summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2009-12-29 21:42:53 +0000
committerColin Watson <cjwatson@debian.org>2009-12-29 21:42:53 +0000
commit87552344215a38d3a2b0d4d63dc151e05978bbe1 (patch)
tree9f4b96055e6ccaa915e8d59d9f2805e9e119371d /auth.c
parenta25ec0b132c44c9e341e08464ff830de06b81126 (diff)
parentef94e5613d37bcbf880f21ee6094e4b1c7683a4c (diff)
import openssh-5.1p1-gsskex-cjwatson-20080722.patch
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c49
1 files changed, 45 insertions, 4 deletions
diff --git a/auth.c b/auth.c
index c1e0f4812..2370e5c2c 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.c,v 1.75 2006/08/03 03:34:41 deraadt Exp $ */ 1/* $OpenBSD: auth.c,v 1.79 2008/07/02 12:03:51 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -32,6 +32,7 @@
32#include <netinet/in.h> 32#include <netinet/in.h>
33 33
34#include <errno.h> 34#include <errno.h>
35#include <fcntl.h>
35#ifdef HAVE_PATHS_H 36#ifdef HAVE_PATHS_H
36# include <paths.h> 37# include <paths.h>
37#endif 38#endif
@@ -48,6 +49,7 @@
48#include <stdarg.h> 49#include <stdarg.h>
49#include <stdio.h> 50#include <stdio.h>
50#include <string.h> 51#include <string.h>
52#include <unistd.h>
51 53
52#include "xmalloc.h" 54#include "xmalloc.h"
53#include "match.h" 55#include "match.h"
@@ -113,6 +115,7 @@ allowed_user(struct passwd * pw)
113#endif /* USE_SHADOW */ 115#endif /* USE_SHADOW */
114 116
115 /* grab passwd field for locked account check */ 117 /* grab passwd field for locked account check */
118 passwd = pw->pw_passwd;
116#ifdef USE_SHADOW 119#ifdef USE_SHADOW
117 if (spw != NULL) 120 if (spw != NULL)
118#ifdef USE_LIBIAF 121#ifdef USE_LIBIAF
@@ -120,8 +123,6 @@ allowed_user(struct passwd * pw)
120#else 123#else
121 passwd = spw->sp_pwdp; 124 passwd = spw->sp_pwdp;
122#endif /* USE_LIBIAF */ 125#endif /* USE_LIBIAF */
123#else
124 passwd = pw->pw_passwd;
125#endif 126#endif
126 127
127 /* check for locked account */ 128 /* check for locked account */
@@ -410,7 +411,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
410 * 411 *
411 * Returns 0 on success and -1 on failure 412 * Returns 0 on success and -1 on failure
412 */ 413 */
413int 414static int
414secure_filename(FILE *f, const char *file, struct passwd *pw, 415secure_filename(FILE *f, const char *file, struct passwd *pw,
415 char *err, size_t errlen) 416 char *err, size_t errlen)
416{ 417{
@@ -470,6 +471,46 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
470 return 0; 471 return 0;
471} 472}
472 473
474FILE *
475auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes)
476{
477 char line[1024];
478 struct stat st;
479 int fd;
480 FILE *f;
481
482 /*
483 * Open the file containing the authorized keys
484 * Fail quietly if file does not exist
485 */
486 if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1)
487 return NULL;
488
489 if (fstat(fd, &st) < 0) {
490 close(fd);
491 return NULL;
492 }
493 if (!S_ISREG(st.st_mode)) {
494 logit("User %s authorized keys %s is not a regular file",
495 pw->pw_name, file);
496 close(fd);
497 return NULL;
498 }
499 unset_nonblock(fd);
500 if ((f = fdopen(fd, "r")) == NULL) {
501 close(fd);
502 return NULL;
503 }
504 if (options.strict_modes &&
505 secure_filename(f, file, pw, line, sizeof(line)) != 0) {
506 fclose(f);
507 logit("Authentication refused: %s", line);
508 return NULL;
509 }
510
511 return f;
512}
513
473struct passwd * 514struct passwd *
474getpwnamallow(const char *user) 515getpwnamallow(const char *user)
475{ 516{