diff options
author | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:42:53 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:42:53 +0000 |
commit | 87552344215a38d3a2b0d4d63dc151e05978bbe1 (patch) | |
tree | 9f4b96055e6ccaa915e8d59d9f2805e9e119371d /auth.c | |
parent | a25ec0b132c44c9e341e08464ff830de06b81126 (diff) | |
parent | ef94e5613d37bcbf880f21ee6094e4b1c7683a4c (diff) |
import openssh-5.1p1-gsskex-cjwatson-20080722.patch
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 49 |
1 files changed, 45 insertions, 4 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.75 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.79 2008/07/02 12:03:51 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -32,6 +32,7 @@ | |||
32 | #include <netinet/in.h> | 32 | #include <netinet/in.h> |
33 | 33 | ||
34 | #include <errno.h> | 34 | #include <errno.h> |
35 | #include <fcntl.h> | ||
35 | #ifdef HAVE_PATHS_H | 36 | #ifdef HAVE_PATHS_H |
36 | # include <paths.h> | 37 | # include <paths.h> |
37 | #endif | 38 | #endif |
@@ -48,6 +49,7 @@ | |||
48 | #include <stdarg.h> | 49 | #include <stdarg.h> |
49 | #include <stdio.h> | 50 | #include <stdio.h> |
50 | #include <string.h> | 51 | #include <string.h> |
52 | #include <unistd.h> | ||
51 | 53 | ||
52 | #include "xmalloc.h" | 54 | #include "xmalloc.h" |
53 | #include "match.h" | 55 | #include "match.h" |
@@ -113,6 +115,7 @@ allowed_user(struct passwd * pw) | |||
113 | #endif /* USE_SHADOW */ | 115 | #endif /* USE_SHADOW */ |
114 | 116 | ||
115 | /* grab passwd field for locked account check */ | 117 | /* grab passwd field for locked account check */ |
118 | passwd = pw->pw_passwd; | ||
116 | #ifdef USE_SHADOW | 119 | #ifdef USE_SHADOW |
117 | if (spw != NULL) | 120 | if (spw != NULL) |
118 | #ifdef USE_LIBIAF | 121 | #ifdef USE_LIBIAF |
@@ -120,8 +123,6 @@ allowed_user(struct passwd * pw) | |||
120 | #else | 123 | #else |
121 | passwd = spw->sp_pwdp; | 124 | passwd = spw->sp_pwdp; |
122 | #endif /* USE_LIBIAF */ | 125 | #endif /* USE_LIBIAF */ |
123 | #else | ||
124 | passwd = pw->pw_passwd; | ||
125 | #endif | 126 | #endif |
126 | 127 | ||
127 | /* check for locked account */ | 128 | /* check for locked account */ |
@@ -410,7 +411,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | |||
410 | * | 411 | * |
411 | * Returns 0 on success and -1 on failure | 412 | * Returns 0 on success and -1 on failure |
412 | */ | 413 | */ |
413 | int | 414 | static int |
414 | secure_filename(FILE *f, const char *file, struct passwd *pw, | 415 | secure_filename(FILE *f, const char *file, struct passwd *pw, |
415 | char *err, size_t errlen) | 416 | char *err, size_t errlen) |
416 | { | 417 | { |
@@ -470,6 +471,46 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, | |||
470 | return 0; | 471 | return 0; |
471 | } | 472 | } |
472 | 473 | ||
474 | FILE * | ||
475 | auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes) | ||
476 | { | ||
477 | char line[1024]; | ||
478 | struct stat st; | ||
479 | int fd; | ||
480 | FILE *f; | ||
481 | |||
482 | /* | ||
483 | * Open the file containing the authorized keys | ||
484 | * Fail quietly if file does not exist | ||
485 | */ | ||
486 | if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) | ||
487 | return NULL; | ||
488 | |||
489 | if (fstat(fd, &st) < 0) { | ||
490 | close(fd); | ||
491 | return NULL; | ||
492 | } | ||
493 | if (!S_ISREG(st.st_mode)) { | ||
494 | logit("User %s authorized keys %s is not a regular file", | ||
495 | pw->pw_name, file); | ||
496 | close(fd); | ||
497 | return NULL; | ||
498 | } | ||
499 | unset_nonblock(fd); | ||
500 | if ((f = fdopen(fd, "r")) == NULL) { | ||
501 | close(fd); | ||
502 | return NULL; | ||
503 | } | ||
504 | if (options.strict_modes && | ||
505 | secure_filename(f, file, pw, line, sizeof(line)) != 0) { | ||
506 | fclose(f); | ||
507 | logit("Authentication refused: %s", line); | ||
508 | return NULL; | ||
509 | } | ||
510 | |||
511 | return f; | ||
512 | } | ||
513 | |||
473 | struct passwd * | 514 | struct passwd * |
474 | getpwnamallow(const char *user) | 515 | getpwnamallow(const char *user) |
475 | { | 516 | { |