comparison svr-authpubkey.c @ 1330:0d889b068123

switch user when opening authorized_keys
author Matt Johnston <matt@ucc.asn.au>
date Wed, 10 May 2017 00:20:21 +0800
parents 9169e4e7cbee
children 8747c2b19152
comparison
equal deleted inserted replaced
1315:a4878e9aa73a 1330:0d889b068123
199 int ret = DROPBEAR_FAILURE; 199 int ret = DROPBEAR_FAILURE;
200 buffer * line = NULL; 200 buffer * line = NULL;
201 unsigned int len, pos; 201 unsigned int len, pos;
202 buffer * options_buf = NULL; 202 buffer * options_buf = NULL;
203 int line_num; 203 int line_num;
204 uid_t origuid;
205 gid_t origgid;
204 206
205 TRACE(("enter checkpubkey")) 207 TRACE(("enter checkpubkey"))
206 208
207 /* check that we can use the algo */ 209 /* check that we can use the algo */
208 if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) { 210 if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) {
225 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ 227 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
226 filename = m_malloc(len + 22); 228 filename = m_malloc(len + 22);
227 snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 229 snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
228 ses.authstate.pw_dir); 230 ses.authstate.pw_dir);
229 231
230 /* open the file */ 232 /* open the file as the authenticating user. */
233 origuid = getuid();
234 origgid = getgid();
235 if ((setegid(ses.authstate.pw_gid)) < 0 ||
236 (seteuid(ses.authstate.pw_uid)) < 0) {
237 dropbear_exit("Failed to set euid");
238 }
239
231 authfile = fopen(filename, "r"); 240 authfile = fopen(filename, "r");
241
242 if ((seteuid(origuid)) < 0 ||
243 (setegid(origgid)) < 0) {
244 dropbear_exit("Failed to revert euid");
245 }
246
232 if (authfile == NULL) { 247 if (authfile == NULL) {
233 goto out; 248 goto out;
234 } 249 }
235 TRACE(("checkpubkey: opened authorized_keys OK")) 250 TRACE(("checkpubkey: opened authorized_keys OK"))
236 251