ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 10:57:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

switch user when opening authorized_keys

Browse Source
This commit is contained in:
Matt Johnston 2017-05-10 00:20:21 +08:00
parent 1df5c97144
commit 93f3c31807
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
svr-authpubkey.c
View File

@ -201,6 +201,8 @@ static int checkpubkey(char* algo, unsigned int algolen,
unsigned int len, pos; unsigned int len, pos;
buffer * options_buf = NULL; buffer * options_buf = NULL;
int line_num; int line_num;
uid_t origuid;
gid_t origgid;
TRACE(("enter checkpubkey")) TRACE(("enter checkpubkey"))
@ -227,8 +229,21 @@ static int checkpubkey(char* algo, unsigned int algolen,
snprintf(filename, len + 22, "%s/.ssh/authorized_keys", snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
ses.authstate.pw_dir); ses.authstate.pw_dir);
/* open the file */ /* open the file as the authenticating user. */
origuid = getuid();
origgid = getgid();
if ((setegid(ses.authstate.pw_gid)) < 0 ||
(seteuid(ses.authstate.pw_uid)) < 0) {
dropbear_exit("Failed to set euid");
}
authfile = fopen(filename, "r"); authfile = fopen(filename, "r");
if ((seteuid(origuid)) < 0 ||
(setegid(origgid)) < 0) {
dropbear_exit("Failed to revert euid");
}
if (authfile == NULL) { if (authfile == NULL) {
goto out; goto out;
} }