Allow ~/.ssh/authorized_keys and other secure files to be

group-writable, provided that the group in question contains only the file's owner; this extends a patch previously applied to ~/.ssh/config (closes: #581919).
author: Colin Watson <cjwatson@debian.org> 2010-05-22 22:43:47 +0100
committer: Colin Watson <cjwatson@debian.org> 2010-05-22 22:43:47 +0100
commit: d61e316833eb7d05b0b5c937bfce8ee0f19dc7cb (patch)
tree: 5a2e2057bd64ca0825d5edf13e55128a2fb7cadb /misc.c
parent: ec9f6c25d67f48277fe2ed56fa7773c7f6cf3580 (diff)
1 files changed, 26 insertions, 1 deletions
diff --git a/misc.c b/misc.c
index e1f723123..4ca318423 100644
--- a/misc.c
+++ b/misc.c
@@ -45,8 +45,9 @@
 #include <netdb.h>
 #ifdef HAVE_PATHS_H
 # include <paths.h>
-#include <pwd.h>
 #endif
+#include <pwd.h>
+#include <grp.h>
 #ifdef SSH_TUN_OPENBSD
 #include <net/if.h>
 #endif
@@ -638,6 +639,30 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
 }
 int
+secure_permissions(struct stat *st, uid_t uid)
+{
+        if (st->st_uid != 0 && st->st_uid != uid)
+                return 0;
+        if ((st->st_mode & 020) != 0) {
+                /* If the file is group-writable, the group in question must
+                 * have at most one member, namely the file's owner.
+                 */
+                struct passwd *pw = getpwuid(st->st_uid);
+                struct group *gr = getgrgid(st->st_gid);
+                if (!pw || !gr)
+                        return 0;
+                else if (gr->gr_mem[0]) {
+                        if (strcmp(pw->pw_name, gr->gr_mem[0]) ||
+                            gr->gr_mem[1])
+                                return 0;
+                }
+        }
+        if ((st->st_mode & 002) != 0)
+                return 0;
+        return 1;
+}
+int
 tun_open(int tun, int mode)
 {
 #if defined(CUSTOM_SYS_TUN_OPEN)
author	Colin Watson <cjwatson@debian.org>	2010-05-22 22:43:47 +0100
committer	Colin Watson <cjwatson@debian.org>	2010-05-22 22:43:47 +0100
commit	d61e316833eb7d05b0b5c937bfce8ee0f19dc7cb (patch)
tree	5a2e2057bd64ca0825d5edf13e55128a2fb7cadb /misc.c
parent	ec9f6c25d67f48277fe2ed56fa7773c7f6cf3580 (diff)

diff --git a/misc.c b/misc.c index e1f723123..4ca318423 100644 --- a/misc.c +++ b/misc.c
@@ -45,8 +45,9 @@
45	#include <netdb.h>	45	#include <netdb.h>
46	#ifdef HAVE_PATHS_H	46	#ifdef HAVE_PATHS_H
47	# include <paths.h>	47	# include <paths.h>
48	#include <pwd.h>
49	#endif	48	#endif
		49	#include <pwd.h>
		50	#include <grp.h>
50	#ifdef SSH_TUN_OPENBSD	51	#ifdef SSH_TUN_OPENBSD
51	#include <net/if.h>	52	#include <net/if.h>
52	#endif	53	#endif
@@ -638,6 +639,30 @@ read_keyfile_line(FILE f, const char filename, char *buf, size_t bufsz,
638	}	639	}
639		640
640	int	641	int
		642	secure_permissions(struct stat *st, uid_t uid)
		643	{
		644	if (st->st_uid != 0 && st->st_uid != uid)
		645	return 0;
		646	if ((st->st_mode & 020) != 0) {
		647	/* If the file is group-writable, the group in question must
		648	* have at most one member, namely the file's owner.
		649	*/
		650	struct passwd *pw = getpwuid(st->st_uid);
		651	struct group *gr = getgrgid(st->st_gid);
		652	if (!pw \|\| !gr)
		653	return 0;
		654	else if (gr->gr_mem[0]) {
		655	if (strcmp(pw->pw_name, gr->gr_mem[0]) \|\|
		656	gr->gr_mem[1])
		657	return 0;
		658	}
		659	}
		660	if ((st->st_mode & 002) != 0)
		661	return 0;
		662	return 1;
		663	}
		664
		665	int
641	tun_open(int tun, int mode)	666	tun_open(int tun, int mode)
642	{	667	{
643	#if defined(CUSTOM_SYS_TUN_OPEN)	668	#if defined(CUSTOM_SYS_TUN_OPEN)