Mercurial > dropbear
changeset 1330:0d889b068123
switch user when opening authorized_keys
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 10 May 2017 00:20:21 +0800 |
| parents | a4878e9aa73a |
| children | ab06e093d1e1 |
| files | svr-authpubkey.c |
| diffstat | 1 files changed, 16 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/svr-authpubkey.c Thu Jul 21 23:20:25 2016 +0800 +++ b/svr-authpubkey.c Wed May 10 00:20:21 2017 +0800 @@ -201,6 +201,8 @@ unsigned int len, pos; buffer * options_buf = NULL; int line_num; + uid_t origuid; + gid_t origgid; TRACE(("enter checkpubkey")) @@ -227,8 +229,21 @@ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", ses.authstate.pw_dir); - /* open the file */ + /* open the file as the authenticating user. */ + origuid = getuid(); + origgid = getgid(); + if ((setegid(ses.authstate.pw_gid)) < 0 || + (seteuid(ses.authstate.pw_uid)) < 0) { + dropbear_exit("Failed to set euid"); + } + authfile = fopen(filename, "r"); + + if ((seteuid(origuid)) < 0 || + (setegid(origgid)) < 0) { + dropbear_exit("Failed to revert euid"); + } + if (authfile == NULL) { goto out; }