3 @@ -220,14 +220,20 @@ static int checkpubkey(char* algo, unsig
7 - /* we don't need to check pw and pw_dir for validity, since
8 - * its been done in checkpubkeyperms. */
9 - len = strlen(ses.authstate.pw_dir);
10 - /* allocate max required pathname storage,
11 - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
12 - filename = m_malloc(len + 22);
13 - snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
14 - ses.authstate.pw_dir);
15 + if (ses.authstate.pw_uid != 0) {
16 + /* we don't need to check pw and pw_dir for validity, since
17 + * its been done in checkpubkeyperms. */
18 + len = strlen(ses.authstate.pw_dir);
19 + /* allocate max required pathname storage,
20 + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
21 + filename = m_malloc(len + 22);
22 + snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
23 + ses.authstate.pw_dir);
25 + filename = m_malloc(30);
26 + strncpy(filename, "/etc/dropbear/authorized_keys", 30);
30 /* open the file as the authenticating user. */
32 @@ -396,26 +402,35 @@ static int checkpubkeyperms() {
36 - /* allocate max required pathname storage,
37 - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
38 - filename = m_malloc(len + 22);
39 - strncpy(filename, ses.authstate.pw_dir, len+1);
42 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
47 - strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
48 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
52 - /* now check ~/.ssh/authorized_keys */
53 - strncat(filename, "/authorized_keys", 16);
54 - if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
56 + if (ses.authstate.pw_uid == 0) {
57 + if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
60 + if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
64 + /* allocate max required pathname storage,
65 + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
66 + filename = m_malloc(len + 22);
67 + strncpy(filename, ses.authstate.pw_dir, len+1);
70 + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
75 + strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
76 + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
80 + /* now check ~/.ssh/authorized_keys */
81 + strncat(filename, "/authorized_keys", 16);
82 + if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
87 /* file looks ok, return success */