AuthorizationFileVerification class in the
com.sshtools.daemon.authentication package fails to
correctly parse and replace the %D and %U tokens from
the UserConfigDirectory tag in the server.xml
configration file
example tag:
<UserConfigDirectory>%D\.ssh2</UserConfigDirectory>
Log result:
Jan 28, 2004 1:34:42 PM
com.sshtools.daemon.authentication.AuthorizationFileVerification
getAuthorizedKey
INFO: authorizationFile: %D\.ssh2\authorization.xml
does not exist.
The attached file contains the patched
AuthorizationFileVerification.java that includes the
fix described below:
//seed idx to -1 (token may start at the 0 index)
int idx = -1;
while ((idx = userConfigDir.indexOf("%D", idx + 1)) >
-1) {
StringBuffer buf = new StringBuffer(userConfigDir);
//token length is 2 and we need to cut out
//both of them
buf = buf.replace(idx, idx + 2, userHome);
userConfigDir = buf.toString();
}
//seed idx to -1 (token may start at the 0 index)
idx = -1;
while ((idx = userConfigDir.indexOf("%U", idx + 1)) >
-1) {
StringBuffer buf = new StringBuffer(userConfigDir);
//token length is 2 bytes and we need to cut out
//both of them
buf = buf.replace(idx, idx + 2, username);
userConfigDir = buf.toString();
}
AuthorizationFileVerification.java contains the patched code