ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-07 13:21:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Log when pubkey auth fails because of bad pubkey perms/ownership

Browse Source 
--HG--
extra : convert_revision : 43e1a0c8365776577acd814d708027fcddcb02ef
This commit is contained in:
Matt Johnston 2005-09-20 08:59:46 +00:00
parent 3510531683
commit cb2cb15916
2 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
auth.h
View File

@ -77,6 +77,9 @@ struct AuthState {
unsigned authdone : 1; /* 0 if we haven't authed, 1 if we have. Applies for unsigned authdone : 1; /* 0 if we haven't authed, 1 if we have. Applies for
client and server (though has differing [obvious] client and server (though has differing [obvious]
meanings). */ meanings). */
unsigned perm_warn : 1; /* Server only, set if bad permissions on
~/.ssh/authorized_keys have already been
logged. */
/* These are only used for the server */ /* These are only used for the server */
char *printableuser; /* stripped of control chars, used for logs etc */ char *printableuser; /* stripped of control chars, used for logs etc */

16
svr-authpubkey.c
View File

@ -311,6 +311,7 @@ out:
/* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
static int checkfileperm(char * filename) { static int checkfileperm(char * filename) {
struct stat filestat; struct stat filestat;
int badperm = 0;
TRACE(("enter checkfileperm(%s)", filename)) TRACE(("enter checkfileperm(%s)", filename))
@ -321,14 +322,23 @@ static int checkfileperm(char * filename) {
/* check ownership - user or root only*/ /* check ownership - user or root only*/
if (filestat.st_uid != ses.authstate.pw->pw_uid if (filestat.st_uid != ses.authstate.pw->pw_uid
&& filestat.st_uid != 0) { && filestat.st_uid != 0) {
TRACE(("leave checkfileperm: wrong ownership")) badperm = 1;
return DROPBEAR_FAILURE; TRACE(("wrong ownership"))
} }
/* check permissions - don't want group or others +w */ /* check permissions - don't want group or others +w */
if (filestat.st_mode & (S_IWGRP | S_IWOTH)) { if (filestat.st_mode & (S_IWGRP | S_IWOTH)) {
TRACE(("leave checkfileperm: wrong perms")) badperm = 1;
TRACE(("wrong perms"))
}
if (badperm) {
if (!ses.authstate.perm_warn) {
ses.authstate.perm_warn = 1;
dropbear_log(LOG_INFO, "%s must be owned by user or root, and not writable by others", filename);
}
TRACE(("leave checkfileperm: failure perms/owner"))
return DROPBEAR_FAILURE; return DROPBEAR_FAILURE;
} }
TRACE(("leave checkfileperm: success")) TRACE(("leave checkfileperm: success"))
return DROPBEAR_SUCCESS; return DROPBEAR_SUCCESS;
} }