } else { |
| 68 | + /* allocate max required pathname storage, |
| 69 | + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
| 70 | + filename = m_malloc(len + 22); |
| 71 | + strncpy(filename, ses.authstate.pw_dir, len+1); |
| 72 | + |
| 73 | + /* check ~ */ |
| 74 | + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
| 75 | + goto out; |
| 76 | + } |
| 77 | + |
| 78 | + /* check ~/.ssh */ |
| 79 | + strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ |
| 80 | + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
| 81 | + goto out; |
| 82 | + } |
| 83 | + |
| 84 | + /* now check ~/.ssh/authorized_keys */ |
| 85 | + strncat(filename, "/authorized_keys", 16); |
| 86 | + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { |
| 87 | + goto out; |
| 88 | + } |
| 89 | } |
| 90 | |
| 91 | /* file looks ok, return success */ |
| 92 | |