openwrt/package/network/services/dropbear/patches/100-pubkey_path.patch

--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@@ -386,14 +386,19 @@ static int checkpubkey(const char* keyal
 		goto out;
 	}
 
-	/* we don't need to check pw and pw_dir for validity, since
-	 * its been done in checkpubkeyperms. */
-	len = strlen(ses.authstate.pw_dir);
-	/* allocate max required pathname storage,
-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
-	filename = m_malloc(len + 22);
-	snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
-				ses.authstate.pw_dir);
+	if (ses.authstate.pw_uid != 0) {
+		/* we don't need to check pw and pw_dir for validity, since
+		 * its been done in checkpubkeyperms. */
+		len = strlen(ses.authstate.pw_dir);
+		/* allocate max required pathname storage,
+		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+		filename = m_malloc(len + 22);
+		snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
+					ses.authstate.pw_dir);
+	} else {
+		filename = m_malloc(30);
+		strncpy(filename, "/etc/dropbear/authorized_keys", 30);
+	}
 
 #if DROPBEAR_SVR_MULTIUSER
 	/* open the file as the authenticating user. */
@@ -474,27 +479,36 @@ static int checkpubkeyperms() {
 		goto out;
 	}
 
-	/* allocate max required pathname storage,
-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
-	len += 22;
-	filename = m_malloc(len);
-	strlcpy(filename, ses.authstate.pw_dir, len);
-
-	/* check ~ */
-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
-		goto out;
-	}
+	if (ses.authstate.pw_uid == 0) {
+		if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
+			goto out;
+		}
+		if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
+			goto out;
+		}
+	} else {
+		/* allocate max required pathname storage,
+		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+		len += 22;
+		filename = m_malloc(len);
+		strlcpy(filename, ses.authstate.pw_dir, len);
+
+		/* check ~ */
+		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+			goto out;
+		}
 
-	/* check ~/.ssh */
-	strlcat(filename, "/.ssh", len);
-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
-		goto out;
-	}
+		/* check ~/.ssh */
+		strlcat(filename, "/.ssh", len);
+		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+			goto out;
+		}
 
-	/* now check ~/.ssh/authorized_keys */
-	strlcat(filename, "/authorized_keys", len);
-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
-		goto out;
+		/* now check ~/.ssh/authorized_keys */
+		strlcat(filename, "/authorized_keys", len);
+		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+			goto out;
+		}
 	}
 
 	/* file looks ok, return success */
package/dropbear: refresh patches SVN-Revision: 20460 2010-03-26 14:28:14 +00:00			`--- a/svr-authpubkey.c`
			`+++ b/svr-authpubkey.c`
dropbear: bump to 2020.79 - drop patches (applied upstream): * 010-backport-change-address-logging.patch * 020-backport-ed25519-support.patch * 021-backport-chacha20-poly1305-support.patch - backport patches: * 010-backport-disable-toom-and-karatsuba.patch: reduce dropbear binary size (about ~8Kb). - refresh patches. - don't bother anymore with following config options because they are disabled in upstream too: * DROPBEAR_3DES * DROPBEAR_ENABLE_CBC_MODE * DROPBEAR_SHA1_96_HMAC - explicitly disable DO_MOTD as it was before commit a1099ed: upstream has (accidentally) switched it to 0 in release 2019.77, but reverted back in release 2020.79. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> 2020-06-21 12:36:47 +00:00			`@@ -386,14 +386,19 @@ static int checkpubkey(const char* keyal`
update dropbear to 0.47 (adds keyboard-interactive auth, fixes a potential security issue, fixes #59) SVN-Revision: 2660 2005-12-13 19:15:43 +00:00			`goto out;`
			`}`

dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52 - thanks maniac103! SVN-Revision: 15144 2009-04-07 23:04:29 +00:00			`- /* we don't need to check pw and pw_dir for validity, since`
			`- * its been done in checkpubkeyperms. */`
			`- len = strlen(ses.authstate.pw_dir);`
			`- /* allocate max required pathname storage,`
			`- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */`
			`- filename = m_malloc(len + 22);`
			`- snprintf(filename, len + 22, "%s/.ssh/authorized_keys",`
			`- ses.authstate.pw_dir);`
dropbear: upgrade to 0.51 - 160-tty_close merged upstream - patches refreshed SVN-Revision: 11913 2008-07-24 05:24:52 +00:00			`+ if (ses.authstate.pw_uid != 0) {`
dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52 - thanks maniac103! SVN-Revision: 15144 2009-04-07 23:04:29 +00:00			`+ /* we don't need to check pw and pw_dir for validity, since`
			`+ * its been done in checkpubkeyperms. */`
			`+ len = strlen(ses.authstate.pw_dir);`
			`+ /* allocate max required pathname storage,`
			`+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */`
			`+ filename = m_malloc(len + 22);`
dropbear: bump to 2017.75 - Security: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys A user could symlink their ~/.ssh/authorized_keys to a root-owned file they couldn't normally read. If they managed to get that file to contain valid authorized_keys with command= options it might be possible to read other contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 Refresh patches, rework 100-pubkey_path.patch to work with new authorized_keys validation. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> 2017-05-20 11:54:11 +00:00			`+ snprintf(filename, len + 22, "%s/.ssh/authorized_keys",`
			`+ ses.authstate.pw_dir);`
add dropbear pubkey auth patch from #582 SVN-Revision: 3916 2006-06-09 00:29:26 +00:00			`+ } else {`
dropbear: bump to 2017.75 - Security: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys A user could symlink their ~/.ssh/authorized_keys to a root-owned file they couldn't normally read. If they managed to get that file to contain valid authorized_keys with command= options it might be possible to read other contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 Refresh patches, rework 100-pubkey_path.patch to work with new authorized_keys validation. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> 2017-05-20 11:54:11 +00:00			`+ filename = m_malloc(30);`
			`+ strncpy(filename, "/etc/dropbear/authorized_keys", 30);`
add dropbear pubkey auth patch from #582 SVN-Revision: 3916 2006-06-09 00:29:26 +00:00			`+ }`
dropbear: bump to 2017.75 - Security: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys A user could symlink their ~/.ssh/authorized_keys to a root-owned file they couldn't normally read. If they managed to get that file to contain valid authorized_keys with command= options it might be possible to read other contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 Refresh patches, rework 100-pubkey_path.patch to work with new authorized_keys validation. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> 2017-05-20 11:54:11 +00:00
dropbear: bump to 2019.77 - drop patches applied upstream: * 010-runtime-maxauthtries.patch * 020-Wait-to-fail-invalid-usernames.patch * 150-dbconvert_standalone.patch * 610-skip-default-keys-in-custom-runs.patch - refresh patches - move OpenWrt configuration from patch to Build/Configure recipe, thus drop patch 120-openwrt_options.patch Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> 2019-03-25 18:40:38 +00:00			`#if DROPBEAR_SVR_MULTIUSER`
dropbear: bump to 2017.75 - Security: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys A user could symlink their ~/.ssh/authorized_keys to a root-owned file they couldn't normally read. If they managed to get that file to contain valid authorized_keys with command= options it might be possible to read other contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 Refresh patches, rework 100-pubkey_path.patch to work with new authorized_keys validation. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> 2017-05-20 11:54:11 +00:00			`/* open the file as the authenticating user. */`
dropbear: bump to 2020.79 - drop patches (applied upstream): * 010-backport-change-address-logging.patch * 020-backport-ed25519-support.patch * 021-backport-chacha20-poly1305-support.patch - backport patches: * 010-backport-disable-toom-and-karatsuba.patch: reduce dropbear binary size (about ~8Kb). - refresh patches. - don't bother anymore with following config options because they are disabled in upstream too: * DROPBEAR_3DES * DROPBEAR_ENABLE_CBC_MODE * DROPBEAR_SHA1_96_HMAC - explicitly disable DO_MOTD as it was before commit a1099ed: upstream has (accidentally) switched it to 0 in release 2019.77, but reverted back in release 2020.79. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> 2020-06-21 12:36:47 +00:00			`@@ -474,27 +479,36 @@ static int checkpubkeyperms() {`
update dropbear to 0.47 (adds keyboard-interactive auth, fixes a potential security issue, fixes #59) SVN-Revision: 2660 2005-12-13 19:15:43 +00:00			`goto out;`
			`}`

dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52 - thanks maniac103! SVN-Revision: 15144 2009-04-07 23:04:29 +00:00			`- /* allocate max required pathname storage,`
			`- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */`
dropbear: bump to 2019.77 - drop patches applied upstream: * 010-runtime-maxauthtries.patch * 020-Wait-to-fail-invalid-usernames.patch * 150-dbconvert_standalone.patch * 610-skip-default-keys-in-custom-runs.patch - refresh patches - move OpenWrt configuration from patch to Build/Configure recipe, thus drop patch 120-openwrt_options.patch Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> 2019-03-25 18:40:38 +00:00			`- len += 22;`
			`- filename = m_malloc(len);`
			`- strlcpy(filename, ses.authstate.pw_dir, len);`
dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52 - thanks maniac103! SVN-Revision: 15144 2009-04-07 23:04:29 +00:00			`-`
			`- /* check ~ */`
			`- if (checkfileperm(filename) != DROPBEAR_SUCCESS) {`
			`- goto out;`
			`- }`
			`+ if (ses.authstate.pw_uid == 0) {`
add dropbear pubkey auth patch from #582 SVN-Revision: 3916 2006-06-09 00:29:26 +00:00			`+ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {`
			`+ goto out;`
			`+ }`
			`+ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {`
			`+ goto out;`
			`+ }`
dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52 - thanks maniac103! SVN-Revision: 15144 2009-04-07 23:04:29 +00:00			`+ } else {`
			`+ /* allocate max required pathname storage,`
			`+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */`
dropbear: bump to 2019.77 - drop patches applied upstream: * 010-runtime-maxauthtries.patch * 020-Wait-to-fail-invalid-usernames.patch * 150-dbconvert_standalone.patch * 610-skip-default-keys-in-custom-runs.patch - refresh patches - move OpenWrt configuration from patch to Build/Configure recipe, thus drop patch 120-openwrt_options.patch Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> 2019-03-25 18:40:38 +00:00			`+ len += 22;`
			`+ filename = m_malloc(len);`
			`+ strlcpy(filename, ses.authstate.pw_dir, len);`
dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52 - thanks maniac103! SVN-Revision: 15144 2009-04-07 23:04:29 +00:00			`+`
			`+ /* check ~ */`
			`+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) {`
			`+ goto out;`
			`+ }`
dropbear: bump to 2019.77 - drop patches applied upstream: * 010-runtime-maxauthtries.patch * 020-Wait-to-fail-invalid-usernames.patch * 150-dbconvert_standalone.patch * 610-skip-default-keys-in-custom-runs.patch - refresh patches - move OpenWrt configuration from patch to Build/Configure recipe, thus drop patch 120-openwrt_options.patch Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> 2019-03-25 18:40:38 +00:00
			`- /* check ~/.ssh */`
			`- strlcat(filename, "/.ssh", len);`
			`- if (checkfileperm(filename) != DROPBEAR_SUCCESS) {`
			`- goto out;`
			`- }`
dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52 - thanks maniac103! SVN-Revision: 15144 2009-04-07 23:04:29 +00:00			`+ /* check ~/.ssh */`
dropbear: bump to 2019.77 - drop patches applied upstream: * 010-runtime-maxauthtries.patch * 020-Wait-to-fail-invalid-usernames.patch * 150-dbconvert_standalone.patch * 610-skip-default-keys-in-custom-runs.patch - refresh patches - move OpenWrt configuration from patch to Build/Configure recipe, thus drop patch 120-openwrt_options.patch Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> 2019-03-25 18:40:38 +00:00			`+ strlcat(filename, "/.ssh", len);`
dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52 - thanks maniac103! SVN-Revision: 15144 2009-04-07 23:04:29 +00:00			`+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) {`
			`+ goto out;`
			`+ }`
dropbear: bump to 2019.77 - drop patches applied upstream: * 010-runtime-maxauthtries.patch * 020-Wait-to-fail-invalid-usernames.patch * 150-dbconvert_standalone.patch * 610-skip-default-keys-in-custom-runs.patch - refresh patches - move OpenWrt configuration from patch to Build/Configure recipe, thus drop patch 120-openwrt_options.patch Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> 2019-03-25 18:40:38 +00:00
			`- /* now check ~/.ssh/authorized_keys */`
			`- strlcat(filename, "/authorized_keys", len);`
			`- if (checkfileperm(filename) != DROPBEAR_SUCCESS) {`
			`- goto out;`
dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52 - thanks maniac103! SVN-Revision: 15144 2009-04-07 23:04:29 +00:00			`+ /* now check ~/.ssh/authorized_keys */`
dropbear: bump to 2019.77 - drop patches applied upstream: * 010-runtime-maxauthtries.patch * 020-Wait-to-fail-invalid-usernames.patch * 150-dbconvert_standalone.patch * 610-skip-default-keys-in-custom-runs.patch - refresh patches - move OpenWrt configuration from patch to Build/Configure recipe, thus drop patch 120-openwrt_options.patch Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> 2019-03-25 18:40:38 +00:00			`+ strlcat(filename, "/authorized_keys", len);`
dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52 - thanks maniac103! SVN-Revision: 15144 2009-04-07 23:04:29 +00:00			`+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) {`
			`+ goto out;`
			`+ }`
			`}`
add dropbear pubkey auth patch from #582 SVN-Revision: 3916 2006-06-09 00:29:26 +00:00
dropbear: fix 100-pubkey_path.patch which broke pubkey auth after updating to 0.52 - thanks maniac103! SVN-Revision: 15144 2009-04-07 23:04:29 +00:00			`/* file looks ok, return success */`