diff options
author | Matt Johnston <matt@ucc.asn.au> | 2017-05-18 22:59:38 +0800 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2017-05-18 22:59:38 +0800 |
commit | 7621ee793aab9feda0ded9ce6b5026e7ffa8f8f4 (patch) | |
tree | c9b05db4faf6ed0d430eaafd6eef4422078ce6b2 /svr-authpubkey.c | |
parent | 25f4ef18b7cd8dc90946301bfd72b3e4a604d3ba (diff) | |
parent | b7dbc33cb67ec3c46509df6b3eb4b82cc61ecc06 (diff) | |
download | dropbear-7621ee793aab9feda0ded9ce6b5026e7ffa8f8f4.tar.gz |
merge 2017.75
Diffstat (limited to 'svr-authpubkey.c')
-rw-r--r-- | svr-authpubkey.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/svr-authpubkey.c b/svr-authpubkey.c index 90d0d2c..acc660d 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -201,6 +201,8 @@ static int checkpubkey(char* algo, unsigned int algolen, unsigned int len, pos; buffer * options_buf = NULL; int line_num; + uid_t origuid; + gid_t origgid; TRACE(("enter checkpubkey")) @@ -227,8 +229,21 @@ static int checkpubkey(char* algo, unsigned int algolen, snprintf(filename, len + 22, "%s/.ssh/authorized_keys", ses.authstate.pw_dir); - /* open the file */ + /* open the file as the authenticating user. */ + origuid = getuid(); + origgid = getgid(); + if ((setegid(ses.authstate.pw_gid)) < 0 || + (seteuid(ses.authstate.pw_uid)) < 0) { + dropbear_exit("Failed to set euid"); + } + authfile = fopen(filename, "r"); + + if ((seteuid(origuid)) < 0 || + (setegid(origgid)) < 0) { + dropbear_exit("Failed to revert euid"); + } + if (authfile == NULL) { goto out; } |