Mercurial > dropbear
comparison svr-authpubkey.c @ 1330:0d889b068123
switch user when opening authorized_keys
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 10 May 2017 00:20:21 +0800 |
parents | 9169e4e7cbee |
children | 8747c2b19152 |
comparison
equal
deleted
inserted
replaced
1315:a4878e9aa73a | 1330:0d889b068123 |
---|---|
199 int ret = DROPBEAR_FAILURE; | 199 int ret = DROPBEAR_FAILURE; |
200 buffer * line = NULL; | 200 buffer * line = NULL; |
201 unsigned int len, pos; | 201 unsigned int len, pos; |
202 buffer * options_buf = NULL; | 202 buffer * options_buf = NULL; |
203 int line_num; | 203 int line_num; |
204 uid_t origuid; | |
205 gid_t origgid; | |
204 | 206 |
205 TRACE(("enter checkpubkey")) | 207 TRACE(("enter checkpubkey")) |
206 | 208 |
207 /* check that we can use the algo */ | 209 /* check that we can use the algo */ |
208 if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) { | 210 if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) { |
225 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ | 227 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ |
226 filename = m_malloc(len + 22); | 228 filename = m_malloc(len + 22); |
227 snprintf(filename, len + 22, "%s/.ssh/authorized_keys", | 229 snprintf(filename, len + 22, "%s/.ssh/authorized_keys", |
228 ses.authstate.pw_dir); | 230 ses.authstate.pw_dir); |
229 | 231 |
230 /* open the file */ | 232 /* open the file as the authenticating user. */ |
233 origuid = getuid(); | |
234 origgid = getgid(); | |
235 if ((setegid(ses.authstate.pw_gid)) < 0 || | |
236 (seteuid(ses.authstate.pw_uid)) < 0) { | |
237 dropbear_exit("Failed to set euid"); | |
238 } | |
239 | |
231 authfile = fopen(filename, "r"); | 240 authfile = fopen(filename, "r"); |
241 | |
242 if ((seteuid(origuid)) < 0 || | |
243 (setegid(origgid)) < 0) { | |
244 dropbear_exit("Failed to revert euid"); | |
245 } | |
246 | |
232 if (authfile == NULL) { | 247 if (authfile == NULL) { |
233 goto out; | 248 goto out; |
234 } | 249 } |
235 TRACE(("checkpubkey: opened authorized_keys OK")) | 250 TRACE(("checkpubkey: opened authorized_keys OK")) |
236 | 251 |