difos/package/network/services/dropbear/patches/100-pubkey_path.patch

--- a/src/svr-authpubkey.c
+++ b/src/svr-authpubkey.c
@@ -435,20 +435,45 @@ out:
 /* Returns the full path to the user's authorized_keys file in an
  * allocated string which caller must free. */
 static char *authorized_keys_filepath() {
+	static const char * const global_authkeys_dir = "/etc/dropbear";
+	/* strlen(global_authkeys_dir) */
+	#define  n_global_authkeys_dir  13
+	static const char * const authkeys_file = "authorized_keys";
+	/* strlen(authkeys_file) */
+	#define  n_authkeys_file  15
+
 	size_t len = 0;
 	char *pathname = NULL, *dir = NULL;
-	const char *filename = "authorized_keys";
+
+	/* OpenWrt-specific:
+	   use OpenWrt' global authorized keys directory if:
+	   1. logging as uid 0 (typically root)
+	   2. "svr_opts.authorized_keys_dir" is set to default i.e. no "-D" option was specified
+	 */
+	while (1) {
+		if (ses.authstate.pw_uid != 0) break;
+		if (svr_opts.authorized_keys_dir[0] == '/') break;
+
+		len = n_global_authkeys_dir + n_authkeys_file + 2;
+		pathname = m_malloc(len);
+		snprintf(pathname, len, "%s/%s", global_authkeys_dir, authkeys_file);
+		return pathname;
+	}
 
 	dir = expand_homedir_path_home(svr_opts.authorized_keys_dir,
 				       ses.authstate.pw_dir);
 
 	/* allocate max required pathname storage,
 	 * = dir + "/" + "authorized_keys" + '\0' */;
-	len = strlen(dir) + strlen(filename) + 2;
+	len = strlen(dir) + n_authkeys_file + 2;
 	pathname = m_malloc(len);
-	snprintf(pathname, len, "%s/%s", dir, filename);
+	snprintf(pathname, len, "%s/%s", dir, authkeys_file);
 	m_free(dir);
 	return pathname;
+
+	/* not needed anymore */
+	#undef  n_global_authkeys_dir
+	#undef  n_authkeys_file
 }
 
 /* Checks whether a specified publickey (and associated algorithm) is an