diff options
author | Colin Watson <cjwatson@debian.org> | 2011-01-24 11:46:57 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2011-01-24 11:46:57 +0000 |
commit | 0970072c89b079b022538e3c366fbfa2c53fc821 (patch) | |
tree | b7024712d74234bb5a8b036ccbc9109e2e211296 /auth.c | |
parent | 4e8aa4da57000c7bba8e5c49163bc0c0ca383f78 (diff) | |
parent | 478ff799463ca926a8dfbabf058f4e84aaffc65a (diff) |
merge 5.7p1
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 32 |
1 files changed, 19 insertions, 13 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.89 2010/08/04 05:42:47 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -379,16 +379,15 @@ HostStatus | |||
379 | check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | 379 | check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, |
380 | const char *sysfile, const char *userfile) | 380 | const char *sysfile, const char *userfile) |
381 | { | 381 | { |
382 | Key *found; | ||
383 | char *user_hostfile; | 382 | char *user_hostfile; |
384 | struct stat st; | 383 | struct stat st; |
385 | HostStatus host_status; | 384 | HostStatus host_status; |
385 | struct hostkeys *hostkeys; | ||
386 | const struct hostkey_entry *found; | ||
386 | 387 | ||
387 | /* Check if we know the host and its host key. */ | 388 | hostkeys = init_hostkeys(); |
388 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); | 389 | load_hostkeys(hostkeys, host, sysfile); |
389 | host_status = check_host_in_hostfile(sysfile, host, key, found, NULL); | 390 | if (userfile != NULL) { |
390 | |||
391 | if (host_status != HOST_OK && userfile != NULL) { | ||
392 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); | 391 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); |
393 | if (options.strict_modes && | 392 | if (options.strict_modes && |
394 | (stat(user_hostfile, &st) == 0) && | 393 | (stat(user_hostfile, &st) == 0) && |
@@ -401,16 +400,23 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | |||
401 | user_hostfile); | 400 | user_hostfile); |
402 | } else { | 401 | } else { |
403 | temporarily_use_uid(pw); | 402 | temporarily_use_uid(pw); |
404 | host_status = check_host_in_hostfile(user_hostfile, | 403 | load_hostkeys(hostkeys, host, user_hostfile); |
405 | host, key, found, NULL); | ||
406 | restore_uid(); | 404 | restore_uid(); |
407 | } | 405 | } |
408 | xfree(user_hostfile); | 406 | xfree(user_hostfile); |
409 | } | 407 | } |
410 | key_free(found); | 408 | host_status = check_key_in_hostkeys(hostkeys, key, &found); |
409 | if (host_status == HOST_REVOKED) | ||
410 | error("WARNING: revoked key for %s attempted authentication", | ||
411 | found->host); | ||
412 | else if (host_status == HOST_OK) | ||
413 | debug("%s: key for %s found at %s:%ld", __func__, | ||
414 | found->host, found->file, found->line); | ||
415 | else | ||
416 | debug("%s: key for host %s not found", __func__, host); | ||
417 | |||
418 | free_hostkeys(hostkeys); | ||
411 | 419 | ||
412 | debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ? | ||
413 | "ok" : "not found", host); | ||
414 | return host_status; | 420 | return host_status; |
415 | } | 421 | } |
416 | 422 | ||
@@ -518,7 +524,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes, | |||
518 | close(fd); | 524 | close(fd); |
519 | return NULL; | 525 | return NULL; |
520 | } | 526 | } |
521 | if (options.strict_modes && | 527 | if (strict_modes && |
522 | secure_filename(f, file, pw, line, sizeof(line)) != 0) { | 528 | secure_filename(f, file, pw, line, sizeof(line)) != 0) { |
523 | fclose(f); | 529 | fclose(f); |
524 | logit("Authentication refused: %s", line); | 530 | logit("Authentication refused: %s", line); |