From 31a146b56db135242035c3535383531b2218c630 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Tue, 7 Apr 2009 23:04:29 +0000
Subject: [PATCH] dropbear: fix 100-pubkey_path.patch which broke pubkey auth
 after updating to 0.52 - thanks maniac103!

SVN-Revision: 15144
---
 package/dropbear/Makefile                     |  2 +-
 .../dropbear/patches/100-pubkey_path.patch    | 97 ++++++++++++++-----
 2 files changed, 72 insertions(+), 27 deletions(-)

diff --git a/package/dropbear/Makefile b/package/dropbear/Makefile
index de4df22d75..6f9b9bbddd 100644
--- a/package/dropbear/Makefile
+++ b/package/dropbear/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dropbear
 PKG_VERSION:=0.52
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \
diff --git a/package/dropbear/patches/100-pubkey_path.patch b/package/dropbear/patches/100-pubkey_path.patch
index 9346cc60f4..25a81614ca 100644
--- a/package/dropbear/patches/100-pubkey_path.patch
+++ b/package/dropbear/patches/100-pubkey_path.patch
@@ -1,47 +1,92 @@
-Index: dropbear-0.52/svr-authpubkey.c
-===================================================================
---- dropbear-0.52.orig/svr-authpubkey.c	2008-04-22 17:29:49.000000000 -0700
-+++ dropbear-0.52/svr-authpubkey.c	2008-04-22 17:29:49.000000000 -0700
-@@ -209,6 +209,8 @@
+diff -ur dropbear-0.52.orig/svr-authpubkey.c dropbear-0.52/svr-authpubkey.c
+--- dropbear-0.52.orig/svr-authpubkey.c	2009-04-08 00:32:16.000000000 +0200
++++ dropbear-0.52/svr-authpubkey.c	2009-04-08 00:44:11.000000000 +0200
+@@ -209,17 +209,21 @@
  		goto out;
  	}
  
+-	/* we don't need to check pw and pw_dir for validity, since
+-	 * its been done in checkpubkeyperms. */
+-	len = strlen(ses.authstate.pw_dir);
+-	/* allocate max required pathname storage,
+-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-	filename = m_malloc(len + 22);
+-	snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
+-				ses.authstate.pw_dir);
+-
+-	/* open the file */
+-	authfile = fopen(filename, "r");
 +	if (ses.authstate.pw_uid != 0) {
++		/* we don't need to check pw and pw_dir for validity, since
++		 * its been done in checkpubkeyperms. */
++		len = strlen(ses.authstate.pw_dir);
++		/* allocate max required pathname storage,
++		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++		filename = m_malloc(len + 22);
++		snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
++		         ses.authstate.pw_dir);
 +
- 	/* we don't need to check pw and pw_dir for validity, since
- 	 * its been done in checkpubkeyperms. */
- 	len = strlen(ses.authstate.pw_dir);
-@@ -220,6 +222,9 @@
- 
- 	/* open the file */
- 	authfile = fopen(filename, "r");
++		/* open the file */
++		authfile = fopen(filename, "r");
 +	} else {
 +		authfile = fopen("/etc/dropbear/authorized_keys","r");
 +	}
  	if (authfile == NULL) {
  		goto out;
  	}
-@@ -372,6 +377,8 @@
+@@ -372,26 +376,35 @@
  		goto out;
  	}
  
-+	if (ses.authstate.pw_uid != 0) {
-+
- 	/* allocate max required pathname storage,
- 	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
- 	filename = m_malloc(len + 22);
-@@ -381,6 +388,14 @@
- 	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
- 		goto out;
- 	}
-+	} else {
+-	/* allocate max required pathname storage,
+-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-	filename = m_malloc(len + 22);
+-	strncpy(filename, ses.authstate.pw_dir, len+1);
+-
+-	/* check ~ */
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
+-	}
+-
+-	/* check ~/.ssh */
+-	strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
+-	}
+-
+-	/* now check ~/.ssh/authorized_keys */
+-	strncat(filename, "/authorized_keys", 16);
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
++	if (ses.authstate.pw_uid == 0) {
 +		if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
 +			goto out;
 +		}
 +		if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
 +			goto out;
 +		}
-+	}
++	} else {
++		/* allocate max required pathname storage,
++		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++		filename = m_malloc(len + 22);
++		strncpy(filename, ses.authstate.pw_dir, len+1);
++
++		/* check ~ */
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++
++		/* check ~/.ssh */
++		strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++
++		/* now check ~/.ssh/authorized_keys */
++		strncat(filename, "/authorized_keys", 16);
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
+ 	}
  
- 	/* check ~/.ssh */
- 	strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
+ 	/* file looks ok, return success */
-- 
GitLab