From 9301a1cf9ceed72fd38a9617041800ec931a6542 Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Sat, 20 Jan 2024 07:35:33 +0100 Subject: dropbear: update to 2022.83, remove custom patch. Use /root/.authorized_keys now --- package/dropbear/patches/patch-Makefile_in | 35 -------- package/dropbear/patches/patch-svr-authpubkey_c | 109 ------------------------ 2 files changed, 144 deletions(-) delete mode 100644 package/dropbear/patches/patch-Makefile_in delete mode 100644 package/dropbear/patches/patch-svr-authpubkey_c (limited to 'package/dropbear/patches') diff --git a/package/dropbear/patches/patch-Makefile_in b/package/dropbear/patches/patch-Makefile_in deleted file mode 100644 index b0b77949a..000000000 --- a/package/dropbear/patches/patch-Makefile_in +++ /dev/null @@ -1,35 +0,0 @@ ---- dropbear-2020.81.orig/Makefile.in 2020-10-29 14:35:50.000000000 +0100 -+++ dropbear-2020.81/Makefile.in 2020-11-04 03:02:49.901343218 +0100 -@@ -106,10 +106,10 @@ AR=@AR@ - RANLIB=@RANLIB@ - STRIP=@STRIP@ - INSTALL=@INSTALL@ --CPPFLAGS=@CPPFLAGS@ --CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@ --LIBS+=@LIBS@ --LDFLAGS=@LDFLAGS@ -+CPPFLAGS=@CPPFLAGS@ -I. -I$(srcdir) -+LIBS+=@LIBS@ @CRYPTLIB@ -+LDFLAGS+=@LDFLAGS@ -+ - - EXEEXT=@EXEEXT@ - -@@ -198,7 +198,7 @@ dropbearkey: $(dropbearkeyobjs) - dropbearconvert: $(dropbearconvertobjs) - - dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile -- $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(PLUGIN_LIBS) -+ $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) $(PLUGIN_LIBS) - - dbclient: $(HEADERS) $(LIBTOM_DEPS) Makefile - $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) -@@ -219,7 +219,7 @@ ifeq ($(MULTI),1) - endif - - dropbearmulti$(EXEEXT): $(HEADERS) $(MULTIOBJS) $(LIBTOM_DEPS) Makefile -- $(CC) $(LDFLAGS) -o $@ $(MULTIOBJS) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ -+ $(CC) $(LDFLAGS) -o $@ $(MULTIOBJS) $(LIBTOM_LIBS) $(LIBS) - - multibinary: dropbearmulti$(EXEEXT) - diff --git a/package/dropbear/patches/patch-svr-authpubkey_c b/package/dropbear/patches/patch-svr-authpubkey_c deleted file mode 100644 index f3df0c58f..000000000 --- a/package/dropbear/patches/patch-svr-authpubkey_c +++ /dev/null @@ -1,109 +0,0 @@ ---- dropbear-2020.81.orig/svr-authpubkey.c 2020-10-29 14:35:50.000000000 +0100 -+++ dropbear-2020.81/svr-authpubkey.c 2020-11-04 03:14:22.641017199 +0100 -@@ -386,26 +386,32 @@ static int checkpubkey(const char* keyal - goto out; - } - -- /* we don't need to check pw and pw_dir for validity, since -- * its been done in checkpubkeyperms. */ -- len = strlen(ses.authstate.pw_dir); -- /* allocate max required pathname storage, -- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -- filename = m_malloc(len + 22); -- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -- ses.authstate.pw_dir); -+ /* special case for root authorized_keys in /etc/dropbear/authorized_keys */ -+ if (ses.authstate.pw_uid != 0) { -+ /* we don't need to check pw and pw_dir for validity, since -+ * its been done in checkpubkeyperms. */ -+ len = strlen(ses.authstate.pw_dir); -+ /* allocate max required pathname storage, -+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -+ filename = m_malloc(len + 22); -+ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -+ ses.authstate.pw_dir); - --#if DROPBEAR_SVR_MULTIUSER -- /* open the file as the authenticating user. */ -- origuid = getuid(); -- origgid = getgid(); -- if ((setegid(ses.authstate.pw_gid)) < 0 || -- (seteuid(ses.authstate.pw_uid)) < 0) { -- dropbear_exit("Failed to set euid"); -- } --#endif -+ /* open the file as the authenticating user. */ -+ origuid = getuid(); -+ origgid = getgid(); -+ if ((setegid(ses.authstate.pw_gid)) < 0 || -+ (seteuid(ses.authstate.pw_uid)) < 0) { -+ dropbear_exit("Failed to set euid"); -+ } - -- authfile = fopen(filename, "r"); -+ authfile = fopen(filename, "r"); -+ -+ } else { -+ origuid = getuid(); -+ origgid = getgid(); -+ authfile = fopen("/etc/dropbear/authorized_keys","r"); -+ } - - #if DROPBEAR_SVR_MULTIUSER - if ((seteuid(origuid)) < 0 || -@@ -474,27 +480,37 @@ static int checkpubkeyperms() { - goto out; - } - -- /* allocate max required pathname storage, -- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -- len += 22; -- filename = m_malloc(len); -- strlcpy(filename, ses.authstate.pw_dir, len); -+ if (ses.authstate.pw_uid != 0) { -+ /* allocate max required pathname storage, -+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -+ filename = m_malloc(len + 22); -+ strncpy(filename, ses.authstate.pw_dir, len+1); -+ -+ /* check ~ */ -+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -+ goto out; -+ } - -- /* check ~ */ -- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -- goto out; -- } -+ /* check ~/.ssh */ -+ strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ -+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -+ goto out; -+ } - -- /* check ~/.ssh */ -- strlcat(filename, "/.ssh", len); -- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -- goto out; -- } -+ /* now check ~/.ssh/authorized_keys */ -+ strncat(filename, "/authorized_keys", 16); -+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -+ goto out; -+ } - -- /* now check ~/.ssh/authorized_keys */ -- strlcat(filename, "/authorized_keys", len); -- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -- goto out; -+ } else { -+ -+ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { -+ goto out; -+ } - } - - /* file looks ok, return success */ -- cgit v1.2.3